Commit Graph

2492 Commits

Author SHA1 Message Date
Min Yun 8d502fc150 Add libcgrouprc to ld.config.txt.
- In GSI, media.extractor has follow dependency.
media.extractor -> libmpeg2extractor (media ns) ->
libprocessgroup (media ns) -> libcgrouprc (default ns).
If libcgroupsrc can't link from libmpeg2extractor, media.extractor is crashed.

Test: media.extractor didn't die.
Bug: 134981805
Merged-In: I7d3e7e6477708a505b87a884e05cd719f5a3d496
(cherry picked from commit d695733df9)

Change-Id: I7d3e7e6477708a505b87a884e05cd719f5a3d496
2019-06-12 13:56:31 +09:00
Min Yun d695733df9 Add libcgrouprc to ld.config.txt.
- In GSI, media.extractor has follow dependency.
media.extractor -> libmpeg2extractor (media ns) ->
libprocessgroup (media ns) -> libcgrouprc (default ns).
If libcgroupsrc can't link from libmpeg2extractor, media.extractor is crashed.

Test: media.extractor didn't die.
Bug: 134981805
Change-Id: I7d3e7e6477708a505b87a884e05cd719f5a3d496
2019-06-12 11:19:59 +09:00
Neil Fuller 8daada6499 Merge "Switch tzdatacheck to comparing tzdata module file" am: e59703319f
am: 91f35c08cd

Change-Id: I95813932709c8c80d954cb7330793644b11ebaf5
2019-06-10 11:03:24 -07:00
Neil Fuller e59703319f Merge "Switch tzdatacheck to comparing tzdata module file" 2019-06-10 17:40:51 +00:00
Neil Fuller 09bdb325a7 Switch tzdatacheck to comparing tzdata module file
The old "time zone updates via APK" feature installs time zone data
files in /data. tzdatacheck is run during boot to guard against an
OTA leaving the data in /data older, or in a different format, than the
files that exist elsewhere on device. If such files existed the system
could use old versions of tzdb (and related) data or even end up
unstable.

Soon, the time zone data mainline module will be made "functionally
mandatory" by the removal of most time zone data files from the
runtime module APEX, i.e. the time zone data module cannot be absent,
and the runtime module won't have files to compare against.

This change modifies the command line args for tzdatacheck to reference
the contents of time zone data module instead of the runtime module.

Bug: 132168458
Test: Build / boot / inspect logcat
Change-Id: Iac8023b7cbb72213df344d603c121caa867a196f
2019-06-10 11:02:44 +00:00
Tom Cherry 0c10a4c1f5 Merge "init.rc: move rlimit setting earlier" am: acf19e8031
am: c3d485fa1a

Change-Id: If8fe3b572537f360bdb2bd5164a3d7f99af18a35
2019-06-07 09:09:25 -07:00
Tom Cherry acf19e8031 Merge "init.rc: move rlimit setting earlier" 2019-06-07 15:59:40 +00:00
Martin Stjernholm 308fa0b38d Merge "Update TODOs for ICU library links." am: b78de85272
am: 419a3fa241

Change-Id: Ia17d7b5e8a44395aa88d11b4b0fd77146c816a4c
2019-06-06 19:29:20 -07:00
Tom Cherry fdeca99c4b init.rc: move rlimit setting earlier
There is no reason that rlimits cannot be set earlier than they are,
and apexd-bootstrap may want to set the priority service option, which
would require that these rlimits have been set, so we move these to
the beginning of early-init.

Bug: 134668377
Test: apexd-bootstrap can set the priorty service option
Change-Id: I8040190cd4dc5e141784496ae65cfab80d9cad53
2019-06-06 18:18:14 +00:00
Martin Stjernholm 0d28abc5b1 Update TODOs for ICU library links.
Test: Presubmit boot test
Bug: 120786417
Bug: 134659294
Change-Id: I362e0e67c5adfd510dda12bed52629af92bfcc3d
2019-06-06 14:11:04 +01:00
Narayan Kamath 66fe4cc16a rootdir / sdcard : Stop creating /data/media/obb.
am: c6ca823710

Change-Id: I9771c08e1e9195956196c2404fb2876ad29199b6
2019-05-24 04:24:32 -07:00
Narayan Kamath c6ca823710 rootdir / sdcard : Stop creating /data/media/obb.
This directory is no longer used. OBB content is
placed in /data/media/$user/Android.

Test: make
Test: manually verify the path doesn't exist.
Bug: 129167772

Change-Id: I8549826586b9a68c8cfa3fe2e51295363f9b4e11
2019-05-23 15:09:54 +01:00
Victor Chang 28904625b8 Merge "Allow linking to libicuuc.so and libicui18n.so from executable in /data" into qt-dev 2019-05-22 15:43:44 +00:00
Peter Collingbourne b9b9d3754c Merge "Link the "runtime" namespace to more namespaces." am: 3e48b66578
am: 1b9a1c20db

Change-Id: Ic33fc84d752fa3fd487401f348be38c7531bfdea
2019-05-20 21:51:24 -07:00
Peter Collingbourne 3e48b66578 Merge "Link the "runtime" namespace to more namespaces." 2019-05-21 02:29:46 +00:00
Victor Chang 32190f45e0 Allow linking to libicuuc.so and libicui18n.so from executable in /data
Executable in /data/ runs in default linker namespace, not
classloader namespace.
In Q, we moved libicuuc.so and libicui18n into the runtime
namespace, and allow linking from runtime namespace and classloader
namespace.

This change further allows linking from default namespace, and tries
to fix the regression temporarily.

Bug: 130788466
Test: The app issue is fixed after this CL
Merged-In: Ifae52b554124514e433cfe78875643a7450fbabd
Change-Id: Ifae52b554124514e433cfe78875643a7450fbabd
(cherry picked from commit 0c7edece94)
2019-05-20 11:59:51 +01:00
vichang 17db1bef04 Merge "Allow linking to libicuuc.so and libicui18n.so from executable in /data" am: de725e6e75
am: 5c75fb81e8

Change-Id: I7bc0ba6a06d7b32c6de61d14658c4c3e9f43d417
2019-05-20 03:08:58 -07:00
vichang de725e6e75 Merge "Allow linking to libicuuc.so and libicui18n.so from executable in /data" 2019-05-20 09:49:21 +00:00
Alistair Strachan 85ee72f0ef Merge "Add asan.permitted.paths for the media namespace" into qt-dev
am: 9924f7ee2d

Change-Id: Ia49e3e6a5d3f49c53bbbcf5c6d8e412ae3e1285e
2019-05-16 07:55:56 -07:00
Jiyong Park 78e6b181ac Add asan.permitted.paths for the media namespace
Permitted paths were empty for ASAN builds with the media namespace.

