The content parameter of write_file() previously took a char* that was
then converted to a std::string in WriteStringToFd(). One unfortunate
effect of this, is that it is impossible to write data that contains
'\0' within it, as the new string will only contain characters up
until the '\0'.
This changes write_file() to take an std::string, such that
std::string::size() is used to determine the length of the string,
allowing it to contain null characters.
Also change the path parameter of read_file() and write_file() for
consistency.
Lastly, add a test for handling strings with '\0' in them.
Bug: 36726045
Bug: 36576280
Test: Boot bullhead, run unit tests
Change-Id: Idad60e4228ee2de741ab3ab6a4917065b5e63cd8
(cherry picked from commit 53089aa25c)
Currently if a process sets the sys.powerctl property, init adds this
property change into the event queue, just like any other property.
The actual logic to shutdown the device is not executed until init
gets to the action associated with the property change.
This is bad for multiple reasons, but explicitly causes deadlock in
the follow scenario:
A service is started with `exec` or `exec_start`
The same service sets sys.powerctl indicating to the system to
shutdown
The same service then waits infinitely
In this case, init doesn't process any further commands until the exec
service completes, including the command to reboot the device.
This change causes init to immediately handle sys.powerctl and reboot
the device regardless of the state of the event queue, wait for exec,
or wait for property conditions.
Bug: 37209359
Bug: 37415192
Test: Init reboots normally
Test: Update verifier can reboot the system
Change-Id: Iff2295aed970840f47e56c4bacc93001b791fa35
(cherry picked from commit 98ad32a967)
(cherry pick from commit 5836379b21)
Deal with a regression introduced in commit
5a34d6ea43 (logd: drop mSequence from
LogBufferElement) where log_time was compared against nsec() time
miscalculating the watermark boundary. When dealing with logcat
-t/-T, or any tail reading, add a margin to prune to back off by a
period of 3 seconds (pruneMargin).
Test: gTest liblog-unit-tests logcat-unit-tests and logd-unit-tests
Bug: 37378309
Change-Id: I72ea858e4e7b5fa91741ea84c40d2e7c3c4aa031
libui.so is not used by SP-HALs, so it is removed from the list of libs
exposed from the default namespace.
Also, this fixes a warning message "property value is empty" caused by
the automatically removed trailing '/' for the section 'legacy'. Since
the legacy behavior is already implemented by the linker itself, the
behavior doesn't need to specified in ld.config.txt.
Test: marlin/sailfish boots
Test: no warning message is shown
Change-Id: Ib679794d63b01c6794663dc88f1ab7e72cfb11d3
We can't reuse the GID range for internal cache files, otherwise
we don't have a way to tease apart the difference when deciding if
it's safe to move apps.
Test: builds, boots
Bug: 37193650
Change-Id: I22c4e575cd557636e74c5c73035adb1d4dcbb7f7
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 36426473
Bug: 36079834
Test: m -j libcutils
Test: attempt to compile with BOARD_VNDK_VERSION := current
Test: (sanity) boot internal marlin
Change-Id: I76f9b28ef08a26d84d1365881e00696cc1dcfe5d
- moved __android_log_is_debuggable to a new public header
(log_properties.h)
- vendor version of sched_policy uses ALOG* instead SLOG*
Test: (sanity) liblog-unit-tests
Test: (sanity) libcutils_test (noting b/b/32972117, two tests continue
to fail)
Test: system/core as a whole makes with BOARD_VNDK_VERSION := current
now with no problems.
Test: boots/works on internal marlin
Bug: 33241851
Change-Id: I5bc1f348dc0f0c8814bec5b5c3d2c52c825ab640
* changes:
fs_mgr: support AVB in fs_mgr_update_verity_state()
init: support early_mount with vboot 2.0 (external/avb/libavb)
fs_mgr: adds/changes some public APIs for early mount in init
fs_mgr_avb: refactors how vbmeta is loaded
fs_mgr: adding fs_mgr_get_slot_suffix() public API
- mount, e2fsck, tune2fs will all fail if magic number does not match.
- mismatch always happen for FDE and is wasting boot-up time to try
all and fail always.
- skip mount steps if it has invalid magic number and do not record
fs_stat either.
- For ext4 fs with corrupt superblock, e2fsck refuses to do anything if
superblock magic is invalid. So simply running e2fsck does not help
anyway.
bug: 36231950
Test: reboot ane check fs_mgr log from dmesg
(cherry picked from commit 6000a3f657)
Change-Id: Ia7120a188c316262da5fdb986c7d9c76db86aa7b
Use of 'inline' without 'static' may allow the C compiler to uninline it
within the compilation unit, depending on the C standard level. Always
using 'static inline' avoids this problem.
