Although metadata encryption makes the device encryption policy
redundant, for now it is still being used, and the rule is still that
every top-level directory in /data is encrypted by the device policy
unless there is a specific reason why the directory can't be encrypted.
There are various cases where encryption=None is legimately needed and
is used, but they aren't explained in the code, and the option is prone
to be copy-and-pasted (as was done in https://r.android.com/1932960).
Fix this by explicitly commenting every case where encryption=None is
used, and consolidating the creation of all the user parent directories
into one place. (I left /data/bootanim as-is since it will be changed
to encrypted; see b/232299581.)
Change-Id: I6db5f4be7774e3d250c370638e8e7e33e226f3e7
Directories should always be encrypted unless there is a specific reason
they can't be. /data/bootanim is unencrypted without a specific reason,
so fix it to be encrypted. It is too late to use encryption=Require.
However, the contents of this directory doesn't need to be preserved on
updates, so we can use encryption=DeleteIfNecessary instead of
encryption=Attempt.
Bug: 232299581
Test: build success
Change-Id: I17bcb901ad533cada4e0aa061196fc94d7b213ec
No longer needed as the code to generate flag files based on
this environment variable is removed in Android 13.
Bug: 231946889
Test: Build and boot,
Change-Id: I8ce57619aa4d1e6457f3f864bf5e403f727c040c
Since apexd.status=ready is system-only property, we need a similar or
equivalent event or property which non-system APEXes can use to define
'on' trigger actions.
Note that services can be started without its own trigger actions by
setting 'class'. For example, 'hal'-class services are started 'on boot'
automatically.
Bug: 202731768
Test: atest CtsInitTestCases
Test: atest CtsBluetoothTestCases (cuttlefish's bt apex defines
'on' actions in the APEX config)
Change-Id: I6eb62ba8d6e350add2ebafe7da06fcaa57d825ff
Aptx and aptx-Hd are both vendor libs in system_ext.
In order to load their dependencies from a compatible environement
Bluetooth need to setup the linker
Fix: 231967310
Test: atest net_test_stack_a2dp_native
Test: Log analyze after bluetooth boot
Tag: #refactor
Ignore-AOSP-First: Apex only on tm and below
Change-Id: I752e65889a42fe3378f51bd0821c2958ed9b5a7d
To prevent bugs, directory creation and encryption should happen
together. /data/user/0 (and its "alias" /data/data) is a per-user
encrypted directory; such directories can only be encrypted by vold.
Therefore, move its creation to vold as well.
Besides closing the uncomfortably-large gap between the creation and
encryption of /data/user/0, this allows removing init's write access to
/data/user and similar directories (SELinux type system_userdir_file) to
prevent any such issues from being reintroduced in the future.
To also allow removing init's write access to /data/media (SELinux type
media_userdir_file), which also contains per-user encrypted directories,
also move the creation and encryption of /data/media/obb to vold.
Bug: 156305599
BYPASS_INCLUSIVE_LANGUAGE_REASON=Linux API ("slave" mount flag)
Change-Id: I7245251eeb56b345b6c7711482c0aa5848648edb
The uevent.rc will setup owner/group/permissions in all the conditions
including device boot, cpu hotplugs, and cpu online/offline.
Since ueventd always regenerates uevents at boot, we could remove the
redundant settings in init.rc.
Bug: 230291215
Test: Build and check scaling_max_freq on Cuttlefish and B3 device
Change-Id: I4fcc440f2a950967667f88da574faa501b3e227c
The ueventd.rc sets permissions to 0664 but init.rc sets cpu0 to
0660. Since lots of processes already had read access for cpufreq nodes
(refer to system/sepolicy/public/domain.te), align all cpus to 0644
permissions.
Bug: 230291215
Test: Build
Change-Id: I3c72d69590998f8da894fb02097212f834edd48c
We need to fix the below error happening in early stage.
[ 24.835617][ T1] init: [libfs_mgr]Running /system/bin/fsck.f2fs -a -c 10000 --debug-cache /dev/block/sda1
[ 24.843693][ T1] logwrapper: Cannot log to file /dev/fscklogs/log
Bug: 230637147
Bug: 230879192
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I19bc5f7154577e29414f855de6ce72172b281975
Set readahead window multiplier for POSIX_FADV_SEQUENTIAL files as 16 to
enhance file read performance like a language package loading.
Bug: 192011293
Test: adb shell cat /dev/sys/fs/by-name/userdata/seq_file_ra_mul
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I7f7e4339651be2d6aa99b07bcb12ab62136a940e
Merged-In: I7f7e4339651be2d6aa99b07bcb12ab62136a940e
Set readahead window multiplier for POSIX_FADV_SEQUENTIAL files as 16 to
enhance file read performance like a language package loading.
Bug: 192011293
Test: adb shell cat /dev/sys/fs/by-name/userdata/seq_file_ra_mul
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I7f7e4339651be2d6aa99b07bcb12ab62136a940e
Delete all files and directories under
/data/misc/virtualizationservice at boot. Originally they were owned
by the virtualizationservice user; we now run as system, and don't
have permission to remove them after boot.
