If device doesn't enable AVB altogether, then it might not have a vbmeta
partition at all. In this case, we shall ignore disable-verity errors.
We still disable verity unconditionally to keep the logic simple, but we
ignore any disable-verity error if AVB is not enabled in the first
place.
Bug: 241688845
Test: adb-remount-test on emulator
Test: Test remount on yukawa
Change-Id: Ifc763b3f0ca6989550c139a8c3a2308c9c2a7c3e
Similar reasoning as aosp/2255456. ro.product.device could be overridden
by GSI if system.img was replaced with GSI.
Use ro.product.vendor.device, which comes from the vendor.img, to
determine the "device" type.
Bug: 243116800
Test: adb-remount-test on cuttlefish
Change-Id: Ib4a956047ef46d8e4837b27334f8d58162d4fa2a
Deprecate physical scratch path, support only dynamic partition scratch
and scratch on /cache.
Bug: 243116800
Test: adb-remount-test
Change-Id: I8b5e08a38e323139b56b169865dcaf1a6620cf20
* Call adb_wait in adb_reboot, as virtually all adb_reboot callsites are
immediately followed by adb_wait.
* Remove |data| option from skip_administrative_mounts. The |data|
option doesn't really work anyway, because vold & init creates
bewildering heirarchy of /data bind-mounts, so it's not feasible to
filter /data by mountpoints. It's more sensible to filter by the /data
device node name, which should be done by the caller.
* Untangle skip_administrative_mounts and skip_unrelated_mounts.
I don't know why we need two separate functions that do similar
things. Just merge them together.
Bug: 243116800
Test: adb-remount-test
Change-Id: I847f0b8cc2a952bb4c8656a43da783f312670061
* If adb remount calls for a reboot during cleanup, this means it's
trying to recreate vendor overlay. Don't reboot in this case because
it's pointless. Total test runtime reduced by one reboot.
* Since this entire script assumes /system & /vendor must exist and
remountable, add them to the MOUNTS list unconditionally.
* Remove /system/hello & /vendor/hello test, as we can just loop over
MOUNTS to check those.
Bug: 243116800
Test: adb-remount-test
Change-Id: I2360314c404ee247356146760314c91ba2795ff5
Since /bionic mountpoint is deprecated, we don't _have_ to explicitly
check consistency of /system/lib/bootstrap/libc.so anymore.
Remove the test which adds junk to the end of libc.so. Editing libc.so
looks dangerous (albeit not!) and has unclear expectations.
Add test which edits /system/build.prop. Editing build.prop file is more
"safe" as it's just text edit, and the expectations are clear (edited
system properties should be loaded after reboot.)
Bug: 243116800
Test: adb-remount-test
Change-Id: I51bd32c6ffcc57eb646eeec0537e996847e6c2a5
Instead of probing the kernel to see if overlayfs is supported, just
check `df` after disable-verity.
If after disable-verity and overlays were mounted, then check that
override_creds patches are applied.
Bug: 243116800
Test: adb-remount-test
Change-Id: Icb1363278536a8177836263882b1a8a0d9f246c9
* Change --print-time to default true, and print timestamp of each log
message.
* Auto-detect color support. If stdout if terminal, then color default
to true, else default to false.
Bug: 243116800
Test: adb-remount-test
Change-Id: Id8425488c4b18fe0bc4dd7e50c3e2ae2e8c74cfe
Move "raw remount test" right after "disable-verity -R test".
Device is expected to be in a clean state right after disable-verity, so
we can perform "raw remount test" immediately after. This saves us one
reboot.
Move "remount from scratch test" right before "remount -R test".
Since they both require overlay teardown state, group them together so
we only need to teardown (and reboot) once. This saves us one reboot.
Total test runtime reduced by two reboots.
Bug: 243116800
Test: adb-remount-test
Change-Id: Ifd95ba713f1819a7d31e88cd70077dc306c64c58
Instead of relying on a local dev tree (which CI machines never have),
just pull the vendor partition image from device.
This way we can have CI coverage on fastbootd as well.
Stop redefining cleanup() hook, just toss all temporary files to $TMPDIR
and always clean up $TMPDIR on exit.
Clarify logs and error messages.
