* changes:
fs_mgr: support AVB in fs_mgr_update_verity_state()
init: support early_mount with vboot 2.0 (external/avb/libavb)
fs_mgr: adds/changes some public APIs for early mount in init
fs_mgr_avb: refactors how vbmeta is loaded
fs_mgr: adding fs_mgr_get_slot_suffix() public API
Use of 'inline' without 'static' may allow the C compiler to uninline it
within the compilation unit, depending on the C standard level. Always
using 'static inline' avoids this problem.
Test: build + boot to launcher
Change-Id: Ifb6e1fa6b84286067ddc2daca4c8942c410e56ab
These includes are included transitively by liblog, but not by the VNDK
version of liblog.
Bug: 33241851
Test: links with BOARD_VNDK_VERSION := current
Change-Id: Ide4aee3cacad2a2bf6bd0cbdf0254c6c245f4020
fs_mgr_update_verity_state() is invoked by 'verity_update_state' in
init.rc. It will then set property "partition.system.verified" and
"partition.vendor.verified" to verify_mode. We should support this for
AVB as well.
Also change the order of static libs in init to fix the build error
after this change:
system/extras/ext4_utils/ext4_crypt.cpp:69: error: undefined reference to 'property_get'
Bug: 35416769
Test: Mount /system and /vendor with vboot 2.0 (AVB), check the following properties exist.
- [partition.system.verified]: [2]
- [partition.vendor.verified]: [2]
Test: Mount /system and /vendor with vboot 1.0, check the following properties exist.
- [partition.system.verified]: [0]
- [partition.vendor.verified]: [0]
Change-Id: I4328d66a8cb93f26e7960e620a0b2292d5f15900
Merged-In: I4328d66a8cb93f26e7960e620a0b2292d5f15900
(cherry picked from commit aaf70e77dc)
libavb requires verifying AVB metadata on all verified partitions at
once. For example, /vbmeta, /boot, /system and /vendor. We need to
invoke device_init() for those partitions even if we only want to early
mount some of them, like /vendor and /system.
This CL gets all AVB partitions and the early mount partitions from
device tree through "firmware/android/vbmeta" and "firmware/fstab",
respectively. The following is an example to early mount /vendor
partition on bullhead:
firmware {
android {
compatible = "android,firmware";
vbmeta {
compatible = "android,vbmeta";
parts = "boot,system,vendor";
by_name_prefix="/dev/block/platform/soc.0/f9824900.sdhci/by-name"
};
fstab {
compatible = "android,fstab";
vendor {
compatible = "android,vendor";
dev = "/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor";
type = "ext4";
mnt_flags = "ro,barrier=1,inode_readahead_blks=8";
fsmgr_flags = "wait,avb";
};
};
};
};
Bug: 33254008
Test: early mount /vendor with vboot 2.0 (AVB) on bullhead
Test: early mount /system without dm-verity on bullhead
Test: early mount /vendor with vboot 1.0 on sailfish
Change-Id: I89a1f77c97124f309346b33d9e700544b92ecf05
Merged-In: I89a1f77c97124f309346b33d9e700544b92ecf05
(cherry picked from commit 8bba52fc4b)
Several changes in this CL:
- Moves class FsManagerAvbHandle to public API
- Adds a parameter 'wait_for_verity_dev' for FsManagerAvbHandle::SetUpAvb()
to allow not to wait for verity device gets created
- Adds FsManagerAvbHandle::AvbHashtreeDisabled() to query whether AVB is disabled
- Adds fs_mgr_is_avb() to query whether a fstab_rec has MF_AVB flag
Bug: 33254008
Test: test AVB on bullhead
Change-Id: I89c43ca574ae632db8a700fc2590a1f80212c993
Merged-In: I89c43ca574ae632db8a700fc2590a1f80212c993
(cherry picked from commit 80d1ad17ed)
Adds two classes FsManagerAvbhandle and FsManagerAvbVerifier to replace the
following functions or struct:
- fs_mgr_load_vbmeta_images() -> FsManagerAvbhandle::Open()
- fs_mgr_unload_vbmeta_images() -> deleted
- fs_mgr_setup_avb() -> FsManagerAvbhandle::SetUpAvb()
- androidboot_vbmeta -> FsManagerAvbVerifier
- load_vbmeta_prop() -> FsManagerAvbVerifier::Create()
- verify_vbmeta_images() -> FsManagerAvbVerifier::VerifyVbmetaImages()
And only invokes FsManagerAvbhandle::Open() when there is a fstab entry having
'avb' flag (need HASHTREE descriptor). fs_mgr_is_avb_used() can be
removed as it only checks system property "ro.boot.vbmeta.hash_alg" to
decide whether vbmeta needs to be loaded, which might not be accurate.
For example, there are only HASH descriptors in the verified chain but
no HASHTREE descriptors. In this case, the fs_mgr doesn't have to do
anything because it only takes care of HASHTREE descriptors.
Also adds a new class FsManagerAvbOps to provide the C++ binding
FsManagerAvbOps::AvbSlotVerify() for libavb->avb_slot_verify().
