The debug ramdisk can only be used if the device is unlocked.
When it's used, init will load adb_debug.prop and the userdebug
sepolicy from the debug ramdisk, to allow adb root on a user build.
Bug: 126493225
Test: 'make' and checks the file is installed
Change-Id: Id6962414197fc8f47f7c07818e8fb16107dc17a3
In previous implementation, userdebug sepoilcy and property files are
loaded from the system.img. This CL changes this to:
- first-stage init copies userdebug files from ramdisk to /debug_ramisk/*
- second-stage init loads files from /debug_ramdisk/*.
Note: same as before, the above can only be triggered, if the device
is UNLOCKED
With this, we don't have to put userdebug related files into the USER
system.img.
Bug: 126493225
Test: boot device with a ramdisk with /force_debuggable, checks related
files are loaded
Change-Id: I63f5f846e82ba78427062bf7615c26173878d8f3
Merged-In: I63f5f846e82ba78427062bf7615c26173878d8f3
(cherry picked from commit 30afda71c0)
In previous implementation, userdebug sepoilcy and property files are
loaded from the system.img. This CL changes this to:
- first-stage init copies userdebug files from ramdisk to /debug_ramisk/*
- second-stage init loads files from /debug_ramdisk/*.
Note: same as before, the above can only be triggered, if the device
is UNLOCKED
With this, we don't have to put userdebug related files into the USER
system.img.
Bug: 126493225
Test: boot device with a ramdisk with /force_debuggable, checks related
files are loaded
Change-Id: I63f5f846e82ba78427062bf7615c26173878d8f3
right now vendor_init is forked before we set oom_adj for init which
leaves a chance vendor_init could be killed in heavy memory pressure.
this CL set the oom_adj before forking everything to ensure all native
have correct oom_adj settings.
Fixes: 130824864
Test: procrank -o
(cherry picked from commit 45d8174fe7)
Change-Id: I68c18f9db24d55239f7f0608592fcc702f04542e
right now vendor_init is forked before we set oom_adj for init which
leaves a chance vendor_init could be killed in heavy memory pressure.
this CL set the oom_adj before forking everything to ensure all native
have correct oom_adj settings.
Fixes: 130824864
Test: procrank -o
Change-Id: I8af129076c3efa29f7b781459449f8f2dc853c98
/sbin was traditionally used for static binaries on the ramdisk for
Android, but now everything is a shared binary, so this directory is
empty and we do not want to encourage creation of new libraries in
this directory.
Bug: 73660730
Test: build
Change-Id: I0d0aa052e1eaf529d18921c45169473df0ee51ff
charger needs to suspend the device when the power goes away
when it doesn't have root. These two files are marked with
group system, user system, mode 0600 in 'on boot', but
it is not executed in charger. Hence, move these actions
to 'on init'.
Test: no failure in libsuspend in charger
Bug: 129138950
Change-Id: I787b935b4ff6177601329aeedccdac361b119ca3
Merged-In: I787b935b4ff6177601329aeedccdac361b119ca3
charger needs to suspend the device when the power goes away
when it doesn't have root. These two files are marked with
group system, user system, mode 0600 in 'on boot', but
it is not executed in charger. Hence, move these actions
to 'on init'.
Test: no failure in libsuspend in charger
Bug: 129138950
Change-Id: I787b935b4ff6177601329aeedccdac361b119ca3
With the recent change that removed get_exported_namespace out of libdl,
the RenderScript SP-HAL stopped using android_dlopen_ext which it used
to load libRS_internal.so in the "rs" namespace. Instead, it now falls
back to the ordinary dlopen() call. The dlopen() call tries to load the
lib in the current namespace (which is sphal) and then falls back to the
linked namespaces: default, vndk, rs.
The problem is that rs is listed as the last namespace and therefore the
linker tries the namespace only when it failed to load the library in
other namespaces: default and vndk. libRS_internal.so is accessible to
both vndk and rs namespaces. So, the dlopen() call always goes into the
vndk namespace and there is no chance for the lib to be loaded in the rs
namespace.
To fix the problem, the rs namespace is placed before vndk so that the
namespace is tried first.
