The existing location of logic for creating symlinks to files that have
moved into APEX does not get executed for -user builds, only
-userdebug and -eng. The new location is equally arbitrary but appears
to be invoked for -user, -userdebug and -eng targets.
Tested with:
make cleaninstall && lunch taimen-[user|userdebug|eng] && make droid
Inspected:
ls -l out/target/product/taimen/system/usr/icu
Bug: 128249030
Bug: 122985829
Bug: 124106384
Test: see above
Change-Id: I92a52d0b5ef97e8cb4f780691f8594e40f2fa6b3
The ANDROID_TZDATA_ROOT maps to the /apex/com.android.tzdata
location on device like ANDROID_RUNTIME_ROOT maps to the
/apex/com.android.runtime location.
Bug: 128422035
Test: build only
Change-Id: Id90006004ca652564e530f3694600ac4afd798ed
This CL change the mini-keyctl tool to make it compitable with libkeyctl
tool to make it more useful.
Bug: 112038861
Test: mini-keyctl padd asymmetric 'desc' .fs-verity < /path/to/cert.der
Test: mini-keyctl unlink <key_id> <keyring_id>
Test: mini-keyctl restrict_keyring <keyring_id>
Change-Id: I950f07c7718f173823ce5a5cd08e0d1a0e23a007
This is a temporal fix. With this change, the extractor plug-ins uses
unstable libs under /system/lib[64]. The right resolution is being
discussed.
Test: applied the same change to ld.config.txt and checked
the memory map of media.extractor on cuttlefish.
Bug: 127791685
Change-Id: Ifd5b79831f27ef4017bb8aa774671aa9b2c5264e
Removing 'updatable' from zygote as zygote is started after apexd. All
APEXes are guaranteed to be activated at the moment.
Sequence of actions:
1) /data mounted. post-fs-data is triggered.
2) apexd starts. APEXes are activated. Init does not execute more
commands until the activation finishes.
3) all post-fs-data sections from other *.rc are executed.
4) zygote-start is triggered.
Bug: 123404717
Bug: 126555629
Bug: 125549215
Test: device boots
Test: no following message on the logcat log
Could not restart 'zygote': Cannot start an updatable service 'zygote' before configs from APEXes are all loaded. Queued for execution.
Merged-In: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
Change-Id: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
(cherry picked from commit 3bddd540dd)
Removing 'updatable' from zygote as zygote is started after apexd. All
APEXes are guaranteed to be activated at the moment.
Sequence of actions:
1) /data mounted. post-fs-data is triggered.
2) apexd starts. APEXes are activated. Init does not execute more
commands until the activation finishes.
3) all post-fs-data sections from other *.rc are executed.
4) zygote-start is triggered.
Bug: 123404717
Bug: 126555629
Bug: 125549215
Test: device boots
Test: no following message on the logcat log
Could not restart 'zygote': Cannot start an updatable service 'zygote' before configs from APEXes are all loaded. Queued for execution.
Change-Id: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
This directory is used to store the Weaver/GateKeeper slot map so GSIs
do not overwrite host keys in secure storage.
Bug: 123716647
Test: /metadata/password_slots exists after boot
Change-Id: Ib0ca13edec38e68cba1fc2124465571feedc4be7
Summary: Boot sequence around apexd is changed to make it possible for
pre-apexd processes to use libraries from APEXes. They no longer need to
wait for the apexd to finish activating APEXes, which again can be
done only after /data/ is mounted. This improves overall boot
performance.
Detail: This change fixes the problem that processes that are started
before apexd (so called pre-apexd processes) can't access libraries
that are provided only by the APEXes but are not found in the system
partition (e.g. libdexfile_external.so, etc.). Main idea is to activate
system APEXes (/system/apex/*.apex) before /data is mounted and then
activate the updated APEXes (/data/apex/*.apex) after the /data mount.
Detailed boot sequence is as follows.
1) init prepares the bootstrap and default mount namespaces. A tmpfs is
mounted on /apex and the propagation type of the mountpoint is set to
private.
2) before any other process is started, apexd is started in bootstrap
mode. When executed in the mode, apexd only activates APEXes under
/system/apex. Note that APEXes activated in this phase are mounted in
the bootstrap mount namespace only.
3) other pre-apexd processes are started. They are in the bootstrap
mount namespace and thus are provided with the libraries from the system
APEXes.
4) /data is mounted. init switches into the default mount namespace and
starts apexd as a daemon as usual.
5) apexd scans both /data/apex and /system/apex, and activate latest
APEXes from the directories. Note that APEXes activated in this phase
are mounted in the default namespaces only and thus are not visible to
the pre-apexd processes.
Bug: 125549215
Test: m; device boots
Change-Id: I21c60d0ebe188fa4f24d6e6861f85ca204843069
/apex is not mounted via init.rc but directly by the first_stage init
before the mount namespaces are configured.
This allows us to change the propagation type for /apex mount point to
private to isolate APEX activatesions across post- and pre-apexd
processes.
Bug: 125549215
Test: m; device boots to the UI
Change-Id: I10e056cd30d64cb702b6c237acd8dab326162884
Because /vendor is a symlink to /system/vendor on devices without a
dedicated /vendor partition, /system/vendor/lib/* needs to be added to
the permitted paths whereever /vendor/lib/* is permitted.
Reasoning:
Legacy devices are forced to use ld.config.legacy.txt, which is very
permissive. We can prolong support for them and enable them to use the
VNDK if we extend the search paths to include the resolved symlink dirs.
Change-Id: I6b3bb7b86ed82395345a16bdc857353b1b15c704
To differentiate IO priority for different groups.
Bug: 111422845
Bug: 117857342
Test: tasks are assigned to the group as expected
Change-Id: Ibb108d1b8e0f720f7ac4cab248b3c33d35e5483d
tzdatacheck references files in the runtime apex so should
not be executed before the apex mounts are ready.
Test: Manual tests (see b/123270813); observed tzdatacheck running after
apex files are mounted
Bug: 123270813
Bug: 116191025
Bug: 119293618
Bug: 113373927
Change-Id: I249d127c1d568bc5025d81b0bb4187c81363d897
Neil Fuller