This relands https://r.android.com/1644045 after fixing the build issue
in b/184239856.
Test: atest CtsSimpleperfTestCases
Bug: 143978909
Change-Id: I4315189b243503f5633f64d46a0ffedad3bebf0c
earlyBootEnded signals to keystore2 to read the database for the first
time, and start the MAX_BOOT_LEVEL system. It must therefore run
after /data is mounted and /data/misc/keystore is created, but before
apexd or odsign starts.
Bug: 176450483
Test: cuttlefish: check keystore2 logs to ensure all looks well.
Change-Id: Ia3b968afc38edf95712480e99e545ba88ea309c3
restrictions
Use the property ro.product.enforce_debugfs_restrictions to enable
debugfs restrictions instead of checking the launch API level. Vendors
can enable build-time as well as run-time debugfs restrictions by
setting the build flag PRODUCT_SET_DEBUGFS_RESTRICTIONS true which in
turn sets ro.product.enforce_debugfs_restrictions true as well enables
sepolicy neverallow restrictions that prevent debugfs access. The
intention of the build flag is to prevent debugfs dependencies from
creeping in during development on userdebug/eng builds.
Test: build and boot
Bug: 184381659
Change-Id: If555037f973e6e4f35eb7312637f58e8360c3013
Revert "Merge libdexfile_external into libdexfile."
Revert "libdexfile_external is replaced by libdexfile."
Revert "Rename libdexfile_external_static to libdexfile_static."
Revert "Rename libdexfile_external_static to libdexfile_static."
Revert "Allow dependencies from platform variants to APEX modules."
Revert submission 1658000
Reason for revert: Breaks full-eng build: b/184239856
Reverted Changes:
I4f8ead785:Avoid internal APEX stubs for libsigchain and clea...
I68affdf69:Allow dependencies from platform variants to APEX ...
I54b33784e:Rename libdexfile_external_static to libdexfile_st...
Id68ae9438:libdexfile_external is being replaced by libdexfil...
I12ac84eb4:libdexfile_external is replaced by libdexfile.
If05dbffc8:Rename libdexfile_external_static to libdexfile_st...
Ia011fa3a8:Merge libdexfile_external into libdexfile.
Change-Id: I2448810c9a863cde32b6ed98d9ed0a99cf260d34
It must run before odsign; and now runs after restorecon on /data as well.
Bug: 183861600
Bug: 180105615
Test: presubmit && cuttlefish boots
Change-Id: Iefe59d94a7a40ed1e526c189cbc2baf69156f334
To improve boottime, we want to run odsign in an asynchronous fashion;
but there are 2 places where we do need it be sync:
1) We need to know when it's done using its key, so that we lock
keyrings and advance the boot stage
2) We need to know verification is complete before we start the zygote
These are indicated by odsign using separate properties.
Bug: 165630556
Test: init waits for the properties, and proceeds when done
Change-Id: I623c24a683340961b339ed19be2f577d9293b097
Revert "Introduce derive_classpath service."
Revert "Introduce derive_classpath."
Revert submission 1602413-derive_classpath
Bug: 180105615
Fix: 183079517
Reason for revert: SELinux failure leading to *CLASSPATH variables not being set in all builds
Reverted Changes:
I6e3c64e7a:Introduce derive_classpath service.
I60c539a8f:Exec_start derive_classpath on post-fs-data.
I4150de69f:Introduce derive_classpath.
Change-Id: Iefbe057ba45091a1675326e3d5db3f39cc3e2820
Currently, tcp receive window size is read from
net.tcp.default_init_rwnd then set to net.tcp_def_init_rwnd. It
should not use seperate property to read/write the value, it only
needs one of property basically. So migrate
net.tcp.default_init_rwnd to net.tcp_def_init_rwnd which has
formal API.
Bug: 182538166
Test: Manually check that net.tcp_def_init_rwnd has default
value and proc/sys/net/ipv4/tcp_default_inti_rwnd node
is created with same value.