Bug: 131625115
Test: no dlopen failure on libflacextractor.so in aosp_cf_x86_pasan
Change-Id: I90050fc54820ba68d64931412572f3b0954e6616
2019-05-15 12:41:01 +09:00
Victor Chang 0c7edece94 Allow linking to libicuuc.so and libicui18n.so from executable in /data
Executable in /data/ runs in default linker namespace, not
classloader namespace.
In Q, we moved libicuuc.so and libicui18n into the runtime
namespace, and allow linking from runtime namespace and classloader
namespace.

This change further allows linking from default namespace, and tries
to fix the regression temporarily.

Bug: 130788466
Test: The app issue is fixed after this CL
Change-Id: Ifae52b554124514e433cfe78875643a7450fbabd
2019-05-14 20:22:34 +01:00
Michael Groover 69277fb9c5 Merge "Notify the framework when an adb key is authorized" into qt-dev
am: b9c555e2cf

Change-Id: I664ba3acfb8295ccf7b773e07d2d007ff942bc40
2019-05-10 17:21:47 -07:00
Michael Groover b9c555e2cf Merge "Notify the framework when an adb key is authorized" into qt-dev 2019-05-10 22:54:55 +00:00
Tao Bao c61ef45379 DO NOT MERGE Start update_verifier early in late-fs.
We used to start update_verifier after mounting userdata (post-fs-data),
as part of zygote-start. This leads to issues in practice for security
updates, where an A/B device falls back into the old slot (for any
reason, which unrelates to this change) but failing to boot due to
upgraded key blob. It essentially breaks the fallback capability offered
by A/B OTA.

This CL mitigates the issue by starting update_verifier early, before
mounting userdata. This avoids the device from falling back to the old
slot with an already-upgraded key blob. update_verifier loses the
opportunity of verifying _all_ the updated blocks based on the info
that's stored in userdata.  Instead it will only trigger the minimal
read to finish the work of marking a successful boot. This is a
trade-off in P to avoid putting the device in a bad state after
fallback, which will be improved in Q by better handling the fallback
path in vold.

Bug: 131176531
Test: Flash and boot crosshatch. Check the start of update_verifier and
      it marks a successful boot.
Change-Id: I3f4c4333ff38772a9a93c9d027d497db11de1d63
(cherry picked from commit 79cfc7d5a8)
2019-05-10 21:52:50 +00:00
Michael Groover 7eeda6ba03 Notify the framework when an adb key is authorized
Bug: 124076524
Test: atest AdbDebuggingManagerTest
Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-05-09 16:05:40 -07:00
Rick Yiu c7bf1a01fd Apply initial settings for blkio cgroup
Bug: 117857342
Test: values are applied
Change-Id: Id28d9619fc2fd2287fe656b8032025184ae7f631
(cherry picked from commit a8aaf198d5)
Merged-In: Id28d9619fc2fd2287fe656b8032025184ae7f631
2019-05-09 03:14:11 +00:00
Rick Yiu 6353cb738f Merge "Apply initial settings for blkio cgroup" am: 9243da9008
am: c78c3be5cf

Change-Id: Iae287bef4afefc27e5f52d86234a46e698f172ee
2019-05-07 01:33:10 -07:00
Treehugger Robot 9243da9008 Merge "Apply initial settings for blkio cgroup" 2019-05-07 08:15:35 +00:00
Martijn Coenen fc78be2935 Merge "Support for stopping/starting post-data-mount class subsets." 2019-05-07 06:41:01 +00:00
Rick Yiu a8aaf198d5 Apply initial settings for blkio cgroup
Bug: 111422845
Test: values are applied
Change-Id: Id28d9619fc2fd2287fe656b8032025184ae7f631
2019-05-03 11:58:13 +08:00
Martin Stjernholm 2a371889e5 Merge "Reland: Fix libnativeloader to correctly link to the platform namespace." am: 2d3becd361
am: 547c7b6d44

Change-Id: I7d7f820443f1709b46a5ab7b368656b079529bbb
2019-05-02 03:56:36 -07:00
Peter Collingbourne fb1c5a724e Link the "runtime" namespace to more namespaces.
The canonical location of the HWASAN runtime, an LL-NDK library, is being moved
to the runtime APEX. It is apparently the first LL-NDK library in the runtime
APEX that does not require a legacy symlink in /system/${LIB}. Therefore we
need to link the HWASAN runtime in the runtime namespace to various namespaces
so that the library can be loaded from outside of the namespace.

Also, add $SANITIZER_RUNTIME_LIBRARIES to
namespace.default.link.system.shared_libs. This is necessary because in
the accompanying Soong change, we cause the HWASAN runtime to be removed
from $LLNDK_LIBRARIES. In most cases, except for this one, this was a no-op
because we were already including both sets of libraries in shared_libs.

Change-Id: I67d64788855d28f3a156a1b9cf8a897617277730
2019-05-01 18:00:33 -07:00
Martijn Coenen 534ad2851a Merge "Support for stopping/starting post-data-mount class subsets." into qt-dev
am: 7a2d54df84

Change-Id: I6abe761f548837728baadd9ee8a1d57f4be55679
2019-05-01 12:42:28 -07:00
Martin Stjernholm c57ed29dd5 Reland: Fix libnativeloader to correctly link to the platform namespace.
This relands http://r.android.com/951440:

This affected binaries in the Runtime APEX, where the platform namespace is
"platform" rather than "default".

Also extend ANDROID_ADDITIONAL_PUBLIC_LIBRARIES to create links to both to
platform and runtime namespaces, so that it can be used to open up access to
internal libraries in the Runtime APEX as well, which is used by ART gtests
and run tests.

Also update some comments in the ld.config*.txt files to accurately explain
why some namespaces need to be visible, and some other minor changes for
consistency. There are no semantically significant changes in those files.

Test: Flash and boot
Test: Run an ART run test with the internal libarttest.so library
Test: lunch aosp_cf_x86_phone-eng;
  atest android.compilation.cts.AdbRootDependentCompilationTest#testCompile_curProfile \
    com.android.cts.dexmetadata.InstallDexMetadataHostTest#testProfileSnapshotAfterInstall \
    installd_dexopt_test
Bug: 130293232
Bug: 121117762
Change-Id: I3d9f2102a03e83843e15bc78b5ad347220c52769
2019-05-01 16:46:06 +01:00
Martin Stjernholm 74950c035d Merge "Add linker entries for the new libdexfiled_external.so." am: cc30f4d7dd
am: a36eda0e18

Change-Id: I0f260d303bb305500ea71d0e3158a7d76cc1e850
2019-05-01 07:55:44 -07:00
Martin Stjernholm 8a50dad467 Add linker entries for the new libdexfiled_external.so.
Follow up to http://r.android.com/943476. This library is only available in
debug builds of the Runtime APEX.