Bug: 230056726
Test: Create fake stale dir+file, see them deleted
Change-Id: I5ff7d055aeeb25ba7693e50876d6b8a830c4bf51
(cherry picked from commit 34ee0c931c)
Delete all files and directories under
/data/misc/virtualizationservice at boot. Originally they were owned
by the virtualizationservice user; we now run as system, and don't
have permission to remove them after boot.
Bug: 230056726
Test: Create fake stale dir+file, see them deleted
Ignore-AOSP-First: Needed in T, will CP to aosp
Change-Id: I5ff7d055aeeb25ba7693e50876d6b8a830c4bf51
[1] changed the UID of the virtualizationservice daemon and
/data/misc/virtualizationservice directory to `system`. However, this
can cause a permission denial issue when the directory has stale files
when the device was running a build before [1] and an OTA to [1] (or
above) is attempted. The daemon tries to delete the stale files - which
must have been still labeled as old UID and thus the daemon has no
privileged to delete them.
Fixing this issue by ensuring that the directory is always empty by
init.
[1] https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2059527
Bug: 230056726
Test: watch TH
Merged-In: I61c0297503347932b14b83859bec9ff82628336f
Change-Id: I61c0297503347932b14b83859bec9ff82628336f
[1] changed the UID of the virtualizationservice daemon and
/data/misc/virtualizationservice directory to `system`. However, this
can cause a permission denial issue when the directory has stale files
when the device was running a build before [1] and an OTA to [1] (or
above) is attempted. The daemon tries to delete the stale files - which
must have been still labeled as old UID and thus the daemon has no
privileged to delete them.
Fixing this issue by ensuring that the directory is always empty by
init.
[1] https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2059527
Bug: 230056726
Test: watch TH
Change-Id: I61c0297503347932b14b83859bec9ff82628336f
Previously, virtualizationservice had its own UID
`virtualizationservice`. As a result, crosvm, which is spawed by
virtualizationservice`, also run as the UID. However, that prevented us
from applying task profiles to the crosvm process because joining a
process to a cgroup requires system UID.
To fix that, virtualizationservice now runs as system UID. As a result,
this directory that virtualizationservice accesses has to change its
owner and group to system.
Bug: 223790172
Bug: 216788146
Test: watch TH
Change-Id: I2bdf49e99f1841bf77ff046b0c2455064b174e0a
/dev/kvm and /dev/vhost-vsock are used by crosvm. Previously, it ran as
a custom UID `virtualizationservice`. However, this prevented us from
applying task profiles to the crosvm process because joining a process
to a cgroup requires system UID.
Now, crosvm (and its parent virtualizationservice as well) runs in
system UID. Therefore, the ownership of two device files are also
updated accorgly.
BUG=b:216788146
BUG=b:223790172
Test: watch TH
Change-Id: I1f63a12532d3a2cb5724291dbbb40210bd7c9203
This is part of the changes that will allow creating a single
system image but a different set of properties will either
start or not start the secondary zygote.
Bug: 227482437
Test: Verified that secondary doesn't start with same system image
Test: with ro.zygote set to zygote64 and abilists set appropriately.
Test: Verified that secondary does not start when restarting netd.
Test: Verified that secondary does start with same system image
Test: with ro.zygote set to zygote64_32 and abilists set appropriately.
Test: Verified that secondary does start when restarting netd.
Test: Verified that a 64 bit device only starts the primary.
Test: Verified that a 32 bit device only starts the primary.
Change-Id: Id37a223c73f9a61868b2e26450ef4b6964f7b496
Experiments can enable/disable MG-LRU using the
persist.device_config.mglru_native.lru_gen_enabled property
which will update the coresponding sysfs control to enable or
disable this feature in the kernel.
Test: adb shell device_config put mglru_native lru_gen_config [none, core, ...]
Test: verify MG RLU is enabled/disabled: cat /sys/kernel/mm/lru_gen/enabled
Bug: 227651406
Bug: 228525049
Change-Id: I0708df8c78a85359d5cb6d5b167836768029380e
This is required so that system_server can read/delete the file(s) in
/data/misc/odsign/metrics & report to statsd
Note the group change in odsign directory was required so that
system_server can get the execute permission to read file in the sub dir
Test: adb shell ls -l /data/misc/odsign/metrics
Bug: 202926606
Change-Id: I6dd80e05bbfb9daf4aa3e996fc22bba1de8bd2ce
Revert "Migrate the blkio controller to the cgroup v2 hierarchy"
Revert "Migrate the blkio controller to the cgroup v2 hierarchy"
Revert "Migrate the blkio controller to the cgroup v2 hierarchy"
Revert submission 1962326-blkio-cgroup-v2
Reason for revert: This set of changes is suspected to have caused a redfin boot time regression for the git_tm-dev branch.
Reverted Changes:
Id18d876b6:Migrate the blkio controller to the cgroup v2 hier...
I7dfa52136:Migrate the blkio controller to the v2 cgroup hier...
I5336167be:Migrate the blkio controller to the cgroup v2 hier...
I3f0131d8f:Migrate the blkio controller to the cgroup v2 hier...
Ibb62b2d4d:Migrate the blkio controller to the cgroup v2 hier...