Change-Id: I6748485f99198b1200c67d6595b659aac7d7e1e0
The service parses and merges configs from multiple partitions, defines
*CLASSPATH environ variables' values and writes them to file, for
init to export.
See go/updatable-classpath for more details.
Bug: 180105615
Test: manual
Change-Id: I60c539a8fef4d690f47704e896f67949ec49db60
The first user of keystore boot levels is on-device signing; transition
the boot level to 30 before running the post-fs data hook, and
transition it to 40 right after on-device signing is done. This leaves
some space for future boot levels to be inserted, if we wanted.
Bug: 165630556
Test: inspect logs
Change-Id: If0a74cbe9ea8fce806020d8a42a978cfb9117ded
This instance will be used to monitor the error_report_end tracing
events sent by kernel tools in the case of a memory corruption.
Bug: 172316664
Bug: 181778620
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: Ibc5cd3b60fb99030cc55db6b490d6d4bbbca3963
Revert "Selinux policy for bootreceiver tracing instance"
Revert submission 1572240-kernel_bootreceiver
Reason for revert: DroidMonitor: Potential culprit for Bug 181778620 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
Ic1c49a695:init.rc: set up a tracing instance for BootReceive...
I828666ec3:Selinux policy for bootreceiver tracing instance
Change-Id: I5c2ccfe3eeb8863086b7cb9b3de43c6e076d995a
This instance will be used to monitor the error_report_end tracing
events sent by kernel tools in the case of a memory corruption.
Bug: 172316664
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: Ic1c49a695ff7df4147a7351051db7b6707c86e0a
Keystore listens to this property and uses it to honor the
MAX_BOOT_LEVEL key tag.
Test: boot, use adb getprop to find the current value.
Bug: 176450483
Change-Id: If32b20f56f96afa24166188c2dd931620dcaef98
For now, export the exact same values, on `post-fs-data` instead of on
`early-init` to soak the change. As a follow up, the actual values will
be generated by a new oneshot service.
See go/updatable-classpath for more details.
Bug: 180105615
Test: manual - device boots
Change-Id: I5f6826a0f87a5e01233e876d820e581feb555bca
When installing an OTA, update_engine needs to reserve some space on
filesystem by writing to a specific directory(/data/apex/ota_reserved/),
therefore we need to create this dir on system start up.
We are also pro-actively enabling encryption on this directory so that
we can create hard links to /data/apex/decompressed. This will be needed
when we start decompresssing capex from post-install script before
reboot and on boot we can then simply hard link to these files.
Test: th
Bug: 172911822
Change-Id: Ia6a63efcedcfdad9817ba88b54f96683d34df6ce
There's no need for system_server to access this any more, so no need to
have weaker permissions than we'll get by default (ignoring the fact
that SELinux policy is our real protection here anyway).
Bug: http://b/179086242
Test: treehugger
Change-Id: I584e87f027f44e10190c2e5c2eb85785f61f8bd5
ueventd.rc scripts belong in the /etc/ directory of their given
partition, not the root of the partition. This can cause problems,
especially since Android.bp cannot write to the root directly, forcing
vendors to use Android.mk for these files. Note that
/system/etc/ueventd.rc moved long ago.
Test: Tree-hugger
Change-Id: I2dcaafc3c3f687f76ab6bc38af979c8b43346db0
This is currently used for persisting the compat framework overrides
across reboots.
Test: atest CompatConfigTest
Bug: 145509340
Change-Id: I9205388b44a337a5b56b78cb6cc78f09494a623e
This binary checks and refreshes ART compilation artifacts that are
necessary for the system to boot.
Bug: 165630556
Test: inspect init log output on boot
Change-Id: I15074989a0fb6e5b1036292bc2cd824a141a0252
A future early-boot daemon (on-device signing) needs to access
/data/misc before fs-verity keys are locked. Therefore, move the
restorecon of /data up a bit, to make sure the labels are correct. To be
safe, only run it after init_user0, since that function is responsible
for loading DE keys.
Also move early boot keys and fs-verity key locking a bit later, since
the on-device signing daemon needs to use both of these, but it also
needs the restorecon to function correctly.
