This change fixes a bug that neuralnetworks namespace is linked to the
default namespace in [vendor] section. Default namespace is for
/vendor/lib in [vendor] section. System libraries are available in the
'system' namespace.
Bug: 139113342
Test: N/A
Change-Id: I1b6751e5e33522f9829f3d9ad7371efdce01b0f0
This change is part of enabling upcoming platform changes that are
described in the bug linked below.
Bug: 135341433
Test: builds, boots successfully and external storage remains
an sdcardfs mount by default and works correctly
Test: cat /proc/1/mountinfo is unchanged
Change-Id: Idf851b3a42910e0ce8fdd75daea1cce91dd1aa98
Linker ignores link configuration if either namespace is not valid.
However there was a link configuration from postinstall section which
target link namespace does not exist. Also, there was no binary within
postinstall from hwasan build (checked with bonito), so there may be no
usage for this section now. Removing this line for better human
readability, and behavior of the linker would be same as before.
Test: m -j && tested from cuttlefish
Change-Id: I0c7b2949d055ba767e1429238e8764ee7798fe44
This CL implements some of the libsnapshot internals necessary to work
with update_engine. In particular it implements snapshot and update
state, as well as creating and mapping snapshot devices. It does not
implement anything related to merging, nor does it implement the full
update_engine flow.
Update state is stored in /metadata/ota/state. To synchronize callers of
libsnapshot, we always flock() this file at the top of public functions
in SnapshotManager. Internal functions are only called while the lock is
held, and a "LockedFile" guard object is always passed through to
indicate proof-of-lock.
Low-level functions, such as snapshot management, have been moved to
private methods. Higher-level methods designed for update_engine will
ultimately call into these.
This CL also adds some functional tests for SnapshotManager. Test state
is stored in /metadata/ota/test to avoid conflicts with the rest of the
system.
Bug: 136678799
Test: libsnapshot_test gtest
Change-Id: I78c769ed33b307d5214ee386bb13648e35db6cc6
Move the symlink destination of /system/usr/icu from Runtime APEX to
i18n APEX
Bug: 137009149
Test: Device boots
Change-Id: I86ff83a28d4124892d2b5d84ff09bc539f76c941
Linkerconfig requires more libraries txt files to get library list
related variable values. To make this available from runtime, those
should be added as build target and included in system image.
Bug: 137511540
Test: m -j && tested from cuttlefish
Change-Id: Id3304eea5a7d8f2ffc171cd3b110b7d65e881f8c
Makes updated libneuralnetworks.so in /apex/com.android.neuralnetworks/{LIB}
loadable from all relevant namespaces.
Test: Verified that right library is being loaded using lsof and
Test: verbose debug logs from bionic/ld.
Bug: 137320025
Change-Id: I38140bb9915a3f85f10456e15ed0f492dbdba802
Recently Android build team changed environment to use prebuilt toybox
binaries for common tools (aosp/852849). However, as toybox xargs does
not support -I option, update_and_install_ld_config.mk started to fail
filtering out private vndk libraries from the list. To resolve this,
xargs usages are replaced with other shell command (read).
Bug: 137832162
Test: m -j && tested on Cuttlefish
Change-Id: I218ce6272c781f826b87c8efc0d3c77bf6bc3af5
/metadata/ota will store the update state ("none", "applying",
"booting", "merging") for each dynamic partition. The data will be
managed by libsnapshot, whose primary consumer will be update_engine
but will also be available to recovery/fastbootd.
Bug: 136678799
Test: /metadata/ota exists
Change-Id: I3e06484cafeb363904914767abc8984adaa37021
system_suspend need to be an early_hal as it's required before storage
encryption can get unlock on FDE devices.
/sys/power/wake_lock is a dependency of system_suspend (only in Q and
earlier). Permissions on this file need to be set early enough.
Bug: 136777986
Bug: 133175847
Test: boot blueline
Change-Id: I8a9d3374b327e451fb98d2279d1bac9477a9560d
This reverts commit 997a2d93d7.
Reason for revert: This revert is needed, just also need some selinux rules for changes to the script that runs if this folder is present.
Bug: 136199978
Change-Id: Ie0544954965e3c90abc2f833c41949976c3bea65
(cherry picked from commit 35708b9d7b)
Create linkerconfig tmpfs mount and create ld.config.txt using
linkerconfig during init
Bug: 135004088
Test: m -j & tested from device
Change-Id: Iea30259871ef26d6c04beebf42b17ba7b494db0d
Update adb, fastboot and mount point
Bug: 134359158
Test: build and check if system_ext.img can be flashed
Change-Id: I6219f72242c5fe42a508008c0b1fd218d74da5b6
We need vold on early-fs so we can handle userdata checkpointing.
Without this, devices will take an extra minute or two as checkpointing
related vdc calls attempt to reach vold before it is available.
Bug: 134114000
Test: Boot, see vold has started before vdc checkpointing tries to call
out to vold.