Test: Flash and boot with eng build
Change-Id: I260f9b838f44ba3f8976c117d9e42fc456239e88
2019-04-30 16:11:30 +01:00
Martin Stjernholm 8dc3adfb2c Merge "Revert "Fix libnativeloader to correctly link to the platform namespace."" am: 68cf801ad9
am: affe1f2617

Change-Id: Ide5ec7791838db081c666f7aa7a137a92e4be460
2019-04-29 17:41:28 -07:00
Martin Stjernholm b9259a9cbe Revert "Fix libnativeloader to correctly link to the platform namespace."
This reverts commit 4ca0ca67bf.

Reason for revert: Breaks android.compilation.cts.AdbRootDependentCompilationTest#testCompile_curProfile and others: http://g/art-team/R2nEDA1Ka_s

Change-Id: Ia6285648133d21e61040efafc73cac97d702a7c4
2019-04-29 20:57:16 +00:00
Martin Stjernholm 71a0804f95 Merge "Fix libnativeloader to correctly link to the platform namespace." am: bce25d2363
am: 487b5784b6

Change-Id: I8b96f74250d2dc2f42e2392c8b8705e5d3fd95bc
2019-04-29 08:27:05 -07:00
Martin Stjernholm 4ca0ca67bf Fix libnativeloader to correctly link to the platform namespace.
This affected binaries in the Runtime APEX, where the platform namespace is
"platform" rather than "default".

Also extend ANDROID_ADDITIONAL_PUBLIC_LIBRARIES to create links to both to
platform and runtime namespaces, so that it can be used to open up access to
internal libraries in the Runtime APEX as well, which is used by ART gtests
and run tests.

Also update some comments in the ld.config*.txt files to accurately explain
why some namespaces need to be visible, and some other minor changes for
consistency. There are no semantically significant changes in those files.

Test: Flash and boot
Test: Run an ART run test with the internal libarttest.so library
Bug: 130293232
Bug: 121117762
Change-Id: I7ebaf5370dd0f533b1bb5f0e67e7c3c1df48e512
2019-04-29 13:09:08 +01:00
Martijn Coenen 70788f93ba Support for stopping/starting post-data-mount class subsets.
On devices that use FDE and APEX at the same time, we need to bring up a
minimal framework to be able to mount the /data partition. During this
period, a tmpfs /data filesystem is created, which doesn't contain any
of the updated APEXEs. As a consequence, all those processes will be
using the APEXes from the /system partition.

This is obviously not desired, as APEXes in /system may be old and/or
contain security issues. Additionally, it would create a difference
between FBE and FDE devices at runtime.

Ideally, we restart all processes that have started after we created the
tmpfs /data. We can't (re)start based on class names alone, because some
classes (eg 'hal') contain services that are required to start apexd
itself and that shouldn't be killed (eg the graphics HAL).

To address this, keep track of which processes are started after /data
is mounted, with a new 'mark_post_data' keyword. Additionally, create
'class_reset_post_data', which resets all services in the class that
were created after the initial /data mount, and 'class_start_post_data',
which starts all services in the class that were started after /data was
mounted.

On a device with FBE, these keywords wouldn't be used; on a device with
FDE, we'd use them to bring down the right processes after the user has
entered the correct secret, and restart them.

Bug: 118485723
Test: manually verified process list
Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
2019-04-26 14:04:59 +02:00
Martijn Coenen f0bc58a42d Support for stopping/starting post-data-mount class subsets.
On devices that use FDE and APEX at the same time, we need to bring up a
minimal framework to be able to mount the /data partition. During this
period, a tmpfs /data filesystem is created, which doesn't contain any
of the updated APEXEs. As a consequence, all those processes will be
using the APEXes from the /system partition.

This is obviously not desired, as APEXes in /system may be old and/or
contain security issues. Additionally, it would create a difference
between FBE and FDE devices at runtime.

Ideally, we restart all processes that have started after we created the
tmpfs /data. We can't (re)start based on class names alone, because some
classes (eg 'hal') contain services that are required to start apexd
itself and that shouldn't be killed (eg the graphics HAL).

To address this, keep track of which processes are started after /data
is mounted, with a new 'mark_post_data' keyword. Additionally, create
'class_reset_post_data', which resets all services in the class that
were created after the initial /data mount, and 'class_start_post_data',
which starts all services in the class that were started after /data was
mounted.

On a device with FBE, these keywords wouldn't be used; on a device with
FDE, we'd use them to bring down the right processes after the user has
entered the correct secret, and restart them.

Bug: 118485723
Test: manually verified process list
Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
2019-04-26 11:54:19 +02:00
Dongwon Kang b0bdf2685b Merge "Fix a warning on namespace.media.link.default.shared_libs" am: 4b43299132
am: 47a38645c4

Change-Id: I9101d639351cfb184a4f7f049f1bad3a13c2f9d9
2019-04-24 16:36:39 -07:00
Dongwon Kang a04e48dbec Merge "Fix a warning on namespace.media.link.default.shared_libs" into qt-dev 2019-04-24 17:57:14 +00:00
Dongwon Kang 5744cc4e99 Fix a warning on namespace.media.link.default.shared_libs
Test: build & dumpsys media.extractor
Bug: 130882530
Change-Id: Ifd46858b5a864f0fbed87baa3321f233ea12954e
Merged-In: Ifd46858b5a864f0fbed87baa3321f233ea12954e
2019-04-23 23:15:24 +00:00
Dongwon Kang 9d7a979a99 Fix a warning on namespace.media.link.default.shared_libs
Test: build & dumpsys media.extractor
Bug: 130882530
Change-Id: Ifd46858b5a864f0fbed87baa3321f233ea12954e
2019-04-23 14:56:21 -07:00
TreeHugger Robot 347f1ccf4b Merge "Adding adb_debug.prop into debug ramdisk" into qt-dev 2019-04-23 16:30:24 +00:00
Bowgo Tsai 6386c3207b Adding adb_debug.prop into debug ramdisk
The debug ramdisk can only be used if the device is unlocked.
When it's used, init will load adb_debug.prop and the userdebug
sepolicy from the debug ramdisk, to allow adb root on a user build.