Test: build + boot to launcher
Change-Id: Ifb6e1fa6b84286067ddc2daca4c8942c410e56ab
These includes are included transitively by liblog, but not by the VNDK
version of liblog.
Bug: 33241851
Test: links with BOARD_VNDK_VERSION := current
Change-Id: Ide4aee3cacad2a2bf6bd0cbdf0254c6c245f4020
fs_mgr_update_verity_state() is invoked by 'verity_update_state' in
init.rc. It will then set property "partition.system.verified" and
"partition.vendor.verified" to verify_mode. We should support this for
AVB as well.
Also change the order of static libs in init to fix the build error
after this change:
system/extras/ext4_utils/ext4_crypt.cpp:69: error: undefined reference to 'property_get'
Bug: 35416769
Test: Mount /system and /vendor with vboot 2.0 (AVB), check the following properties exist.
- [partition.system.verified]: [2]
- [partition.vendor.verified]: [2]
Test: Mount /system and /vendor with vboot 1.0, check the following properties exist.
- [partition.system.verified]: [0]
- [partition.vendor.verified]: [0]
Change-Id: I4328d66a8cb93f26e7960e620a0b2292d5f15900
Merged-In: I4328d66a8cb93f26e7960e620a0b2292d5f15900
(cherry picked from commit aaf70e77dc)
libavb requires verifying AVB metadata on all verified partitions at
once. For example, /vbmeta, /boot, /system and /vendor. We need to
invoke device_init() for those partitions even if we only want to early
mount some of them, like /vendor and /system.
This CL gets all AVB partitions and the early mount partitions from
device tree through "firmware/android/vbmeta" and "firmware/fstab",
respectively. The following is an example to early mount /vendor
partition on bullhead:
firmware {
android {
compatible = "android,firmware";
vbmeta {
compatible = "android,vbmeta";
parts = "boot,system,vendor";
by_name_prefix="/dev/block/platform/soc.0/f9824900.sdhci/by-name"
};
fstab {
compatible = "android,fstab";
vendor {
compatible = "android,vendor";
dev = "/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor";
type = "ext4";
mnt_flags = "ro,barrier=1,inode_readahead_blks=8";
fsmgr_flags = "wait,avb";
};
};
};
};
Bug: 33254008
Test: early mount /vendor with vboot 2.0 (AVB) on bullhead
Test: early mount /system without dm-verity on bullhead
Test: early mount /vendor with vboot 1.0 on sailfish
Change-Id: I89a1f77c97124f309346b33d9e700544b92ecf05
Merged-In: I89a1f77c97124f309346b33d9e700544b92ecf05
(cherry picked from commit 8bba52fc4b)
Several changes in this CL:
- Moves class FsManagerAvbHandle to public API
- Adds a parameter 'wait_for_verity_dev' for FsManagerAvbHandle::SetUpAvb()
to allow not to wait for verity device gets created
- Adds FsManagerAvbHandle::AvbHashtreeDisabled() to query whether AVB is disabled
- Adds fs_mgr_is_avb() to query whether a fstab_rec has MF_AVB flag
Bug: 33254008
Test: test AVB on bullhead
Change-Id: I89c43ca574ae632db8a700fc2590a1f80212c993
Merged-In: I89c43ca574ae632db8a700fc2590a1f80212c993
(cherry picked from commit 80d1ad17ed)
Adds two classes FsManagerAvbhandle and FsManagerAvbVerifier to replace the
following functions or struct:
- fs_mgr_load_vbmeta_images() -> FsManagerAvbhandle::Open()
- fs_mgr_unload_vbmeta_images() -> deleted
- fs_mgr_setup_avb() -> FsManagerAvbhandle::SetUpAvb()
- androidboot_vbmeta -> FsManagerAvbVerifier
- load_vbmeta_prop() -> FsManagerAvbVerifier::Create()
- verify_vbmeta_images() -> FsManagerAvbVerifier::VerifyVbmetaImages()
And only invokes FsManagerAvbhandle::Open() when there is a fstab entry having
'avb' flag (need HASHTREE descriptor). fs_mgr_is_avb_used() can be
removed as it only checks system property "ro.boot.vbmeta.hash_alg" to
decide whether vbmeta needs to be loaded, which might not be accurate.
