VNDK-SP is relocated back to /system partition from /vendor partition,
following the original design.
In addition, the namespace for RenderScript is added. The namespace is
dedicated for loading VNDK-SP libs for RenderScript such as
libRS_internal.so. The reason for having a separate namespace is that
RenderScript requires more permitted paths (/data/*) which should not be
allowed for normal SP-HALs.
Bug: 37522144
Bug: 37550338
Test: sailfish builds and boots well
Test: lsof shows VNDK-SP libs are loaded from /system/lib/vndk-sp
Test: RenderScript app (CameraScript) runs well
Change-Id: Id139f626cafae2e43ee4eefc5a57a204e31bbbc9
Currently zygote is started early for FBE device but update_verifier is run later
which creates a potential risk. This CL ensures update_verifier run before
zygote touches anything within data/ partition. With this change, we also start zygote
early for unencrypted/unsupported encryption state device.
Bug: 37543411
Test: marlin boots
(cherry picked from commit 5dc05effec)
Change-Id: I97cde0c20f74b1b17c995d84c2e31c86fe006395
Add asan counterparts.
Bug: 37579959
Test: m && m SANITIZE_TARGET=address
Merged-in: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
Change-Id: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
- late start of zygote_secondary leads into occasional
1 second wait for starting system service.
- Early start secondary zygote so that there is no additional
wait.
bug: 37508384
Test: python packages/services/Car/tools/bootanalyze/bootanalyze.py -r -c packages/services/Car/tools/bootanalyze/config.yaml -n 100 -f -e 16 -w 30
(cherry picked from commit f8532445b4)
Change-Id: Ia46b07f3d6abb090cc169ebd807e21b16694d172
(cherry pick from commit 3510359a3c)
ro.logd.kernel, ro.config.low_ram, ro.logd.timestamp and ro.debuggable
need to be retrieved prior to logd start in order for the service to
behave in a configured manner. Other essential services are also
dependent on these system properties as well, so it just makes sense
to pick them all up first in 'on fs'.
Test: smoke test
Bug: 37425809
Change-Id: I33ad185f397ee527ed3c84cc2bcb40ff8ca785b5
Currently if a process sets the sys.powerctl property, init adds this
property change into the event queue, just like any other property.
The actual logic to shutdown the device is not executed until init
gets to the action associated with the property change.
This is bad for multiple reasons, but explicitly causes deadlock in
the follow scenario:
A service is started with `exec` or `exec_start`
The same service sets sys.powerctl indicating to the system to
shutdown
The same service then waits infinitely
In this case, init doesn't process any further commands until the exec
service completes, including the command to reboot the device.
This change causes init to immediately handle sys.powerctl and reboot
the device regardless of the state of the event queue, wait for exec,
or wait for property conditions.
Bug: 37209359
Bug: 37415192
Test: Init reboots normally
Test: Update verifier can reboot the system
Change-Id: Iff2295aed970840f47e56c4bacc93001b791fa35
(cherry picked from commit 98ad32a967)
libui.so is not used by SP-HALs, so it is removed from the list of libs
exposed from the default namespace.
Also, this fixes a warning message "property value is empty" caused by
the automatically removed trailing '/' for the section 'legacy'. Since
the legacy behavior is already implemented by the linker itself, the
behavior doesn't need to specified in ld.config.txt.
Test: marlin/sailfish boots
Test: no warning message is shown
Change-Id: Ib679794d63b01c6794663dc88f1ab7e72cfb11d3
Starting zygote early requires cpuset to be initialized to all cores for
foreground cpuset. Change to expolit all cores by default at boot and
let device manufacturers override to proper values in device specific
init script.
Bug: 36576280
Test: marlin boot fast and checked cpuset during early boot
Change-Id: I2c1ce0630e58a7b04d1a453c6740d3f0bce9de9f
(cherry picked from commit 2e83b86a8a)
Now, framework process (any process that is executing /system/bin/* or
/system/xbin/*) are started with three namespaces; default, sphal and
vndk.
default namespace is the namespace that is responsible for loading libs
from /system/lib. It can't load libs from other places such as
/vendor/lib. (However, we temporarily open the path since we haven't
finished the system partition cleanup, but will do eventually).
sphal namespace is the namespace where SP-HAL (Same-process HAL) is
loaded. SP-HAL are the only vendor libraries that are allowed to be
loaded inside framework processes. libEGL_<chipset>.so and
android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs. When
framework needs to load those SP-HALs, it explicitly loads it from this
namespace using android_get_exported_namespace() and
android_dlopen_ext().
vndk namespace is the namespace for loading vndk-sp (Vendor-NDK for
Same-Process) libs, which is a small set of framework libraries that
SP-HALs can link against. These libraries are compiled for the same
version of Android that the vendor partition is compiled against.
SP-HALs can not use libraries other than vndk-sp and ndk libs.
Membership to vndk-sp and ndk are strictly closed.
Note that in a system, there are two copies of vndk-sp libs. One at
/system/lib and the other at /vendor/lib/vndk-sp. As a result, there can
be two instances of a same library in a process.
Also adds ld.config.legacy.txt which is used on non-Treble devices where
PRODUCT_FULL_TREBLE is not set to true.
Note, this split can be cleaned up further after b/37139976 is solved.