Bug: 227382327
Bug: 227389363
Change-Id: I6c8183ed1c3044c8947c4fca07799deff98101b3
This patch preserves the following parameter values:
* Foreground BFQ weight: 100
* Foreground CFQ group_idle: 0
* Foreground CFQ weight: 1000
* Background BFQ weight: 10
* Background CFQ group_idle: 0
* Background CFQ weight: 200
The foreground BFQ weight in task_profiles.json is the default BFQ
weight. From
https://www.kernel.org/doc/Documentation/block/bfq-iosched.txt:
"weight (namely blkio.bfq.weight or io.bfq-weight): the weight of the
group inside its parent. Available values: 1..10000 (default 100). The
linear mapping between ioprio and weights, described at the beginning
of the tunable section, is still valid, but all weights higher than
IOPRIO_BE_NR*10 are mapped to ioprio 0."
Bug: 213617178
Test: Booted Android in Cuttlefish and ran the following test:
Test: adb -e shell cat /sys/fs/cgroup/*/*/io.bfq.weight | sort | uniq -c
Test: 22 default 10
Test: 98 default 100
Change-Id: I7dfa521363a316592852fecce9192708c7a90514
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The "vold.post_fs_data_done" system property was only used by FDE, which
is no longer supported, and this code was commented out anyway.
Bug: 208476087
Change-Id: Ib9346d14368c77058a598e5c4f5f2ed72f5a5316
* changes:
Init: add dev.mnt.blk.bootdevice to access device sysfs
init: mount_handler: detect main block device more reliably
init.rc: use /sys/class/block instead of /sys/devices/virtual/block
This patch adds a new property, 'dev.mnt.root.<mount_point>', which provides,
for example of /data,
1. dm-N
dev.mnt.dev.data = dm-N
dev.mnt.blk.data = sdaN or mmcblk0pN
dev.mnt.rootdisk.data = sda or mmcblk0
2. sdaN or mmcblk0pN
dev.mnt.dev.data = sdaN or mmcblk0pN
dev.mnt.blk.data = sdaN or mmcblk0pN
dev.mnt.rootdisk.data = sda or mmcblk0
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I0a58a62d416f966f26b5de04112c2f9a7eceb22c
/sys/class/block covers all of dm-[0-9], sd[a-z], mmcblk[0-9].
Use it instead of /sys/devices/virtual/block, which only covers dm
devices.
This allows f2fs tunings to be applied more reliably regardless of
how the userdata partition is set up.
Do note that while everything under /sys/devices/virtual/block are
expected to have correct SELinux labels by AOSP, some under
/sys/class/block are not as it's symlinked to platform-specific paths,
and it is up to the vendors to label them correctly.
Test: Confirm entries under /dev/sys aren't dangling and cp_interval,
gc_urgent_sleep_time, iostat_enable and discard_max_bytes are
all set up properly under FBE, FDE and unencrypted.
Change-Id: I089af5bc068445f33919df6659671e50456d49f9
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
Bug: http://b/194128476
If CLANG_COVERAGE_CONTINUOUS_MODE is set, enable continuous mode by
adding '%c' to LLVM_PROFILE_FILE.
Test: CLANG_COVERAGE_CONTINUOUS_MODE m and verify continuous mode works.
Change-Id: I8ace01f2aeaef62857e73308b04a535739171b53
The clang prebuilts now provide a single module with per-architecture
variants instead of a module per architecture, which means the module
name doesn't match the installed file name. Use the file names
exported from Soong instead of the module names.
Bug: 220019988
Test: m out/target/produuct/coral/system/etc/sanitizer.libraries.txt
Change-Id: I12e7e988ce60d928987db8611883e67f2ecdee87
In targets that do not include a zygote binary, attempting to start the
zygote service will result in repeated service restarts. Avoid this by
providing a way for targets to opt out of declaring a zygote service.
The fvp_mini target does not have a zygote, so apply this opt-out to
that target.
Relanding after fixing breakage on an internal branch.
Bug: 217455793
Change-Id: Ic26f76142afb5f700bd7b12359d62feb2652b617
Revert "Add a core configuration that disables the zygote."
Revert submission 1964759-master-I4f918502e611e950fa039e4e2ed817c97b928ba2
Reason for revert: b/217993447
Reverted Changes:
I4f918502e:Add a core configuration that disables the zygote....
I4f918502e:Add a core configuration that disables the zygote....
I4f918502e:Add a core configuration that disables the zygote....
Change-Id: I9dc73c6338ed158bd712324b99ae9e3cd4a36424
Always create system_dlkm mountpoint like
vendor_dlkm and odm_dlkm; as some CF mixed
tests are using the dynamic partition to boot
with builds with no system_dlkm which causes
avd boot failures.
Bug: 217511547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Ibf32127df22898706db02400addaa0f1193c105c
Replace /system_dlkm mount guard flga from
BOARD_USES_SYSTEM_DLKM_PARTITION to
BOARD_USES_SYSTEM_DLKMIMAGE. board_config.mk
and other tools are using this format of image
name to auto generate code to prevent duplication.
Bug: 200082547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Ie4dc899509cf42afb553936e6dbf69d5ce234d01
In targets that do not include a zygote binary, attempting to start the
zygote service will result in repeated service restarts. Avoid this by
providing a way for targets to opt out of declaring a zygote service.
The fvp_mini target does not have a zygote, so apply this opt-out to
that target.