For example, there are only HASH descriptors in the verified chain but
no HASHTREE descriptors. In this case, the fs_mgr doesn't have to do
anything because it only takes care of HASHTREE descriptors.
Also adds a new class FsManagerAvbOps to provide the C++ binding
FsManagerAvbOps::AvbSlotVerify() for libavb->avb_slot_verify().
Bug: 33254008
Test: test AVB on bullhead
Change-Id: I8fe15ba01c277152630a2a5c1c5c7f25fbf34030
Merged-In: I8fe15ba01c277152630a2a5c1c5c7f25fbf34030
(cherry picked from commit 95c966a859)
The function returns "_a" or "_b" based on two possible values in
kernel cmdline:
- androidboot.slot = a or b OR
- androidboot.slot_suffix = _a or _b
Bug: 33254008
Bug: 36533366
Test: boot sailfish
Change-Id: Ia0a524e4145ebf61af5821f42ecad212c95ed748
Merged-In: Ia0a524e4145ebf61af5821f42ecad212c95ed748
(cherry picked from commit 87d0836cda)
Now, framework process (any process that is executing /system/bin/* or
/system/xbin/*) are started with three namespaces; default, sphal and
vndk.
default namespace is the namespace that is responsible for loading libs
from /system/lib. It can't load libs from other places such as
/vendor/lib. (However, we temporarily open the path since we haven't
finished the system partition cleanup, but will do eventually).
sphal namespace is the namespace where SP-HAL (Same-process HAL) is
loaded. SP-HAL are the only vendor libraries that are allowed to be
loaded inside framework processes. libEGL_<chipset>.so and
android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs. When
framework needs to load those SP-HALs, it explicitly loads it from this
namespace using android_get_exported_namespace() and
android_dlopen_ext().
vndk namespace is the namespace for loading vndk-sp (Vendor-NDK for
Same-Process) libs, which is a small set of framework libraries that
SP-HALs can link against. These libraries are compiled for the same
version of Android that the vendor partition is compiled against.
SP-HALs can not use libraries other than vndk-sp and ndk libs.
Membership to vndk-sp and ndk are strictly closed.
Note that in a system, there are two copies of vndk-sp libs. One at
/system/lib and the other at /vendor/lib/vndk-sp. As a result, there can
be two instances of a same library in a process.
Also adds ld.config.legacy.txt which is used on non-Treble devices where
PRODUCT_FULL_TREBLE is not set to true.
Note, this split can be cleaned up further after b/37139976 is solved.
Bug: 34407260
Test: git diff HEAD:rootdir/etc/ld.config.legacy.txt
HEAD^:rootdir/etc/ld.config.txt => 0
Test: sailfish boots (because BOARD_VNDK_VERSION is not set to
'current')
Change-Id: I8331d94edc38f22c4f8abc66cdf2050af9d0605b
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 33241851
Test: build and flash internal marlin
Test: m -j libbacktrace
Test: build with BOARD_VNDK_VERSION := current
Change-Id: Idab4880e011416ebc40b225205c30fb5ed8661db
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 33241851
Test: build and flash internal marlin
Test: m -j libsync
Test: build with BOARD_VNDK_VERSION := current
Change-Id: I5b23d2c1f41b842e5a9b7ea257921133b80c3f98
This is used in CallStack.h.
Test: m -j libutils
Test: links
Test: trying to compile with BOARD_VNDK_VERSION := current
Bug: 33241851
Change-Id: If7258e7b38000a72fd520f725030fb0038f90167
These headers are used in headers in libsystem_headers and must be
re-exported.
Test: modules using libsystem_headers don't have to have
libaudio_system_headers include dirs set.
Bug: 33241851
Change-Id: Ic2d842a4c97b3e3fed770249f0cc33a399f3cead
Default signature WriteStringToFile creates world-writeable files.
Set owner and group system and remove read/write for non-owner.
Bug: 37251463
Test: Manual: reboot, inspect
Change-Id: I6a29c678168dcae611b120dc52170f4eee7069a9
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 33241851
Test: build and flash internal marlin
Test: m -j libbase
Test: build with BOARD_VNDK_VERSION := current
Change-Id: I720a00deada4e62628e6fbc4ac830265de9c669f
With the binder traffic of composer moved to vndbinder,
vndservicemanager is needed to be started early to get bootanim
displayed quickly.
Also servicemanager is required to be start early to support early
bootanim and sufaceflinger.
Bug: 37306311
Test: bootanim regression fixed
Change-Id: Ice1e05bdb3fe4e67a63a49f1db8afdb018c7b61b
