system image which is declared in Android.bp should include the module.
Bug: 321000103
Test: m nothing
Change-Id: I6e9d8fa4c1051211ff9ff80c7dfa4a8ee5cbd732
Protobuf 22.x no longer includes <unordered_map>, so it has to
be included explicitly.
Bug: 329747255
Test: presubmit
Change-Id: Icd5055e242e4f58029caf80cbb321222c612a9d0
The derivation happens in the derive_microdroid_vendor_dice_node binary
which first_stage_init forks and execvs.
Since the derivation requires talking to the dice driver, its
initialisation is also moved to the first stage init.
The derivation happens before the microdroid vendor partition is
verified & mounted. This should be safe because the first_stage_init
will fail the boot if the verification of the microdroid vendor
partition fails.
Bug: 287593065
Test: run microdroid with and without vendor partition
Test: atest MicrodroidTests
Change-Id: I0d83772eb98a56c315617e66ec64bd03639cfde6
In the follow up patch this function will also be used in
first_stage_init.
Bug: 287593065
Test: m
Change-Id: Id805f8523596c26ed262d89aa652b27184b612c1
This will be used to store the new dice chain generated during
first_stage_init phase in case Microdroid VM is launched with
microdroid vendor partition.
Bug: 287593065
Test: atest MicrodroidTests
Test: start Microdroid VM & check microdroid_resources exists
Change-Id: I40677376bfed14d813ad51c78db6109b2d76d1d1
Devices may predefine ro.vendor.api_level. Skip calculating the value
if the ro.vendor.api_level is already defined.
Bug: 326164316
Test: getprop ro.vendor.api_level
Change-Id: Ic9fd2a0eef6ba9345f98a5cb1eb790080e19ca19
It's used only by host_init_verifier. This is to remove the unnecessary
dependency from clients of init_host_defaults.
Bug: 326509378
Test: mmma system/core/init
Change-Id: I983fbfe616f0bcb87940c934e19f614d3bf51030
It cannot be assumed that file mappings in /proc/<pid>/maps will be
completely backed by the underlying file. [1]
Use MappedFileSize() to deduce the correct ranges for the mlock()
calls when locking system pages in the OTA path.
While at it also clean up the some unreachable code (mlockall()),
and improve error logging.
[1] SIGBUS at https://man7.org/linux/man-pages/man2/mmap.2.html#RETURN_VALUE
Test: Incremental OTA
Bug: 324952273
Change-Id: Ia2ab150e1b8de8c638f5b1acc1de83deb7ac5cff
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Introduce SpawnImage() as a reusable single-argument wrapper around
posix_spawn(), to avoid having to manually manage the child process.
Note that Bionic currently doesn't return the errno from the child's
exec() call to the caller in the parent process, which may temporarily
hide errors such as ENOENT in first_stage_console until Bionic improves.
Also, this introduces a subtle change in behavior as the first_stage.sh
script is now passed directly to the loader, which will only properly
invoke the Shell if the file contains the right shebang.
Inline the call to RunScript() to hopefully make it simpler for readers
to track the lifetime of the various processes on different code paths.
Test: run first_stage_init
Change-Id: Ifaab2be032b2080a039209295d0b5a3759764ea7
From wait(2):
POSIX.1-2001 specifies that if [...] the SA_NOCLDWAIT flag is set for
SIGCHLD, then children that terminate do not become zombies and a call
to [...] waitpid() will block until all children have terminated, and
then fail with errno set to ECHILD.
As we call sigaction(SIGCHLD, { SIG_DFL, SA_NOCLDWAIT }), running
pid_t w = waitpid(pid, &status, 0);
LOG(INFO) << "..." << status << " " << w << " " << errno;
shows that the calls consistently return (status=0, w=-1, errno=ECHILD).
Therefore, clarify the parent code by prefering wait(2) over waitpid(2),
as SA_NOCLDWAIT makes the kernel ignore the passed PID, and stop logging
the irrelevant status, to avoid confusion when the logs say the exit
status was 0 but the child actually returned an error.
Test: run first_stage_console
Change-Id: I54df888e38b947e206e374ad28ebb044c70c6640
If the /first_stage.sh is not present on the system, the child process
which attempted to execv() ends up returning from the function along
with its parent, which can be seen in early logs e.g.
[ 10.747576][ T51] init: Attempting to run /first_stage.sh...
[ 10.757371][ T52] init: unable to execv /first_stage.sh, returned -1 errno 2
[ 10.767527][ T52] init: unable to execv, returned -1 errno 2
[...]
[ 10.789189][ T51] init: unable to execv, returned -1 errno 2
where both T51 and T52 end up executing the "rest" of StartConsole().