Change-Id: I4f918502e611e950fa039e4e2ed817c97b928ba2
Set permissions to cgroup.procs files in cgroup hierarchies similar to
permissions for tasks files so that SetProcessProfiles can access them.
Bug: 215557553
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Id0c82288392146c8d536d273790a0252580c4203
Add libnetd_updatable.so as dependency of platform. The library will be
used by Netd. Linker config is required if a library in mainline module
is linked by platform.
Bug: 202086915
Test: m; flash; boot
Change-Id: I97183f022b229e788184a979d1a211968295563d
Bug: http://b/194128476
Bug: http://b/210012154
This reverts commit e59f0f66fc.
Coverage metrics dropped for ~10 of the 40 modules. There are also
regressions in mainline when running tests on older platform builds.
Test: presubmit
Change-Id: I50a011f68dcdc25883a68701c51e7e2aabc5a7dc
This folder is used to host bootanim data files.
Bug: 210757252
Test: /data/bootanim is correctly created.
Change-Id: I5019a92df4526865d53797bfd93cd68c3e6d2886
Bug: http://b/194128476
Bug: http://b/210012154
- Do not use %c if coverage is enabled for bionic/libc.
Test: Run tests with this topic and verify coverage still works and also
test memory-mapped coverage (death tests, JNI code in CTS)
Change-Id: Id1ade9c6f45d69a1da912e3e57acd1d0197c11b5
Add AID_READTRACEFS and mount tracefs with gid=AID_READTRACEFS
Bug: 209513178
Test: adb shell ls -l /sys/kernel/tracing/events
Change-Id: Ibbfdf8a4b771bd7520ecbaaf15a1153d6bf0e599
Revert "Demonstrate multi-installed APEXes."
Revert "Adds a new prop context for choosing between multi-insta..."
Revert "Adds multi_install_skip_symbol_files field (default fals..."
Revert submission 1869814-vapex-multi-config
Bug: 206551398
Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/tests/view?invocationId=I55600009996329947&testResultId=TR93527797572038984, bug b/206551398
Reverted Changes:
I0cd9d748d:Adds multi_install_skip_symbol_files field (defaul...
I5912a18e3:Demonstrate multi-installed APEXes.
I0e6881e3a:Load persist props before starting apexd.
I932442ade:Adds a new prop context for choosing between multi...
I754ecc3f7:Allow users to choose between multi-installed vend...
Change-Id: I27a4985061b112af7d0e9b95b6d42ccd9b846471
apexd now reads persist props to select between multi-installed APEXes
for debug builds.
Bug: 199290365
Test: see https://r.android.com/1872018
Change-Id: I0e6881e3a5a3775560b580556a7de2e2da043d34
Create a new group for dex2oat in cpu cgroup, which is dedicated for
dex2oat processes. Also modify task profiles for this change.
Bug: 201223712
Test: dex2oat group created
Change-Id: Ic61f4b8a64d01c03549b680970805e12b9ce4fcc
This is required since Android 12, because
CtsNativeVerifiedBootTestCases will read property
"partition.${partition}.verified.hash_alg" to
check that sha1 is not used.
Also see https://r.android.com/1546980 for more details.
Bug: 175236047
Bug: 203720638
Test: build and boot a device
Change-Id: I300265f4af9c2781d40537f391bda9eaf62c27ba
The tracing instance takes extra RAM and is not needed on devices running older kernels.
Bug: 194156700
Test: manual on a Pixel device
Change-Id: I794062741688ebea0e4bc500723a966f8f646ee1
Signed-off-by: Alexander Potapenko <glider@google.com>
In order for crashes when executables are run from the
/data/local/tests directory, set the executable bit for that
directory and sub-directories. Without this, neither the root
user nor shell user can read any executables or shared libraries in
the tests directory.
Bug: 197229540
Test: Used the crasher executable and copied it to /data/local/tests
Test: and verified that running it as root and shell results in
Test: tombstones that have full unwinds with function names.
Change-Id: Ice669358decad9766e0496c156aa84d4ecacd124
sys.sysctl.extra_free_kbytes property controls the value set to the
/proc/sys/vm/extra_free_kbytes out-of-tree kernel knob. Replace its
use with execution of extra_free_kbytes.sh script which calculates
and sets corresponding value to /proc/sys/vm/watermark_scale_factor
upstream-supported kernel knob.
Bug: 109664768
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Iaece28eb858a20c8c39578a28dc6bbc6adc13c40
The main users of this instance are KFENCE and MTE-aided KASAN, which are only supported on arm64.
Skip creation of this tracing instance on 32-bit systems to save ~6Mb memory on low-end devices.
Bug: 195089948
Bug: 194719088
Bug: 194156700
Change-Id: Icaf762715fed7a282b1ad738c10bcb45dc848f4d
In newer kernel, it introduces watermark boost feature
to enhance memory fragmentation problems. This feature
will dynamically boost/down watermark level which conflicts
with LMKD assumption and causing LMKD not to work properly.
Disabling this feature first until we address it.
Bug: 189938926
Test: check vm parameter.
Signed-off-by: Martin Liu <liumartin@google.com>
Change-Id: I6db5163f843f1129080bb944df7cbb8c799a58e0
The sysfs node of sd blk_device is /sys/fs/f2fs/sd-<num>, we shouldn't
skip partition number at this time.