Bug: 126493225
Test: 'make' and checks the file is installed
Change-Id: Id6962414197fc8f47f7c07818e8fb16107dc17a3
Merged-In: Id6962414197fc8f47f7c07818e8fb16107dc17a3
(cherry picked from commit 05f07d89a6)
2019-04-23 11:13:46 +08:00
Bowgo Tsai 1c3bf03121 Merge "Adding adb_debug.prop into debug ramdisk" am: 2ddb8df2ef
am: 8c1ea2ba7b

Change-Id: Ie0e9ee248236b9aab8b3dfbdc46bcbbe4ca2c993
2019-04-22 19:28:26 -07:00
Treehugger Robot 2ddb8df2ef Merge "Adding adb_debug.prop into debug ramdisk" 2019-04-23 02:01:36 +00:00
Wei Wang ec78cca331 init.rc: set fsck log permission on post-fs-data
Fixes: 130829745
Test: build and trigger fsck
      crosshatch:/ # ls -l /dev/fscklogs/log
      -rwxrwx--- 1 root system 1584 1970-04-08 14:48 /dev/fscklogs/log
Change-Id: Ifd0734e121d07b941a73d7cabde04928ce5e5c59
Merged-In: Ifd0734e121d07b941a73d7cabde04928ce5e5c59
2019-04-22 18:24:55 -07:00
Bowgo Tsai 05f07d89a6 Adding adb_debug.prop into debug ramdisk
The debug ramdisk can only be used if the device is unlocked.
When it's used, init will load adb_debug.prop and the userdebug
sepolicy from the debug ramdisk, to allow adb root on a user build.

Bug: 126493225
Test: 'make' and checks the file is installed
Change-Id: Id6962414197fc8f47f7c07818e8fb16107dc17a3
2019-04-20 06:08:51 +00:00
Wei Wang 3251fb09a8 Merge "init.rc: set fsck log permission on post-fs-data" am: e7d0c83d3c
am: d830060459

Change-Id: I3dab19fc19f47d43ca0c28b56e2abf34c4d502a8
2019-04-19 18:13:46 -07:00
Bowgo Tsai 619e646ec2 Merge "Copying debug ramdisk files to /debug_ramdisk/*" am: 72d8d2f2c6
am: b1eba916f1

Change-Id: I93308b3ef9f969031ebe86ef973d81680736a7b3
2019-04-19 17:46:24 -07:00
Treehugger Robot e7d0c83d3c Merge "init.rc: set fsck log permission on post-fs-data" 2019-04-20 00:12:47 +00:00
Bowgo Tsai 630fcdf153 Copying debug ramdisk files to /debug_ramdisk/*
In previous implementation, userdebug sepoilcy and property files are
loaded from the system.img. This CL changes this to:

  - first-stage init copies userdebug files from ramdisk to /debug_ramisk/*
  - second-stage init loads files from /debug_ramdisk/*.

Note: same as before, the above can only be triggered, if the device
is UNLOCKED

With this, we don't have to put userdebug related files into the USER
system.img.

Bug: 126493225
Test: boot device with a ramdisk with /force_debuggable, checks related
      files are loaded
Change-Id: I63f5f846e82ba78427062bf7615c26173878d8f3
Merged-In: I63f5f846e82ba78427062bf7615c26173878d8f3
(cherry picked from commit 30afda71c0)
2019-04-20 08:01:06 +08:00
Treehugger Robot 72d8d2f2c6 Merge "Copying debug ramdisk files to /debug_ramdisk/*" 2019-04-19 23:54:53 +00:00
Wei Wang a91c5f700e init.rc: set fsck log permission on post-fs-data
Fixes: 130829745
Test: build and trigger fsck
      crosshatch:/ # ls -l /dev/fscklogs/log
      -rwxrwx--- 1 root system 1584 1970-04-08 14:48 /dev/fscklogs/log
Change-Id: Ifd0734e121d07b941a73d7cabde04928ce5e5c59
2019-04-19 11:46:21 -07:00
Wei Wang 50b7b4c113 Merge "init: set oom_adj early before fork vendor_init" into qt-dev 2019-04-19 17:13:39 +00:00
Wei Wang 011f5a20d2 Merge "init: set oom_adj early before fork vendor_init" am: a7c103eb8e
am: 099ffa2f37

Change-Id: I8882ccf5f3532fd5da9b6d20bb019a10d65fd86b
2019-04-18 19:46:18 -07:00
Treehugger Robot a7c103eb8e Merge "init: set oom_adj early before fork vendor_init" 2019-04-19 02:17:50 +00:00
Bowgo Tsai 30afda71c0 Copying debug ramdisk files to /debug_ramdisk/*
In previous implementation, userdebug sepoilcy and property files are
loaded from the system.img. This CL changes this to:

  - first-stage init copies userdebug files from ramdisk to /debug_ramisk/*
  - second-stage init loads files from /debug_ramdisk/*.

Note: same as before, the above can only be triggered, if the device
is UNLOCKED

With this, we don't have to put userdebug related files into the USER
system.img.

Bug: 126493225
Test: boot device with a ramdisk with /force_debuggable, checks related
      files are loaded
Change-Id: I63f5f846e82ba78427062bf7615c26173878d8f3
2019-04-19 09:56:14 +08:00
Wei Wang bb2bc1586d init: set oom_adj early before fork vendor_init
right now vendor_init is forked before we set oom_adj for init which
leaves a chance vendor_init could be killed in heavy memory pressure.

this CL set the oom_adj before forking everything to ensure all native
have correct oom_adj settings.

Fixes: 130824864
Test: procrank -o

(cherry picked from commit 45d8174fe7)

Change-Id: I68c18f9db24d55239f7f0608592fcc702f04542e
2019-04-18 16:31:11 -07:00
Wei Wang 45d8174fe7 init: set oom_adj early before fork vendor_init
right now vendor_init is forked before we set oom_adj for init which
leaves a chance vendor_init could be killed in heavy memory pressure.

this CL set the oom_adj before forking everything to ensure all native
have correct oom_adj settings.

Fixes: 130824864
Test: procrank -o
Change-Id: I8af129076c3efa29f7b781459449f8f2dc853c98
2019-04-18 16:14:08 -07:00
Dongwon Kang aa952fa545 Merge "Remove libandroid.so from media namespace." 2019-04-18 20:54:40 +00:00
Dongwon Kang f34a08f8b7 Merge "Remove libandroid.so from media namespace." into qt-dev
am: 2b107b8b6b

Change-Id: I5b83476196221d71db4137b4cbc2a3f5f786c3b3
2019-04-18 10:30:23 -07:00
Tom Cherry fbb2c91647 Merge "Do not create /sbin" am: 3016f2527c
am: b4f982146d

Change-Id: I7c166420b514f5b1951a0ba841bec670589c9d21
2019-04-17 17:08:36 -07:00
Dongwon Kang 4b2b76e101 Remove libandroid.so from media namespace.
Test: adb shell dumpsys media.extractor
Bug: 130637522
Change-Id: I6bcdac60a740d19a97bbac19e6339e0552b0d572
Merged-In: Ia6366834613d1e12498fa90377e79f62a2149776
2019-04-17 18:05:51 +00:00
Dongwon Kang a8e4b89768 Remove libandroid.so from media namespace.
Test: adb shell dumpsys media.extractor
Bug: 130637522
Change-Id: Ia6366834613d1e12498fa90377e79f62a2149776
2019-04-17 10:47:33 -07:00
Tom Cherry 3ec821fcfb Do not create /sbin
/sbin was traditionally used for static binaries on the ramdisk for
Android, but now everything is a shared binary, so this directory is
empty and we do not want to encourage creation of new libraries in
this directory.