Bug: 174740982
Test: manual
Change-Id: I9b6e44d9b547d420e1c6ba01fb3d3accc0625e20
To support input device lights manager feature in frameworks, provide
sysfs node access to system server process.
Bug: 161633625
Test: atest LightsManagerTest, atest InputDeviceLightsManagerTest
Change-Id: Ic823539e9dd616b6ca4ae803756746e0f5349ec1
We want to decompress into an encrypted directory so that it can later
be hard linked to other encrypted directories, such as /data/rollback.
Bug: 172911820
Test: atest ApexCompressionTests#testCompressedApexIsDecompressed
Change-Id: I98bc567ba7e8b1ea1b335830d71d1b1f38e6ea33
This change will help non-user builds with keeping debugfs
disabled during run time. Instead, debugfs will be mounted by init
to enable boot time initializations to set up vendor debug data
collection and unmounted after boot. It will be also be mounted by
dumpstate for bug report generation and unmounted after.
This change is only intended to help vendors (who depend on debugfs to
collect debug information from userdebug/eng builds) keep debugfs
disabled during runtime. Platform code must not depend on debugfs at all.
Test: manual
Bug: 176936478
Change-Id: I2e89d5b9540e3de094976563682d4b8c5c125876
This directory will be used to store the mitigation count
from Package Watchdog in the case of a boot loop, in
order to persist the value across fs-checkpointing
rollbacks. One integer will be stored in a file in this
directory, which will be read and then deleted at the
next boot. No userdata is stored.
See go/rescue-party-reboot for more context.
Test: Manual test using debug.crash_sysui property
and inspecting file
Bug: 171951174
Change-Id: I2bd5e1ebe14d7e9e4f0e0dbeb90cf76b8400752e
Unlike apexd, tombstoned uses the regular dynamic linker path
(/system/bin/linker64). As a result, starting it after we have
switched to the default mount namespace but before APEXes have been
activated fails, because /system/bin/linker64 does not exist between
those two events. Fix that by starting tombstoned even earlier,
before we have switched mount namespace.
To avoid reintroducing the bug fixed by 2c9c8eb5ff ("init.rc:
create /data/vendor* earlier"), also make sure that /data/vendor* is
still created before /data/vendor/tombstones.
While at it, move the creation of /data/anr before starting
tombstoned, because tombstoned assumes that /data/anr exists.
Fixes: 81c94cdce6 ("Start tombstoned early in post-fs-data.")
Test: boot fvp-eng and fvp_mini-eng, check that tombstoned starts
succesfully on the first attempt
Change-Id: Ic52383c35fb39c61c2f0e0665fd10e795895d50d
Property variables should be written ${x.y} to be expanded.
Bug: 175645356
Test: The property ro.hardware is expanded properly.
Change-Id: Idf7ff7ecc002e6e4de4ccef70e89dcc1c10e63d0
Add permissions for dev/dma_heap/system-uncached dmabuf heap.
This should match the dmabuf system heap.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I9253d56c72d45e228539f709e76ba0862ae03d96
Jeffrey Vander Stoep noted the permissions for the system dmabuf
heap should be 444 instead of 666, as we only need to open and
call ioctl on the device.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I650c9fabfffd1eac5f59bbc7fa1e0ae1f5646bd9
Package verifiers (e.g, phonesky) needs to access the folders inside
/data/app-staging to be able to verify them. Without the execute
permission on app-staging folder, it cannot stat any of the sub-dirs
inside app-staging.
This also aligns with permission of /data/app folder.
Bug: 175163376
Test: manual
Test: installed a staged session and observed that Phonesky did not log
about not finding the apks in /data/app-staging folder
Change-Id: I9774ed800da9f15401d3cee653142a37bf54ef4a
Vendors have an interest in importing ueventd files based on certain
property values. Instead of baking this logic in the ueventd binary,
add the import option from the init parser to the ueventd parser, to
allow vendors to expand as needed.
