Some devices might not have system_ext or product partitions. But init
has been refusing to use precompiled sepolicy because init always checks
system / system_ext / product hashes, regardless of existence. This
makes system_ext and product optional, so hash check can be skipped for
non-existing partitions. Of course system is always checked.
Bug: 181640066
Test: boot microdroid and cuttlefish, see precompiled sepolicy works
Change-Id: I32c296fffd894c27097e8b4e10ade977a21d61ab
`ro.kernel.` is an emulator specific prefix.
Bug: 182291166
Test: presubmit
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: Ie4a19127f05f3074ccb02bd055711e9b70702ba6
Memory cgroup controller is not used by high-end Android devices and is
disabled in Android kernels 5.10+, however Android Go devices still
require this controller.
Similarly schedtune controller is being replaced with cpu controller's
utilclamp feature, however some devices are using older kernels which
only support schedtune.
To prevent spamming logcat with errors we need a way to mark a
controller optional in such cases without removing it from
cgroups.json file.
Introduce "Optional" attribute to cgroup controller's cgroups.json
description to accomodate these cases. When an optional controller
fails to mount due to lack of support in the kernel it will log an
informational message without generating further errors.
Bug: 181866655
Test: boot and observe libprocessgroup messages in logcat
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ib5bcfdd8d338704f3f9d8b326d8ddd88b67915a1
The non-test fuzz targets should run automatically in Haiku.
None of these should be built for Host, and all but the
trusty_test_fuzzer should be built for Target.
Test: built locally (make haiku) and checked that non-test trusty fuzz
targets are included as expected.
Change-Id: Ic67b1e1ddea8ed61b83deef66acdeb0891489195
Add worker threads per partition to serve the IO request.
Remove memset of buffer in IO path which was impacting
4k IO performance.
update_verifier performance:
1: ~10-12 seconds with this change (both on full OTA and incremental
OTA); ~70 seconds observed without this changeset
2: ~8 seconds without the daemon once merge is completed
and snapshot devices are removed.
Bug: 181293939
Test: update_verifier, full OTA, incremental OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Id90887f3f4a664ee5d39433715d1c166acbd6c60
The parameter "androidboot.hardware" has been removed from bootconfig
and replaced by "hardware" parameter.
Test: launch_cvd with 4.19 and 5.10 kernels
Test: atest CtsFsMgrTestCases
Bug: 173815685
Change-Id: I627426ae1bd0a165b70b8f2584ec184abfb4236f
This check in export_oem_lock_status happens after PropertyInit() so
all of the ro.boot.* properties will be set. There is no need to import
the kernel cmdline again.
Test: build and boot cuttlefish
Bug: 173815685
Change-Id: I5df7c0105566d4617442dbb8e77eb26e465775f1
The androidboot.selinux property is loaded in a special way, because it
happens in the "selinux_setup" stage, and not the true second stage.
Allow it to be passed through bootconfig instead of only via the kernel
cmdline.
Bug: 173815685
Test: launch_cvd -extra_kernel_cmdline androidboot.selinux=permissive
Test: launch_cvd -guest_enforce_security=false [bootconfig method]
[..]
init: Permissive SELinux boot, forcing sys.init.perf_lsm_hooks to 1.
[..]
Change-Id: I92003c7a2dac5d6e7d0e0f4ee2757f86cc0087c7
The androidboot.android_dt_dir property is special, because it is loaded
to find out where to get the other DT properties from, and those DT
properties are supposed to override the cmdline/bootconfig ones. So, it
need special casing, and that special case lacked bootconfig support.
Bug: 173815685
Test: launch_cvd -extra_kernel_cmdline androidboot.android_dt_dir=/tmp
[..]
init: Using Android DT directory /tmp
[..]
Change-Id: Ie0958dd0a96394d65f6568653b754ea6f885212e
The first user of keystore boot levels is on-device signing; transition
the boot level to 30 before running the post-fs data hook, and
transition it to 40 right after on-device signing is done. This leaves
some space for future boot levels to be inserted, if we wanted.
Bug: 165630556
Test: inspect logs
Change-Id: If0a74cbe9ea8fce806020d8a42a978cfb9117ded
This reverts commit 66bfb9adac, and
instead includes a header that has a definition of TEMP_FAILURE_RETRY
for macOS.
Bug: http://b/181852591
Test: N/A
Change-Id: I63ccdcb58a2b2806217e3faedde9ba33936c8189
When Write() is called on data > 256K, the written data
repeats every 256K because of the buggy line in this change.
Test: fastboot fetch vendor_boot.img
Fixes: 180654366
Change-Id: I33b129de27000d3f32f284469998daf540d4f856
The Mac doesn't need fs_config (there's a `darwin: { enabled: false } }`
at the only caller), so stop trying to build it here rather than fix it
so it builds again.
Test: treehugger
Change-Id: I88d6b3a44b1ab823a419789d8545fcf10061079c
As parameters are moved from kernel cmdline to bootconfig,
fs_mgr needs to be updated to handle the new location.
/proc/bootconfig should be checked first, if not present, then check
/proc/cmdline.
Test: atest CtsFsMgrTestCases
Test: launch_cvd
Test: launch_cvd with 4.19 kernel artifacts that do not support
bootconfig
Test: Both of the above configurations with --num_instances 0 or 4
Test: Both configurations with androidboot.boot_devices or
androidboot.boot_device set
Bug: 173815685
Change-Id: I23fb07a17c25c9459833cb931ced79d5ccc3e42a
Lisa Liu