Commit graph

4209 commits

Author SHA1 Message Date
Jeongik Cha
6d7e83fb42 Add //visibility:any_system_partition
system image which is declared in Android.bp should include the module.

Bug: 321000103
Test: m nothing
Change-Id: I6e9d8fa4c1051211ff9ff80c7dfa4a8ee5cbd732
2024-03-23 12:31:32 +09:00
Krzysztof Kosiński
eaf7d77e7e Add missing header.
Protobuf 22.x no longer includes <unordered_map>, so it has to
be included explicitly.

Bug: 329747255
Test: presubmit
Change-Id: Icd5055e242e4f58029caf80cbb321222c612a9d0
2024-03-15 06:44:39 +00:00
Nikita Ioffe
13db31040f Merge changes from topic "derive-microdroid-vendor-dice-node" into main
* changes:
  Add a step to derive microdroid vendor dice node
  Move ForkExecveAndWaitForCompletion to util.h
  Mount /microdroid_resources as tmpfs
2024-03-14 11:20:06 +00:00
Nikita Ioffe
1e114e677b Add a step to derive microdroid vendor dice node
The derivation happens in the derive_microdroid_vendor_dice_node binary
which first_stage_init forks and execvs.

Since the derivation requires talking to the dice driver, its
initialisation is also moved to the first stage init.

The derivation happens before the microdroid vendor partition is
verified & mounted. This should be safe because the first_stage_init
will fail the boot if the verification of the microdroid vendor
partition fails.

Bug: 287593065
Test: run microdroid with and without vendor partition
Test: atest MicrodroidTests
Change-Id: I0d83772eb98a56c315617e66ec64bd03639cfde6
2024-03-13 15:24:44 +00:00
Nikita Ioffe
fe7b83faea Move ForkExecveAndWaitForCompletion to util.h
In the follow up patch this function will also be used in
first_stage_init.

Bug: 287593065
Test: m
Change-Id: Id805f8523596c26ed262d89aa652b27184b612c1
2024-03-13 14:44:46 +00:00
Nikita Ioffe
2384e8abfe Mount /microdroid_resources as tmpfs
This will be used to store the new dice chain generated during
first_stage_init phase in case Microdroid VM is launched with
microdroid vendor partition.

Bug: 287593065
Test: atest MicrodroidTests
Test: start Microdroid VM & check microdroid_resources exists
Change-Id: I40677376bfed14d813ad51c78db6109b2d76d1d1
2024-03-13 14:39:08 +00:00
Veena Arvind
b46e5e6d0b Scan for quiescent in sub reason and details
Bug: 326526460
Test: manual (b/320369923#comment19)
Change-Id: I702841bf1afa6a04318b8233eb6ddb89c46b7ad5
2024-03-11 22:23:09 +00:00
Xin Li
ba485e7f71 Merge "Merge Android 14 QPR2 to AOSP main" into main 2024-03-07 06:10:51 +00:00
Justin Yun
4058ba29b5 Skip initializing ro.vendor.api_level if already defined
Devices may predefine ro.vendor.api_level. Skip calculating the value
if the ro.vendor.api_level is already defined.

Bug: 326164316
Test: getprop ro.vendor.api_level
Change-Id: Ic9fd2a0eef6ba9345f98a5cb1eb790080e19ca19
2024-03-06 18:28:58 +09:00
Jooyung Han
14f00567a9 Merge "init: move generated_android_ids to host_init_verifier" into main am: 3289747a5c
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2976531

Change-Id: I334c0f0e80fbc0ef4429a45ddfffe569f2ac4c36
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-26 08:17:42 +00:00
Jooyung Han
18407b7870 init: move generated_android_ids to host_init_verifier
It's used only by host_init_verifier. This is to remove the unnecessary
dependency from clients of init_host_defaults.