Bug: 243116800
Test: adb-remount-test
Change-Id: I08fb8df58a61c03db3274b22b51e40a1a8f41095
* Check mount flag changes (ro/rw) before and after "adb remount".
* Add comment explaining what's going on with the |uses_dynamic_scratch|
and |scratch_partition| variables.
* Add rich logs reporting infomation about the scratch partition.
* Add rich error messages.
* Filter out /data devices and external volumes (vold managed device)
when checking RW partitions. We are only interested in system
partitions.
* Remove redundant "remount from setup" test from end-of-file, as they
are testing the same thing as the refactored remount test. Total test
runtime reduced by one reboot.
Bug: 243116800
Test: adb-remount-test
Change-Id: Icda5bff78372bebfe2e166d8537a06be66fff886
Pick exactly one fstab file whose pathname suffix matches one of the
fstab suffix properties.
This helps on CF who ships redundant copies of fstab.
Bug: 243116800
Test: adb-remount-test
Change-Id: I4d38859014161e14dba1f7e19dbce44a2621d0f1
There's quite a lot of noise from running "Checking current overlayfs
status". Improve the test output by filtering uninteresting df lines.
* "/apex/..." mounts not interesting.
* "rw" mounts not interesting.
* "fuse" devices not interesting.
Bug: 243116800
Test: adb-remount-test
Change-Id: Id15844d853aaf3f7ed86f1a83544494b697b5b39
* When guessing the ANDROID_SERIAL, use output of `adb devices` instead
of ro.serialno, because ro.serialno won't work for network devices.
* Ensure ANDROID_SERIAL is exported so the test don't fail if a new
device is plugged into the host machine mid test.
* Change --wait-screen warning to info. The "warning" isn't helpful as
it's not showing any potential problems.
* Register cleanup hooks to EXIT trap. This ensures cleanup code are
always executed, and failure to clean up counts as test failure.
* Rewrite some unnecessarily complex command chaining to plain exit
status check.
* Use `test` command to test file existence. Don't use `ls` or `cat` to
test file as this isn't their intended usage, and parsing their error
output can be finicky.
Bug: 243116800
Fixes: 178256393
Test: adb-remount-test
Change-Id: Iec4224d8a236a9852ce417b1129c27205d435d5b
Since remount -R and disable-verity -R have similar expectations, group
them together and reuse each other's test code.
Remove the redundant "remount -R" test at end of file.
Total test runtime reduced by one reboot.
Bug: 243116800
Test: adb-remount-test
Change-Id: I510a9de39f94b73450df9abf82a55496df96bea1
While doing precondition check, verify that device is debuggable and
unlocked.
The /sys/module/overlay mining code had some remarkably written chained
... && ... || ... expressions. This is also remarkably unreadable for
those untrained of bash command chaining pitfalls.
Just rewrite these with plain old if-then-else expressions.
Bug: 243116800
Test: adb-remount-test
Change-Id: I56b1dea5b9147755a43462682a51bc5802ee64c1
The redefining of cleanup hooks are making the script rather difficult
to read. Instead of redefining restore() just to skip some parts of it,
let restore() check flags and conditionally execute cleanup code.
Bug: 243116800
Test: adb-remount-test
Change-Id: If9d627618b54e215200455e8133492670737571d
Just use bash [[ for regex compare, which result in shorter code and
more robust.
Simplify the messaging pipeline:
If success, don't print anything and return 0. Let caller decide what
to log.
If failure and --warning, log error message and return 1.
If failure and ! --warning, die with error message.
Bug: 243116800
Test: adb-remount-test
Change-Id: Ie5426ff3fa57395aa6b4fe71c9bf96bd8e9afc35
Right now there are a lot of log commands in the form of
"echo <color code><log type><color code> [msg]... >&2"
which is painful to read, and test writers often accidentally omit the
trailing ">&2".
Add a LOG() function which takes care of the log formatting and stderr
redirecting once and for all.
Also bulk edit existing log commands to use LOG() everywhere.
Bug: 243116800
Test: adb-remount-test --color
Change-Id: I04beb9e09b28c08a3a6f4309bf2d4b6de906df90
Right now some test output are print to stdout and some to stderr.
Stdout mostly contain output of test commands.
