Remove the class_start_post_data and class_reset_post_data commands,
since they aren't used anymore. They were only used on devices that
used FDE (Full Disk Encryption), via actions in rootdir/init.rc. These
actions have been removed, since support for FDE has been removed.
There is no use case for these commands in vendor init scripts either.
Keep the mark_post_data command, since DoUserspaceReboot() uses the
post-data service flag even on non-FDE devices.
Bug: 191796797
Change-Id: Ibcd97543daa724feb610546b5fc2a0dd7f1e62e7
FDE is no longer supported, so there's no longer any need to ever
reserve a crypto footer.
Bug: 191796797
Change-Id: I79121188b0bcb7b00c16fda03b68b20c40c1e240
Since Android 10, new devices have been required to use FBE instead of
FDE. Therefore, the FDE code is no longer needed.
Bug: 191796797
Change-Id: I2f29ce5fa61c67325d6eb6cf6693787f8fa8a011
Since Android 10, new devices have been required to use FBE instead of
FDE. Therefore, the FDE code is no longer needed.
Make fs_mgr reject fstabs where FDE is enabled.
Unfortunately, there is a quirk where the "encryptable" flag (which was
originally meant just for FDE) was overloaded to identify adoptable
storage volumes. It appears that we have to keep supporting this use
case. Therefore, don't reject the "encryptable" flag completely.
Instead, just reject "encryptable" when it appears without
"voldmanaged", or without "userdata" as its argument.
Here are some references for how "encryptable=userdata" is being used to
identify adoptable storage volumes:
* https://source.android.com/devices/storage/config#adoptable_storage
* f26c7e9b12:system/vold/main.cpp;l=269
* f26c7e9b12:device/google/cuttlefish/shared/config/fstab.f2fs;l=17
* f26c7e9b12:device/generic/goldfish/fstab.ranchu;l=7
[ebiggers@: modified from a WIP CL by paulcrowley@]
Bug: 191796797
Change-Id: I3c4bbbe549cc6e24607f230fad27ea0d4d35ce09
Add new CgroupGetControllerFromPath function to retrieve the name of the
cgroup using a file path. If the file does not belong to any cgroup, the
function returns false.
Bug: 191283136
Test: build and boot
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ic17a474cb25a80a3339b33ed8bc27b07af053abb
"nonplat" was renamed to "vendor" in Android Pie, but was retained
here for Treble compatibility.
We're now outside of the compatbility window for these devices so
it can safely be removed.
While I'm here, improve accuracy of some comments and
in-code-documentation.
Test: build boot cuttlefish device. adb remount, modify
/system/etc/selinux/plat_sepolicy_and_mapping.sha256 to force
on-device policy compilation. reboot. Verify that device boots
without new selinux denials.
Change-Id: Ibe5c5fa1ea206c1b4d5ad8183433c332a8aaadbf
While llkd helps in discovering issues in apps which leave zombies, it
creates issues for dogfooders when apps are killed. Disable it by
default.
Bug: 202411543
Test: boot and check llkd not running
Test: `setprop ro.llk.enable true` enables llkd
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: If93bf9e981eaa3921a9da5f3160db26c4fe17e66
Direct writes for partition flashing significantly increase performance.
Use O_DIRECT flag when opening partition for flashing. Additionally use
a 4096b aligned buffer which is required for O_DIRECT.
Switch from using 8MB write buffer to 1MB write buffer, as the extra
allocation has no performance impact.
Test: flash locally and reach home screen
Bug: 205151372
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I060f438cf698d0fda1e59e35338bb5dc1cd05b51
Allow caller to pass additional flags when opening a partition. Obsolete
usage of boolean read, and make previous callers use O_RDONLY instead.
Explicitly OR (O_EXCL | O_CLOEXEC | O_BINARY) to keep existing design
working as is.
Test: flash locally and reach home screen
Bug: 205151372
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I48fbca459a17fcf0b0926ab339585e3bd8e31e35
We've had two use-after-frees in the last month from this nonsense...
Bug: http://b/204925347
Test: treehugger
Change-Id: I5e1485253224e38ca51a7a077dbe65d19e39f817
This reverts commit 1cc9818642.
Reason for revert: Failing build - There is a dependency with https://r.android.com/c/1843772/3
Change-Id: Iccac56cf4c7012d8732b4338eb7055e1b2451e3b
Most of the test cases are similar to dm-snapshot-merge.
Additional test cases have been added primarily to test
I/O's in parallel with merge.
Bug: 193863397
Test: snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: If7fede1be6d678c8665e1f9369fd3c69f5d3c4df
* changes:
snapuserd: Sort REPLACE ops for batch merge
snapuserd: API to query snapshot and merge status
snapuserd: Wire up API's for Initiating and tracking Merge
snapuserd: I/O requests which are not block aligned.
snapuserd: Service I/O requests from dm-user
For the vendor variant of libhealthd_mode_charger, read resources
from /vendor. The core variant continues to read resources from
/product, /system, and /res.
Test: run charger from /vendor manually
Bug: 203246116
Change-Id: Ia9df1d081a51783409b5dbd3e3d4719efc3cb6a7
This is a prerequisite to move charger to vendor partition.
Because vendor domains can't read ro.charger.*, they are all assumed
to be the default value. They aren't set in the ecosystem anyway,
so it is time to deprecate them.