Bug: 326509378
Test: mmma system/core/init
Change-Id: I983fbfe616f0bcb87940c934e19f614d3bf51030
2024-02-26 11:18:00 +09:00
Kalesh Singh
20eab6f58b Merge "init: snapuserd: Fix ranges for mlock()" into main am: df09f80cf4
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2964563

Change-Id: Ie80dbe09c6afb8d5973a3fa06941015f2667ff9a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-22 21:05:09 +00:00
Kalesh Singh
df09f80cf4 Merge "init: snapuserd: Fix ranges for mlock()" into main 2024-02-22 20:27:13 +00:00
Treehugger Robot
6b803bcfaa Merge changes Ifaab2be0,I54df888e into main am: 8687d25c0d
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2959289

Change-Id: I376f6b0e8697733e395edd7257eb21f814c587e3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-22 15:26:00 +00:00
Kalesh Singh
f90de49e0e init: snapuserd: Fix ranges for mlock()
It cannot be assumed that file mappings in /proc/<pid>/maps will be
completely backed by the underlying file. [1]

Use MappedFileSize() to deduce the correct ranges for the mlock()
calls when locking system pages in the OTA path.

While at it also clean up the some unreachable code (mlockall()),
and improve error logging.

[1] SIGBUS at https://man7.org/linux/man-pages/man2/mmap.2.html#RETURN_VALUE

Test: Incremental OTA
Bug: 324952273
Change-Id: Ia2ab150e1b8de8c638f5b1acc1de83deb7ac5cff
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
2024-02-21 18:40:45 -08:00
Pierre-Clément Tosi
b6b2afb6b3 first_stage_console: Refactor RunScript()
Introduce SpawnImage() as a reusable single-argument wrapper around
posix_spawn(), to avoid having to manually manage the child process.

Note that Bionic currently doesn't return the errno from the child's
exec() call to the caller in the parent process, which may temporarily
hide errors such as ENOENT in first_stage_console until Bionic improves.

Also, this introduces a subtle change in behavior as the first_stage.sh
script is now passed directly to the loader, which will only properly
invoke the Shell if the file contains the right shebang.

Inline the call to RunScript() to hopefully make it simpler for readers
to track the lifetime of the various processes on different code paths.

Test: run first_stage_init
Change-Id: Ifaab2be032b2080a039209295d0b5a3759764ea7
2024-02-21 12:35:55 +00:00
Pierre-Clément Tosi
b1d92c6508 first_stage_console: Fix waitpid() as SA_NOCLDWAIT
From wait(2):

  POSIX.1-2001 specifies that if [...] the SA_NOCLDWAIT flag is set for
  SIGCHLD, then children that terminate do not become zombies and a call
  to [...] waitpid() will block until all children have terminated, and
  then fail with errno set to ECHILD.

As we call sigaction(SIGCHLD, { SIG_DFL, SA_NOCLDWAIT }), running

  pid_t w = waitpid(pid, &status, 0);
  LOG(INFO) << "..." << status << " " << w << " " << errno;

shows that the calls consistently return (status=0, w=-1, errno=ECHILD).

Therefore, clarify the parent code by prefering wait(2) over waitpid(2),
as SA_NOCLDWAIT makes the kernel ignore the passed PID, and stop logging
the irrelevant status, to avoid confusion when the logs say the exit
status was 0 but the child actually returned an error.

Test: run first_stage_console
Change-Id: I54df888e38b947e206e374ad28ebb044c70c6640
2024-02-19 15:01:11 +00:00
Treehugger Robot
dccae8ce3c Merge "first_stage_console: Fix execv() child error path" into main am: 3b79ada7ef
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2959288

Change-Id: I56ddf989130e37f9d3a5ca6b884da6eeac46c62f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-19 11:19:54 +00:00
Treehugger Robot
3b79ada7ef Merge "first_stage_console: Fix execv() child error path" into main 2024-02-19 10:49:01 +00:00
Treehugger Robot
ca95bfc10e Merge "Rename functions in libvendorsupport" into main am: f27d8cebbd
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2964824

