This change adds an ANDROID_RUNTIME_ROOT environment variable
to indicate the root of the Android runtime. This can be
used in place of ANDROID_SYSTEM to locate files when they
move inside the runtime APEX.
Bug: 119935277
Test: build / boot
Change-Id: Ic3b1ae3e3c98eea7d7c59e514ce62994679ab7b7
Non-treblized devices use ld.config.legacy.txt, which does not
support product partition, leading to access denial from/to product partition.
Declare directly /product since search paths are resolved in linker config.
Test: m -j with non-treblized device upgraded to P.
Change-Id: Ic142b807f5dbffdfa5c774b3df8d0903b9626b6a
Currently /dev/uinput is owned by system/bluetooth.
But that's inconsistent with some of the sepolicies for uhid_device.
This also means that the new native tests for inputflinger aren't able
to execute properly, because they require the ability to register a new
input device via uinput.
Bug: none
Test: atest inputflinger_test
The newly added EventHub_test is still under review
Change-Id: I53524738db1a5d3ba962b9bec35ef322ed3028f2
Test: Device boot test with Android Runtime APEX.
Test: Device boot test without Android Runtime APEX.
Bug: 113373927
Change-Id: Iff32fcd79a667b07df839f4e6ef2cdb3cf70e9d3
This change adds a command to init.rc to write cpu variant information to a file under dev/
Test: sync to device and make sure corresponding files are created.
Change-Id: Ibf90967f13f72af925c82ff79bd973ef4cdc4068
Init now parses *.rc files from the APEXs when the apexd notifies the
mount event via apexd.status sysprop.
Bug: 117403679
Test: m apex.test; adb root; adb push <builtfile> /data/apex; adb reboot
adb root; adb shell setprop ctl.start apex.test; dmesg shows that init
tries to start the service which doesn't exist.
[ 47.979657] init: Could not ctl.start for 'apex.test': Cannot find '/apex/com.android.example.apex/bin/test': No such file or directory
Change-Id: I3f12355346eeb212eca4de85b6b73257283fa054
This directory is used for preloads that are typically placed in
the system_other image and copied to /data on first boot if the
cppreopts script is installed.
Bug: 80508492
Test: make
Change-Id: I4121b07ee2fc96d533075d1907557de7e4be4ee0
Since the build system move to kati/ninja, build command is an
implicit dependency of a target. This makes the bcp_dep / bcp_md5
thing obsolete.
Test: make
Change-Id: I4ce9ebdabfc72b188e49f12888054d63b3cda64d
Now that we mount partitions early, services can be started before the
'fs' trigger. We therefore start the service managers as early as
possible to ensure their transports are online, without device
specific rc files needing to handle that. We also start logd even
one step earlier to ensure that we capture all possible logd.
Bug: 89689596
Test: logging works for early services, include the servicemanagers
Change-Id: I75dbfcd26eb6fa77f002de10afd00f085c93aa07
This causes adds a call the fucntion to decrement the
checkpoint's retry count as soon as service manager is
available.
Test: vdc setCheckpoint 2 then reboot 3 times checking state
Bug: 112901762
Change-Id: Ie0a78b1eb05b340718e76175509d1ebefae68017
APEX filesystem images will now be mounted in /apex.
Also, make sure /data/apex is created with the right ACL.
Bug: 112455435
Test: flash and wipe, /apex is mounted as tmpfs, /data/apex is created
Change-Id: Ie27775e9f40a27b510272f212762624a04e94f1d
We're moving apps and their libs to product_services for older
devices too, so mimic the rules in the default ld.config related
to product_services.
Also fix a one-off disparity between /product and /product_services
in ld.config.txt.
Bug: 114804489
Test: m out/target/product/marlin/system/etc/ld.config.vndk_lite
Change-Id: I166275c035c85b4d69cff8e9d51af3d6d0ff4857
A few places had /product and /product_services hardcoded. Update
them to use values that get set at build time.
Bug: 114804489
Test: m out/target/product/marlin/system/etc/ld.config.vndk_lite.txt
Change-Id: Ie48dbb2453ae941c1b5ee57f092d12a5497d878f
This reverts commit bd2b0c78a1.
Reason for revert:
Solved the build error on mac_sdk build by using python2
Bug: 112738739
Bug: 111417344
Test: make ld.config.txt
Change-Id: Ic5a3ed2e6b091813c0310f859b7d20935514a7c6
This reverts commit 15bac6bdaf.