Bug: 34407260
Test: git diff HEAD:rootdir/etc/ld.config.legacy.txt
HEAD^:rootdir/etc/ld.config.txt => 0
Test: sailfish boots (because BOARD_VNDK_VERSION is not set to
'current')
Change-Id: I8331d94edc38f22c4f8abc66cdf2050af9d0605b
With the binder traffic of composer moved to vndbinder,
vndservicemanager is needed to be started early to get bootanim
displayed quickly.
Also servicemanager is required to be start early to support early
bootanim and sufaceflinger.
Bug: 37306311
Test: bootanim regression fixed
Change-Id: Ice1e05bdb3fe4e67a63a49f1db8afdb018c7b61b
This CL disables module loading by writing 1 to
/proc/sys/kernel/modules_disabled when the property sys.boot_completed
is set to 1 by ActivityManagerService (at the broadcast of
PHASE_BOOT_COMPLETED).
Bug: 36515654
Test: tested on sailfish and verified that module loading is disabled in
userdebug and enabled in eng mode
Change-Id: Id38d34a6395966ab21e440614337c0cfca791ad0
The class early_hal is essentially for the keymaster hal which needs
to be up before vold tries to unlock a storage encryption key (FDE or
FBE). The current position is too early in the boot process, because
on devices with legacy HAL the wrapper service uses system properties
to find the legacy HAL.
This patch moves the start of the early_hal class to the late-fs trigger
action which runs right after the system property action.
Test: Manually tested and update tested on bullhead, sailfish, and
another device.
Bug: 35764921
Change-Id: I34b45b85f8450e9ef18861535fdb2ee963df8c9b
This class is used to start hals which are required in order to mount
data (for instance keymaster).
Test: works to start early_hal in internal
Bug: 36278706
Change-Id: If06908135e59b187683d8cf4cc4a00b490559081
(cherry picked from commit 5d56bad4bd)
This reverts commit 5011270225.
Now starting even earlier.
Reason for revert: Needed change, reverted b/c broken device.
Bug: 36278706
Test: original DOA device boots
Test: angler, bullhead, fugu, marlin, ryu
Test: all these devices boot with wipe
Test: all these devices boot with w/o wipe
Test: lshal shows all included services
Change-Id: Ic639aedf7834b1bd3a26d23d109727f5559317e9
Vendor owns /data/vendor.
HAL data must go in /data/vendor/hardware/.
Bug: 34980020
Test: build and boot AOSP Marlin. Observe /data/vendor and
/data/vendor/hardware exist and are empty.
Change-Id: I6fe96e3c76a10a5eb480ba10e10d4d006de56c12
Also start hals where hwservicemanager was started before.
Bug: 36278706
Test: internal marlin+angler boots
Change-Id: Ia55d2ef747fcbd086a09e1bb856824b14343118b
We have seen cases when threads in this cgroup not scheduled for more than
a few seconds in heavy workload situation and causing device freeze.
In Linux, multiple threads placed in ROOT cgroup cause the CPU resource to
be split per thread, rather than per group.
Currently we have many threads in ROOT cgroup, which makes threads in
bg_non_interactive cgroup to have "tiny" CPU resource other than 5%
quota defined.
Bug: 34193533
Test: on marlin
Change-Id: I7721f6196560fbedf6265e8b6db130cec9edefd7
This file describes how loader should set up
default namespace for different kind of binaries.
Note that vendor and some of system binaries are
not yet ready for this config to be enabled - they
rely on libraries they shouldn't be relying upon.
Bug: http://b/30435785
Test: m
Change-Id: I7d5853a6b55db169be1dc2c38cc682711bf7f7f5
Motivation:
1. Reduce skew between userdebug and user builds.
2. Make the decision to mount debugfs on debug builds on a
per-device basis.
3. Prepare to not mount it at all to reduce the attack surface
of the kernel, reduce boot time, and free up memory.
4. Remove the selinux denial on devices that mount twice, i.e.
unconditionally in the device specific .rc file and in the
init-debug.rc file.
avc: denied { mounton } for path="/sys/kernel/debug" dev="debugfs"
ino=1 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0
tclass=dir permissive=0
If desired, debugfs may be mounted in device specific rc files
instead.
Bug: 31856701
Bug: 35197529
Test: Build and boot Marlin. Selinux denial no longer observed.
Change-Id: Ie0d954f77f7cf70ed2b94f67a57a6c9eba45ba8e
Add SANITIZE_LITE_SERVICES to drive usage of asan.options for a
large set of native services.
Test: m SANITIZE_TARGET=address SANITIZE_LITE=true
Test: m SANITIZE_TARGET=address SANITIZE_LITE=true SANITIZE_LITE_SERVICES=true
Change-Id: I84458dcc1b193b762daeb3004cf6c49e2fd8fae2
Current init doesn't order the triggeres it scaned, and there is no
guarantee that general event trigger exec first and then event+property
triggers.
This CL will make sure netd started after post-fs-data trigger is done.
Bug: 35110957
Test: marlin boots
Change-Id: I7bb55af4e00f336682388abfa8a06eac2136b7d4
This change makes the init process to always attempts to enable
transient trigger for vibrator. This allows the exported properties to
change the ownership later at the on boot stage.
Test: device vibrates with the driver supports ledtrig-transient
Change-Id: If5eb7b7feaefe803f2ead634fbe4fc7b48da84ea
Signed-off-by: David Lin <dtwlin@google.com>
Jiyong Park