Change-Id: If033344bccfffd08fadda77c1d2617a788f2815a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-19 00:29:14 +00:00
Treehugger Robot
f27d8cebbd Merge "Rename functions in libvendorsupport" into main 2024-02-18 23:53:22 +00:00
Treehugger Robot
8a10b8a71d Merge "Add check_builtins to libinit_host" into main am: cb09ff33a3
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2966903

Change-Id: Iac72d76a94521b33ce79c7c791b25945a4e05889
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-17 00:44:12 +00:00
Pierre-Clément Tosi
0335dac70d first_stage_console: Fix execv() child error path
If the /first_stage.sh is not present on the system, the child process
which attempted to execv() ends up returning from the function along
with its parent, which can be seen in early logs e.g.

[   10.747576][   T51] init: Attempting to run /first_stage.sh...
[   10.757371][   T52] init: unable to execv /first_stage.sh, returned -1 errno 2
[   10.767527][   T52] init: unable to execv, returned -1 errno 2
                      [...]
[   10.789189][   T51] init: unable to execv, returned -1 errno 2

where both T51 and T52 end up executing the "rest" of StartConsole().

Instead, terminate the child if its execv() failed.

Test: run first_stage_init
Change-Id: I20bc0aeae627761a60fb2b55bae39871ad506f69
2024-02-16 15:23:32 +00:00
Justin Yun
8ce23dc44e Rename functions in libvendorsupport
Follow platform naming conventions for an LLNDK library.

Bug: 325093550
Test: atest libvendorsupport-tests
Change-Id: Id93f7e66a47ae9250191f9827a76ce819e8f6f88
2024-02-16 23:53:04 +09:00
Jooyung Han
39e8be43eb Add check_builtins to libinit_host
This requires a bit of refactoring: moving things around.

libinit_host is used by host_apex_verifier which needs check_builtins as
well.

Bug: 325565247
Test: atest host-apex-verifier
Test: m out/target/product/vsoc_x86_64/host_init_verifier_output.txt
Change-Id: Ifed54dd2149afbab2bf63f7e42c410c2354895fc
2024-02-16 17:36:12 +09:00
Treehugger Robot
b422458e2d Merge "first_stage_console: Address compiler warning" into main am: 619042f207
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2959286

Change-Id: Id019cffe424167ff16eb939a63d8823d215e0583
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-14 16:18:47 +00:00
Pierre-Clément Tosi
914ccc5664 first_stage_console: Address compiler warning
Re-order the fields in the declaration to address the following

  ISO C++ requires field designators to be specified in declaration order;
  field 'sigaction::(anonymous union at bionic/libc/include/bits/signal_types.h:76:20)'
  will be initialized after field 'sa_flags' [-Wreorder-init-list]

Test: TH
Change-Id: I3f1d4739f1677aad50d4f07361aa264da43bdd13
2024-02-12 18:57:16 +00:00
Jiyong Park
ac6907b466 Merge "Drop CtsInitTestCases from cts" into main am: 0edd5b860a
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2935210

Change-Id: I3c5f869e67c32498c57e99ccdb1784b8036ccde9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-01-31 01:31:31 +00:00
Jiyong Park
0edd5b860a Merge "Drop CtsInitTestCases from cts" into main 2024-01-31 00:58:50 +00:00
Xin Li
7f41fd4852 Merge Android 24Q1 Release (ab/11220357)
Bug: 319669529
Merged-In: I856c812d22363cc1d1e8aa88706d4d3b89044f52
Change-Id: I9ef2aa7496bbf81f7f0da6b0ea46dc2157ad91f1
2024-01-29 21:19:57 -08:00
Jiyong Park
75070b37e2 Drop CtsInitTestCases from cts
The test is not eligible for CTS. Reasons:

1. The init behavior does not directly affect app compat. App interact
   with init only for the property service and that part is covered by
the Bionic test already.

2. This test doesn't run against the init binary installed on the
   device. libinit where most of the init functionalities are
implemented is statically linked to this test binary. In other words,
this test is closer to a unit test for init.