Reason for revert:
This caused build errors in mac_sdk build.
Seems that our mac builders do not have python3.
env: python3: No such file or directory
Bug: 112738739
Bug: 111417344
Test: presubmit
Change-Id: I9796f2e9a54a66fc7a4e1c780c8c272b98ed437f
The ld.config.txt file is a template to be used for current build as
well as for the VNDK snapshots for old vendor partitions.
To work with the old Android vendor partitions, the ld.config.txt
template must be backward compatible.
This script checks if the current ld.config.txt template modifies or
deletes the vendor directores in every section. If the change is
detected, it will report a build error.
Bug: 112738739
Bug: 111417344
Test: make ld.config.txt
Change-Id: I1211696d6a00a37d531d40c894f1d7e64b210ae5
Currently zygote is started before loading persistent properties which
stops ART honor experiment flags planned landed as persistent
properties.
The original motivation is we would like zygote be started as early as
possible and loading persistent properties taking time, but after fix of
b/64392887 loading persist properties is now only taking 3ms on P18, 6ms
on P16 respectively.
Bug: 114044733
Test: Boot
Change-Id: Ibc118966e975c741ee8ea47091b14d691692bf2c
Because the original modification (restart SF which is added
for display bootanimation) from O to P causes bootanimation NPE,
we remove the part of restart SF and add other flow to show
bootanimation.
Test: manual, ran the test 10 times and it cause no NPE and
display BootAnimation after decrypt
Test: boot aosp_sailfish
Bug: 79547653
Change-Id: I355ccdbb2e2f27d897e2e0ee00f9300ef38ede03
Attempting to reduce the number of different spellings we have for
"product services" partition in the codebase.
Bug: 112431447
Test: m
Change-Id: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Merged-In: I1a87d7e040a8b1f91f973ac7d90d6360b5b54f71
Bug: 112780007
Test: Build with other changes in the topic (aosp_taimen-userdebug).
Test: Boot into recovery. Verify basic functionalities (`adb shell` and
`adb sideload`, factory reset).
Change-Id: I8686bbc68c9c8a1570289ecd21bcfcb551d1700c
Attempting to reduce the number of different spellings we have for
"product-services" in the codebase.
Bug: 112431447
Test: m
Change-Id: I8714cc9c1ca63eb54745054aaeebd6b51f203f11
This allows the target, ld.config.$VER.txt, to be defined for all
$VERs for which a VNDK snapshot exists under /prebuilts/vndk/v$VER.
With this fix,
1) supported_vndk_snaphsot_versions do not need to
be manually updated everytime a new VNDK snapshot is added and,
2) ld.config.$VER.txt will not be ill-defined in a tree that does
not have the required dependency files under /prebuilts/vndk/v$VER.
Test: m -j ld.config.28.txt
Bug: 74658756
Merged-In: Idb056c21412d4cb7c7a7cb3c247b1d82a4a759ff
Change-Id: Idb056c21412d4cb7c7a7cb3c247b1d82a4a759ff
(cherry picked from commit baeaaf9429)
BSD version of sed requires a parameter for '-i' option.
Add '.bak' for back up and remove the back up file at the end of the
sed command
Bug: 112478836
Test: checkbuild on a mac machine
Merged-In: Iedc93c2b5239004d2bbb8011488041c54b29996b
Change-Id: Iedc93c2b5239004d2bbb8011488041c54b29996b
(cherry picked from commit 6009d874aa)
Until now, the ld.config.$VER.txt for $VER older than
PLATFORM_VNDK_VERSION was installed from a prebuilt stored under
/prebuilts/vndk/v$VER. At runtime, the VNDK version needed by the
vendor partition (ro.vndk.version) determines which
ld.config.$VER.txt is loaded and this configuration is used for
both system and vendor processes. In a system-only-upgrade
scenario, where the system partition is a newer Android version
than the vendor partition, this is a problem because the prebuilt
linker config file will not reflect the most recent
system partition related changes made in the newer Android
version.
To fix this problem, this change builds ld.config.$VER.txt for
older VNDK versions from the source tree by getting the lists of
VNDK libraries from the /prebuilts/vndk/v{VER} directory.