Bug: 129550847
Test: runtest -x cts/tests/camera/src/android/hardware/
Change-Id: Idafc32f8a309dd12495768931d7ea17a2f791c50
This CL adds three GSI keys, to allow booting a GSI with AVB
to enable dm-verity.
https://android.googlesource.com/platform/external/avb/
The keys for R and S GSI is to allow a device boots a new
version of GSI in a Treble-compatible manner.
For more information about GSI, please visit:
https://source.android.com/setup/build/gsi
Bug: 112293933
Test: m q-gsi.avbpubkey r-gsi.avbpubkey s-gsi.avbpubkey
Change-Id: I4439e44fbd5da3240d7f6c7987f66445ec4590c5
Android sets /proc/sys/vm/dirty_expire_centisecs to 200, so f2fs
doesn't need to do checkpoint in 60 seconds.
Bug: 127511432
Change-Id: I2ba0623053d4480b82003eb1cca85ff03c61fc0f
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change access mode and ownership for /proc/pressure/memory file
to allow system components access memory pressure information.
Bug: 129476847
Change-Id: I25b6bc9d47aee857936f050b66e7bee6363b53be
Signed-off-by: Tim Murray <timmurray@google.com>
This is necessary to get the correct APEX namespace setup for apps that
executes binaries from there.
In older releases no linker config applied to binaries in /data, so the
fallback config in /system/bin/linker was used, which basically just looked
up libraries in /system/{lib,lib64}. With the introduction of APEXes that
location no longer contains the complete set of libraries, so this is
necessary to retain functional parity.
Strictly speaking this fallback rule should apply as last resort for a
binary in any location, but the linker does not accept "dir.system = /".
Test: Flash and boot
Test: The app regression in b/128569634
Bug: 128569634
Change-Id: Icfcd66f0a7d8d898618be1b6186bb1111d20d688
They are not needed since the binaries and relevant exported libraries have
moved to the Runtime APEX.
Test: Flash and boot
Test: atest CtsJniTestCases CtsJdwpTestCases
Bug: 119867084
Change-Id: If416fbae7057aec02059bb31a4dcd8b63dcc0cad
This gives us two benefits:
- Better compatibility to keyctl(1), which doesn't have "dadd"
- Pave the way to specify key's security labels, since keyctl(1)
doesn't support, and we want to avoid adding incompatible option.
Test: See keys loaded in /proc/keys
Bug: 128607724
Change-Id: Ia45f6e9dea80d037c0820cf1fd2bc9d7c8bb6302
AsynchronousCloseMonitor is moved into libandroidio by
r.android.com/910073 and so libjavacore no longer needs to
be linked to the conscrypt namespace.
Bug: 123744297
Test: m && flashall
Test: atest CtsLibcoreOkHttpTestCases
Test: atest CtsLibcoreTestCases
Change-Id: Id720b59e4ef42a2c0226b497a1cc3c54f7a837d0
Make ld.config.legacy.txt similar to other linker configurations with
respect to tests in /data/{nativetest,benchmarktest}{,64}.
Note: The linker legacy configuration is used by the ART generic build
targets, defined in project device/generic/art.
Test: ART chroot-based on-device testing using the master-art
Bug: 121117762
Change-Id: I6c8fafa2568862e450aa7b9fea1177a184cb9705
With allow_all_shared_libs, the libs under /system/lib may be used
instead of libs included in the apex. This change adds stable libraries
the media apex relies on to prevent this case.
Test: dumpsys media.extractor, atest MediaPlayer2Test
Bug: 127791685
Change-Id: I6a0419e6da9e9f48a394257b1e8f977ec2dfa9a1
Keys may be required for apex updates (post-installs), so load them
before starting apexd.
Bug: 125474642
Test: m
Test: manual
Change-Id: I32ddb6ae6854334e8ee7e195173ecfaed565d783
Observe some best practices in the APEX symlink
shell commands. No functional changes intended except with error
handling.