Stderr mostly contain test result and device diagnostic status.
The logs in both streams also don't have timestamps, so separating the
two streams would be incredibly unuseful, because it would be very
difficult to deduce the causuality between the log lines.
In practice only the concatenated log stream is useful, so let's just
redirect all meaningful logs to stderr for good measure.
Why not stdout? Because stdout is often captured by command
substitution as command output.
foo() {
echo "Log nessage..." >&2
echo "function output..."
}
A=$(foo)
"Log message..." would go to stderr, and "function output..." would be
captured into ${A}.
Bug: 243116800
Test: adb-remount-test
Change-Id: I692a1b6cf352681cca65354688908e4becf9d31a
Remove the ERR trap handler as it doesn't work as intended and is rather
finicky. (Read more: mywiki.wooledge.org/BashFAQ/105)
Trap ERR (and set -e) could be an useful tool if applied sparingly, like
in a subshell, but they seem almost useless, even harmful, if applied
globally due to the following reasons.
The problems it brings includes but not limited to:
* ERR trap handler doesn't propagate inside subshells and functions.
This makes it rather useless for reporting unchecked errors.
* Set '-o errtrace' kind of fixes previous issue, but it would report
superfluous errors, because as the non-zero error code propagates up
the call stack, each subshell expression would evaluate to non-zero
status, repeatedly triggering the trap handler.
* Breaks the rather common "execute comand and check ${?}" pattern in
this script, for example:
H=$(adb remount)
[ "${?}" != 0 ] && echo warning....
script would prematurely exit if $(adb remount) fails, not having a
chance to recover from error.
--
`expr ...` is problematic because it exits with non-zero status if the
calculated result is zero. This makes ordinary harmless looking
expressions, which evaluates perfectly fine, to exit with error status
A=$(expr 1 + 1) # $? = 0
A=$(expr 1 - 1) # $? = 1
Just replace all `expr` with the more robust `$(( ... ))` construct.
--
Also fix typo scratch_paritition -> scratch_partition.
Bug: 243116800
Test: adb-remount-test.sh
Change-Id: I2a8941341a7a12359896f0e08ecd21766396eb45
Don't try to parse stdout of disable-verity, just pass -R to ask for
auto reboot.
This eliminates the complex logic of "disable-verity && check &&
reboot && disable-verity again ...", and increase robustness.
`${overlayfs_supported} && ${overlayfs_needed}` can be simplified to
just `${overlayfs_needed}` because `${overlayfs_needed}` implies
`${overlayfs_supported}`.
Move the curious recurring "overlay takeover unexpected" check to the
"Checking current overlayfs status" section so we don't need to repeat
it so many times.
Bug: 243116800
Bug: 241688845
Test: adb-remount-test
Change-Id: I96ec44e2b9d172c06c3b4850e061e7b6bb46833c
These checks have historically been unreliable, and we make no
guarantees around dev_t with overlayfs.
Bug: 242240650
Test: adb-remount-test.sh
Change-Id: I19e7aabec424a22beb0b56d35b198906841178b0
AVB 1.0 support in fs_mgr has been removed in commit
Ibfb46aa6c2f761dbb3a9b5f0b16336e510417620.
Adding a VTS test case to ensure the legacy 'verify' fs_mgr
flag isn't used anymore.
Also converting GetFstabPath() to a public API in the fstab.h,
so the test case can read then parse the fstab file.
Bug: 204948957
Test: atest vts_fs_test
Change-Id: Ib6ed7cb8b6ad719b19cd876acf10f4312ecb51b6
EROFS is not mandatory for android T and below,
so skip the test for those.
Bug: 237765186
Test: vts_fs_test fs#ErofsSupported
Change-Id: Iceea46f8f2d443636de504962b718a2461605591
* Instead of copy-and-modify `/data` mount entry, TransformFstabForDsu()
can just modify all `/data` mount entries in-place.
* This also stops TransformFstabForDsu() from shuffling the mount entry
of `/data` in fstab, simplifying the testcase.
* Implement GetEntriesForMountPoint() with GetEntriesByPred().
* Remove unused method BuildDsuUserdataFstabEntry() and
EraseFstabEntry().