Test: m -j ld.config.txt ld.config.28.txt ld.config.vndk_lite.txt
Bug: 74658756
Merged-In: I1fa2469fc0bce2f2aab507104cd9717b6112d738
Change-Id: I1fa2469fc0bce2f2aab507104cd9717b6112d738
(cherry picked from commit c30e0709bb)
In the future, systems with dm-linear will require a ramdisk to set up
the mount for system. In this world, first stage init will be a part
of this ramdisk and handle setting up dm-linear, mounting the
necessary partitions, then pivoting to the system image, which will
become the root partition.
This also enables previous devices without system-as-root, to be
unified with system-as-root devices for all aspects of boot after the
pivot_root.
Bug: 79758715
Test: boot hikey
Test: boot sailfish, boot sailfish into recovery
Change-Id: Iefa88a3ec5994e7989aa9f26f2de0351ffa5468b
This change adds a `chmod 0555 /acct` just after mounting the cgroup fs
on it. This makes it such that even on systems where the rootdir+system
partitions are shared, the permissions allow for the system user to open
files within /acct, which in turn makes libprocessgroup not complain
that it can never do anything with those files.
Bug: 111996377
Test: adb shell 'ls -ldZ /acct' # Before and after, on an aosp_sailfish
dr-xr-xr-x 48 root root u:object_r:cgroup:s0 0 1971-12-29 17:41 /acct
Change-Id: Iee6531126c6e81aa7794e44500555bd3c1cdf7b8
This is the name used by envsetup.sh.
Test: `m init.environ.rc` and see directory
$OUT/root/product-services and see symlink $OUT/system/product-services
Change-Id: Ie615b6d76e2c60e6472900c33d9a87cfe99c4064
This CL is largely and adaptation of
Ie996def20e25dc1afe0c74af2096af844934b2dc
Bug: 80741439
Test: Successfully built product-services.img with one module in it, and
flashed on device. Also successfully built image with
/system/product-services and no dedicated /product-services partition.
Change-Id: I1046dfe19bf874da929c9131b76a1f85422fbb80
Merged-In: I1046dfe19bf874da929c9131b76a1f85422fbb80
This CL is largely and adaptation of
Ie996def20e25dc1afe0c74af2096af844934b2dc
Bug: 80741439
Test: Successfully built product-services.img with one module in it, and
flashed on device. Also successfully built image with
/system/product-services and no dedicated /product-services partition.
Change-Id: I1046dfe19bf874da929c9131b76a1f85422fbb80
Since some vendors will have firmware in mount points in
/mnt/vendor/..., we extend the ueventd script language to allow
specifying the firmware directories.
Also, move the existing 4 directories to ueventd.rc as a primary user
of this mechanism.
Bug: 111337229
Test: boot sailfish; firmwares load
Change-Id: I0854b0b786ad761e40d2332312c637610432fce2
/ should not have any character/block devices, so might as well pass in
the nodev flag.
Bug: 73255020
Test: aosp_sailfish still boots
Test: sailfish:/ # find / -xdev -a \( -type b -o -type c -o -type p -o -type s \)
sailfish:/ #
Test: rootfs on / type rootfs (rw,seclabel)
/dev/root on / type ext4 (ro,seclabel,nodevrelatime)
Change-Id: Ia73e04b53a47506892d9d3cb61b471b81bb72dc3
When security.perf_harden is disabled through adb, use some debug
system properties to set profiling limits in the kernel, including
cpu percentage, memory, and max sample rate.
Bug: 110706031
Test: boot hikey960 and manually set system properties to make
Test: sure it works.
Change-Id: I44c0adf3a000bb393905233f2a097c97b5fe91ec
Path of product partitoin can be set as /product or /system/product
whether generate extra product partition or not.
Substitute %PRODUCT% to relevant path to know linker which path should
search and permit.
Bug: 110286945
Test: m -j # Check /system/etc/ld.config.$(PLATFORM_VNDK_VERSION).txt
Change-Id: I6ca177d0c9c5af00ad821879fece40848331fc8d
As linker doesn't resolve paths in permitted paths, /system/product
variants should be added to support devices having product partition
under /system.
Bug: 110286945
Test: m -j succeeds on taimen and libraries under /system can dlopen
libraries under /system/product/apps
Change-Id: Icd102d44511702e4ec66c07a367b59c3d9700a44
adbd has been built as a static executable since the same binary was
copied to the recovery partition where shared library is not supported.
However, since we now support shared library in the recovery partition,
adbd is built as a dynamic executable.
In addition, the dependency from adbd to libdebuggerd_handler is removed
as debuggerd is handled by the dynamic linker.
