In the future, property service may run in its own thread or process,
which means that PropertyChildReap() needs to be refactored to not run
as part of the init signal handler.
The new method spawns a new thread that handles the queue of paths
that require restorecon. It then communicates back to property service
via android::base::SetProperty(). Property service distinguishes the
thread from other callers of SetProperty() by checking the pid in the
credentials for the socket connection, thus avoiding dependencies on
the rest of init.
The new method also drops the genericness, since restorecon is the
only function that we should ever need to run asynchronously
Test: async restorecon works, including with queued requests
Change-Id: I2ca00459969e77b1820776dac23d0a0d974e330b
ion_4.12.h is ported from old Linux Kernel Driver.
According to the header comment, this is licensed under GPLv2.
This header is referred from ion.c.
To clarify license matter just in case, let's convert it using
update_all.py in bionic repository.
The original header is moved under original-kernel-headers/linux
directory.
Found this during FOSSID trial.
Test: build and boot
Change-Id: Iabd46f33968a0fbce14a501238730714c4f2cfc6
Signed-off-by: Yoshitaka Seto <yoshitaka.seto@sony.com>
Enable the same warnings used elsewhere in the tree, and fix the
two warnings it found (two safe uses of strcpy and one use of
atoi).
Test: builds, boots
Test: atest libsysutils_tests
Test: atest --test-mapping system/netd
Change-Id: I8e5d04da20cc4127439ad9fbda0e4e64f0e671d3
If the matching string contains a [, \ or *, then it is also checked
with a regex match. Exact match is always tried firsts. If we do
not find an exact string match, switch to iterate through the entire
list for regex strings to find a match.
This allows us to scale with details without consuming a large
number of enums, permitting details that we do not necessarily want
resolution on to propagate to TRON. The hierarchical nature of the
boot reason <reason>,<subreason>,<detail>... can cause scenarios
where the <detail> does not matter to TRON, but does matter to
bugreport collection.
Add a bootstat --boot_reason_enum function to expose and test the
kBootReasonMap matchihg algorithm.
Add a kBootReasonMap test that exhaustively tests all built-in
entries, and an example of one regex entry. New regex entries added
to bootstat.cpp will need a series of exact match examples added into
filter_kBootReasonMap() function.
Test: boot_reason_test.sh kBootReasonMap (or all tests)
Bug: 116838876
Bug: 128929506
Change-Id: I3f7b5de22f99195b7ce99672a212174365960b3f
The first stage init skips mounting the mount points defined in
skip_mount.cfg, but these mount points still return from
ReadDefaultFstab(). The behavior causes some error logic which
try to access the partition which had been skipped.
After applying the patch. ReadDefaultFstab() will not contain the
skipped mount points.
Bug: 128961335
Test: `fastboot delete-logical-partition product_a`
Test: `fastboot flash system aosp_arm64-userdebug`
Test: `fastboot -w reboot` and boot to home screen
Change-Id: I3156260b5d37647dbecf98ca90601a089bea5c46
This is for Android Telemetry to be able to categorise the processes
that produce tombstones.
Test: atest debugerd_test:TombstoneTest
Change-Id: Ie635347c9839eb58bfd27739050bd68cbdbf98da
Though unlikely, it is possible for getpeercon() to fail. This change
adds code to handle this case gracefully.
Bug: 130209483
Test: boots, properties are set
Change-Id: I3b3fb76b2312a5cbc87c0da2a044be3ddf8aa400
Limit libprocessgroup VNDK API to the minimum set required for task
profiles usage. This API allows vendors to use cgroups without accessing
cgroup files directly, therefore allowing Android to change cgroup
arrangement details without breaking vendor code.
Bug: 131098932
Test: build and boot
Change-Id: I92463dfb44a108a133bafd2fe52237b6b1d50a69
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
The setup of SelinuxAuditCallback() was happening after property files
are loaded, and now that these property files can trigger audits, the
audit messages did not contain all of the correct information. This
change moves the setup of SelinuxAuditCallback() to immediately before
the property area is initialized, to ensure that this can not happen
again.
Bug: 130979265
Test: audits work early
Change-Id: I9eb43269317c74e041626ee7b2bb7fea49250e09
The debug ramdisk can only be used if the device is unlocked.
When it's used, init will load adb_debug.prop and the userdebug
sepolicy from the debug ramdisk, to allow adb root on a user build.
Bug: 126493225
Test: 'make' and checks the file is installed
Change-Id: Id6962414197fc8f47f7c07818e8fb16107dc17a3
This reverts commit bee9f5718b
"libprocessgroup: Disable file descriptor caching temporarily" and adds
option to use SetTaskProfiles and SetProcessProfiles without file caching.
