We need vold on early-fs so we can handle userdata checkpointing.
Without this, devices will take an extra minute or two as checkpointing
related vdc calls attempt to reach vold before it is available.
Bug: 134114000
Test: Boot, see vold has started before vdc checkpointing tries to call
out to vold.
Change-Id: Idfdb304503a163fbb91f9317949eb98c06fecce1
This directory is no longer used. OBB content is
placed in /data/media/$user/Android.
Test: make
Test: manually verify the path doesn't exist.
Bug: 129167772
Change-Id: I8549826586b9a68c8cfa3fe2e51295363f9b4e11
Executable in /data/ runs in default linker namespace, not
classloader namespace.
In Q, we moved libicuuc.so and libicui18n into the runtime
namespace, and allow linking from runtime namespace and classloader
namespace.
This change further allows linking from default namespace, and tries
to fix the regression temporarily.
Bug: 130788466
Test: The app issue is fixed after this CL
Merged-In: Ifae52b554124514e433cfe78875643a7450fbabd
Change-Id: Ifae52b554124514e433cfe78875643a7450fbabd
(cherry picked from commit 0c7edece94)
Permitted paths were empty for ASAN builds with the media namespace.
Bug: 131625115
Test: no dlopen failure on libflacextractor.so in aosp_cf_x86_pasan
Change-Id: I90050fc54820ba68d64931412572f3b0954e6616
On devices that use FDE and APEX at the same time, we need to bring up a
minimal framework to be able to mount the /data partition. During this
period, a tmpfs /data filesystem is created, which doesn't contain any
of the updated APEXEs. As a consequence, all those processes will be
using the APEXes from the /system partition.
This is obviously not desired, as APEXes in /system may be old and/or
contain security issues. Additionally, it would create a difference
between FBE and FDE devices at runtime.
Ideally, we restart all processes that have started after we created the
tmpfs /data. We can't (re)start based on class names alone, because some
classes (eg 'hal') contain services that are required to start apexd
itself and that shouldn't be killed (eg the graphics HAL).
To address this, keep track of which processes are started after /data
is mounted, with a new 'mark_post_data' keyword. Additionally, create
'class_reset_post_data', which resets all services in the class that
were created after the initial /data mount, and 'class_start_post_data',
which starts all services in the class that were started after /data was
mounted.
On a device with FBE, these keywords wouldn't be used; on a device with
FDE, we'd use them to bring down the right processes after the user has
entered the correct secret, and restart them.
Bug: 118485723
Test: manually verified process list
Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
The debug ramdisk can only be used if the device is unlocked.
When it's used, init will load adb_debug.prop and the userdebug
sepolicy from the debug ramdisk, to allow adb root on a user build.
Bug: 126493225
Test: 'make' and checks the file is installed
Change-Id: Id6962414197fc8f47f7c07818e8fb16107dc17a3
Merged-In: Id6962414197fc8f47f7c07818e8fb16107dc17a3
(cherry picked from commit 05f07d89a6)
In previous implementation, userdebug sepoilcy and property files are
loaded from the system.img. This CL changes this to:
- first-stage init copies userdebug files from ramdisk to /debug_ramisk/*
- second-stage init loads files from /debug_ramdisk/*.
Note: same as before, the above can only be triggered, if the device
is UNLOCKED
With this, we don't have to put userdebug related files into the USER
system.img.
Bug: 126493225
Test: boot device with a ramdisk with /force_debuggable, checks related
files are loaded
Change-Id: I63f5f846e82ba78427062bf7615c26173878d8f3
Merged-In: I63f5f846e82ba78427062bf7615c26173878d8f3
(cherry picked from commit 30afda71c0)
right now vendor_init is forked before we set oom_adj for init which
leaves a chance vendor_init could be killed in heavy memory pressure.
this CL set the oom_adj before forking everything to ensure all native
have correct oom_adj settings.