A few more modules in /system/core are marked as recovery_available:
true as they are transitive dependencies of the dynamic linker.
This change also includes ld.config.recovery.txt which is the linker
config file for the recovery mode. It is installed to /etc/ld.config.txt
and contains linker namespace config for the dynamic binaries under
/sbin.
Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: Select 'mount /system' in the recovery mode, then `adb shell`.
$ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from
the /lib directory.
Change-Id: I363d5a787863f1677ee40afb5d5841321ddaae77
downloaded apns-conf.xml will be stored in the folder
/data/misc/apns/ to make sure TelephonyProvider gets
access.
Bug: 79948106
Test: Manual
Change-Id: I4ba0596fa6523c0eb96328dbe46ead02587bd9b8
Product-specific libraries in /product/lib can be exposed to Android
apps by adding the list of the libs into
/product/etc/public.libraries-<companyname>.txt. The libs MUST be named
as lib<name>.<companyname>.so.
Bug: 73095206
Test: with taimen
mma -j and runtest.sh. The libs are all loaded in system, but not in
vendor. After reinstalling app using adb -r and reopening app, only
libraries listed in .txt are loaded
Change-Id: I7c386813c72a7b225a7f244b6c5fec4ac0660fd3
Previously on Android Things, we used a vendor public.libraries.txt
file. This cl enables us to tag our library correctly.
Bug: 78226207
Test: test app works
Change-Id: I9e69717e5968a903e84f59c1d889c8e4cf9bcc35
Ensure dropbox has the new dropbox_data_file label.
Bug: 31681871
Test: ls -dZ /data/system/dropbox
u:object_r:dropbox_data_file:s0 /data/system/dropbox
Change-Id: Ia67646f4a789155e20650c33fe4412cae7f930d2
Changes to init's behavior during early mount:
1. Mounting of tmpfs on /mnt is moved from init stage to early mount.
2. init creates /mnt/vendor used to mount vendor partitions.
3. If a device tree fstab entry for early mount specifies a mount point
under /mnt/vendor e.g. /mnt/vendor/foo, init will create
/mnt/vendor/foo mount point.
Bug: 64905218
Test: change dt fstab entry to mount persist to /mnt/vendor/persist;
mount point is created correctly, and partition is mounted in early
mount. See go/pag/1069774
Test: device boots with /mnt/vendor and previous contents of /mnt present,
and selinux label "mnt_vendor_file" is applied correctly.
Test: cts-tradefed run commandAndExit cts --skip-all-system-status-check
--primary-abi-only --skip-preconditions -m CtsAppSecurityHostTestCases
-t android.appsecurity.cts.PermissionsHostTest
Change-Id: I3739130739eadf508355c7f2531366fcaed74175
Merged-In: I3739130739eadf508355c7f2531366fcaed74175
(cherry picked from commit b511475664)
Changes to init's behavior during early mount:
1. Mounting of tmpfs on /mnt is moved from init stage to early mount.
2. init creates /mnt/vendor used to mount vendor partitions.
3. If a device tree fstab entry for early mount specifies a mount point
under /mnt/vendor e.g. /mnt/vendor/foo, init will create
/mnt/vendor/foo mount point.
Bug: 64905218
Test: change dt fstab entry to mount persist to /mnt/vendor/persist;
mount point is created correctly, and partition is mounted in early
mount. See go/pag/1069774
Test: device boots with /mnt/vendor and previous contents of /mnt present,
and selinux label "mnt_vendor_file" is applied correctly.
Test: cts-tradefed run commandAndExit cts --skip-all-system-status-check
--primary-abi-only --skip-preconditions -m CtsAppSecurityHostTestCases
-t android.appsecurity.cts.PermissionsHostTest
Change-Id: I3739130739eadf508355c7f2531366fcaed74175
Set F() capability set and 'drop' lmkd from AID_ROOT to AID_LMKD uid
and from AID_ROOT to AID_LMKD and AID_SYSTEM gid.
/dev/memcg/memory.pressure defaults to root.root mode 0000, set it up
as root.system mode 0040 to allow lmkd read access.
Instrument failure to set SCHED_FIFO.
Annotate access points that require elevated capabilities.
Test: check /proc/`pidof lmkd`/status for capability set
Test: lmkd_unit_test
Bug: 77650566
Change-Id: I986081a0434cf6e842b63a55726380205b30a3ea
Need a larger tmpfs to stop crashes
Need to run start-zygote after mounting the real data
Test: Cherry-pick ag/3898232. System boots, can set pattern, system
reboots. Wifi works at all points.