Bug: 73660730
Test: build
Change-Id: I0d0aa052e1eaf529d18921c45169473df0ee51ff
2019-04-16 15:22:33 -07:00
Martin Stjernholm b6adac48f8 Merge "Describe the reason for the allow_all_shared_libs from the runtime namespace better." am: 8a9a1c5056
am: 49492bc586

Change-Id: Ie4f29ea47b8af4b8e9fd4f0deacbaf1d10b5ab4a
2019-04-12 09:07:23 -07:00
Martin Stjernholm 609236f66c Describe the reason for the allow_all_shared_libs from the runtime namespace
better.

Test: N/A - comment change only
Bug: 119867084
Change-Id: I80743236f95cedc43b8f80ac32a09ac0094f779e
2019-04-11 13:54:44 +01:00
Yifan Hong 1710e7e7bd Merge "charger: Allow to rw /sys/power/[state,wakeup_count]" into qt-dev
am: 83e52ce905

Change-Id: I1b6ccdda49904869767bbfc62c29da6a00892978
2019-04-09 22:13:10 -07:00
Yifan Hong 122e78248e charger: Allow to rw /sys/power/[state,wakeup_count]
charger needs to suspend the device when the power goes away
when it doesn't have root. These two files are marked with
group system, user system, mode 0600 in 'on boot', but
it is not executed in charger. Hence, move these actions
to 'on init'.

Test: no failure in libsuspend in charger

Bug: 129138950

Change-Id: I787b935b4ff6177601329aeedccdac361b119ca3
Merged-In: I787b935b4ff6177601329aeedccdac361b119ca3
2019-04-09 13:35:07 -07:00
Yifan Hong c9a9d279ef charger: Allow to rw /sys/power/[state,wakeup_count]
charger needs to suspend the device when the power goes away
when it doesn't have root. These two files are marked with
group system, user system, mode 0600 in 'on boot', but
it is not executed in charger. Hence, move these actions
to 'on init'.

Test: no failure in libsuspend in charger

Bug: 129138950

Change-Id: I787b935b4ff6177601329aeedccdac361b119ca3
2019-04-09 13:13:33 -07:00
Oliver Nguyen 9399245480 Merge "Move gcov output to /data/misc/trace" am: 3a6a01bdee
am: af4a358461

Change-Id: I3274fab9240b86b5121daa4ace529eb6a562ec83
2019-04-08 11:56:28 -07:00
Victor Hsieh b85e4ab41f Merge "Do not restrict .fs-verity keyring in debuggable build" am: be51525424
am: 0cf9bfd4a6

Change-Id: If032a3d33f149ca6aa2fb809e13025a14398e245
2019-04-05 11:20:09 -07:00
Oliver Nguyen 3a6a01bdee Merge "Move gcov output to /data/misc/trace" 2019-04-05 18:11:30 +00:00
Victor Hsieh 851026d569 Do not restrict .fs-verity keyring in debuggable build
Test: add logs, see expected behavior
Bug: 112038861
Change-Id: Ib133d2206a7696caaf42ab5f0a6d79aa5308b332
2019-04-04 16:48:57 -07:00
Oliver Nguyen 360eb055e0 Move gcov output to /data/misc/trace
Gcov output location has world write on debuggable builds.

Test: N/A
Bug: 128524141
Change-Id: Ia6b94e26352dd66f5c6819f6157b4b73dd777a90
2019-04-04 13:57:59 -07:00
Yifan Hong bd5853cb48 Merge changes from topic "libprocessgroup_rc"
* changes:
  CgroupSetupCgroups -> CgroupSetup
  Add libcgrouprc to ld.config.*.txt.
  libprocessgroup: use libcgrouprc to read cgroup.rc
  libprocessgroup_setup: use libcgrouprc_format
  libprocessgroup: Move CgroupSetupCgroups() to libprocessgroup_setup
  libprocessgroup: Add libcgrouprc
  libprocessgroup: Add libcgrouprc_format
2019-04-03 16:41:21 +00:00
Yifan Hong 063b6beef0 Add libcgrouprc to ld.config.*.txt.
Test: boots (sanity)
Bug: 123664216
Change-Id: I23c3ece44816e4e213f9630b915e19978a259823
Merged-In: I23c3ece44816e4e213f9630b915e19978a259823
2019-04-02 22:31:57 -07:00
Yifan Hong 169a3e6095 Add libcgrouprc to ld.config.*.txt.
Test: boots (sanity)
Bug: 123664216
Change-Id: I23c3ece44816e4e213f9630b915e19978a259823
2019-04-02 17:34:37 -07:00
Jiyong Park 28429ff8c1 Merge "Search rs namespace prior to vndk namespace" am: 5ccb6a5cdc am: 8b524e9b45
am: deeedf9783

Change-Id: Id1f3e8d310bd1b8f3b7c67e0ab7485d96fd541bb
2019-04-02 01:47:06 -07:00
Treehugger Robot 5ccb6a5cdc Merge "Search rs namespace prior to vndk namespace" 2019-04-02 08:24:42 +00:00
Jiyong Park fa4971f3c3 Search rs namespace prior to vndk namespace
With the recent change that removed get_exported_namespace out of libdl,
the RenderScript SP-HAL stopped using android_dlopen_ext which it used
to load libRS_internal.so in the "rs" namespace. Instead, it now falls
back to the ordinary dlopen() call. The dlopen() call tries to load the
lib in the current namespace (which is sphal) and then falls back to the
linked namespaces: default, vndk, rs.

The problem is that rs is listed as the last namespace and therefore the
linker tries the namespace only when it failed to load the library in
other namespaces: default and vndk. libRS_internal.so is accessible to
both vndk and rs namespaces. So, the dlopen() call always goes into the
vndk namespace and there is no chance for the lib to be loaded in the rs
namespace.

To fix the problem, the rs namespace is placed before vndk so that the
namespace is tried first.

