Treble system-as-root GSI needs to work on devices with and without /odm
partition. This change creates the following symlinks for devices without
/odm partition:
/odm/app ->/vendor/odm/app
/odm/bin ->/vendor/odm/bin
/odm/etc ->/vendor/odm/etc
/odm/firmware ->/vendor/odm/firmware
/odm/framework ->/vendor/odm/framework
/odm/lib -> /vendor/odm/lib
/odm/lib64 -> /vendor/odm/lib64
/odm/overlay -> /vendor/odm/overlay
/odm/priv-app -> /vendor/odm/priv-app
For devices with odm partition, /odm will be used as the mount point and
those symlinks will be hidden after mount.
Bug: 70678783
Test: boot a A/B device without /odm partition, checks those symlinks exist
Test: boot a A/B device with /odm partition, checks those symlinks don't exist
Change-Id: I4d960b52e2754f461188f3ab562c751f502046ea
This change adds some additional flags to the /config mount. This is to
reduce the number of mounts with unnecessary privileges.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {ExternalStorageHostTest,StorageHostTest}
Merged-In: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
Change-Id: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
This change adds some additional flags to the /config mount. This is to
reduce the number of mounts with unnecessary privileges.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {ExternalStorageHostTest,StorageHostTest}
Change-Id: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
This change adds some additional flags to /mnt. This is to reduce
the number of mounts with unnecessary flags.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {StorageHostTest,ExternalStorageHostTest}
Test: CtsOsTestCases StorageManagerTest
Test: find /mnt | egrep -v '^/mnt/runtime/(default|read|write)/emulated' | \
xargs ls -lZd # Shows no character devices or executable files
Change-Id: I54739133119d9626ebeb2ef9a1c127f7a90fa098
Since we only want to change the ro flag on / (and leave all other mount
flags alone), this can also be achieved by passing MS_REMOUNT|MS_BIND,
even if the mount is not a bind-mount.
This aims to make running Android within a user namespace easier, since
remounts without the MS_BIND flag are forbidden.
Bug: 73255020
Test: aosp_sailfish still boots
Test: rootfs on / type rootfs (rw,seclabel)
/dev/root on / type ext4 (ro,seclabel,relatime,data=ordered)
Change-Id: I2f89a8badfc467db47304c9355648e8fd8ad1272
For non-VNDK-enforced devices, libz cannot be installed in vndk-sp
to avoid CTS test failure.
Move libz to llndk from vndk-sp for generating the namespace
configuration from ld.config.vndk_lite.txt.
Bug: 73296261
Test: run android.jni.cts test on marlin/sailfish
Change-Id: I1b8b43cd87dc8dfdd2667001ae1e50d9eaedf93d
This change adds some additional flags to some mounts. This is to reduce
the number of mounts with these flags.
Bug: 73255020
Test: aosp_sailfish still boots
Change-Id: I285e6d7b3dcc19f691a3d6780e7d3a3a5d7cb3de
For strict VNDK runtime restriction, use ld.config.txt as a source
file. For treblized devices without BOARD_VNDK_VERSION, use
ld.config.vndk_lite.txt file.
Test: Build and boot on Pixel 2017 and 2018 devices.
Change-Id: Ie5b77facd4c11bc73219ecf13ad1298ac5d60d8e
Rename ld.config.txt.in to ld.config.vndk.txt and
ld.config.txt to ld.config.vndk_light.txt.
For FULL_TREBLE devices without BOARD_VNDK_VERSION, update the VNDK
library list in ld.config.vndk_light.txt with the actual VNDK list.
Bug: 69526027
Test: Build marlin/sailfish and check boot
Change-Id: Idbb0cc97d11037c1493d4739e84961297ce51dbd
Merged-In: Idbb0cc97d11037c1493d4739e84961297ce51dbd
Rename ld.config.txt.in to ld.config.vndk.txt and
ld.config.txt to ld.config.vndk_light.txt.
For FULL_TREBLE devices without BOARD_VNDK_VERSION, update the VNDK
library list in ld.config.vndk_light.txt with the actual VNDK list.
Bug: 69526027
Test: Build marlin/sailfish and check boot
Change-Id: Idbb0cc97d11037c1493d4739e84961297ce51dbd
This CL will enable reading /product/build.prop and add product paths
into ld.config.txt.in.
Bug: 64195575
Test: tested with 'PRODUCT_PRODUCT_PROPERTIES := ro.product.abc=abc' on
sailfish
Change-Id: Ie996def20e25dc1afe0c74af2096af844934b2dc
shipping API version:
For devices shipped before Android P nothing changes, data
is stored under /data/system/users/<user-id>/fpdata/...