Bug: 128687472
Bug: 124106384
Bug: 122985829
Bug: 128249030
Test: make installclean / make droid / inspect one symlink
Change-Id: I099fed5ac8f25cc3911ce0e7ea2b9f74c2172193
The existing location of logic for creating symlinks to files that have
moved into APEX does not get executed for -user builds, only
-userdebug and -eng. The new location is equally arbitrary but appears
to be invoked for -user, -userdebug and -eng targets.
Tested with:
make cleaninstall && lunch taimen-[user|userdebug|eng] && make droid
Inspected:
ls -l out/target/product/taimen/system/usr/icu
Bug: 128249030
Bug: 122985829
Bug: 124106384
Test: see above
Merged-In: I92a52d0b5ef97e8cb4f780691f8594e40f2fa6b3
Change-Id: I92a52d0b5ef97e8cb4f780691f8594e40f2fa6b3
(cherry picked from commit 0ed52b789d)
Bind-mounting of the bionic files on /bionic/* paths no longer required
as there are direct symlinks from bionic files in /system partition to
the corresponding bionic files in the runtime APEX. e.g.,
/system/lib/libc.so -> /apex/com.android.runtime/lib/bionic/libc.so
Bug: 125549215
Test: m; devices boots
Change-Id: I4a43101c3e3e2e14a81001d6d65a8a4b727df385
The existing location of logic for creating symlinks to files that have
moved into APEX does not get executed for -user builds, only
-userdebug and -eng. The new location is equally arbitrary but appears
to be invoked for -user, -userdebug and -eng targets.
Tested with:
make cleaninstall && lunch taimen-[user|userdebug|eng] && make droid
Inspected:
ls -l out/target/product/taimen/system/usr/icu
Bug: 128249030
Bug: 122985829
Bug: 124106384
Test: see above
Change-Id: I92a52d0b5ef97e8cb4f780691f8594e40f2fa6b3
When no-vendor-variant VNDK is enabled, the vendor variant of VNDK
libraries are not installed. In this case, the vendor binaries need to
be able to link in the core variant.
Update the linker config so that we export such VNDK libraries to the
proper linker namespaces.
Bug: 119423884
Test: Enable no-vendor-variant VNDK for a dummy VNDK library. Boot and
check the vendor variant does not exist and only the core variant
is used.
Change-Id: I71274fdf61373663603a5fbc3497400420094fcf
The ANDROID_TZDATA_ROOT maps to the /apex/com.android.tzdata
location on device like ANDROID_RUNTIME_ROOT maps to the
/apex/com.android.runtime location.
Bug: 128422035
Test: build only
Change-Id: Id90006004ca652564e530f3694600ac4afd798ed
This CL change the mini-keyctl tool to make it compitable with libkeyctl
tool to make it more useful.
Bug: 112038861
Test: mini-keyctl padd asymmetric 'desc' .fs-verity < /path/to/cert.der
Test: mini-keyctl unlink <key_id> <keyring_id>
Test: mini-keyctl restrict_keyring <keyring_id>
Change-Id: I950f07c7718f173823ce5a5cd08e0d1a0e23a007
This is a temporal fix. With this change, the extractor plug-ins uses
unstable libs under /system/lib[64]. The right resolution is being
discussed.
Test: applied the same change to ld.config.txt and checked
the memory map of media.extractor on cuttlefish.
Bug: 127791685
Change-Id: Ifd5b79831f27ef4017bb8aa774671aa9b2c5264e
Removing 'updatable' from zygote as zygote is started after apexd. All
APEXes are guaranteed to be activated at the moment.
Sequence of actions:
1) /data mounted. post-fs-data is triggered.
2) apexd starts. APEXes are activated. Init does not execute more
commands until the activation finishes.
3) all post-fs-data sections from other *.rc are executed.
4) zygote-start is triggered.
Bug: 123404717
Bug: 126555629
Bug: 125549215
Test: device boots
Test: no following message on the logcat log
Could not restart 'zygote': Cannot start an updatable service 'zygote' before configs from APEXes are all loaded. Queued for execution.
Merged-In: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
Change-Id: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
(cherry picked from commit 3bddd540dd)
Removing 'updatable' from zygote as zygote is started after apexd. All
APEXes are guaranteed to be activated at the moment.
Sequence of actions:
1) /data mounted. post-fs-data is triggered.
