This will make it possible to start some key services before mounting
data partition
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
(cherry picked from commit abfbec342f)
Right now these two partitions are mounted in the fs stage of the init
process. As a result, many vendor/ODM files needed earlier in the boot
process (e.g., init.<hardware>.rc, fstab.<hardware>.rc,
uevent.<hardware>.rc, SELinux policy files etc) can only live on the root
partition.
To prevent vendors/ODMs from polluting the root partition, this patch makes
it possible to mount the vendor and ODM partitions in the first stage of the
init process. The fstab info of both partitions to be mounted early is
composed from new kernel cmdline arguments android.early.prefix and
android.early.fstab.
For example, with:
android.early.prefix=/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/
android.early.fstab=mmcblk0p10+/odm+ext4+ro+verify\nmmcblk0p09+/vendor+ext4+ro+verify
the final fstab string will be:
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p10 /odm ext4 ro verify
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p09 /vendor ext4 ro verify
The android.early.prefix is optional. When it is missing, the final fstab
string will be directly converted from android.early.fstab.
This patch also makes sure that the early mounted partitions are dm-verity
enabled so that they are trust worthy to store system files.
BUG=27805372
Change-Id: I3cf32482a5ec65445ba3aedab2164c7ba8f12694
* Use const reference type for for-loop index variables
to avoid unnecessary copy.
Bug: 30413223
Change-Id: I5514384ef3af77c00aa3e8417acd8d70981e0afb
Test: build with WITH_TIDY=1
I'll come back and remove klog_init when I've removed other calls to it.
Change-Id: Iad7fd26d853b4ddc54e9abd44516b6f138cbbfcb
Test: booted N9, looked at "adb shell dmesg" output.
Use the correct device name when system is mounted as root, and
validate dm-verity status to avoid confusing it with dm-linear.
Bug: 29277442
Change-Id: I36e115189f9a9430bad4bf89f26a376bcb8e8168
If signature verification fails and we have an error corrected
signature available, attempt to verify that instead.
Needs changes from
Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19
Bug: 28943429
Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d
(cherry picked from commit 830126637a)
This fixes a bug introduced by
https://android-review.googlesource.com/#/c/212781/ which would make
fs_mgr crash when hitting one of the error paths.
Bug: 28585197
Change-Id: I40e6612e2eb3e6f584e70c608afc6d4378d73c4f
If signature verification fails and we have an error corrected
signature available, attempt to verify that instead.
Needs changes from
Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19
Bug: 28943429
Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d
am: 4e898a01fd
* commit '4e898a01fd4df477f079a6140590f5ec8535102b':
Make file encryption type available
Change-Id: I72de48f819ab957f4e87a194b714ae667798f136
The dm-verity metadata contains the block device path that is given to
the dm-android-verity driver. If the device is using slot A/B, this
path is missing the slot suffix.
This patch makes fs_mgr replace all the block device path reference
with the one including the active slot suffix.
Change-Id: Ib624d0d18b12a8a287cac7f15605a2e0fb7c97c6
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Bug: 28845874
The dm-verity metadata contains the block device path that is given to
the dm-android-verity driver. If the device is using slot A/B, this
path is missing the slot suffix.
This patch makes fs_mgr replace all the block device path reference
with the one including the active slot suffix.
Change-Id: Ib624d0d18b12a8a287cac7f15605a2e0fb7c97c6
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
When fs_mgr_do_format() is executed, fs_mgr creates a new
blank data file system. However, that filesystem is not
labeled and causes some unlabeled denials on early boot.
Example Denial:
avc: denied { search } for pid=2535 comm="logd" name="/" dev="mmcblk0p9" ino=2 scontext=u:r:logd:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=1
To correct this, pass sehandle to the internal ext4 routine.
This way the ext4 filesystem will be labeled at creation and
the root inode will have a label.
Change-Id: Ieeecaa8bbc258e6d743d281dd956bdaca98b365f
Signed-off-by: William Roberts <william.c.roberts@intel.com>
am: 654174e2af
* commit '654174e2af9deba47c3e421638b2ae9407270d15':
If we fail to format a blank partition, try recovery
Change-Id: I03c7be4559c8168579edbb40f98b927c4902deb5
am: 6846d22629
* commit '6846d22629e7bf9d53006d4f40c9c5f81b2b45f0':
If we fail to format a blank partition, try recovery
Change-Id: I6879f99f6901b24a3a51a35c3fc629c49bb64091
Wei Wang