Test: builds
Bug: 203246116
Change-Id: I0b17e62ab3ac5a89df091333fd9f24e33bdfd49a
clean_scratch_files.rc seems to never work as intended due to
missing domain transition rules.
Add a 'remount' domain to the platform policies to allow
remount-related operations, including clean_scratch_files.
Merge remount and clean_scratch_files binary to simplify the added
policies.
Bug: 204836146
Test: 1. Use a VAB device, for example bramble-userdebug
2. adb remount system
3. adb reboot fastboot && fastboot flash system system.img
4. recovery (fastbootd) should mark the remount scratch as disabled
5. fastboot reboot && adb shell mount | grep scratch => nothing
6. adb logcat | grep 'clean_scratch_files|gsid' => shows that
disabled image "scratch" is removed during boot
Change-Id: I18d543868d1f37d43b483eae7517b707e46df1bd
Since we will be iterating forward for user-space
merge, we need to sort the blocks in increasing order
so that blocks can be batch merged if contiguous.
For dm-snapshot merging, we will continue to sort
in decreasing order.
Bug: 193863397
Test: Snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I25fb5fce054f716a2ad0dddc0d0c3afef18bc7ad
Add new API to query the snapshot and merge status.
This will be used by libsnapshot.
Bug: 193863443
Test: Full OTA on CF
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I86cffff6a979e2e2bf1d8d1a1770e209eeb4a47d
Add new client API's for initiating and tracking merge.
These API's will be used by libsnapshot.
Track the merge completion in the server by walking through
all the partitions. Each worker thread will update the
merge completion as and when number of COW operations
are completed. Server will gather all the completions
of each partition and average it out. This is in sync
with the current merge completion tracking for dm-snapshot.
As a side effect, move the snapuserd_server.h/cpp files to
dm-snapshot-merge directory as it will only be a maintaining
code.
Bug: 193863443
Test: Snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I031eb1a11b0f426aafbed3d39d85b0c22b9030fb
If the I/O request is for a sector which is not block
aligned, then we will not find the mapping directly
to a COW op as each op is block aligned. Thus, we
handle them by chopping the I/O request and processing
the unaligned data. Furthermore, if the request
doesn't map to any of the COW ops, then route the
I/O to the base device.
Bug: 196929997
Test: Full OTA on CF - during boot up, we get an I/O request
to read superblock on system partition which is not block aligned.
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Ie40633c0c6bc0c87b681c051c74c0ac787e34d9c
Now that merging is done in user-space and
partitions are mounted off dm-user directly,
daemon will have to serve every I/O request.
Daemon has to handle this wherein we need to
check if the given I/O request block has been
modified in the OTA. Furthermore, if merge is
in-progress, we will have to synchronize with
the merge thread before servicing the I/O.
If the I/O request maps to a REPLACE or ZERO op,
we will just read the data from COW device.
If the I/O request maps to a COPY or XOR op,
the worker thread will have to synchronize
with the merge thread and if the merge is
in progress, fetch the data directly from RA buffer.
This patch handles I/O requests only if the
sectors are 4k aligned.
Bug: 196929997
Test: snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I08562b8927e1c22dd9d9ef160e873280854eac99
Ensure we have at least one element before we try to access the last
element. Else the array index of the last element may underflow,
0ull - 1 == ~0ull == UINT64_MAX.
Bug: 204536075
Test: atest fiemap_writer_test
Change-Id: Ic390d108bf789cfe136fb5dfe2983f3c7d6f7e48
Bug: 201596822
Test: Local test (isolated to host)
$ adb -s 8BDAY00CM6 root
adbd is already running as root
$ adb -s 8BDAY00CM6 remount
Disabling verity for /system
Using overlayfs for /system
Disabling verity for /system_ext
Using overlayfs for /system_ext
Disabling verity for /vendor
Using overlayfs for /vendor
Disabling verity for /product
Using overlayfs for /product
remount succeeded.. now reboot device for settings refresh
$ echo $?
0
$ adb -s 8BDAY00CM6 unroot
restarting adbd as non root
$ adb -s 8BDAY00CM6 remount
Not running as root. Try "adb root" first.
remount failed
$ echo $?
3
Signed-off-by: Shaju Mathew <shaju@google.com>
Change-Id: I8e6d0735d2da0ed58cae867db2e4736abb86d351
The kernel can return different compatible ranges on each call, depending on
how it decides to merge contiguous extents in the results. To avoid the
complexity of requerying the ioctl, just do one query up to the maximum
allowed extent size.
Bug: 204536075
Test: install DSU on cuttlefish
fiemap_test
Change-Id: I4d569e3e6feed14c91a5f500296623888060dcad
The system property is set by vendor partition but owned by platform,
hence vendor domains can't read this value. Add an API in
ChargerConfigurationInterface so that HAL implementations can override
its value.
Other ro.charger.* sysprops are unused, hence no APIs are created for
them.
Test: manual
Bug: 203246116
Change-Id: I583c21e58ed3d912b156e253d6a4b46a0378f11e
Abstract all the HIDL-ness from charger so an AIDL HAL
can later replace the HIDL HAL.
Created libhealthd_charger_ui that is responsible for
UI stuff in charger. Then libhealthd_charger is now the
charger library backed by HIDL HAL.
Bug: 170338625
Bug: 203246116
Test: charger_test
Change-Id: I193bb76afa18b3367f24796ac53b1760650e8683