2) apexd starts. APEXes are activated. Init does not execute more
commands until the activation finishes.
3) all post-fs-data sections from other *.rc are executed.
4) zygote-start is triggered.
Bug: 123404717
Bug: 126555629
Bug: 125549215
Test: device boots
Test: no following message on the logcat log
Could not restart 'zygote': Cannot start an updatable service 'zygote' before configs from APEXes are all loaded. Queued for execution.
Change-Id: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
This directory is used to store the Weaver/GateKeeper slot map so GSIs
do not overwrite host keys in secure storage.
Bug: 123716647
Test: /metadata/password_slots exists after boot
Change-Id: Ib0ca13edec38e68cba1fc2124465571feedc4be7
Summary: Boot sequence around apexd is changed to make it possible for
pre-apexd processes to use libraries from APEXes. They no longer need to
wait for the apexd to finish activating APEXes, which again can be
done only after /data/ is mounted. This improves overall boot
performance.
Detail: This change fixes the problem that processes that are started
before apexd (so called pre-apexd processes) can't access libraries
that are provided only by the APEXes but are not found in the system
partition (e.g. libdexfile_external.so, etc.). Main idea is to activate
system APEXes (/system/apex/*.apex) before /data is mounted and then
activate the updated APEXes (/data/apex/*.apex) after the /data mount.
Detailed boot sequence is as follows.
1) init prepares the bootstrap and default mount namespaces. A tmpfs is
mounted on /apex and the propagation type of the mountpoint is set to
private.
2) before any other process is started, apexd is started in bootstrap
mode. When executed in the mode, apexd only activates APEXes under
/system/apex. Note that APEXes activated in this phase are mounted in
the bootstrap mount namespace only.
3) other pre-apexd processes are started. They are in the bootstrap
mount namespace and thus are provided with the libraries from the system
APEXes.
4) /data is mounted. init switches into the default mount namespace and
starts apexd as a daemon as usual.
5) apexd scans both /data/apex and /system/apex, and activate latest
APEXes from the directories. Note that APEXes activated in this phase
are mounted in the default namespaces only and thus are not visible to
the pre-apexd processes.
Bug: 125549215
Test: m; device boots
Change-Id: I21c60d0ebe188fa4f24d6e6861f85ca204843069
/apex is not mounted via init.rc but directly by the first_stage init
before the mount namespaces are configured.
This allows us to change the propagation type for /apex mount point to
private to isolate APEX activatesions across post- and pre-apexd
processes.
Bug: 125549215
Test: m; device boots to the UI
Change-Id: I10e056cd30d64cb702b6c237acd8dab326162884
Because /vendor is a symlink to /system/vendor on devices without a
dedicated /vendor partition, /system/vendor/lib/* needs to be added to
the permitted paths whereever /vendor/lib/* is permitted.
Reasoning:
Legacy devices are forced to use ld.config.legacy.txt, which is very
permissive. We can prolong support for them and enable them to use the
VNDK if we extend the search paths to include the resolved symlink dirs.
Change-Id: I6b3bb7b86ed82395345a16bdc857353b1b15c704
To differentiate IO priority for different groups.
Bug: 111422845
Bug: 117857342
Test: tasks are assigned to the group as expected
Change-Id: Ibb108d1b8e0f720f7ac4cab248b3c33d35e5483d
tzdatacheck references files in the runtime apex so should
not be executed before the apex mounts are ready.
Test: Manual tests (see b/123270813); observed tzdatacheck running after
apex files are mounted
Bug: 123270813
Bug: 116191025
Bug: 119293618
Bug: 113373927
Change-Id: I249d127c1d568bc5025d81b0bb4187c81363d897
Ensure that only the symbols in liblog.map.txt can be used by the
platform.
Bug: 123349183
Test: build
Change-Id: I99ae5d0e8ba8f5061ec20701c941d861c9eb615d
This is essentially the same change as
bcb5ba75a5
for ld.config.vndk_lite.txt.