Instead, terminate the child if its execv() failed.
Test: run first_stage_init
Change-Id: I20bc0aeae627761a60fb2b55bae39871ad506f69
This requires a bit of refactoring: moving things around.
libinit_host is used by host_apex_verifier which needs check_builtins as
well.
Bug: 325565247
Test: atest host-apex-verifier
Test: m out/target/product/vsoc_x86_64/host_init_verifier_output.txt
Change-Id: Ifed54dd2149afbab2bf63f7e42c410c2354895fc
Re-order the fields in the declaration to address the following
ISO C++ requires field designators to be specified in declaration order;
field 'sigaction::(anonymous union at bionic/libc/include/bits/signal_types.h:76:20)'
will be initialized after field 'sa_flags' [-Wreorder-init-list]
Test: TH
Change-Id: I3f1d4739f1677aad50d4f07361aa264da43bdd13
The test is not eligible for CTS. Reasons:
1. The init behavior does not directly affect app compat. App interact
with init only for the property service and that part is covered by
the Bionic test already.
2. This test doesn't run against the init binary installed on the
device. libinit where most of the init functionalities are
implemented is statically linked to this test binary. In other words,
this test is closer to a unit test for init.
3. This test is not compatible with Trunk stable where test and DUT are
built in different branches. The test depends on several (private)
libraries like libbase and libutils. Since the interfaces of the
libraries may have changed in the main branch, the test binary built
from the old test-dev branch may break.
This change does not remove the test. The test will still run as a unit
test during pre/post submit.
I didn't drop the `Cts` prefix from the name, because that requires
broader changes.
Bug: 320800872
Test: N/A
Change-Id: I1402c08b79b57ad6daa7948fe37f14fbbe36f1d6
Remove temporary 'vendor_api_level_of' function from init and replace
the function with the same in libvendorsupport.
Bug: 312403948
Test: getprop ro.vendor.api_level
Change-Id: I095353e602397220571e131431e7cbd1b8511fa6
Merged-In: I095353e602397220571e131431e7cbd1b8511fa6
This reverts commit f5d8773169.
Reason for revert: Identified as culprit for broken tests: b/317470107
Change-Id: If599c688bb4bbe800270881451fa5ac1f6898aff
Currently the only ways to enable dm-verity were relying on its built-in
vbmeta image or containing its public key on standalone vbmeta image.
Merging this change will support enabling dm-verity based on hashtree
descriptor root digest for standalone vbmeta image.
Bug: 285855436
Test: Presubmit
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --vendor /vendor/etc/avf/microdroid/microdroid_vendor.img
Change-Id: I51eb64cae2ca8b4e97f1c6419b35d45e6f51cacb
During PrepareSnapshotPartitionsForUpdate, we attempt to connect to
snapuserd with a 5s timeout, only to tell snapuserd to shutdown
immediately. If snapuserd isn't running, we will wait-out the whole 5
seconds. Change the logic to return early if socket_connect() calls
return ENOENT, indicating that snapuserd socket isn't used by any
process. This reduces allocateSpaceForPayload() time from 6s to 1s.
Test: th
Bug: 315215541
Change-Id: Ib24d7c63733a896c082ac92aaa88ad52d050a2a5
Despite 'require_root: true' in Android.bp for CtsInitTestCases, it can
happen that this test is run without root privileges. If that happens,
skip the ServiceStopTest.
Bug: 313551148
Change-Id: I45f29369915a1f61e08ffd9bf5601a83a147597c
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The android-4.14-stable and later kernels support the
FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY ioctls. This
has superseded the old way of adding fscrypt keys to the kernel, which
was to use the add_key() syscall to add keys to the "session" keyring.
On kernels that support the ioctls, Android doesn't use the obsolete
way. Since upgrading even just to Android 14 requires at minimum a
android-4.14-stable kernel (according to
https://source.android.com/docs/core/architecture/kernel/android-common#compatibility-matrix),
there is no need to support the obsolete way anymore.
Therefore, this commit removes the code from init that created a keyring
named "fscrypt" in the session keyring. It also removes the code that
created the session keyring itself, since the only reason that Android
even created a session keyring was just to hold the "fscrypt" keyring.
Flag: N/A for the following reasons:
- Removing obsolete code, which is fairly safe
- Very early code, so runtime flag cannot be used
- Even a build-time flag cannot be used, since init needs
recovery_available, which aconfig libraries do not support
Bug: 311736104
Test: Build and boot Cuttlefish
Change-Id: Id9a184c68cf16d5c4b1d889444cf637c95a91413