Bug: 76452634
Change-Id: Id24241db940d352fd3bcdef594b5358854c6f71d
Split healthd section from init.rc into its own. This allows
healthd.rc to be excluded from the build when healthd is excluded.
Test: builds
Test: exclude healthd from build, healthd.rc is not installed
Bug: 77541952
Change-Id: I1c055f14c5862631f359fd0029289da8f43af063
This commit adds a wildcard linker namespace link between the "vndk"
namespace and the "sphal" namespace of the system processes. This is
created for VNDK-SP-Ext to load vendor libs in "sphal" namespace.
Bug: 77249955
Test: lunch aosp_walleye-userdebug && make -j8 # runs unit tests
Test: lunch aosp_sailfish-userdebug && make -j8 # runs unit tests
Test: Create a VNDK-SP-Ext, link to vendor libs, and run it.
Change-Id: I71b0fb604a84272156aa119130c272f891847008
Merged-In: I71b0fb604a84272156aa119130c272f891847008
(cherry picked from commit fbaf9767b51891491903521c24b0d4a1ec1c87e8)
This commit adds a wildcard linker namespace link between the "vndk"
namespace and the "sphal" namespace of the system processes. This is
created for VNDK-SP-Ext to load vendor libs in "sphal" namespace.
Bug: 77249955
Test: lunch aosp_walleye-userdebug && make -j8 # runs unit tests
Test: lunch aosp_sailfish-userdebug && make -j8 # runs unit tests
Test: Create a VNDK-SP-Ext, link to vendor libs, and run it.
Change-Id: I71b0fb604a84272156aa119130c272f891847008
With the usb control fd changes, there
is no longer a need to wait for this
property to trigger before starting the
connection.
Bug: 72877174
Test: switch config to mtp/ptp
Change-Id: Ib29419e7948025be3f3295106cad18943d314f0b
This change increases the default expiration length of an SA to 1h. The
IPsec API expects that SPIs are allocated indefinitely, but potential
for instability requires that these get cleaned up automatically. As
such, the duration was chosen as a sane, but long timeout value.
Bug: 72316671
Test: Added CTS tests to enforce this behavior
Merged-In: I47aef9cea4a09da253b2ec048a8797af5fa25529
Change-Id: I47aef9cea4a09da253b2ec048a8797af5fa25529
(cherry picked from commit 00308f8554)
There has been no section in the linker config file for the binaries
under /postinstall. As a result, the binaries were run with the legacy
default config where /vendor/lib and /odm/lib are added to the search
paths. This is causing selinux denials as the binaries for OTA are not
allowed to access /vendor/lib or /odm/lib, but the dynamic linker calls
realpath(3) on the paths to canonicalize them.
Fixing the issue by letting /postinstall/* binaries to run with a
dedicated linker namespace config, where /vendor/lib and /odm/lib are
not added to the search paths. Not having the paths is okay because
he OTA binaries should not have dependency to the libs there.
Bug: 75287236
Test: do the OTA, selinux denials on postinstall_file is not shown
Test: above test should pass on wahoo, marlin and pre-treble devices
Merged-In: I49c11a0929002adfef667890c0a375c2b41054f4
Change-Id: I49c11a0929002adfef667890c0a375c2b41054f4
(cherry picked from commit d7e6cb27b6)
There has been no section in the linker config file for the binaries
under /postinstall. As a result, the binaries were run with the legacy
default config where /vendor/lib and /odm/lib are added to the search
paths. This is causing selinux denials as the binaries for OTA are not
allowed to access /vendor/lib or /odm/lib, but the dynamic linker calls
realpath(3) on the paths to canonicalize them.
Fixing the issue by letting /postinstall/* binaries to run with a
dedicated linker namespace config, where /vendor/lib and /odm/lib are
not added to the search paths. Not having the paths is okay because
he OTA binaries should not have dependency to the libs there.
Bug: 75287236
Test: do the OTA, selinux denials on postinstall_file is not shown
Test: above test should pass on wahoo, marlin and pre-treble devices
Change-Id: I49c11a0929002adfef667890c0a375c2b41054f4
This change increases the default expiration length of an SA to 1h. The
IPsec API expects that SPIs are allocated indefinitely, but potential
for instability requires that these get cleaned up automatically. As
such, the duration was chosen as a sane, but long timeout value.