Merged-In: Idfdb304503a163fbb91f9317949eb98c06fecce1
Change-Id: Idfdb304503a163fbb91f9317949eb98c06fecce1
We need vold on early-fs so we can handle userdata checkpointing.
Without this, devices will take an extra minute or two as checkpointing
related vdc calls attempt to reach vold before it is available.
Bug: 134114000
Test: Boot, see vold has started before vdc checkpointing tries to call
out to vold.
Change-Id: Idfdb304503a163fbb91f9317949eb98c06fecce1
Without this, binaries can't be run out of /data/local/tmp on a HWASANified
device.
Test: Chromium's /data/local/tmp/md5sum/md5sum_bin works on walleye_hwasan-userdebug
Change-Id: Ieceaab8aae0024864022ca42b38aa36e6212cf31
The old "time zone updates via APK" feature installs time zone data
files in /data. tzdatacheck is run during boot to guard against an
OTA leaving the data in /data older, or in a different format, than the
files that exist elsewhere on device. If such files existed the system
could use old versions of tzdb (and related) data or even end up
unstable.
Soon, the time zone data mainline module will be made "functionally
mandatory" by the removal of most time zone data files from the
runtime module APEX, i.e. the time zone data module cannot be absent,
and the runtime module won't have files to compare against.
This change modifies the command line args for tzdatacheck to reference
the contents of time zone data module instead of the runtime module.
Bug: 132168458
Test: Build / boot / inspect logcat
Change-Id: Iac8023b7cbb72213df344d603c121caa867a196f
There is no reason that rlimits cannot be set earlier than they are,
and apexd-bootstrap may want to set the priority service option, which
would require that these rlimits have been set, so we move these to
the beginning of early-init.
Bug: 134668377
Test: apexd-bootstrap can set the priorty service option
Change-Id: I8040190cd4dc5e141784496ae65cfab80d9cad53
This directory is no longer used. OBB content is
placed in /data/media/$user/Android.
Test: make
Test: manually verify the path doesn't exist.
Bug: 129167772
Change-Id: I8549826586b9a68c8cfa3fe2e51295363f9b4e11
Executable in /data/ runs in default linker namespace, not
classloader namespace.
In Q, we moved libicuuc.so and libicui18n into the runtime
namespace, and allow linking from runtime namespace and classloader
namespace.
This change further allows linking from default namespace, and tries
to fix the regression temporarily.
Bug: 130788466
Test: The app issue is fixed after this CL
Merged-In: Ifae52b554124514e433cfe78875643a7450fbabd
Change-Id: Ifae52b554124514e433cfe78875643a7450fbabd
(cherry picked from commit 0c7edece94)
Permitted paths were empty for ASAN builds with the media namespace.
Bug: 131625115
Test: no dlopen failure on libflacextractor.so in aosp_cf_x86_pasan
Change-Id: I90050fc54820ba68d64931412572f3b0954e6616
Executable in /data/ runs in default linker namespace, not
classloader namespace.
In Q, we moved libicuuc.so and libicui18n into the runtime
namespace, and allow linking from runtime namespace and classloader
namespace.
This change further allows linking from default namespace, and tries
to fix the regression temporarily.
Bug: 130788466
Test: The app issue is fixed after this CL
Change-Id: Ifae52b554124514e433cfe78875643a7450fbabd
We used to start update_verifier after mounting userdata (post-fs-data),
as part of zygote-start. This leads to issues in practice for security
updates, where an A/B device falls back into the old slot (for any
reason, which unrelates to this change) but failing to boot due to
upgraded key blob. It essentially breaks the fallback capability offered
by A/B OTA.
This CL mitigates the issue by starting update_verifier early, before
mounting userdata. This avoids the device from falling back to the old
slot with an already-upgraded key blob. update_verifier loses the
opportunity of verifying _all_ the updated blocks based on the info
that's stored in userdata. Instead it will only trigger the minimal
read to finish the work of marking a successful boot. This is a
trade-off in P to avoid putting the device in a bad state after
fallback, which will be improved in Q by better handling the fallback
path in vold.
Bug: 131176531
Test: Flash and boot crosshatch. Check the start of update_verifier and
it marks a successful boot.
Change-Id: I3f4c4333ff38772a9a93c9d027d497db11de1d63
(cherry picked from commit 79cfc7d5a8)
The canonical location of the HWASAN runtime, an LL-NDK library, is being moved
to the runtime APEX. It is apparently the first LL-NDK library in the runtime
APEX that does not require a legacy symlink in /system/${LIB}. Therefore we
need to link the HWASAN runtime in the runtime namespace to various namespaces
so that the library can be loaded from outside of the namespace.
Also, add $SANITIZER_RUNTIME_LIBRARIES to
namespace.default.link.system.shared_libs. This is necessary because in
the accompanying Soong change, we cause the HWASAN runtime to be removed
from $LLNDK_LIBRARIES. In most cases, except for this one, this was a no-op
because we were already including both sets of libraries in shared_libs.