Bug: 189257443
Test: access sd-<num> sysfs correctly
Signed-off-by: Guo Weichao <guoweichao@oppo.com>
Signed-off-by: Huang Jianan <huangjianan@oppo.com>
Change-Id: Ibcd7bb265f8fca9cd26f8770403f1bafad433acb
We never use CONFIG_RT_GROUP_SCHED in GKI kernel, but that could be set
on legacy devices. Remove system cgroup migration and also RT settings
as we should not have any task under those groups.
Bug: 191925901
Test: Build
Signed-off-by: Wei Wang <wvw@google.com>
Merged-In: I492833975e28e9888e412711e80670ca0901010d
Change-Id: I492833975e28e9888e412711e80670ca0901010d
(cherry picked from commit b4e79853cd)
writepid command usage to join a cgroup has been deprecated in favor
of a more flexible approach using task_profiles. This way cgroup path
is not hardcoded and cgroup changes can be easily made. Replace
writepid with task_profiles command to migrate between cgroups.
Bug: 191283136
Test: build and boot
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I945c634dfa7621437d8ea3981bce370d680b7371
adb_debug.prop is migrated too. And ramdisk_available is added to all
dependencies.
Bug: 187196593
Test: boot
Change-Id: I59cd149e0021211b8fd59c44b93bbf18dc8637bf
Due to aosp/1708274, ref data directory is now world accessible.
We need to fix ref data directory so that it does not leak app
visibility information.
Bug: 189787375
Test: AppDataIsolationTests
Change-Id: I716852478ce0734c7038934c88c36a567c06393f
This reverts commit 14f6751df1.
Reason for revert: Removing libneuralnetworks_shim.so from Android S
Change-Id: I23acbdc31ddc488ad59225b483936905fa3652ee
Merged-In: I23acbdc31ddc488ad59225b483936905fa3652ee
ART wants to optimize the time when the profile information
is saved for an app. To do so, it needs access to both, the current
profile, and the reference profile. This will allow ART to access
the ref profiles, which previously was not needed.
Test: m & flash
Bug: 185979271
Change-Id: Ie07bce81d2fba9c0b0ae4f322418e960c024e15d
There is no direct dependency in platform on this library, but we still
need a link to it from the system namespace, since adbconnection can
load it as a JVMTI agent without a class loader, and that is changing
to use the system namespace in https://r.android.com/1673312.
Test: atest CtsJdwpTestCases
Test: atest CtsJdwpTunnelHostTestCases
Bug: 130340935
Change-Id: Ia06c0f2a80226a056195fcff2f5d4dcab8f38518
On first boot, FDE devices hang on the command
'wait_for_prop apexd.status activated'. This is because apexd was
already started with the tmpfs /data, then was stopped by
vold.decrypt=trigger_shutdown_framework. Then when apexd is started
again with the real /data, it sees that apexd.status="ready" already, so
it doesn't consider itself to be starting from scratch again. So it
doesn't move apexd.status back to "activated" as expected.
Fix the above by resetting apexd.status to its initial value of the
empty string before trying to start apexd in the post-fs-data trigger.
Note that this also takes care of the userspace reboot case which was
previously handled in the userspace-reboot-requested trigger.
Also, FDE devices hang at the same place on non-first boots with default
encryption (i.e., when no PIN is set) because apexd is still running
after having been started with the tmpfs /data. This is because
vold.decrypt=trigger_shutdown_framework isn't run in that case, but
rather vold manually kills processes that have open files on /data --
which doesn't include apexd. But, apexd should be restarted too.
Fix that by using 'restart apexd' rather than 'start apexd'.
Note that these changes are needed even though FDE devices don't support
updatable APEXes, as apexd is needed regardless.
This is one of a set of changes that is needed to get FDE working again
so that devices that launched with FDE can be upgraded to Android 12.
Bug: 186165644
Test: Tested FDE on Cuttlefish. Also tested userspace reboot (with FBE)
Change-Id: I4fa57cf15d77b64d1167eaf966347d2a9d6a9b72
Now that we are activating APEX directly from /data/apex/decompressed
directory, without this permission, PackageManager fails to parse
decompressed APEX. This permission setting is same as what we have for
/data/apex/active.
Bug: 185886528
Test: atest ApexCompressionTests
Change-Id: Ief36a6ddc5760faff2c390fa913984385fda99a6
Soong generates classpaths.proto config and puts it into
/system/etc/classpaths/ for derive_classpath to read at runtime. There
is no need to plumb these values via make anymore.
Bug: 180105615
Test: m && launch_cvd; presubmit / DeviceBootTest
Change-Id: I514c5036871233ae865b972effea8321dbe4aea9
In order to simplify developer/test flow, the persistent property
persist.dbg.keep_debugfs_mounted can be set to prevent debugfs from
being unmounted on boot.
Bug: 184381659
Test: build and boot
Change-Id: I714616b361e6c8fb59633ec0763f9bd55af7df0e
Rename ro.product.enforce_debugfs_restrictions to
ro.product.debugfs_restrictions.enabled as per the sysprop naming
scheme.
