Retrofit devices will have two super partitions, spanning the A and B
slots separately. By design an OTA will never cause "A" or "B"
partitions to be assigned to the wrong super. However, the same is not
true of fastbootd, where it is possible to flash the inactive slot. We
do not want, for example, logical "system_a" flashing to super_b.
When interacting with partitions, fastbootd now extracts the slot suffix
from a GetSuperSlotSuffix() helper. On retrofit devices, if the partition
name has a slot, that slot will override FastbootDevice::GetCurrentSlot.
This forces partitions in the inactive slot to be assigned to the correct
super.
There are two consequences of this. First, partitions with no slot
suffix will default to the current slot. That means it is possible to
wind up with two "scratch" partitions, if "adb remount" is used on both
the "A" and "B" slots. However, only the active slot's "scratch" will be
visible to the user (either through adb or fastboot).
Second, if one slot does not have dynamic partitions, flashing will
default to fixed partitions. For example, if the A slot is logical and B
is not, flashing "system_a" will be logical and "system_b" will be
fixed. This works no matter which slot is active. We do not try to
upgrade the inactive slot to dynamic partitions.
Bug: 116802789
Test: fastboot set_active a
fastboot flashall # dynamic partitions
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # false
fastboot set_active b
fastboot flashall --skip-secondary
fastboot getvar is-logical:system_a # true
fastboot getvar is-logical:system_b # true
Booting both slots works.
Change-Id: Ib3c91944aaee1a96b2f5ad69c90e215bd6c5a2e8
This is needed for update_engine to properly clean old partitions on
retrofit devices.
Bug: 119687874
Test: liblp_test gtest
Change-Id: Ida9483ad3c127e357f45789540ebbedc9d3d3883
Add a test report df before overlay applied to make it clearer what
the device looked like before applying for remount. Check error
code from adb disable-verity and use that to terminate test if bad.
Collect a sliced logcat for failures to help diagnose problems.
If the device does not come back after flashing, timeout and fail
when waiting. Fix some issues that result when running script under
set -x when diagnosing the tests logistics.
Test: adb-remount-test.sh
Bug: 109821005
Change-Id: Iffbd6261703393417cb6ec3a12042d59523c348d
Strip out /dev/block/loop* devices to filter out apex mounts. Deal
with scale of skip_administrative_mounts function to make for easier
maintenance.
Test: adb-remount-test.sh
Bug: 109821005
Bug: 112455435
Change-Id: Ic7382a613db8f3ac7cdc10721194042378d136b9
lpmake should be using the intermediates directory for temporary work
rather than /tmp. Add ability to respect TMPDIR environment as
inherited from TemporaryFile.
Bug: 119313545
Test: manual test
Change-Id: I1a0317538875ee37fb4066602ff7a75e4658d74b
With the addition of the /dev/block/by-name/ symlinks created for the
boot_device, we no longer need to use a map to track the symlinks for
the partitions AVB needs to access.
This will help us in removing the requirement to specify which
partitions contain AVB metadata.
Bug: 117933812
Test: boot blueline_mainline with AVB
Change-Id: I1d46dba5b2fc16b2a14f861b34225ac0f2995b60
This adds a new MetadataBuilder constructor, NewForUpdate, that can be
used by update_engine to simplify upgrading metadata. It is safe to call
whether or not the device is a retrofit. If the metadata has block
devices assigned to a specific slot, and that slot matches the slot
suffix, it will ensure that an equivalent entry exists for the alternate
slot.
Thus, if the source slot is _a and the target slot is _b, and the
metadata has "system_a" as a block device but not "system_b", this will
automatically add "system_b" as a block device.
Bug: 116802789
Test: liblp_test gtest
Change-Id: Ie89d4dbf4c708b5705e658220227ebf33fcb1930
With chained vbmeta and especially its use with dynamic partitions,
this check is no longer always true. A concrete example is the
chained vbmeta_system partition that contains the metadata for /system
and /product_services for mainline devices.