Devices shipped from now on will instead store
fingerprint data under /data/vendor_de/<user-id>/fpdata.
Support for /data/vendor_de and /data/vendor_ce has been added to vold.
Bug: 36997597
Change-Id: I83f87e88d1731e515b459a3d6d5bf3104afe6cfe
Test: manually
This commit links the vndk namespace of vendor processes to the default
namespace of vendor processes. allow_all_shared_libs is specified so
that VNDK extensions can link with other vendor libraries in
/vendor/lib[64].
Bug: 69824336
Test: Create a vndk-ext lib that links to vendor lib and use that
vndk-ext lib in a vendor executable.
Change-Id: Ibd3dc2e5f0f2e6ff9fc9677c6bcfcf87a1a70e50
This commit moves /{odm,vendor}/lib[64]/vndk[-sp] to vndk namespace so
that vndk extension can override vndk libs from
/system/lib[64]/vndk[-sp].
Bug: 69824336
Test: Create libutils_ext locally and it can be called from
android.hardware.nfc@1.0-service.
Change-Id: Id63e58d665fa41eda85950ee1d16fe06c35cd7d3
Traceur app is being split out of shell user. Previously it logged to
shell's bugreports directory. It no longer has access, so it needs a
new, user-friendly file location to store trace data.
Bug:68126425
Test: Traceur can write and shell can read from this directory
Change-Id: I9e344973fd43eb5699f7a848524e20b06458fb77
As we use different ld.config.txt per version, we don't need to
substitute the VNDK_VER on run time.
Remove all ${VNDK_VER} from the linker namespace configuration files.
Bug: 70603313
Test: build and boot GSI for walleye and sailfish
Change-Id: Ief8aee5c3308b2462cafaffc2423deda4e51a7bb
Mount the eBPF file system under /sys/fs/bpf to allow netd to pin and
retrieve persistent eBPF map object from the file system. It helps the
system to maintain a consistent eBPF data store when netd crashed and
restart. Mount the cgroupv2 module and use the root folder of it to
monitor network statistics through eBPF program attached.
Test: eBPF map object show up under /sys/fs/bpf after netd start.
Bug: 30950746
Change-Id: Ie475112116603798fe75a75c5a84f4bbe5b942ec
Setting up infanstructure for vendor tombstone in dir:
/data/vendor/tombstones
Wifi specific dumps will go into:
/data/vendor/tombstones/wifi
Bug: 70170285
Test: compile, run on device.
Change-Id: Ie16dd8236d9b5df19adb9818b4c62ce01e0d0b10
If BOARD_VNDK_VERSION is not defined, ro.vndk.version will not be
set. In this case, the device, is not able to use versioned
configuration files.
Check BOARD_VNDK_VERSION to append the VNDK version to the namespace
configuration files.
Bug: 71730104
Test: Check boot on both 2016 and 2017 Pixel devices.
Change-Id: I1df27c75de42a526768a156387f22a934cda6d72
In the namespace with "isolated = false", "permitted.paths" is not
used.
Bug: 71727966
Test: walleye device boot
Change-Id: I6f624be3c4e2c4070bb784632d0757408ec12db0
We recently created a new GID that can be granted to critical system
processes, so that the system is usable enough for the user to free
up disk space used by abusive apps.
Test: builds, boots
Bug: 62024591
Change-Id: Ia5af7535cc05a214f8720ac08c594c6db888597a
The odm partition will eventually be required. Prepare for this by
creating its mount point.
Bug: 37322799
Test: run cts-dev -m CtsPermissionTestCases
Change-Id: Ibd031b68dd7328c853ded401bb2690dbd6675141
Shared libraries in the directory should be dlopened with full file
paths. That was a workaround for some legacy prebuilt binaries and they
are all now fixed. Thus removing.
Bug: 70551668
Test: walleye, aosp_walleye, taimen, aosp_taimen boot to the UI
Change-Id: Ifb123b09c13f873cbefa7784e76dfe5f35575a8d
This commit extracts /system/lib[64]/vndk and /system/lib[64]/vndk-sp
into another namespace in the vendor section. This commit is necessary
because LLNDK libraries (e.g. libc or libnativewindow) may otherwise
link to the shared libraries in /system/lib[64]/vndk-sp, which may be
older than the one LLNDK libraries built with.
Test: aosp_walleye boots
Bug: 70816018
Change-Id: I6fceb0da92c978ad940af91f5efe84e673c9247e
Paths for extended VNDK libs don't need version suffix, because there
always is the single version that the vendor(odm) modules are built
against.
