SeamendcHostTest should run when making changes to selinux.cpp, to
ensure the test logic is updated to match the logic selinux.cpp follows
when it decides to compile the SELinux policy in the OpenSplitPolicy
method.
Bug: 238394904
Test: atest --test-mapping system/core/init/TEST_MAPPING:presubmit
Change-Id: Iaf0ec2356a894b071e6875dd41bcf9e842126e42
The boringssl ACVP config has grown, so we need to increase the size of
our memory allocation that we share with the Trusty test TA.
Test: acvptool -wrapper trusty_acvp_modulewrapper -regcap
Bug: None
Change-Id: Ia90f4972d0d2ac420b09110f5647355a44175267
Don't try to parse stdout of disable-verity, just pass -R to ask for
auto reboot.
This eliminates the complex logic of "disable-verity && check &&
reboot && disable-verity again ...", and increase robustness.
`${overlayfs_supported} && ${overlayfs_needed}` can be simplified to
just `${overlayfs_needed}` because `${overlayfs_needed}` implies
`${overlayfs_supported}`.
Move the curious recurring "overlay takeover unexpected" check to the
"Checking current overlayfs status" section so we don't need to repeat
it so many times.
Bug: 243116800
Bug: 241688845
Test: adb-remount-test
Change-Id: I96ec44e2b9d172c06c3b4850e061e7b6bb46833c
Add a specific error message to the Android CLI tool for the case
where the apploader rejected an attempt to load an application
which requested encryption of its ELF image via its manifest while
containing an unencrypted ELF image.
Bug: 241824652
Change-Id: Ib2a3c881015700492b8166be38c41753bf51b3b2
Provide alternative versions that do not force callers to create
std::string objects. This patch has the intended side-effect that all
callers that pass a {string} initializer list to the 'profiles' argument
now call an std::initializer_list<> overload instead of the const
std::vector<std::string>& overload.
Additionally, add std::function<> arguments instead of calling
ExecuteForProcess() or ExecuteForTask() directly to make it easier to
write unit tests for SetTaskProfiles() and SetProcessProfiles().
Bug: 213617178
Change-Id: Ica61e944a66a17178ee43a113b8ca082f7eb834b
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Do not force callers to create an std::string object. This patch
implements the following advice from go/totw/1: "Google’s preferred
option for accepting such string parameters is through a string_view."
Use std::less<> as comparison type to prevent that std::string_view
objects have to be converted into std::string objects for lookups in
std::map<>.
Bug: 213617178
Change-Id: I08125a02220a8c003d9202a7e177be776c3b9829
Signed-off-by: Bart Van Assche <bvanassche@google.com>
liblog_for_runtime_apex is a static variant of liblog which is
explicitly marked as available to the runtime APEX. Any static
dependency to liblog from inside the runtime APEX is changed from liblog
to liblog_for_runtime_apex.
Previously, to support the need for using liblog inside the runtime
APEX, the entire (i.e. both static and shared variants) liblog module
was marked as available to the runtime APEX, although in reality only
the static variant of the library was needed there. This was not only
looking dirty, but also has caused a problem like b/241259844.
To fix this, liblog is separated into two parts. (1) liblog and (2)
liblog_for_runtime_apex. (1) no longer is available to the runtime APEX
and is intended to be depended on in most cases: either from the
non-updatable platform, or from other APEXes. (2) is a static library
which is explicitly marked as available to the runtime APEX and also
visible to certain modules that are included in the runtime APEX.
Bug: 241259844
Test: m and check that liblog depends on stub library of libc
Change-Id: I10edd4487a6f090ef026acffe1ffbd067387a0d3
This test has always been flaky, and is not testing something super
valuable: we know that image creation succeeds throughout the rest of
the suite, so it's not very interesting to know that it can succeed in a
low-space scenario.
The inverse test is much more valuable, since we want the correct status
code when creation fails due to low space.
Bug: 240391002
Test: vts_libsnapshot_test
Change-Id: I6235d11033d2f30efe530077b877863ba2574810
(cherry picked from commit 97e8a2f0e9)
This change enables headers like <span>. Inside the <span> header file
file the following guard makes its functionality unavailable when
building with std=gnu++-17:
#if _LIBCPP_STD_VER > 17
[ ... ]
#endif
Bug: 213617178
Change-Id: I5c40708ea196ab112990b5ca6fae9370b75f8752
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Without the directory (this happens on the very first boot),
load_persist_props can't create an initial version of
/data/property/persistent_properties (probably empty). This leads to
persisting all in-memory "persist.*" properties later when a persistent
property is set. This is regression from Android S because persistent
props from, for example, build.prop will be persisted even when there's
no process to explicitly setprop.
Bug: 242264580
Test: launch cuttlefish and verify that there's no props from build.prop
Change-Id: I5819a97750e4d5d1ee5a7c308bf944c7aeab2f90
-h: print help
-v: noisy output
-R: automatic reboot if needed
Also remove the "argc != 0" check, as this shouldn't happen most of the
time anyway. The only possible way (I can think of) for this to happen
is to explicitly call execve() with an empty argv, which is against the
calling convention, thus a footgun, to begin with.
Bug: 241688845
Test: adb shell [disable-verity|enable-verity] [-R] [-v] [-h]
Test: adb shell set-verity-state [-R] [-v] [-h] [0|1]
Change-Id: I27fc18b0958650c5926322a3f4bd1df758fd96c8
The option was added for debugging purposes in case the "test argv[0] ==
clean_scratch_files" method breaks.
Now it has no user at all and no reason to maintain it, so just remove it.
Also don't use MyLogger() when running as clean_scratch_files, as
clean_scratch_files don't have stdout/stderr.
Bug: 241179247
Test: Presubmit
Change-Id: I2d8069f59fe6b85fc84ab07bb2df6efb39d6ecaa
Reorder COW ops vector based on merge sequence. We don't
need additional vector to be stored in memory.
Memory usage for a full OTA on Pixel:
Without Patch:
RssAnon: 61020 kB
With Patch:
RssAnon: 51112 kB
Bug: 237490659
Test: OTA on Pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I543dd73acfa7cf4e57379e82bc184e943072e7c8
This test has always been flaky, and is not testing something super
valuable: we know that image creation succeeds throughout the rest of
the suite, so it's not very interesting to know that it can succeed in a
low-space scenario.
The inverse test is much more valuable, since we want the correct status
code when creation fails due to low space.
Bug: 240391002
Test: vts_libsnapshot_test
Change-Id: I6235d11033d2f30efe530077b877863ba2574810
Diagnosing DM_DEV_REMOVE failures in the test harness is quite
difficult, and it's not clear if failures are spurious or not. Instead
use SnapshotManager's helper function, which can retry on failure, and
will self-diagnose issues on legitimate failures.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Ibcaa8406e8b1e8758b99a8e9b58c58d68ed57685
These checks have historically been unreliable, and we make no
guarantees around dev_t with overlayfs.
Bug: 242240650
Test: adb-remount-test.sh
Change-Id: I19e7aabec424a22beb0b56d35b198906841178b0