This option is used from JNI to avoid access denials because cached files
are not whitelisted for JNI usage.
Bug: 123868658
Bug: 123043091
Test: boot using svelte target
Change-Id: I76b9d6af8a1dd4464cb3cf3e6dc327980efdf361
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
The code to read verity state in userspace is deprecated in favor of
having the bootloader read and report the state, so this change
removes this now unused code.
Bug: 73456517
Test: boot
Change-Id: Ib626fd61850bce3016179ca92a9831c2ac29c032
In previous implementation, userdebug sepoilcy and property files are
loaded from the system.img. This CL changes this to:
- first-stage init copies userdebug files from ramdisk to /debug_ramisk/*
- second-stage init loads files from /debug_ramdisk/*.
Note: same as before, the above can only be triggered, if the device
is UNLOCKED
With this, we don't have to put userdebug related files into the USER
system.img.
Bug: 126493225
Test: boot device with a ramdisk with /force_debuggable, checks related
files are loaded
Change-Id: I63f5f846e82ba78427062bf7615c26173878d8f3
unique_fd's implicit conversion to int allows the following code to
compile without error, leading to a double close:
std::function<void(unique_fd)> func = [](int x) { close(x); };
func(unique_fd(42));
Test: treehugger
Change-Id: I948ecda3a12738b3af6444fe2902d2f7b80e1b4c
right now vendor_init is forked before we set oom_adj for init which
leaves a chance vendor_init could be killed in heavy memory pressure.
this CL set the oom_adj before forking everything to ensure all native
have correct oom_adj settings.
Fixes: 130824864
Test: procrank -o
Change-Id: I8af129076c3efa29f7b781459449f8f2dc853c98
Modify the unwinder library to indicate that at least one of the stack
frames contains an elf file that is unreadable.
Modify debuggerd to display a note about the unreadable frame and a possible
way to fix it.
Bug: 129769339
Test: New unit tests pass.
Test: Ran an app that crashes and has an unreadable file and verified the
Test: message is displayed. Then setenforce 0 and verify the message is
Test: not displayed.
Change-Id: Ibc4fe1d117e9b5840290454e90914ddc698d3cc2
Remove an unimplemented function from the header and clean up some
slight syntax mistakes.
Test: build
Change-Id: Ia82c6aee24fa0889a7595aabc564bef970a0863b
This CL adds client support to recognize the rescue mode (which will be
served by recovery image). It also allows waiting for a device to enter
rescue mode. The support for the actual rescue commands will be added in
follow-up CLs.
Bug: 128415917
Test: `adb devices` recognizes devices under rescue mode.
Test: `adb wait-for-rescue` waits for device to be in rescue mode.
Change-Id: I367d7339fe68006aba09a1e3db6370d472296676
A fork() was historically added in case of fs_mgr crashing or leaking
memory, but this should not be the case with fs_mgr, and a fork() only
hides any such problem, instead of allowing us to address it
directly.
Test: boot
Change-Id: If7ee4807757048258a6ea9a79a24cebbacc530cc
After this change, all the noise from mkfs is suppressed:
$ adb remount
[libfs_mgr]superblock s_max_mnt_count:65535,/dev/block/by-name/system_b
[libfs_mgr]__mount(source=/dev/block/by-name/system_b,target=/mnt/scratch,type=ext4)=-1: Invalid argument
[libfs_mgr]__mount(source=/dev/block/by-name/system_b,target=/mnt/scratch,type=f2fs)=0: Success
Using overlayfs for /system
Using overlayfs for /vendor
Using overlayfs for /product
[libfs_mgr]__mount(source=overlay,target=/system,type=overlay,upperdir=/mnt/scratch/overlay/system/upper)=0
[libfs_mgr]__mount(source=overlay,target=/vendor,type=overlay,upperdir=/mnt/scratch/overlay/vendor/upper)=0
[libfs_mgr]__mount(source=overlay,target=/product,type=overlay,upperdir=/mnt/scratch/overlay/product/upper)=0
remount succeeded
Test: manual as above
Bug: 130739326
Change-Id: I7ed8842e42b74b6a487ce6324b28baf78f1f63bf
procrank's usage in its output shows 20x increase from
last year. This is because it is keeping the process
maps around until termination. Fix that by getting rid
of ProcMemInfo objects when done parsing /proc/<pid>/maps,pagemap.
Note that the total allocations do not change and have not necessarily
regressed from Pie.
Bug: 130672819
Test: adb shell procrank | grep 'procrank\|cmdline'
Change-Id: Ib7bf960ed1d053347fcfc0c8aee9019607a1eb01
Signed-off-by: Sandeep Patil <sspatil@google.com>
Tom Cherry