Bug: 129550847
Test: runtest -x cts/tests/camera/src/android/hardware/
Change-Id: Idafc32f8a309dd12495768931d7ea17a2f791c50
2019-04-02 02:43:23 +00:00
Jaegeuk Kim cc563077bf Merge "init.rc: tune F2FS to be aligned to system settings" am: 99ba4b36e8 am: d2060b771d
am: e727f6612c

Change-Id: I7a6b250ebb79baf726de6f6493fc2f11262682c4
2019-04-01 09:34:17 -07:00
Treehugger Robot 99ba4b36e8 Merge "init.rc: tune F2FS to be aligned to system settings" 2019-04-01 16:10:28 +00:00
Bowgo Tsai d03dfdf984 Merge "Adding GSI public keys" am: ddaf736a88 am: aea89ed3ea
am: 7e4834ce7f

Change-Id: If46aa415528d998afc4fbac7a2d6992fc285045d
2019-04-01 07:14:57 -07:00
Treehugger Robot ddaf736a88 Merge "Adding GSI public keys" 2019-04-01 13:43:34 +00:00
Bowgo Tsai 5fdd7861bb Adding GSI public keys
This CL adds three GSI keys, to allow booting a GSI with AVB
to enable dm-verity.

   https://android.googlesource.com/platform/external/avb/

The keys for R and S GSI is to allow a device boots a new
version of GSI in a Treble-compatible manner.

For more information about GSI, please visit:

    https://source.android.com/setup/build/gsi

Bug: 112293933
Test: m q-gsi.avbpubkey r-gsi.avbpubkey s-gsi.avbpubkey
Change-Id: I4439e44fbd5da3240d7f6c7987f66445ec4590c5
2019-03-30 03:07:31 +00:00
Jaegeuk Kim f65df964c0 init.rc: tune F2FS to be aligned to system settings
Android sets /proc/sys/vm/dirty_expire_centisecs to 200, so f2fs
doesn't need to do checkpoint in 60 seconds.

Bug: 127511432
Change-Id: I2ba0623053d4480b82003eb1cca85ff03c61fc0f
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2019-03-29 22:43:29 +00:00
Suren Baghdasaryan f33436d720 Merge "Set /proc/pressure/memory file permissions" am: 3cf9850cef am: e337910a35
am: d8a1ee860c

Change-Id: I46d066d35a97a0d0fc01240c58a8060a40d6cea7
2019-03-29 13:36:57 -07:00
Tim Murray 1504cb5b6e Set /proc/pressure/memory file permissions
Change access mode and ownership for /proc/pressure/memory file
to allow system components access memory pressure information.

Bug: 129476847
Change-Id: I25b6bc9d47aee857936f050b66e7bee6363b53be
Signed-off-by: Tim Murray <timmurray@google.com>
2019-03-28 22:12:06 +00:00
Martin Stjernholm d2c8014b13 Merge "Apply the standard system linker config to all of /data." am: 60de348654 am: 0ec4836b71
am: e7540ff272

Change-Id: I928e2d7f4e274d753a23c7a10b647abefa6096b7
2019-03-28 05:59:01 -07:00
Martin Stjernholm 60de348654 Merge "Apply the standard system linker config to all of /data." 2019-03-28 12:37:29 +00:00
Victor Hsieh c4430f3489 Merge "Initialize fs-verity keys in shell script" am: 7f43e9fa40 am: ef787edd24
am: 98d7696248

Change-Id: Ie144188d08d295b1c34b1593772f74fed96a4197
2019-03-27 13:51:14 -07:00
Treehugger Robot 7f43e9fa40 Merge "Initialize fs-verity keys in shell script" 2019-03-27 20:31:19 +00:00
Martin Stjernholm 6ba5d996d7 Merge "Remove links to libart(d).so in the runtime." am: fdf70f1ba8 am: fd7f92372d
am: 0c0deebf98

Change-Id: If5fcd8b69ac72c436141140f155ad1c4d99524a4
2019-03-27 10:43:21 -07:00
Martin Stjernholm adf4503de1 Apply the standard system linker config to all of /data.
This is necessary to get the correct APEX namespace setup for apps that
executes binaries from there.

In older releases no linker config applied to binaries in /data, so the
fallback config in /system/bin/linker was used, which basically just looked
up libraries in /system/{lib,lib64}. With the introduction of APEXes that
location no longer contains the complete set of libraries, so this is
necessary to retain functional parity.

Strictly speaking this fallback rule should apply as last resort for a
binary in any location, but the linker does not accept "dir.system = /".

Test: Flash and boot
Test: The app regression in b/128569634
Bug: 128569634
Change-Id: Icfcd66f0a7d8d898618be1b6186bb1111d20d688
2019-03-26 18:10:51 +00:00
Martin Stjernholm 5c074e0ab9 Remove links to libart(d).so in the runtime.
They are not needed since the binaries and relevant exported libraries have
moved to the Runtime APEX.

Test: Flash and boot
Test: atest CtsJniTestCases CtsJdwpTestCases
Bug: 119867084
Change-Id: If416fbae7057aec02059bb31a4dcd8b63dcc0cad
2019-03-26 17:24:12 +00:00
Pete Bentley 57616a7307 Merge "Tighten native API surface." am: d2c4eb0dae am: 5f920a0a57
am: ae89bfb67d

Change-Id: I73608d1d987c00a08452d98ebe13620eb1237d1b
2019-03-26 02:48:14 -07:00
Pete Bentley d2c4eb0dae Merge "Tighten native API surface." 2019-03-26 09:19:37 +00:00
Vic Yang 034bfeba6f Merge "Fix sed command on Mac builds" am: 42a5dd9c41 am: ad7bf56b1d
am: e22977e8fa

Change-Id: I672a5fbbff66fb98a4dcbbf714532f628dab57d7
2019-03-25 06:58:18 -07:00
Victor Hsieh 59183120c2 Initialize fs-verity keys in shell script
This gives us two benefits:
  - Better compatibility to keyctl(1), which doesn't have "dadd"
  - Pave the way to specify key's security labels, since keyctl(1)
    doesn't support, and we want to avoid adding incompatible option.

Test: See keys loaded in /proc/keys
Bug: 128607724
Change-Id: Ia45f6e9dea80d037c0820cf1fd2bc9d7c8bb6302
2019-03-22 09:18:00 -07:00
Vic Yang 4a85f3c92a Fix sed command on Mac builds
Bug: 119423884
Test: Manually test sed command on Mac
Change-Id: I8df32b2476a01e2b758ea81f00dae0b6179ba79a
2019-03-21 10:16:06 -07:00
Pete Bentley cc6c50a123 Tighten native API surface.
AsynchronousCloseMonitor is moved into libandroidio by
r.android.com/910073 and so libjavacore no longer needs to
be linked to the conscrypt namespace.