Fixes: 130824864
Test: procrank -o
(cherry picked from commit 45d8174fe7)
Change-Id: I68c18f9db24d55239f7f0608592fcc702f04542e
charger needs to suspend the device when the power goes away
when it doesn't have root. These two files are marked with
group system, user system, mode 0600 in 'on boot', but
it is not executed in charger. Hence, move these actions
to 'on init'.
Test: no failure in libsuspend in charger
Bug: 129138950
Change-Id: I787b935b4ff6177601329aeedccdac361b119ca3
With the recent change that removed get_exported_namespace out of libdl,
the RenderScript SP-HAL stopped using android_dlopen_ext which it used
to load libRS_internal.so in the "rs" namespace. Instead, it now falls
back to the ordinary dlopen() call. The dlopen() call tries to load the
lib in the current namespace (which is sphal) and then falls back to the
linked namespaces: default, vndk, rs.
The problem is that rs is listed as the last namespace and therefore the
linker tries the namespace only when it failed to load the library in
other namespaces: default and vndk. libRS_internal.so is accessible to
both vndk and rs namespaces. So, the dlopen() call always goes into the
vndk namespace and there is no chance for the lib to be loaded in the rs
namespace.
To fix the problem, the rs namespace is placed before vndk so that the
namespace is tried first.
Bug: 129550847
Test: runtest -x cts/tests/camera/src/android/hardware/
Change-Id: Idafc32f8a309dd12495768931d7ea17a2f791c50
This CL adds three GSI keys, to allow booting a GSI with AVB
to enable dm-verity.
https://android.googlesource.com/platform/external/avb/
The keys for R and S GSI is to allow a device boots a new
version of GSI in a Treble-compatible manner.
For more information about GSI, please visit:
https://source.android.com/setup/build/gsi
Bug: 112293933
Test: m q-gsi.avbpubkey r-gsi.avbpubkey s-gsi.avbpubkey
Change-Id: I4439e44fbd5da3240d7f6c7987f66445ec4590c5
Android sets /proc/sys/vm/dirty_expire_centisecs to 200, so f2fs
doesn't need to do checkpoint in 60 seconds.
Bug: 127511432
Change-Id: I2ba0623053d4480b82003eb1cca85ff03c61fc0f
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change access mode and ownership for /proc/pressure/memory file
to allow system components access memory pressure information.
Bug: 129476847
Change-Id: I25b6bc9d47aee857936f050b66e7bee6363b53be
Signed-off-by: Tim Murray <timmurray@google.com>
This is necessary to get the correct APEX namespace setup for apps that
executes binaries from there.
In older releases no linker config applied to binaries in /data, so the
fallback config in /system/bin/linker was used, which basically just looked
up libraries in /system/{lib,lib64}. With the introduction of APEXes that
location no longer contains the complete set of libraries, so this is
necessary to retain functional parity.
Strictly speaking this fallback rule should apply as last resort for a
binary in any location, but the linker does not accept "dir.system = /".
Test: Flash and boot
Test: The app regression in b/128569634
Bug: 128569634
Change-Id: Icfcd66f0a7d8d898618be1b6186bb1111d20d688
They are not needed since the binaries and relevant exported libraries have
moved to the Runtime APEX.
Test: Flash and boot
Test: atest CtsJniTestCases CtsJdwpTestCases
Bug: 119867084
Change-Id: If416fbae7057aec02059bb31a4dcd8b63dcc0cad
This gives us two benefits:
- Better compatibility to keyctl(1), which doesn't have "dadd"
- Pave the way to specify key's security labels, since keyctl(1)
doesn't support, and we want to avoid adding incompatible option.
Test: See keys loaded in /proc/keys
Bug: 128607724
Change-Id: Ia45f6e9dea80d037c0820cf1fd2bc9d7c8bb6302
AsynchronousCloseMonitor is moved into libandroidio by
r.android.com/910073 and so libjavacore no longer needs to
be linked to the conscrypt namespace.
Bug: 123744297
Test: m && flashall
Test: atest CtsLibcoreOkHttpTestCases
Test: atest CtsLibcoreTestCases
Change-Id: Id720b59e4ef42a2c0226b497a1cc3c54f7a837d0
TreeHugger Robot