Test: blueline_mainline boots with AVB enabled
Change-Id: Ib4115831bb3bb49bf6d2a908df59ba32f8405de7
These broke after recent changes to use IPartitionOpener in more places.
The io_tests must now give block device info to TestPartitionOpener.
Bug: N/A
Test: liblp_test gtest
Change-Id: I0a6505c7223e74507dc13184069fdc34bb6b81e4
On retrofit devices, we need images that can be flashed in the
bootloader for the component "super"partitions. This change rewrites
SparseBuilder so that it generates one sparse image per block device,
and now handles partitions that span across multiple block devices.
A new API function has been added to write the set of sparse images to
an output folder.
Bug: 118887112
Test: manual test, flash split images
Change-Id: Iff56efdcb7bdfd5bc8dd7ff44e8234e091ac2346
On retrofit devices, an OTA package or super_empty.img won't know which
slot it applies to. This is not an issue on devices shipping with
dynamic partitions, since they ship on the "a" slot.
To work around this, partitions and block devices can be flagged as
"auto-slot-suffixed". This indicates that ReadMetadata should
automatically append a slot suffix before returning the metadata. This
flag is added by MetadataBuilder when requested, and will be enabled via
lpmake separately.
After ReadMetadata has applied slot suffixes, it takes care to remove
the slot-suffix flag. This prevents the suffix from being applied twice,
if for example the metadata is then imported into a MetadataBuilder.
Bug: 116802789
Test: liblp_test gtest
retrofit device boots
Change-Id: Ic7de06d31253a8d5b8d15c0d936175ca2939f857
Kernels at or older than 4.6, the overlayfs drivers do not need,
or support, override_creds=off. Drop using the mount option.
Commit 3fe6e52f062643676eb4518d68cee3bc1272091b introduced the
need for override_creds=off, and none of the kernels that contain
this patch without the patch that introduces override_creds can
be used with Android.
Test: compile
Bug: 118882257
Bug: 109821005
Change-Id: I832c8ca3fce0269bdef4ce988541adb7ba9662ed
This patch adds a new variable, "super-partition-name", to query the
name of the super partition (with a slot suffix if it has one). The
fastboot flashing tool has been updated to query this variable.
Since the super partition name can no longer be determined without
fastbootd, the presence of super_empty.img is used to test for
dynamic partition support rather than the presence of a super partition.
Bug: 116802789
Test: fastboot flashall on retrofit device
Change-Id: If830768eba6de7f31ac3183c64167fae973c77a4
When updating the super partition, attempt to preserve partitions from
the other slot. If any partition can't be preserved, fail and require a
wipe (-w) to proceed. This allows two bootable builds to be flashed to
both slots.
The preserve operation can fail if the metadata is not compatible with
the old partition layout. For example, if the partition references a
group that no longer exists, or a group changed its capacity, or the
metadata's block device list or list contents changed.
Bug: N/A
Test: liblp_test gtest
fastboot flashall --skip-secondary
Change-Id: I53fdd29bc1f0ef132005a93d3cf1cdcd7f2fc05f
Follow the typical device tree guidelines that a node is only enabled
if it does not have a 'status' property or if it does have a 'status'
property with a value of 'ok' or 'okay'.
Bug: 117933812
Test: status='disabled' DT fstab is not present when reading fstab
Change-Id: Icb4cbe654757658460aabfdb952d71fb8354e09e
Regression introduced commit bb1efbd1c6
By not first checking if overlayfs mount on /system is in /proc/mounts
remount fails to discover the override and take the selected action.
Test: adb-remount-test.sh
Bug: 109821005
Change-Id: I1f0bae22caae1bca84fc1e33b508b54d98f4ed5c
This patch adds another uevent-regeneration pass to the first stage
mount. When the super partition spans multiple block devices, we need
/dev/block/by-name symlinks to have been created before we begin mapping
dynamic partitions.
Bug: 116802789
Test: retrofit device boots
Change-Id: I00bb277e1d81385a457c5b4205a95d8fbe365bb2
Although metadata is only stored on the first block device, we ideally
want to validate all the block devices before flashing. This patch does
that and in the process converts ValidateAndSerializeMetadata to use
IPartitionOpener.