Bug: 72316671
Test: Added CTS tests to enforce this behavior
Change-Id: I47aef9cea4a09da253b2ec048a8797af5fa25529
Treble system-as-root GSI needs to work on devices with and without /odm
partition. This change creates the following symlinks for devices without
/odm partition:
/odm/app ->/vendor/odm/app
/odm/bin ->/vendor/odm/bin
/odm/etc ->/vendor/odm/etc
/odm/firmware ->/vendor/odm/firmware
/odm/framework ->/vendor/odm/framework
/odm/lib -> /vendor/odm/lib
/odm/lib64 -> /vendor/odm/lib64
/odm/overlay -> /vendor/odm/overlay
/odm/priv-app -> /vendor/odm/priv-app
For devices with odm partition, /odm will be used as the mount point and
those symlinks will be hidden after mount.
Bug: 70678783
Test: boot a A/B device without /odm partition, checks those symlinks exist
Test: boot a A/B device with /odm partition, checks those symlinks don't exist
Change-Id: I4d960b52e2754f461188f3ab562c751f502046ea
(cherry picked from commit 00749affc4)
Treble system-as-root GSI needs to work on devices with and without /odm
partition. This change creates the following symlinks for devices without
/odm partition:
/odm/app ->/vendor/odm/app
/odm/bin ->/vendor/odm/bin
/odm/etc ->/vendor/odm/etc
/odm/firmware ->/vendor/odm/firmware
/odm/framework ->/vendor/odm/framework
/odm/lib -> /vendor/odm/lib
/odm/lib64 -> /vendor/odm/lib64
/odm/overlay -> /vendor/odm/overlay
/odm/priv-app -> /vendor/odm/priv-app
For devices with odm partition, /odm will be used as the mount point and
those symlinks will be hidden after mount.
Bug: 70678783
Test: boot a A/B device without /odm partition, checks those symlinks exist
Test: boot a A/B device with /odm partition, checks those symlinks don't exist
Change-Id: I4d960b52e2754f461188f3ab562c751f502046ea
This change adds some additional flags to the /config mount. This is to
reduce the number of mounts with unnecessary privileges.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {ExternalStorageHostTest,StorageHostTest}
Merged-In: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
Change-Id: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
This change adds some additional flags to the /config mount. This is to
reduce the number of mounts with unnecessary privileges.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {ExternalStorageHostTest,StorageHostTest}
Change-Id: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
This change adds some additional flags to /mnt. This is to reduce
the number of mounts with unnecessary flags.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {StorageHostTest,ExternalStorageHostTest}
Test: CtsOsTestCases StorageManagerTest
Test: find /mnt | egrep -v '^/mnt/runtime/(default|read|write)/emulated' | \
xargs ls -lZd # Shows no character devices or executable files
Change-Id: I54739133119d9626ebeb2ef9a1c127f7a90fa098
Since we only want to change the ro flag on / (and leave all other mount
flags alone), this can also be achieved by passing MS_REMOUNT|MS_BIND,
even if the mount is not a bind-mount.
This aims to make running Android within a user namespace easier, since
remounts without the MS_BIND flag are forbidden.
Bug: 73255020
Test: aosp_sailfish still boots
Test: rootfs on / type rootfs (rw,seclabel)
/dev/root on / type ext4 (ro,seclabel,relatime,data=ordered)
Change-Id: I2f89a8badfc467db47304c9355648e8fd8ad1272
For non-VNDK-enforced devices, libz cannot be installed in vndk-sp
to avoid CTS test failure.
Move libz to llndk from vndk-sp for generating the namespace
configuration from ld.config.vndk_lite.txt.
Bug: 73296261
Test: run android.jni.cts test on marlin/sailfish
Change-Id: I1b8b43cd87dc8dfdd2667001ae1e50d9eaedf93d
This change adds some additional flags to some mounts. This is to reduce
the number of mounts with these flags.
Bug: 73255020
Test: aosp_sailfish still boots
Change-Id: I285e6d7b3dcc19f691a3d6780e7d3a3a5d7cb3de
For strict VNDK runtime restriction, use ld.config.txt as a source
file. For treblized devices without BOARD_VNDK_VERSION, use
ld.config.vndk_lite.txt file.
Test: Build and boot on Pixel 2017 and 2018 devices.