3. This test is not compatible with Trunk stable where test and DUT are
   built in different branches. The test depends on several (private)
libraries like libbase and libutils. Since the interfaces of the
libraries may have changed in the main branch, the test binary built
from the old test-dev branch may break.

This change does not remove the test. The test will still run as a unit
test during pre/post submit.

I didn't drop the `Cts` prefix from the name, because that requires
broader changes.

Bug: 320800872
Test: N/A
Change-Id: I1402c08b79b57ad6daa7948fe37f14fbbe36f1d6
2024-01-30 10:24:10 +09:00
Justin Yun
6bc1bfe160 Use libvendorsupport for vendor api level calculation
Remove temporary 'vendor_api_level_of' function from init and replace
the function with the same in libvendorsupport.

Bug: 312403948
Test: getprop ro.vendor.api_level
Change-Id: I095353e602397220571e131431e7cbd1b8511fa6
Merged-In: I095353e602397220571e131431e7cbd1b8511fa6
2024-01-10 14:06:43 +09:00
Eric Biggers
9e30bf5e14 Merge "init: remove session keyring workaround for old kernels" into main 2024-01-04 18:21:23 +00:00
Greg Kaiser
4c4742f678 Revert^2 "Small fix: Use const value on IsHashreeDisabled"
This reverts commit ec3ef81fd9.

Reason for revert: b/317470107 is an infrastructure error

Change-Id: If5a022cbfd016d9c55261c67a1a73d81cb336343
2023-12-22 20:03:05 +00:00
Oleg Petšjonkin
ec3ef81fd9 Revert "Small fix: Use const value on IsHashreeDisabled"
This reverts commit f5d8773169.

Reason for revert: Identified as culprit for broken tests: b/317470107

Change-Id: If599c688bb4bbe800270881451fa5ac1f6898aff
2023-12-22 10:17:25 +00:00
Seungjae Yoo
f5d8773169 Small fix: Use const value on IsHashreeDisabled
Bug: N/A
Test: Presubmit
Change-Id: I2167ac6d022c2c8c96febf2fc82eb3bba6fb6541
2023-12-22 10:11:55 +09:00
Seungjae Yoo
66dc7b7b99 Support dm-verity with verification based on root digest
Currently the only ways to enable dm-verity were relying on its built-in
vbmeta image or containing its public key on standalone vbmeta image.
Merging this change will support enabling dm-verity based on hashtree
descriptor root digest for standalone vbmeta image.

Bug: 285855436
Test: Presubmit
Test: adb shell /apex/com.android.virt/bin/vm run-microdroid --vendor /vendor/etc/avf/microdroid/microdroid_vendor.img
Change-Id: I51eb64cae2ca8b4e97f1c6419b35d45e6f51cacb
2023-12-20 10:41:44 +09:00
Kelvin Zhang
cb3cfc1655 Optimize PrepareSnapshotPartitionsForUpdate runtime
During PrepareSnapshotPartitionsForUpdate, we attempt to connect to
snapuserd with a 5s timeout, only to tell snapuserd to shutdown
immediately. If snapuserd isn't running, we will wait-out the whole 5
seconds. Change the logic to return early if socket_connect() calls
return ENOENT, indicating that snapuserd socket isn't used by any
process. This reduces allocateSpaceForPayload() time from 6s to 1s.

Test: th
Bug: 315215541
Change-Id: Ib24d7c63733a896c082ac92aaa88ad52d050a2a5
2023-12-12 13:36:34 -08:00
Treehugger Robot
e347211353 Merge "Revert "Revert "Calculate ro.vendor.api_level with the new vendo..."" into main am: 053e75b946 am: f587bda852 am: add88a5cb8
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2862614

Change-Id: Idccd83a62f408c3485fb140faff36cf4464f64c7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-08 18:06:13 +00:00
Treehugger Robot
053e75b946 Merge "Revert "Revert "Calculate ro.vendor.api_level with the new vendo..."" into main 2023-12-08 16:24:15 +00:00
Justin Yun
29192395bc Revert "Revert "Calculate ro.vendor.api_level with the new vendo..."
Revert submission 2863786-trunk_vendor_api_level