Bug: 124789446
Test: atest CtsBionicTestCases on marlin
Change-Id: I6b65ec4df1626d625975c9834bf96ac9ff6cc3f3
Now that we always have system mounted early, we're starting to load
various daemons during the `init` trigger and these daemons need the
environment set up from init.environ.rc, so we move it to early-init.
This shouldn't need to go any further earlier in the future, since
nothing besides ueventd should ever start in early-init.
Test: systems boot, early daemons get right environment
Change-Id: I02f425a1500377c5de3427afa7872073e77a066f
They are installed to /system/etc, not /. Hence, move
out of rootdir/ and move into the code that parse these
files (i.e. libprocessgroup).
Also, Android.mk->bp.
Test: builds
Change-Id: I1763c26f81ae51ee159552e39d252fd643c35b94
In recovery mode a separate set of cgroups should be mounted. Add a
cgroups.recovery.json file to describe cgroups mounted during recovery.
Change cgroups descriptor parset to allow cgroups and cgroups2 sections
to be omitted.
Bug: 124270406
Test: "adb reboot sideload; adb devices" shows 'sideload' as expected
Change-Id: Ic32bd2b4612ec8390064f87d4655d1bd1183d741
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
libandroidicu is used by various libraries, e.g. libxml2, minikin.
Thus, expose libandroidicu to default namespace.
libpac is only used by libjni_pacprocessor (part of framework).
libicuuc, libicui18n are not exposed to default namespace,
because everyone else, except app, should use libandroidicu.
They are exposed to classloader namespace from runtime namespace
via the work done in libnativeloader in http://r.android.com/887453
b/120786417 has more details about these 2 libraries.
Bug: 120659668
Test: m droid
Change-Id: I2cd3378f1eb94b7bb1c942738b59d7e577a5f8f0
This is a precaution in case there are dependencies on the binaries in the
old location. b/124106384 tracks eliminating them (if any).
Test: Flash and check symlinks are there with adb shell ls -l system/bin
Test: adb shell system/bin/<binary>
Bug: 113373927
Bug: 124106384
Change-Id: Ib4102fe55117611f68184102e68a10ea47de0065
Originally, vndk_lite does not include system/lib/vndk-* directory but
searching the required files in system/lib instead. However, in GSI,
they are using the vndk libs which has symbols than core variants.
To avoid this problem, allow the vendor processes in vndk_lite devices
to search system/lib prior to vndk libs.
Bug: 124063441
Test: Check boot for vndk_lite devices.
Change-Id: I89a72e9d43d6fb05f4b6d87bbd4500f8febfe970
There are tests that require access to both system and vendor libraries,
like what the linker sets up when there is no matching config section.
Test: atest cameraservice_test libsurfaceflinger_unittest perfprofd_test \
inputflinger_tests (no new failures, but 3 old ones)
Test: Internal test can load libandroid.so
Bug: 124127405
Bug: 123700170
Change-Id: I4f5cb2e09bdf1ae510259198c08c252b41249d94
This commit fixes the search paths for vendor binaries in ASAN targets.
Test: Boot aosp_walleye-userdebug to home screen
Change-Id: Id87ceee3c43098bd453f6fae4f32ea62355f922b
This change fixes the problem that apexd is delaying the entire boot
sequence while waiting for the loopback devices to be created. The delay
was as big as 50 ms per a loopback device.
With this change, apexd is started much earlier: from "on post-fs-data"
to "on init". When it is first started, it scans /system/apex to
determine the number of APEXes and creates that number of loopback
devices priori. Since then it enters into the binder loop.
When the data partition is mounted, init lets apexd to initiate the
apexd boot sequence where APEXes in /data is scanned, verified, and
activated. Since the creation of the loopback devices were requested far
before, it is very likely that dev nodes for the devices are ready at
this moment (even if not, this isn't a lose).
Bug: 123404717
Bug: 123772265
Test: compare boot times.
init_zygote_START_TIME_avg is improved from 2831ms to 2622ms on blueline
Change-Id: I12450cee44aa4d17a11def62261c2f82d3f2c718
The sys.use_memfd property is set by default to false in Android
to temporarily disable memfd, till vendor and apps are ready for it.