Bug: 123744297
Test: m && flashall
Test: atest CtsLibcoreOkHttpTestCases
Test: atest CtsLibcoreTestCases
Change-Id: Id720b59e4ef42a2c0226b497a1cc3c54f7a837d0
2019-03-21 17:13:14 +00:00
Vic Yang 60e3c55900 Merge "Add support for no-vendor-variant VNDK" am: c3e96512c0 am: 5e9c91c404
am: 1a41a41bcc

Change-Id: I13d4a8e9a97f6b229581f29400fbe50647f8fdde
2019-03-20 21:59:29 -07:00
Vic Yang c3e96512c0 Merge "Add support for no-vendor-variant VNDK" 2019-03-21 04:30:47 +00:00
Xiaoyong Zhou ed98d4f249 Merge "Enable fsverity signature checking" am: aaee497db2 am: 0d8d105e32
am: f0ac994384

Change-Id: I400ba966f1e23400bb3e4a2f3bb8ab0b3ba10368
2019-03-19 10:11:11 -07:00
Treehugger Robot aaee497db2 Merge "Enable fsverity signature checking" 2019-03-19 16:40:48 +00:00
Roland Levillain 44cbfa1ac7 Merge "Include tests directories in the linker legacy configuration." am: d503239292 am: 5481e3aec8
am: 315a0513f1

Change-Id: I56ada3fd79c09e2f52e12e233d06a5980e02611b
2019-03-19 05:37:09 -07:00
Roland Levillain d503239292 Merge "Include tests directories in the linker legacy configuration." 2019-03-19 10:17:10 +00:00
Neil Fuller 5f2e4f7871 Merge "Address syntax / error case nits" am: ed6b5177e2 am: 6ac873c3b9
am: d836b1dca9

Change-Id: Ia2ce435666fa3d2cc1f5ff171e5612878afdceb0
2019-03-19 02:58:50 -07:00
Neil Fuller ed6b5177e2 Merge "Address syntax / error case nits" 2019-03-19 09:37:55 +00:00
Xiaoyong Zhou 66fc7eb195 Enable fsverity signature checking
This CL enable fsverity signature checking.

Bug: 112038861
Test: cat /proc/sys/fs/verity/require_signatures -> 1
Change-Id: I57aaf6094aa503bdcac93306cafd7f71f202e711
2019-03-18 14:28:18 -07:00
Roland Levillain 5c99a0c067 Include tests directories in the linker legacy configuration.
Make ld.config.legacy.txt similar to other linker configurations with
respect to tests in /data/{nativetest,benchmarktest}{,64}.

Note: The linker legacy configuration is used by the ART generic build
targets, defined in project device/generic/art.

Test: ART chroot-based on-device testing using the master-art
Bug: 121117762
Change-Id: I6c8fafa2568862e450aa7b9fea1177a184cb9705
2019-03-18 19:07:32 +00:00
Dongwon Kang aca2e799ee Merge "List stable libraries media apex relies on." am: fc0f79f8a8 am: 5698f77f5f
am: cd557657bc

Change-Id: Ib6b863c7b07f587c2a1d54e1c686d03b75c527ac
2019-03-15 22:47:37 -07:00
Dongwon Kang fc0f79f8a8 Merge "List stable libraries media apex relies on." 2019-03-16 05:34:09 +00:00
Andreas Gampe 514fc03638 Merge "Init: Load fsverity keys earlier" am: f09ef56056 am: a0cc42381c
am: a7597deed2

Change-Id: Ibe40afdbed4af22f207600a94307448191287f29
2019-03-15 19:34:32 -07:00
Dongwon Kang a013e3d53d List stable libraries media apex relies on.
With allow_all_shared_libs, the libs under /system/lib may be used
instead of libs included in the apex. This change adds stable libraries
the media apex relies on to prevent this case.

Test: dumpsys media.extractor, atest MediaPlayer2Test
Bug: 127791685

Change-Id: I6a0419e6da9e9f48a394257b1e8f977ec2dfa9a1
2019-03-15 17:23:03 -07:00
Andreas Gampe e8565ac94a Init: Load fsverity keys earlier
Keys may be required for apex updates (post-installs), so load them
before starting apexd.

Bug: 125474642
Test: m
Test: manual
Change-Id: I32ddb6ae6854334e8ee7e195173ecfaed565d783
2019-03-15 15:14:35 -07:00
Neil Fuller 3b0da85b22 Address syntax / error case nits
Observe some best practices in the APEX symlink
shell commands. No functional changes intended except with error
handling.

Bug: 128687472
Bug: 124106384
Bug: 122985829
Bug: 128249030
Test: make installclean / make droid / inspect one symlink
Change-Id: I099fed5ac8f25cc3911ce0e7ea2b9f74c2172193
2019-03-15 19:05:05 +00:00
Jiyong Park 190cee3519 Don't bind-mount bionic files am: 7b4801a921 am: 2f2b99a20d
am: f90d8479c9

Change-Id: I06ceb206ce8b95176fa7a74802d2d0b7d34f444c
2019-03-15 02:42:54 -07:00
Jiyong Park 2f2b99a20d Don't bind-mount bionic files
am: 7b4801a921

Change-Id: I80ded3b5efbee209eb705556bc92e2708497da20
2019-03-15 02:17:48 -07:00
Treehugger Robot 4cd0914048 Merge changes from topic "apex_earlymount_no_bionic_bindmount"
* changes:
  /bionic path is gone
  Revert "Handle adb sync with Bionic under /bionic"
  Don't bind-mount bionic files
2019-03-15 09:02:18 +00:00
Neil Fuller cb7ac9d752 Merge "Move the logic for creating APEX-related symlinks" 2019-03-14 16:06:08 +00:00
Gavin Corkery ff3c13f52f Merge "Rename data/pkg_staging to data/app-staging." 2019-03-14 14:14:38 +00:00
Neil Fuller 16e5ae3b39 Move the logic for creating APEX-related symlinks
The existing location of logic for creating symlinks to files that have
moved into APEX does not get executed for -user builds, only
-userdebug and -eng. The new location is equally arbitrary but appears
to be invoked for -user, -userdebug and -eng targets.