Bug: 184381659
Test: build, boot
Change-Id: Ie350eefa342e7e16d31363139257ed285780e874
platform-bootclasspath module generates classpaths.proto config with
the information for derive_classpath to read and parse at runtime.
See go/updatable-bootclasspath.
Bug: 180105615
Test: m && launch_cvd; presubmit / DeviceBootTest
Change-Id: I0f4b1cfce9468fd6e3377a1d7233245e30f1ea51
Revert submission revert-1660531-max-boot-level-crypto-KFMCEDKSIV
Reason for revert: topic:vold-use-keystore2 has landed fixing the bug
Reverted changes:
Ibf63734a: Revert "Set earlyBootEnded before apex starts"
Id02f63a7: Revert "Expose AID_KEYSTORE"
Ibcedeff4: Revert "Cryptographic security for MAX_BOOT_LEVEL"
Restored changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Reverted-SHA1: 82cfe66794
Original commit message:
earlyBootEnded signals to keystore2 to read the database for the first
time, and start the MAX_BOOT_LEVEL system. It must therefore run
after /data is mounted and /data/misc/keystore is created, but before
apexd or odsign starts.
Bug: 176450483
Test: atest com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles
Change-Id: Ib9c2b4bbdddecdf73924125f9bdc75c82e1dd257
Adding in case of link required from the system image to nn apex.
Test: Run sample vendor service on cf device
Bug: 172925288
Change-Id: Ic4609cc0b73dfd5c9d39b75b22e241c30d61b753
so that this can be packaged in a filesystem(e.g microdroid)
Bug: 181093750
Test: MicrodroidTestCase
Change-Id: Ib86789de4632a32eee31fee0607d5ade8ae6b33f
Debugfs cannot be mounted in userbuilds since Android R. Since init only
mounts/unmounts debugfs during boot for debug builds, move it to
init-debug.rc.
Bug: 184381659
Test: build/boot
Change-Id: Ib51e82b99ec1eb95a2647c91855f6d4d1585040a
Metrics are written to /data/misc/odrefresh by odrefresh during early
boot, then the zygote passes them to statsd and delete the metrics
files.
Bug: 169925964
Test: manual
Change-Id: Ia39098109d59600ae8d7b197f46e9a6de18ca57c
Revert "Merge libdexfile_external into libdexfile (reland)."
Revert "Rename libdexfile_external_static to libdexfile_static (..."
Revert "Rename libdexfile_external_static to libdexfile_static (..."
Revert submission 1666119-libdexfile-noext-2
Reason for revert: broken build 7270939 on aosp-master on full-eng
Reverted Changes:
I582e49ae7:Merge libdexfile_external into libdexfile (reland)...
Iaa6a90f41:Rename libdexfile_external_static to libdexfile_st...
I4315189b2:libdexfile_external is replaced by libdexfile (rel...
Ia065119c2:Rename libdexfile_external_static to libdexfile_st...
Bug: 184929782
Change-Id: Id4830ded68e6fb3e9da0bcd8e428c46a79df3ff8
Test: forrest build for aosp-master on full-eng
Revert "Cryptographic security for MAX_BOOT_LEVEL"
Revert submission 1660531-max-boot-level-crypto
Reason for revert: broken test com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles on aosp-master on aosp_cf_x86_64_phone-userdebug at 7261517
Reverted Changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Bug: 184635938
Change-Id: Ibf63734a02a2c132142671c0fae5d0177bf46079
Test: forrest run for the broken test
This relands https://r.android.com/1644045 after fixing the build issue
in b/184239856.
Test: atest CtsSimpleperfTestCases
Bug: 143978909
Change-Id: I4315189b243503f5633f64d46a0ffedad3bebf0c
earlyBootEnded signals to keystore2 to read the database for the first
time, and start the MAX_BOOT_LEVEL system. It must therefore run
after /data is mounted and /data/misc/keystore is created, but before
apexd or odsign starts.
Bug: 176450483
Test: cuttlefish: check keystore2 logs to ensure all looks well.
Change-Id: Ia3b968afc38edf95712480e99e545ba88ea309c3
restrictions
Use the property ro.product.enforce_debugfs_restrictions to enable
debugfs restrictions instead of checking the launch API level. Vendors
can enable build-time as well as run-time debugfs restrictions by
setting the build flag PRODUCT_SET_DEBUGFS_RESTRICTIONS true which in
turn sets ro.product.enforce_debugfs_restrictions true as well enables
sepolicy neverallow restrictions that prevent debugfs access. The
intention of the build flag is to prevent debugfs dependencies from
creeping in during development on userdebug/eng builds.
Test: build and boot
Bug: 184381659
Change-Id: If555037f973e6e4f35eb7312637f58e8360c3013
Revert "Merge libdexfile_external into libdexfile."
Revert "libdexfile_external is replaced by libdexfile."
Revert "Rename libdexfile_external_static to libdexfile_static."
Revert "Rename libdexfile_external_static to libdexfile_static."
Revert "Allow dependencies from platform variants to APEX modules."
Revert submission 1658000
Reason for revert: Breaks full-eng build: b/184239856
Reverted Changes:
I4f8ead785:Avoid internal APEX stubs for libsigchain and clea...
I68affdf69:Allow dependencies from platform variants to APEX ...
I54b33784e:Rename libdexfile_external_static to libdexfile_st...