Test: imported files are parsed
Change-Id: I674987fd48f3218e4703528c6d905b1afb5fb366
It is required to pass update_engine_unittests in GSI
compliance test. And it's clean to just add this mount
dir unconditionally.
Bug: 172696594
Test: `m init.environ.rc` and checks that $OUT/root/postinstall exists
Change-Id: Ib340a78af442ea66c45cecb373a9eb3c428f8dda
camera-daemon is referred in task-profiles.json so the hierarchy should
be created in aosp's init.rc.
Bug: 170507876
Bug: 171740453
Test: boot and check cgroup
Change-Id: I0e6722b88922abf4ccae3b19623d8b889a6e3cb6
Linkerconfig will be moved into Runtime APEX, so
/system/bin/linkerconfig would not be available before APEX is mounted.
Use bootstrap linkerconfig instead during early init.
Bug: 165769179
Test: Cuttlefish boot succeeded
Change-Id: Iae41f325bbd5f5194aaf4613141860f913dfbff1
First load the verified keys, and then only lock the keyring after apexd
has run. This is in preperation for on-device signing, which will need
to add another key to the fs-verity keyring before it's locked.
Note that I've moved loading of the verified keys up a bit; fsverity_init
used to load keys from Keymaster, but it currently doesn't, so there's
no need to wait for it.
Bug: 165630556
Test: boot, cat /proc/keys
Change-Id: I077673575ae3dafcf3126d8c544fe7f8d34c0225
In task_profiles.json, camera-daemon is referred for both cpu and
cpuset controller, so create them in init.rc officially.
Test: build pass
Bug: 170507876
Change-Id: I655154ab739ffde6fdfd2d499cbaa974597d3ee7
Remove provide libs of system image from file, and generate it at build
time instead
Bug: 172889962
Test: Build cuttlefish and confirmed list is generated in
/system/etc/linker.config.pb
Change-Id: I365252dcb2e8735fd8f6345c9ec2c985b0489d64
Migrate tasks from root group to a subgroup would help us to put soft
cpu bandwidth control correctly. There are few tasks now failed to
migrate due to PF_NO_SETAFFINITY which is the default kernel behavior
which we are not overriding at this moment.
This CL also fixed an issue that most of RT thread lost RT attribute
when kernel with CONFIG_RT_GROUP_SCHED enabled, as the subgroup would be
initialized with 0 RT runtime by default. CONFIG_RT_GROUP_SCHED is not
enabled in GKI kernels but there could be devices with
CONFIG_RT_GROUP_SCHED enabled, so setting some budget for those devices
to make they can still function. OEM can either set proper budget by
themselves or remove CONFIG_RT_GROUP_SCHED completely.
Bug: 171740453
Test: boot and check cgroup
Change-Id: I83babad2751c61d844d03383cb0af09e7513b8e9
- /data/fonts/files
The updated font files are placed this directory. This files under
this directory are readable by any apps. Only system_server can write
font files to this directory.
- /data/fonts/config
The font configuration used by system_server is stored in this directory.
Only system_server can read/write this directory.
Bug: 173517579
Test: atest CtsGraphicsTestCases
Change-Id: I3d0edd9e58b456be5f8342a4a7babd77e54e0339
If device specifies moving AVB keys to vendor ramdisk, but
doesn't have a dedicated recovery partition, install to
vendor-ramdisk/first_stage_ramdisk.
Test: manual
Bug: 156098440
Change-Id: I05a8731236996dda0d1ab3c09828f7dac46f4ac7
/data/rollback-history is used to store deleted rollbacks
for debugging purpose.
Bug: 172644981
Test: Boot device without this, then try to boot with it without wiping.
Change-Id: I79da5190aad455448ccd73fe42abdc79b3649e86
To make sure it's always called after apexd has run.
Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: Iaff175dea6a658523cdedb8b6894ca23af62bcbf
Reduces disk space usage for commonly used libraries by merging coverage
data across processes.
Bug: 171338125
Test: Forrest run of coverage tests
Change-Id: I2b9e94871fc5d66971c5b7e725b296bcd721ccf2