Reason for revert: Reland the ro.vendor.api_level update

Reverted changes: /q/submissionid:2863786-trunk_vendor_api_level

Change-Id: I1f380e04f673eb4570e598a6e2013fce6e69213e
2023-12-07 22:22:53 +00:00
Massimo Carli
40bb6f8f7e Merge "Revert "Calculate ro.vendor.api_level with the new vendor API format"" into main am: 367d732f3c am: 7a4c47e3ac am: 6451103c4e
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2863786

Change-Id: Ic854525e904d4cd5db5539dd9c388d1c075ade90
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-07 13:05:54 +00:00
Massimo Carli
367d732f3c Merge "Revert "Calculate ro.vendor.api_level with the new vendor API format"" into main 2023-12-07 11:22:17 +00:00
Massimo Carli
08534b8d0b Revert "Calculate ro.vendor.api_level with the new vendor API format"
This reverts commit e267e31d73.

Reason for revert: b/315246126

Change-Id: I456858c6f4c528158c0826efcdc1509b701c32f7
2023-12-07 09:19:24 +00:00
Justin Yun
4af401079e Merge "Calculate ro.vendor.api_level with the new vendor API format" into main am: 698c6f9035 am: dfeb7be11f am: d454b501cb
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2839486

Change-Id: I0e5b20a1134e0d66d973bf0503baea5d51526547
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-07 05:34:14 +00:00
Justin Yun
698c6f9035 Merge "Calculate ro.vendor.api_level with the new vendor API format" into main 2023-12-07 03:54:45 +00:00
Bart Van Assche
303252a2c9 Merge "service_test: Only run the ServiceStopTest as root" into main am: a34c125cad am: 7fc41b6c2b am: 9863de3df8
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2854013

Change-Id: I20cb349342c82401103f83208d8fa1b21270fe1a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01 04:07:16 +00:00
Bart Van Assche
fb3e64ab42 service_test: Only run the ServiceStopTest as root
Despite 'require_root: true' in Android.bp for CtsInitTestCases, it can
happen that this test is run without root privileges. If that happens,
skip the ServiceStopTest.

Bug: 313551148
Change-Id: I45f29369915a1f61e08ffd9bf5601a83a147597c
Signed-off-by: Bart Van Assche <bvanassche@google.com>
2023-11-30 10:00:43 -08:00
Treehugger Robot
c5c73dde2b Merge "service_test: Test stopping services after migration to another cgroup" into main am: 0ca4e8f4b4 am: d891ecae9c am: f99f1cdc33
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2832973

Change-Id: I1a32d1c868f4f71cb0e4aef9a2065b64fa9efab7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-28 01:27:02 +00:00
Eric Biggers
5d7c35ce20 init: remove session keyring workaround for old kernels
The android-4.14-stable and later kernels support the
FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY ioctls.  This
has superseded the old way of adding fscrypt keys to the kernel, which
was to use the add_key() syscall to add keys to the "session" keyring.
On kernels that support the ioctls, Android doesn't use the obsolete
way.  Since upgrading even just to Android 14 requires at minimum a
android-4.14-stable kernel (according to
https://source.android.com/docs/core/architecture/kernel/android-common#compatibility-matrix),
there is no need to support the obsolete way anymore.

Therefore, this commit removes the code from init that created a keyring
named "fscrypt" in the session keyring.  It also removes the code that
created the session keyring itself, since the only reason that Android
even created a session keyring was just to hold the "fscrypt" keyring.

Flag: N/A for the following reasons:
      - Removing obsolete code, which is fairly safe
      - Very early code, so runtime flag cannot be used
      - Even a build-time flag cannot be used, since init needs
        recovery_available, which aconfig libraries do not support

Bug: 311736104
Test: Build and boot Cuttlefish
Change-Id: Id9a184c68cf16d5c4b1d889444cf637c95a91413
2023-11-27 23:43:49 +00:00