Bug: 33254008
Test: test AVB on bullhead
Change-Id: I8fe15ba01c277152630a2a5c1c5c7f25fbf34030
Merged-In: I8fe15ba01c277152630a2a5c1c5c7f25fbf34030
(cherry picked from commit 95c966a859)
The function returns "_a" or "_b" based on two possible values in
kernel cmdline:
- androidboot.slot = a or b OR
- androidboot.slot_suffix = _a or _b
Bug: 33254008
Bug: 36533366
Test: boot sailfish
Change-Id: Ia0a524e4145ebf61af5821f42ecad212c95ed748
Merged-In: Ia0a524e4145ebf61af5821f42ecad212c95ed748
(cherry picked from commit 87d0836cda)
Now, framework process (any process that is executing /system/bin/* or
/system/xbin/*) are started with three namespaces; default, sphal and
vndk.
default namespace is the namespace that is responsible for loading libs
from /system/lib. It can't load libs from other places such as
/vendor/lib. (However, we temporarily open the path since we haven't
finished the system partition cleanup, but will do eventually).
sphal namespace is the namespace where SP-HAL (Same-process HAL) is
loaded. SP-HAL are the only vendor libraries that are allowed to be
loaded inside framework processes. libEGL_<chipset>.so and
android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs. When
framework needs to load those SP-HALs, it explicitly loads it from this
namespace using android_get_exported_namespace() and
android_dlopen_ext().
vndk namespace is the namespace for loading vndk-sp (Vendor-NDK for
Same-Process) libs, which is a small set of framework libraries that
SP-HALs can link against. These libraries are compiled for the same
version of Android that the vendor partition is compiled against.
SP-HALs can not use libraries other than vndk-sp and ndk libs.
Membership to vndk-sp and ndk are strictly closed.
Note that in a system, there are two copies of vndk-sp libs. One at
/system/lib and the other at /vendor/lib/vndk-sp. As a result, there can
be two instances of a same library in a process.
Also adds ld.config.legacy.txt which is used on non-Treble devices where
PRODUCT_FULL_TREBLE is not set to true.
Note, this split can be cleaned up further after b/37139976 is solved.
Bug: 34407260
Test: git diff HEAD:rootdir/etc/ld.config.legacy.txt
HEAD^:rootdir/etc/ld.config.txt => 0
Test: sailfish boots (because BOARD_VNDK_VERSION is not set to
'current')
Change-Id: I8331d94edc38f22c4f8abc66cdf2050af9d0605b
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 33241851
Test: build and flash internal marlin
Test: m -j libbacktrace
Test: build with BOARD_VNDK_VERSION := current
Change-Id: Idab4880e011416ebc40b225205c30fb5ed8661db
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 33241851
Test: build and flash internal marlin
Test: m -j libsync
Test: build with BOARD_VNDK_VERSION := current
Change-Id: I5b23d2c1f41b842e5a9b7ea257921133b80c3f98
This is used in CallStack.h.
Test: m -j libutils
Test: links
Test: trying to compile with BOARD_VNDK_VERSION := current
Bug: 33241851
Change-Id: If7258e7b38000a72fd520f725030fb0038f90167
These headers are used in headers in libsystem_headers and must be
re-exported.
Test: modules using libsystem_headers don't have to have
libaudio_system_headers include dirs set.
Bug: 33241851
Change-Id: Ic2d842a4c97b3e3fed770249f0cc33a399f3cead
Default signature WriteStringToFile creates world-writeable files.
Set owner and group system and remove read/write for non-owner.
Bug: 37251463
Test: Manual: reboot, inspect
Change-Id: I6a29c678168dcae611b120dc52170f4eee7069a9
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 33241851
Test: build and flash internal marlin
Test: m -j libbase
Test: build with BOARD_VNDK_VERSION := current
Change-Id: I720a00deada4e62628e6fbc4ac830265de9c669f
With the binder traffic of composer moved to vndbinder,
vndservicemanager is needed to be started early to get bootanim
displayed quickly.
Also servicemanager is required to be start early to support early
bootanim and sufaceflinger.
Bug: 37306311
Test: bootanim regression fixed
Change-Id: Ice1e05bdb3fe4e67a63a49f1db8afdb018c7b61b
vendor + vendor_available modules built with BOARD_VNDK_VERSION :=
current aren't allowed to use global headers. Since libutils uses
system headers itself, it should export them as well.
Also added some items into windows-deprecated.h. This file is supposed
to be in sync with the libnativewindow variant until all dependencies on
it can be fixed. However, it is missing some updates. This matters when
including libsystem_headers adds system headers before libnativewindow
headers in the lookup paths.
Bug: 33241851
Test: building with BOARD_VNDK_VERSION := current produces many fewer
errors.
Change-Id: I950821f1dae3ddc110db50869247913d5b1aa638
- Old tool will set it to 10 while mke2fs will set it to -1.
- For now, only tag it.
- TODO: possibly add different policy per image tool version.
bug: 32246772
Test: check dmesg after reboot
(cherry picked from commit 95e233f9ff)
Change-Id: Icd4758e240009d7b37df2d8a0e2a20d5ddbe4906
It's possible, in the event of a platform update, for the platform
SELinux policy to change from the policy on which the vendor SELinux
policy was originally based. In this case, a different mapping file
to bridge the differences between the new policy and the old needs to
be selected.
Make init choose which mapping policy file to use based on the version
reported in /vendor/etc/selinux/plat_sepolicy_vers.txt.
Bug: 36783775
Test: Force compilation of sepolicy on-device with mapping file changed
to new location and name, using the value reported on /vendor.
Change-Id: I63c883ccb79dd31c92dabe44a55c4ab50a3735e6
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 36426473
Bug: 36079834
Test: m -j libutils
Test: attempt to compile with BOARD_VNDK_VERSION := current
Merged-In: I6c1279a74ef071851401e38bbdd377f13827694c
Change-Id: I6c1279a74ef071851401e38bbdd377f13827694c
TreeHugger Robot