Bug: 235111004
Test: atest CtsFsMgrTestCases
Test: Presubmit GSI boot test
Change-Id: I4afb443b7e527038fb42424543bb1538b01d5ec9
Synthesis mount entry for erofs and ext4.
Fix the synthesis logic to always create a new entry from scratch. The
old logic of "copy an existing mount entry and edit its fs_type"
doesn't work because different fs_type would have incomptable
fs_options. For example, changing this:
system /system ext4 ro,barrier=1 wait,logical,first_stage_mount
to this:
system /system erofs ro,barrier=1 wait,logical,first_stage_mount
doesn't work, because the erofs driver won't recognize the "barrier=1"
mount flag, since "barrier=1" is specific to ext4.
Bug: 235111004
Test: Boot erofs GSI.
Test: atest CtsFsMgrTestCases
Change-Id: I57132a55a089c7aae3e17c717ecd9dc1047fede8
"adb-remount-test.sh" is sh_binary,
not cc_prebuilt_binary.
Test: m
Test: cd system/core/fs_mgr; mma
Change-Id: Ie5e2446f87d38905d728e2c5a76f6f02381d10ce
Signed-off-by: jiajia tang <tangjiajia@xiaomi.com>
These were backported to android13-5.10 and should be present in
T-launch kernels.
Bug: 233926292
Test: vts_fs_test
Change-Id: Ifb5ff6a200b081fe8696d5803d4a128740eb8e21
There have been two bugs where people use !metadata_encryption.empty()
to check whether metadata encryption is enabled. It should actually be
!metadata_key_dir.empty(), since 'metadata_encryption' is the encryption
options, which can be empty if the defaults are sufficient.
Rename the field in FstabEntry appropriately.
To avoid breaking fstab files, don't rename the flag in the fstab file
itself. So, now the fstab flags map to FstabEntry fields as follows:
keydirectory => metadata_key_dir
metadata_encryption => metadata_encryption_options
Change-Id: I5bf673047c99e077bd6e1ac006d80e7e16bc814b
The intention of inserting this synthesised mount entry is for the
FirstStageMount() procedure to eventually fallback to this entry if all
previous mount lines failed.
In order for FirstStageMount() to retry mount, the mount lines have to
be grouped together.
This change ensures that would happen and add test.
Bug: 220074274
Test: atest CtsFsMgrTestCases
Change-Id: Id042a6a6738d27c06a397ef7f4e0977907371c05
Since Android 10, new devices have been required to use FBE instead of
FDE. Therefore, the FDE code is no longer needed.
Make fs_mgr reject fstabs where FDE is enabled.
Unfortunately, there is a quirk where the "encryptable" flag (which was
originally meant just for FDE) was overloaded to identify adoptable
storage volumes. It appears that we have to keep supporting this use
case. Therefore, don't reject the "encryptable" flag completely.
Instead, just reject "encryptable" when it appears without
"voldmanaged", or without "userdata" as its argument.
Here are some references for how "encryptable=userdata" is being used to
identify adoptable storage volumes:
* https://source.android.com/devices/storage/config#adoptable_storage
* f26c7e9b12:system/vold/main.cpp;l=269
* f26c7e9b12:device/google/cuttlefish/shared/config/fstab.f2fs;l=17
* f26c7e9b12:device/generic/goldfish/fstab.ranchu;l=7
[ebiggers@: modified from a WIP CL by paulcrowley@]
Bug: 191796797
Change-Id: I3c4bbbe549cc6e24607f230fad27ea0d4d35ce09
This reverts commit 0a799bdfd6.
Now that the kernel bootconfig feature has been to updated to handle
mixed subkeys and values, androidboot.hardware parameter is supported.
Test: build and boot Cuttlefish with "androidboot.hardware=cutf_vm"
Bug: 191502832
Change-Id: I0e436a27730d20689bc6974562c3e88d744385db
Our CI is failing because the host machine is using mawk instead of gawk.
mawk v1.3.3 cannot parse regex such as '/[/]/', while mawk v1.3.4 and
gawk can.
Change regex of '[/]' to '\/' so that our test script is as backward
compatible as possible.
Bug: 188862155
Test: Run adb-remount-test.sh on CI
Change-Id: Ia4fbce58a61325a5e5280ede0d5b7760832d8ec1