Bug: 70601582
Test: walleye boots to the UI.
Test: No further test is possible since we don't have extended VNDK yet
in our source tree.
Change-Id: Idbf4bb820ddb136d00744f64ddf6ebe6442ad16e
Re-format the files by splitting lines using +=.
Also add /odm/${LIB} where needed.
A few directories that are no longer required are removed from the
search paths and permitted paths.
Test: walleye and sailfish boots to the UI, renderscript, camera,
camcodder, sound, etc. are working.
Change-Id: I3150f0c3d35130d6b1a665e3f0813d33b1b7f546
The interface lib has been in VNDK-SP because
android.hardware.graphics.mapper@1.0 was using it. However, since the
dependency has gone [1], there is no need keep it in VNDK-SP. The
VNDK-SP set should be kept as small as possible because libs in VNDK-SP
are subject to double-loading.
[1] 79d13ff0f5
Bug: 69480083
Test: /system/lib64/vndk-sp/android.hardware.graphics.allocator@2.0.so
disappears.
Test: sailfish boots
Change-Id: I0e6518f169dd620d6b1a9ada47754e371ef4a739
Merged-In: I0e6518f169dd620d6b1a9ada47754e371ef4a739
(cherry picked from commit 9d898f3678)
If PLATFORM_VNDK_VERSION is set to a version other than "current",
add the version to the file names of the namespace configuration
files.
Bug: 69883025
Test: device boot
Change-Id: I27377549581125b6c750c1422d0ee4a607dda5e8
This CL fixes an error with the asan permitted paths in
ld.config.txt.in.
Bug: 63927538
Test: lunch walleye_asan-userdebug && m -j40
Change-Id: Ica0504cb52ef6e6b3e4ce2deae3ce5984e38cc93
The interface lib has been in VNDK-SP because
android.hardware.graphics.mapper@1.0 was using it. However, since the
dependency has gone [1], there is no need keep it in VNDK-SP. The
VNDK-SP set should be kept as small as possible because libs in VNDK-SP
are subject to double-loading.
[1] 79d13ff0f5
Bug: 69480083
Test: /system/lib64/vndk-sp/android.hardware.graphics.allocator@2.0.so
disappears.
Test: sailfish boots
Change-Id: I0e6518f169dd620d6b1a9ada47754e371ef4a739
Remove list of services and support for asan.options. This has not
been used in a while, and there is contention about listing names
of device-specific services.
Bug: 70387666
Test: m
Change-Id: I766c6b3a0c44b6b992a3259a3c4215a688452907
All vndk/vndk-sp directories will have version suffix if
"ro.vndk.version" is set.
Bug: 69984421
Bug: 66074376
Test: Build with BOARD_VNDK_VERSION=current and
BOARD_VNDK_RUNTIME_DISABLE=true. Check boot.
Change-Id: I03849f9f96bc6c7880aa70c517e963aab4e033b8
We will have apps under /vendor/priv-app. Add the path to the permitted
paths so that the apks and so libs under the directory can be loaded.
Bug: 35301609
Test: None since we don't have priv vendor app yet.
Change-Id: Ida998adb2e180852b1922e9933f25b988517399e
W/T enforce restrictions on linker paths, which M/S do not.
Because of this, media.extractor was unable to load its extractors on W/T.
Bug: 67405932
Test: play sounds successfully
Merged-In: I8914da74780c909da815beaffcd4d76fbe2cc6b5
Change-Id: I8914da74780c909da815beaffcd4d76fbe2cc6b5
(cherry picked from commit 593b43910b)
This reverts commit 875fe42a81.
... and fixes a bug that private VNDK libs are not accessible even to
RenderScript framework libraries (such as libRS_internal.so). This is
fixed by exceptionally allowing the private libs only to 'rs'
namespace.
Bug: 70260989
Bug: 70279973
Bug: 63878960
Test: Build for walleye and tested Photos edit.
Test: other renderscript app (camerascript) works as well
Merged-In: I3978cbe2e869f6a1c214c755ded038349bde7b6b
Change-Id: I3978cbe2e869f6a1c214c755ded038349bde7b6b
(cherry picked from commit 781c47f4da)
The permitted and search paths should be changed according to VNDK version.
However these paths are fixed with vndk and vndk-sp. So I define the
directory name as below
- /system/${LIB}/vndk${VNDK_VERSION}
- /system/${LIB}/vndk-sp${VNDK_VERSION}
${VNDK_VERSION} will be set by the property "ro.vndk.version".