Change-Id: Ie5b77facd4c11bc73219ecf13ad1298ac5d60d8e
Rename ld.config.txt.in to ld.config.vndk.txt and
ld.config.txt to ld.config.vndk_light.txt.
For FULL_TREBLE devices without BOARD_VNDK_VERSION, update the VNDK
library list in ld.config.vndk_light.txt with the actual VNDK list.
Bug: 69526027
Test: Build marlin/sailfish and check boot
Change-Id: Idbb0cc97d11037c1493d4739e84961297ce51dbd
Merged-In: Idbb0cc97d11037c1493d4739e84961297ce51dbd
Rename ld.config.txt.in to ld.config.vndk.txt and
ld.config.txt to ld.config.vndk_light.txt.
For FULL_TREBLE devices without BOARD_VNDK_VERSION, update the VNDK
library list in ld.config.vndk_light.txt with the actual VNDK list.
Bug: 69526027
Test: Build marlin/sailfish and check boot
Change-Id: Idbb0cc97d11037c1493d4739e84961297ce51dbd
This CL will enable reading /product/build.prop and add product paths
into ld.config.txt.in.
Bug: 64195575
Test: tested with 'PRODUCT_PRODUCT_PROPERTIES := ro.product.abc=abc' on
sailfish
Change-Id: Ie996def20e25dc1afe0c74af2096af844934b2dc
shipping API version:
For devices shipped before Android P nothing changes, data
is stored under /data/system/users/<user-id>/fpdata/...
Devices shipped from now on will instead store
fingerprint data under /data/vendor_de/<user-id>/fpdata.
Support for /data/vendor_de and /data/vendor_ce has been added to vold.
Bug: 36997597
Change-Id: I83f87e88d1731e515b459a3d6d5bf3104afe6cfe
Test: manually
This commit links the vndk namespace of vendor processes to the default
namespace of vendor processes. allow_all_shared_libs is specified so
that VNDK extensions can link with other vendor libraries in
/vendor/lib[64].
Bug: 69824336
Test: Create a vndk-ext lib that links to vendor lib and use that
vndk-ext lib in a vendor executable.
Change-Id: Ibd3dc2e5f0f2e6ff9fc9677c6bcfcf87a1a70e50
This commit moves /{odm,vendor}/lib[64]/vndk[-sp] to vndk namespace so
that vndk extension can override vndk libs from
/system/lib[64]/vndk[-sp].
Bug: 69824336
Test: Create libutils_ext locally and it can be called from
android.hardware.nfc@1.0-service.
Change-Id: Id63e58d665fa41eda85950ee1d16fe06c35cd7d3
Traceur app is being split out of shell user. Previously it logged to
shell's bugreports directory. It no longer has access, so it needs a
new, user-friendly file location to store trace data.
Bug:68126425
Test: Traceur can write and shell can read from this directory
Change-Id: I9e344973fd43eb5699f7a848524e20b06458fb77
As we use different ld.config.txt per version, we don't need to
substitute the VNDK_VER on run time.
Remove all ${VNDK_VER} from the linker namespace configuration files.
Bug: 70603313
Test: build and boot GSI for walleye and sailfish
Change-Id: Ief8aee5c3308b2462cafaffc2423deda4e51a7bb
Mount the eBPF file system under /sys/fs/bpf to allow netd to pin and
retrieve persistent eBPF map object from the file system. It helps the
system to maintain a consistent eBPF data store when netd crashed and
restart. Mount the cgroupv2 module and use the root folder of it to
monitor network statistics through eBPF program attached.
Test: eBPF map object show up under /sys/fs/bpf after netd start.
Bug: 30950746
Change-Id: Ie475112116603798fe75a75c5a84f4bbe5b942ec
Setting up infanstructure for vendor tombstone in dir:
/data/vendor/tombstones
Wifi specific dumps will go into:
/data/vendor/tombstones/wifi
Bug: 70170285
Test: compile, run on device.
Change-Id: Ie16dd8236d9b5df19adb9818b4c62ce01e0d0b10
If BOARD_VNDK_VERSION is not defined, ro.vndk.version will not be
set. In this case, the device, is not able to use versioned
configuration files.
Check BOARD_VNDK_VERSION to append the VNDK version to the namespace
configuration files.
Bug: 71730104
Test: Check boot on both 2016 and 2017 Pixel devices.
Change-Id: I1df27c75de42a526768a156387f22a934cda6d72
Neil Fuller