Tested with:
make cleaninstall && lunch taimen-[user|userdebug|eng] && make droid

Inspected:
ls -l out/target/product/taimen/system/usr/icu

Bug: 128249030
Bug: 122985829
Bug: 124106384
Test: see above
Merged-In: I92a52d0b5ef97e8cb4f780691f8594e40f2fa6b3
Change-Id: I92a52d0b5ef97e8cb4f780691f8594e40f2fa6b3
(cherry picked from commit 0ed52b789d)
2019-03-14 10:38:54 +00:00
Neil Fuller cd29f37e39 Merge "Move the logic for creating APEX-related symlinks" 2019-03-14 08:54:33 +00:00
Jiyong Park 7b4801a921 Don't bind-mount bionic files
Bind-mounting of the bionic files on /bionic/* paths no longer required
as there are direct symlinks from bionic files in /system partition to
the corresponding bionic files in the runtime APEX. e.g.,

/system/lib/libc.so -> /apex/com.android.runtime/lib/bionic/libc.so

Bug: 125549215
Test: m; devices boots
Change-Id: I4a43101c3e3e2e14a81001d6d65a8a4b727df385
2019-03-14 07:35:54 +09:00
Neil Fuller 0ed52b789d Move the logic for creating APEX-related symlinks
The existing location of logic for creating symlinks to files that have
moved into APEX does not get executed for -user builds, only
-userdebug and -eng. The new location is equally arbitrary but appears
to be invoked for -user, -userdebug and -eng targets.

Tested with:
make cleaninstall && lunch taimen-[user|userdebug|eng] && make droid

Inspected:
ls -l out/target/product/taimen/system/usr/icu

Bug: 128249030
Bug: 122985829
Bug: 124106384
Test: see above
Change-Id: I92a52d0b5ef97e8cb4f780691f8594e40f2fa6b3
2019-03-13 18:14:56 +00:00
Neil Fuller 43ffdff20d Merge "Add an env variable for the tzdata module root" am: 822dbd8911 am: 8c8d8f5df9
am: 4f92416fa1

Change-Id: I60406b56c060a3e3775709aacf5cf38ad66db820
2019-03-13 02:03:17 -07:00
Neil Fuller 822dbd8911 Merge "Add an env variable for the tzdata module root" 2019-03-13 08:49:30 +00:00
Martijn Coenen 4fa4c2a6f9 Merge "Create /metadata/apex/[sessions]." am: 13b5c3bee7 am: 5cdb3a9af8
am: 3d62bd2e16

Change-Id: Ida561b285efae52985149ab90ad7bc6b96eb536b
2019-03-13 01:27:08 -07:00
Martijn Coenen 13b5c3bee7 Merge "Create /metadata/apex/[sessions]." 2019-03-13 07:46:32 +00:00
Martijn Coenen 4517e57ff5 Create /metadata/apex/[sessions].
For storing persistent apex session state.

Bug: 126740531
Test: builds
Change-Id: Ibf280764977768956b5512b2252d22ceaba31c1e
2019-03-12 22:05:20 +01:00
Vic Yang 19b3a51f64 Add support for no-vendor-variant VNDK
When no-vendor-variant VNDK is enabled, the vendor variant of VNDK
libraries are not installed.  In this case, the vendor binaries need to
be able to link in the core variant.

Update the linker config so that we export such VNDK libraries to the
proper linker namespaces.

Bug: 119423884
Test: Enable no-vendor-variant VNDK for a dummy VNDK library.  Boot and
      check the vendor variant does not exist and only the core variant
      is used.

Change-Id: I71274fdf61373663603a5fbc3497400420094fcf
2019-03-12 13:30:46 -07:00
Neil Fuller 9358e0972f Add an env variable for the tzdata module root
The ANDROID_TZDATA_ROOT maps to the /apex/com.android.tzdata
location on device like ANDROID_RUNTIME_ROOT maps to the
/apex/com.android.runtime location.

Bug: 128422035
Test: build only
Change-Id: Id90006004ca652564e530f3694600ac4afd798ed
2019-03-12 16:52:36 +00:00
Gavin Corkery 8df32193f3 Rename data/pkg_staging to data/app-staging.
Test: atest apex_e2e_tests
Bug: 126330086

Change-Id: Ic5729d60046e8825a2a94e3c3483ea8232a69ed2
Merged-In: Ic5729d60046e8825a2a94e3c3483ea8232a69ed2
2019-03-12 15:38:44 +00:00
Gavin Corkery 8d73048209 Merge "Rename data/pkg_staging to data/app-staging." 2019-03-09 12:41:28 +00:00
Xiaoyong Zhou 27c13df54b Merge "Change mini-keyctl command format." am: 34e1b402a6 am: 3c6e86bc11
am: 4b0a6092cc

Change-Id: I6e4179f6a2b4dfece070d196d343e5b497f37385
2019-03-08 16:08:30 -08:00
Treehugger Robot 34e1b402a6 Merge "Change mini-keyctl command format." 2019-03-08 23:17:01 +00:00
Xiaoyong Zhou b29b27ec7f Change mini-keyctl command format.
This CL change the mini-keyctl tool to make it compitable with libkeyctl
tool to make it more useful.

Bug: 112038861
Test: mini-keyctl padd asymmetric 'desc' .fs-verity < /path/to/cert.der
Test: mini-keyctl unlink <key_id> <keyring_id>
Test: mini-keyctl restrict_keyring <keyring_id>

Change-Id: I950f07c7718f173823ce5a5cd08e0d1a0e23a007
2019-03-08 09:59:42 -08:00
Gavin Corkery ad0b2473dc Rename data/pkg_staging to data/app-staging.
Test: atest apex_e2e_tests
Bug: 126330086

Change-Id: Ic5729d60046e8825a2a94e3c3483ea8232a69ed2
2019-03-08 15:47:25 +00:00
Roland Levillain 2144c6703e Merge "Fix a typo in linker configuration comments." am: ecef987a35 am: 58e3b61d1e
am: fcd734a433

Change-Id: I5f5bd69b84688456615ea4027479ed8363e122de
2019-03-08 04:05:52 -08:00
Roland Levillain ecef987a35 Merge "Fix a typo in linker configuration comments." 2019-03-08 11:48:43 +00:00
Dongwon Kang 9778fdaec4 Merge "allow_all_shared_libs for media namespace in ld.config.legacy.txt" am: fc6e441a1a am: 6cec105df9
am: 3642244f9d

Change-Id: I6e12d0eecfce92436415c26e2210f76ef2fbb8ce
2019-03-07 21:11:05 -08:00
David Anderson ef35aa87de Merge "Create /metadata/password_slots during boot." am: 1c1850fad2 am: 7d5cf4e04c
am: c31a6f760c

Change-Id: I3922e7b616e159628b5381bebee0e19edfc15e3e
2019-03-07 12:19:57 -08:00
Roland Levillain e51c87634a Fix a typo in linker configuration comments.
Test: n/a
Change-Id: I3fa36094cf3eb45b0e1400712f22b8477a096b59
2019-03-07 19:06:57 +00:00