Bug: 66074376
Test: build & run
Merged-In: I7b8e12327af89d131c4c49cb9b459a393c7dacb8
Change-Id: I7b8e12327af89d131c4c49cb9b459a393c7dacb8
(cherry picked from commit 85c773f0a2)
The dep files are not required because change in the command line
triggers the rule.
Test: m -j ld.config.txt llndk.libraries.txt vndksp.libraries.txt
Re-run the build after adding or removing libs to/from the vndk set.
The txt files are updated accordingly.
Merged-In: I9c9e22088cc2afeb66e8b159f611b25d698cf800
Change-Id: I9c9e22088cc2afeb66e8b159f611b25d698cf800
(cherry picked from commit 81088bf131)
This reverts commit 875fe42a81.
... and fixes a bug that private VNDK libs are not accessible even to
RenderScript framework libraries (such as libRS_internal.so). This is
fixed by exceptionally allowing the private libs only to 'rs'
namespace.
Bug: 70260989
Bug: 70279973
Bug: 63878960
Test: Build for walleye and tested Photos edit.
Test: other renderscript app (camerascript) works as well
Change-Id: I3978cbe2e869f6a1c214c755ded038349bde7b6b
We already have /etc and /sbin. As the Android world moves towards / being
on the system partition, the circumstances under which a /bin symlink
won't work are reduced. This should already be usable most of the time.
Bug: http://b/63142920
Test: `adb shell /bin/date`
Change-Id: I81c2209ae808ced186d05fbe1d5417ce8dd93ea7
change is needed to be able to load libraries from /odm partition
/odm partition should have the lowest priority so that it can not override
the libraries from /vendor or /system partitions
Test: libraries are loaded ok.
Change-Id: Ifdfc22a3406ae3ad1fde53618d4120fd0498f615
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
Private VNDK libs are VNDK libs that are only accessible from other VNDK
libs but are inaccessible from vendor libraries. The private VNDK libs
are marked as vendor_available: false.
To enforce this at runtime, the private VNDK libs are excluded from the
list of lib names that links the namespaces.
Also, linker namespaces for vendor processes are modified so that the
VNDK-core and VNDK-SP libs are now loaded in the 'system' namespace and
not in the 'default' namespace.
Bug: 63878960
Test: wahoo devices boot, log does not show any new dlopen error.
Change-Id: Ibfc4f31a97aa6edd7f05cd6177daeb52c165bfeb
List of llndk and vndk-sp libraries are written in the txt file so that
they can be available at run-time. The information is used by
libnativeloader to configure the classloader-namespace specially for
vendor apks.
Bug: 64882323
Test: build 2017 pixel devices. check that the two files exist on
/system/etc.
Merged-In: Ifbe339a5862f6ef57a8213a14a022765ccf77283
Change-Id: Ifbe339a5862f6ef57a8213a14a022765ccf77283
(cherry picked from commit 26335f89b1)
These are directories used by the system so they should be created by
the system.
Test: treehugger
Change-Id: I2a721ef7871c8842fa912497f5ec6988fcec9e58
because it serves health 2.0 HAL. This forces it to restart when
hwservicemanager dies.
Bug: 69069765
Test: kill hwservicemanager, lshal shows backup instance
Change-Id: Ib51caa0e718031a0f8797d8af4c2459b4958a62e
PRODUCT_FULL_TREBLE is being deprecated in favor
of smaller flags. Use the appropriate one instead.
Bug: 62019611
Test: manual
Change-Id: Id5d127c29f908cd3011031b3b698ddec3dcba9c1
Partners require to access update_engine's logs on the file system with
non-root permission.
Bug: 65568605
Test: directory created with the correct permission on boot
Change-Id: I1c1fb4acb8b0f2e7352ffa9e7d05a864940b5986
Tests in /data/[nativetest|benchmarktest] run with namespace config for
system and tests in /data/[nativetest|benchmarktest]/vendor run with
namespace config for vendor.
They no longer run in the 'test' namespace config which didn't impose
any restriction for libraries.
Bug: 67028906
Test: sailfish/marlin builds and boots
Test: no VTS regression on system.img from GSI + vendor.img from
marlin/sailfish
Test: VtsKernelLibcutilsTest successful in above config
Merged-In: I28cdef960d087565c8a22dca0e9a154fb1c3bb94
Change-Id: I28cdef960d087565c8a22dca0e9a154fb1c3bb94
(cherry picked from commit 326b783ad9)
The nativeloader tries to find the 'vndk' namespace when there is a
vendor apk in the classloader paths. This can happen even for a
downloaded app if the app is using a vendor apk via <uses-library> tag.
In order to prevent the nativeloader from failing to find the vndk
namespace, the namespace is marked as visible.