The main issue: either apps or vendor processes can directly make ashmem
IOCTLs on FDs they receive by assuming they are ashmem, without going
through libcutils. Such fds could have very well be originally created with
libcutils hence they could be memfd. Thus the IOCTLs will break.
Set default value of sys.use_memfd property to true once the issue is
resolved, so that the code can then self-detect if kernel support is present
on the device. The property can also set to true from adb shell, for
debugging.
Bug: 113362644
Change-Id: I0f572ef36cac2a58fe308ddb90bbeffbecdaed3b
Signed-off-by: Joel Fernandes <joelaf@google.com>
JSON supports only decimal values and therefore file mode which should
use octal values has to be represented as strings. Fix the implicit
octal-to-decimal conversion and convert from string to octal in the code.
Bug: 111307099
Test: confirmed by verifying correct file permissions
Change-Id: I3ef9de0aea259f93bf74efeffca72d37d4740e15
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
- package manager needs to read from /data/apex/active, hence 0750
- both /data/apex/backups and /data/apex/sessions are internal to apexd,
hence 0700
Bug: 123927167
Fixes: 123927167
Test: apex_e2e_tests, flashall -w & checked folders were created
Change-Id: I06c28328afe4945d082acd890401651bd37fcb20
As of Id663c5f284e3b4fc65ed8cb8c2da6bcf6542e034, the asan libs
are in the TARGET_COPY_OUT_X subpath of the /data/asan/ dir, rather
than just 'x' unconditionally.
Test: presubmit
Change-Id: I3a515791e237ad10703415ea532c7a089660d8e9
TARGET_COPY_OUT_PRODUCT_SERVICES can be equal to
TARGET_COPY_OUT_PRODUCT, in which case the ld.config
lines containing PRODUCT_SERVICES are redundant.
Test: make and diff
Change-Id: I1dc24eb49d37f1ab0faa6eecdb0ccc974321f4ac
Abstract usage of cgroups into task profiles that allows for changes
in cgroup hierarchy and version without affecting framework codebase.
Rework current processgroup and sched_policy API function implementations
to use task profiles instead of hardcoded paths and attributes.
Mount cgroups using information from cgroups.json rather than from init.rc
Exempt-From-Owner-Approval: already approved in internal master
Bug: 111307099
Test: builds, boots
Change-Id: If5532d6dc570add825cebd5b5148e00c7d688e32
Merged-In: If5532d6dc570add825cebd5b5148e00c7d688e32
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Add cgroups.json and task_profiles.json file to be places under /etc/ on
the device to describe cgroups to be mounted and task profiles that
processes can request. This adds additional layer of abstraction between
what a process wants to achieve and how system implements that request.
Bug: 111307099
test: builds, boots
Change-Id: If92f011230ef5d24750e184bad776f30ba226f86
Merged-In: If92f011230ef5d24750e184bad776f30ba226f86
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Abstract usage of cgroups into task profiles that allows for changes
in cgroup hierarchy and version without affecting framework codebase.
Rework current processgroup and sched_policy API function implementations
to use task profiles instead of hardcoded paths and attributes.
Mount cgroups using information from cgroups.json rather than from init.rc
Bug: 111307099
Test: builds, boots
Change-Id: If5532d6dc570add825cebd5b5148e00c7d688e32
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Add cgroups.json and task_profiles.json file to be places under /etc/ on
the device to describe cgroups to be mounted and task profiles that
processes can request. This adds additional layer of abstraction between
what a process wants to achieve and how system implements that request.
Bug: 111307099
test: builds, boots
Change-Id: If92f011230ef5d24750e184bad776f30ba226f86
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
The vulkan runtime loads drivers into the sphal namespace and relies
on them being in the sphal search path so that it doesn't have to
hardcode /vendor/${LIB}/hw.
These paths used to be allowed, but were removed by commit 2498e1b
because they were believed not to be required. Things didn't break
immediately because the vulkan runtime has a (supposed to be
temporary) fallback to hw_get_module, which loads from
/vendor/${LIB}/hw using absolute paths.
Bug: 123600276
Test: Launch Vulkan app on device with hw_get_module disabled
Change-Id: I07ac43bc9d2d877d8f427058b2d62c62d065c558
Wei Wang