Id68ae9438:libdexfile_external is being replaced by libdexfil...
I12ac84eb4:libdexfile_external is replaced by libdexfile.
If05dbffc8:Rename libdexfile_external_static to libdexfile_st...
Ia011fa3a8:Merge libdexfile_external into libdexfile.
Change-Id: I2448810c9a863cde32b6ed98d9ed0a99cf260d34
It must run before odsign; and now runs after restorecon on /data as well.
Bug: 183861600
Bug: 180105615
Test: presubmit && cuttlefish boots
Change-Id: Iefe59d94a7a40ed1e526c189cbc2baf69156f334
To improve boottime, we want to run odsign in an asynchronous fashion;
but there are 2 places where we do need it be sync:
1) We need to know when it's done using its key, so that we lock
keyrings and advance the boot stage
2) We need to know verification is complete before we start the zygote
These are indicated by odsign using separate properties.
Bug: 165630556
Test: init waits for the properties, and proceeds when done
Change-Id: I623c24a683340961b339ed19be2f577d9293b097
Revert "Introduce derive_classpath service."
Revert "Introduce derive_classpath."
Revert submission 1602413-derive_classpath
Bug: 180105615
Fix: 183079517
Reason for revert: SELinux failure leading to *CLASSPATH variables not being set in all builds
Reverted Changes:
I6e3c64e7a:Introduce derive_classpath service.
I60c539a8f:Exec_start derive_classpath on post-fs-data.
I4150de69f:Introduce derive_classpath.
Change-Id: Iefbe057ba45091a1675326e3d5db3f39cc3e2820
Currently, tcp receive window size is read from
net.tcp.default_init_rwnd then set to net.tcp_def_init_rwnd. It
should not use seperate property to read/write the value, it only
needs one of property basically. So migrate
net.tcp.default_init_rwnd to net.tcp_def_init_rwnd which has
formal API.
Bug: 182538166
Test: Manually check that net.tcp_def_init_rwnd has default
value and proc/sys/net/ipv4/tcp_default_inti_rwnd node
is created with same value.
Change-Id: I6748485f99198b1200c67d6595b659aac7d7e1e0
The service parses and merges configs from multiple partitions, defines
*CLASSPATH environ variables' values and writes them to file, for
init to export.
See go/updatable-classpath for more details.
Bug: 180105615
Test: manual
Change-Id: I60c539a8fef4d690f47704e896f67949ec49db60
The first user of keystore boot levels is on-device signing; transition
the boot level to 30 before running the post-fs data hook, and
transition it to 40 right after on-device signing is done. This leaves
some space for future boot levels to be inserted, if we wanted.
Bug: 165630556
Test: inspect logs
Change-Id: If0a74cbe9ea8fce806020d8a42a978cfb9117ded
This instance will be used to monitor the error_report_end tracing
events sent by kernel tools in the case of a memory corruption.
Bug: 172316664
Bug: 181778620
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: Ibc5cd3b60fb99030cc55db6b490d6d4bbbca3963
Revert "Selinux policy for bootreceiver tracing instance"
Revert submission 1572240-kernel_bootreceiver
Reason for revert: DroidMonitor: Potential culprit for Bug 181778620 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
Ic1c49a695:init.rc: set up a tracing instance for BootReceive...
I828666ec3:Selinux policy for bootreceiver tracing instance
Change-Id: I5c2ccfe3eeb8863086b7cb9b3de43c6e076d995a
This instance will be used to monitor the error_report_end tracing
events sent by kernel tools in the case of a memory corruption.
Bug: 172316664
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: Ic1c49a695ff7df4147a7351051db7b6707c86e0a
Keystore listens to this property and uses it to honor the
MAX_BOOT_LEVEL key tag.
Test: boot, use adb getprop to find the current value.
Bug: 176450483
Change-Id: If32b20f56f96afa24166188c2dd931620dcaef98
For now, export the exact same values, on `post-fs-data` instead of on
`early-init` to soak the change. As a follow up, the actual values will
be generated by a new oneshot service.
See go/updatable-classpath for more details.
Bug: 180105615
Test: manual - device boots
Change-Id: I5f6826a0f87a5e01233e876d820e581feb555bca
When installing an OTA, update_engine needs to reserve some space on
filesystem by writing to a specific directory(/data/apex/ota_reserved/),
therefore we need to create this dir on system start up.
We are also pro-actively enabling encryption on this directory so that
we can create hard links to /data/apex/decompressed. This will be needed
when we start decompresssing capex from post-install script before
reboot and on boot we can then simply hard link to these files.
Test: th
Bug: 172911822
Change-Id: Ia6a63efcedcfdad9817ba88b54f96683d34df6ce
There's no need for system_server to access this any more, so no need to
have weaker permissions than we'll get by default (ignoring the fact
that SELinux policy is our real protection here anyway).
Bug: http://b/179086242
Test: treehugger
Change-Id: I584e87f027f44e10190c2e5c2eb85785f61f8bd5
ueventd.rc scripts belong in the /etc/ directory of their given
partition, not the root of the partition. This can cause problems,
especially since Android.bp cannot write to the root directly, forcing
vendors to use Android.mk for these files. Note that
/system/etc/ueventd.rc moved long ago.