Bug: 66482442
Test: download the app mentioned in the bug, it does not crash.
Merged-In: I82e2394eb6eedcb8645e1a5b3735bbfe2735b312
Change-Id: I82e2394eb6eedcb8645e1a5b3735bbfe2735b312
(cherry picked from commit 1cc09e749f)
'vndk' namespace is the place for VNDK-SP libs. So /vendor/lib must be
removed from its search paths. It was there just because libhardware
(which is VNDK-SP) is loading HAL libs in vendor partition from there.
However this problem has been solved by modifying the libhardware so
that HAL libs are loaded from the 'sphal' namespace and not from the
current (the 'vndk') namespace.
Bug: 37731053
Test: sailfish builds and boots
Merged-In: Ia88934a975aa8811e05b5ba408e42d132f20f4e9
Change-Id: Ia88934a975aa8811e05b5ba408e42d132f20f4e9
(cherry picked from commit f01b52895d)
For 2016 pixel devices, where VNDK is not fully enforced, move libz back
to LLNDK so that we can pass the CTS without requiring the default
namespace to be isolated.
If we have libz in vndk-sp directory, test_linker_namespaces fails
because /system/lib/vndk-sp/libz.so becomes accessible. In order to make
the lib inaccessible, we have to make the default namespace isolated,
but this can't be done for 2016 pixel devices where VNDK is not fully
enforced. So, we choose to remove /system/lib/vndk-sp/libz.so and keep
the single copy at /system/lib.
Bug: 65018779
Test: android.jni.cts.JniStaticTest#test_linker_namespaces successful on
2016 pixel devices
Merged-In: Ib6b6560b02be69d2015c0afb86acf07c02b30c2f
Change-Id: Ib6b6560b02be69d2015c0afb86acf07c02b30c2f
(cherry picked from commit 697eb2da0d)
This allows us to dlopen libRS_internal.so directly from the rs
namespace, not from the sphal namespace.
Bug: 64747884
Test: VtsHalRenderscriptV1_0TargetTest successful on the device built
with BOARD_VNDK_VERSION=current and [system] namespace config is applied
to /data/nativetest[64]/* processes.
Merged-In: I0b441791e395798e80a84592ca01e771bb1c201a
Change-Id: I0b441791e395798e80a84592ca01e771bb1c201a
(cherry picked from commit 421a5e46b7)
libft2.so is changed to ll-ndk that is available only for rs
namespace.
Bug: 64425518
Test: build and boot with BOARD_VNDK_VERSION=current
Merged-In: I991dc774ca9b92fb6e95a7656243a6a4ecdc0ab9
Change-Id: I991dc774ca9b92fb6e95a7656243a6a4ecdc0ab9
(cherry picked from commit 513f76394a)
The ABI of libz is not as stable as it is for ll-ndk.
Bug: 37617391
Test: build and boot
Merged-In: I883bc6fda268e98cc7cdd5888264170c58688794
Change-Id: I883bc6fda268e98cc7cdd5888264170c58688794
(cherry picked from commit dadd3a846f)
Fix the bug that caused boot failure on ASAN builds with VNDK
restriciton. The major cause is because incorrect (old) ld.config.txt
was used when the build is sanitized, which prevented the dynamic linker
to find some VNDK libs that only exist in /system/lib/vndk; the old
ld.config.txt does not have the directory in its search paths. So, this
CL fixes the problem by having the same ld.config.txt for both sanitized
and non-sanitizied builds.
Furthermore, ld.config.txt is modified so that dependency to
libclang_rt* libs are redirected to those in /system/lib directory. This
ensures that the sanitizer runtime libs are not dual loaded but are
provided for both platform and vendors.
Bug: 65217017
Test: SANITIZE_TARGET=integer_overflow SANITIZE_TARGET_DIAG=integer_overflow m
on 2017 pixel devices. The build is successful and the device boots to
the UI.
Merged-In: I0e21e20d9aca340b984968e07d4ce542ae10fd31
Change-Id: I0e21e20d9aca340b984968e07d4ce542ae10fd31
(cherry picked from commit faefa6bd36)
Lists of libraries in between the linker namespaces are no longer
hard-coded in ld.config.txt, but instead come from Soong.
Bug: 37139976
Test: build 2017 pixel device with BOARD_VNDK_VERSION=current m -j
Test: the device is bootable, basic functionalities (camera, camcorder,
wifi, bt, gps, etc.) work.
Merged-In: I8170e6c3f6ee04b16359791d64cc46bd2714a073
Change-Id: I8170e6c3f6ee04b16359791d64cc46bd2714a073
(cherry picked from commit 367984602a)
Bowgo Tsai