Change-Id: I67d64788855d28f3a156a1b9cf8a897617277730
This relands http://r.android.com/951440:
This affected binaries in the Runtime APEX, where the platform namespace is
"platform" rather than "default".
Also extend ANDROID_ADDITIONAL_PUBLIC_LIBRARIES to create links to both to
platform and runtime namespaces, so that it can be used to open up access to
internal libraries in the Runtime APEX as well, which is used by ART gtests
and run tests.
Also update some comments in the ld.config*.txt files to accurately explain
why some namespaces need to be visible, and some other minor changes for
consistency. There are no semantically significant changes in those files.
Test: Flash and boot
Test: Run an ART run test with the internal libarttest.so library
Test: lunch aosp_cf_x86_phone-eng;
atest android.compilation.cts.AdbRootDependentCompilationTest#testCompile_curProfile \
com.android.cts.dexmetadata.InstallDexMetadataHostTest#testProfileSnapshotAfterInstall \
installd_dexopt_test
Bug: 130293232
Bug: 121117762
Change-Id: I3d9f2102a03e83843e15bc78b5ad347220c52769
Follow up to http://r.android.com/943476. This library is only available in
debug builds of the Runtime APEX.
Test: Flash and boot with eng build
Change-Id: I260f9b838f44ba3f8976c117d9e42fc456239e88
This reverts commit 4ca0ca67bf.
Reason for revert: Breaks android.compilation.cts.AdbRootDependentCompilationTest#testCompile_curProfile and others: http://g/art-team/R2nEDA1Ka_s
Change-Id: Ia6285648133d21e61040efafc73cac97d702a7c4
This affected binaries in the Runtime APEX, where the platform namespace is
"platform" rather than "default".
Also extend ANDROID_ADDITIONAL_PUBLIC_LIBRARIES to create links to both to
platform and runtime namespaces, so that it can be used to open up access to
internal libraries in the Runtime APEX as well, which is used by ART gtests
and run tests.
Also update some comments in the ld.config*.txt files to accurately explain
why some namespaces need to be visible, and some other minor changes for
consistency. There are no semantically significant changes in those files.
Test: Flash and boot
Test: Run an ART run test with the internal libarttest.so library
Bug: 130293232
Bug: 121117762
Change-Id: I7ebaf5370dd0f533b1bb5f0e67e7c3c1df48e512
On devices that use FDE and APEX at the same time, we need to bring up a
minimal framework to be able to mount the /data partition. During this
period, a tmpfs /data filesystem is created, which doesn't contain any
of the updated APEXEs. As a consequence, all those processes will be
using the APEXes from the /system partition.
This is obviously not desired, as APEXes in /system may be old and/or
contain security issues. Additionally, it would create a difference
between FBE and FDE devices at runtime.
Ideally, we restart all processes that have started after we created the
tmpfs /data. We can't (re)start based on class names alone, because some
classes (eg 'hal') contain services that are required to start apexd
itself and that shouldn't be killed (eg the graphics HAL).
To address this, keep track of which processes are started after /data
is mounted, with a new 'mark_post_data' keyword. Additionally, create
'class_reset_post_data', which resets all services in the class that
were created after the initial /data mount, and 'class_start_post_data',
which starts all services in the class that were started after /data was
mounted.
On a device with FBE, these keywords wouldn't be used; on a device with
FDE, we'd use them to bring down the right processes after the user has
entered the correct secret, and restart them.
Bug: 118485723
Test: manually verified process list
Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
On devices that use FDE and APEX at the same time, we need to bring up a
minimal framework to be able to mount the /data partition. During this
period, a tmpfs /data filesystem is created, which doesn't contain any
of the updated APEXEs. As a consequence, all those processes will be
using the APEXes from the /system partition.
This is obviously not desired, as APEXes in /system may be old and/or
contain security issues. Additionally, it would create a difference
between FBE and FDE devices at runtime.
Ideally, we restart all processes that have started after we created the
tmpfs /data. We can't (re)start based on class names alone, because some
classes (eg 'hal') contain services that are required to start apexd
itself and that shouldn't be killed (eg the graphics HAL).
To address this, keep track of which processes are started after /data
is mounted, with a new 'mark_post_data' keyword. Additionally, create
'class_reset_post_data', which resets all services in the class that
were created after the initial /data mount, and 'class_start_post_data',
which starts all services in the class that were started after /data was
mounted.
On a device with FBE, these keywords wouldn't be used; on a device with
FDE, we'd use them to bring down the right processes after the user has
entered the correct secret, and restart them.
Bug: 118485723
Test: manually verified process list
Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
The debug ramdisk can only be used if the device is unlocked.
When it's used, init will load adb_debug.prop and the userdebug
sepolicy from the debug ramdisk, to allow adb root on a user build.
Bug: 126493225
Test: 'make' and checks the file is installed
Change-Id: Id6962414197fc8f47f7c07818e8fb16107dc17a3
Merged-In: Id6962414197fc8f47f7c07818e8fb16107dc17a3
(cherry picked from commit 05f07d89a6)
Paul Crowley