Test: Tree-hugger
Change-Id: I2dcaafc3c3f687f76ab6bc38af979c8b43346db0
This is currently used for persisting the compat framework overrides
across reboots.
Test: atest CompatConfigTest
Bug: 145509340
Change-Id: I9205388b44a337a5b56b78cb6cc78f09494a623e
This binary checks and refreshes ART compilation artifacts that are
necessary for the system to boot.
Bug: 165630556
Test: inspect init log output on boot
Change-Id: I15074989a0fb6e5b1036292bc2cd824a141a0252
A future early-boot daemon (on-device signing) needs to access
/data/misc before fs-verity keys are locked. Therefore, move the
restorecon of /data up a bit, to make sure the labels are correct. To be
safe, only run it after init_user0, since that function is responsible
for loading DE keys.
Also move early boot keys and fs-verity key locking a bit later, since
the on-device signing daemon needs to use both of these, but it also
needs the restorecon to function correctly.
Bug: 174740982
Test: manual
Change-Id: I9b6e44d9b547d420e1c6ba01fb3d3accc0625e20
To support input device lights manager feature in frameworks, provide
sysfs node access to system server process.
Bug: 161633625
Test: atest LightsManagerTest, atest InputDeviceLightsManagerTest
Change-Id: Ic823539e9dd616b6ca4ae803756746e0f5349ec1
We want to decompress into an encrypted directory so that it can later
be hard linked to other encrypted directories, such as /data/rollback.
Bug: 172911820
Test: atest ApexCompressionTests#testCompressedApexIsDecompressed
Change-Id: I98bc567ba7e8b1ea1b335830d71d1b1f38e6ea33
This change will help non-user builds with keeping debugfs
disabled during run time. Instead, debugfs will be mounted by init
to enable boot time initializations to set up vendor debug data
collection and unmounted after boot. It will be also be mounted by
dumpstate for bug report generation and unmounted after.
This change is only intended to help vendors (who depend on debugfs to
collect debug information from userdebug/eng builds) keep debugfs
disabled during runtime. Platform code must not depend on debugfs at all.
Test: manual
Bug: 176936478
Change-Id: I2e89d5b9540e3de094976563682d4b8c5c125876
This directory will be used to store the mitigation count
from Package Watchdog in the case of a boot loop, in
order to persist the value across fs-checkpointing
rollbacks. One integer will be stored in a file in this
directory, which will be read and then deleted at the
next boot. No userdata is stored.
See go/rescue-party-reboot for more context.
Test: Manual test using debug.crash_sysui property
and inspecting file
Bug: 171951174
Change-Id: I2bd5e1ebe14d7e9e4f0e0dbeb90cf76b8400752e
Unlike apexd, tombstoned uses the regular dynamic linker path
(/system/bin/linker64). As a result, starting it after we have
switched to the default mount namespace but before APEXes have been
activated fails, because /system/bin/linker64 does not exist between
those two events. Fix that by starting tombstoned even earlier,
before we have switched mount namespace.
To avoid reintroducing the bug fixed by 2c9c8eb5ff ("init.rc:
create /data/vendor* earlier"), also make sure that /data/vendor* is
still created before /data/vendor/tombstones.
While at it, move the creation of /data/anr before starting
tombstoned, because tombstoned assumes that /data/anr exists.
Fixes: 81c94cdce6 ("Start tombstoned early in post-fs-data.")
Test: boot fvp-eng and fvp_mini-eng, check that tombstoned starts
succesfully on the first attempt
Change-Id: Ic52383c35fb39c61c2f0e0665fd10e795895d50d
Property variables should be written ${x.y} to be expanded.
Bug: 175645356
Test: The property ro.hardware is expanded properly.
Change-Id: Idf7ff7ecc002e6e4de4ccef70e89dcc1c10e63d0
Add permissions for dev/dma_heap/system-uncached dmabuf heap.
This should match the dmabuf system heap.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I9253d56c72d45e228539f709e76ba0862ae03d96
Jeffrey Vander Stoep noted the permissions for the system dmabuf
heap should be 444 instead of 666, as we only need to open and
call ioctl on the device.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I650c9fabfffd1eac5f59bbc7fa1e0ae1f5646bd9
Package verifiers (e.g, phonesky) needs to access the folders inside
/data/app-staging to be able to verify them. Without the execute
permission on app-staging folder, it cannot stat any of the sub-dirs
inside app-staging.
This also aligns with permission of /data/app folder.
Bug: 175163376
Test: manual
Test: installed a staged session and observed that Phonesky did not log
about not finding the apks in /data/app-staging folder
Change-Id: I9774ed800da9f15401d3cee653142a37bf54ef4a
Vendors have an interest in importing ueventd files based on certain
property values. Instead of baking this logic in the ueventd binary,
add the import option from the init parser to the ueventd parser, to
allow vendors to expand as needed.
Test: imported files are parsed
Change-Id: I674987fd48f3218e4703528c6d905b1afb5fb366
It is required to pass update_engine_unittests in GSI
compliance test. And it's clean to just add this mount
dir unconditionally.
Bug: 172696594
Test: `m init.environ.rc` and checks that $OUT/root/postinstall exists
Change-Id: Ib340a78af442ea66c45cecb373a9eb3c428f8dda