Bug: 116802789
Test: manual test
liblp_test gtest
Change-Id: I3f24cfc6f5607309dc3cded0423326c5ba293d26
The vendor overlay source directory must have the same sepolicy
context with the target vendor directory.
Otherwise, the vendor overlay will fail to mount.
Bug: 112955896
Test: Check if a source directory that has a differnt context fails
to mount on vendor directory.
Change-Id: I2522a8ddc96d4d9b0f34d25a081d20d1ac2dd27a
For retrofit devices where the super partition is not called "super",
this allows the correct partition to be passed via the kernel
command-line, i.e.:
androidboot.super_partition=system
Since retrofitting is only supported for A/B devices, we assume that
a partition named this way must be slot-suffixed.
Bug: 116802789
Test: manual test
Change-Id: I930dbbd397d5552e9ded89baa5a7bb0e63c67426
Under the condition of an existing, but broken, filesystem on the
scratch device, force recreation. Add the -f flag for f2fs,
already present for ext4.
Test is enhanced. The test needs to check, and if necessary wipe
out any existing overrides and reboot before running the remainder
of test. Report which overrides are being used, and how they are
setup. Fail if they are not as expected. Improve efficiency of
checks by reducing the duplication of commands issued to the device.
Test: adb-remount-test.sh
Bug: 109821005
Change-Id: I9ac4fac952e334c00b089fec0b73b2cd2cc0af5c
fs_mgr_access() is used by a public function that is avaliable to
user build.
Test: build fs_mgr for user variant.
Change-Id: I1ec977fa1920add7db3023b181a9a7666b0890b5
Using overlayfs, the system partition may provide files for older
version of vendor partitions by overlaying on the vendor partition.
Directories in /system/vendor_overlay will be overlaid on the
directories in /vendor to override existing files or provide new
files.
This feature works only if the kernel support overlayfs and has a
patch for override_creds. Otherwise, no-op.
Bug: 114679254
Test: Build and boot: nothing affected without overlayfs, or
vendor file is overrided with overlayfs
Change-Id: Iff3a308945299034123ba7bcb40dc787e102730e
fs_mgr_overlayfs_mount_all() and fs_mgr_overlayfs_required_devices()
to also take const std::vector<const fstab_rec*>& argument.
Bug: 117933812
Test: manual adb-remount-test.sh
Change-Id: Ic72fcca1fe32c311ff3f903c7275e6f7dfba46a7
For logical partitions, the fstab supplied during
fs_mgr_overlayfs_setup() does not have the correct blk_device and
thus check in fs_mgr_has_shared_blocks() inside
fs_mgr_overlayfs_enabled() will fail to provide the correct status.
Call fs_mgr_update_logical_partition() to fix this up. Side effect
is an API change where fstab can no longer be considered const when
passed into fs_mgr_overlayfs_mount_all() and
fs_mgr_overlayfs_required_devices().
Some additional minor cleanup as well. Move fs_mgr_rm_all() higher
up as-is in the file as it has no dependencies, which will complicate
future changes. Add --help to adb-remount-test.sh unit test script,
improve error handling and checking.
Test: adb-remount-test.sh
Bug: 109821005
Bug: 117605276
Change-Id: I548d3797d49661529490d1a0bf96b63e57491704
Arrange to delete the overlayfs backing when a specified partition
has been flashed.
Test: manual
Bug: 109821005
Bug: 117605276
Change-Id: I1c6a0341c6cd2ecfbb7c71bec5679a74d579aadd
The file-based encryption setup code is being refactored into its own
library because it applies to both ext4 and f2fs, not just ext4. Update
init to use the new location. For fs_mgr, just remove the include of
ext4_crypt_init_extensions.h since it was unneeded.
Test: built, booted device with f2fs encryption
Change-Id: I392a763e3349f001bdbc09eb9ca975aa3451fd68
