These are directories used by the system so they should be created by
the system.
Test: treehugger
Change-Id: I2a721ef7871c8842fa912497f5ec6988fcec9e58
because it serves health 2.0 HAL. This forces it to restart when
hwservicemanager dies.
Bug: 69069765
Test: kill hwservicemanager, lshal shows backup instance
Change-Id: Ib51caa0e718031a0f8797d8af4c2459b4958a62e
PRODUCT_FULL_TREBLE is being deprecated in favor
of smaller flags. Use the appropriate one instead.
Bug: 62019611
Test: manual
Change-Id: Id5d127c29f908cd3011031b3b698ddec3dcba9c1
Partners require to access update_engine's logs on the file system with
non-root permission.
Bug: 65568605
Test: directory created with the correct permission on boot
Change-Id: I1c1fb4acb8b0f2e7352ffa9e7d05a864940b5986
Tests in /data/[nativetest|benchmarktest] run with namespace config for
system and tests in /data/[nativetest|benchmarktest]/vendor run with
namespace config for vendor.
They no longer run in the 'test' namespace config which didn't impose
any restriction for libraries.
Bug: 67028906
Test: sailfish/marlin builds and boots
Test: no VTS regression on system.img from GSI + vendor.img from
marlin/sailfish
Test: VtsKernelLibcutilsTest successful in above config
Merged-In: I28cdef960d087565c8a22dca0e9a154fb1c3bb94
Change-Id: I28cdef960d087565c8a22dca0e9a154fb1c3bb94
(cherry picked from commit 326b783ad9)
The nativeloader tries to find the 'vndk' namespace when there is a
vendor apk in the classloader paths. This can happen even for a
downloaded app if the app is using a vendor apk via <uses-library> tag.
In order to prevent the nativeloader from failing to find the vndk
namespace, the namespace is marked as visible.
Bug: 66482442
Test: download the app mentioned in the bug, it does not crash.
Merged-In: I82e2394eb6eedcb8645e1a5b3735bbfe2735b312
Change-Id: I82e2394eb6eedcb8645e1a5b3735bbfe2735b312
(cherry picked from commit 1cc09e749f)
'vndk' namespace is the place for VNDK-SP libs. So /vendor/lib must be
removed from its search paths. It was there just because libhardware
(which is VNDK-SP) is loading HAL libs in vendor partition from there.
However this problem has been solved by modifying the libhardware so
that HAL libs are loaded from the 'sphal' namespace and not from the
current (the 'vndk') namespace.
Bug: 37731053
Test: sailfish builds and boots
Merged-In: Ia88934a975aa8811e05b5ba408e42d132f20f4e9
Change-Id: Ia88934a975aa8811e05b5ba408e42d132f20f4e9
(cherry picked from commit f01b52895d)
For 2016 pixel devices, where VNDK is not fully enforced, move libz back
to LLNDK so that we can pass the CTS without requiring the default
namespace to be isolated.
If we have libz in vndk-sp directory, test_linker_namespaces fails
because /system/lib/vndk-sp/libz.so becomes accessible. In order to make
the lib inaccessible, we have to make the default namespace isolated,
but this can't be done for 2016 pixel devices where VNDK is not fully
enforced. So, we choose to remove /system/lib/vndk-sp/libz.so and keep
the single copy at /system/lib.
Bug: 65018779
Test: android.jni.cts.JniStaticTest#test_linker_namespaces successful on
2016 pixel devices
Merged-In: Ib6b6560b02be69d2015c0afb86acf07c02b30c2f
Change-Id: Ib6b6560b02be69d2015c0afb86acf07c02b30c2f
(cherry picked from commit 697eb2da0d)
This allows us to dlopen libRS_internal.so directly from the rs
namespace, not from the sphal namespace.
Bug: 64747884
Test: VtsHalRenderscriptV1_0TargetTest successful on the device built
with BOARD_VNDK_VERSION=current and [system] namespace config is applied
to /data/nativetest[64]/* processes.
Merged-In: I0b441791e395798e80a84592ca01e771bb1c201a
Change-Id: I0b441791e395798e80a84592ca01e771bb1c201a
(cherry picked from commit 421a5e46b7)
libft2.so is changed to ll-ndk that is available only for rs
namespace.
Bug: 64425518
Test: build and boot with BOARD_VNDK_VERSION=current
Merged-In: I991dc774ca9b92fb6e95a7656243a6a4ecdc0ab9
Change-Id: I991dc774ca9b92fb6e95a7656243a6a4ecdc0ab9
(cherry picked from commit 513f76394a)
The ABI of libz is not as stable as it is for ll-ndk.
Bug: 37617391
Test: build and boot
Merged-In: I883bc6fda268e98cc7cdd5888264170c58688794
Change-Id: I883bc6fda268e98cc7cdd5888264170c58688794
(cherry picked from commit dadd3a846f)
Fix the bug that caused boot failure on ASAN builds with VNDK
restriciton. The major cause is because incorrect (old) ld.config.txt
was used when the build is sanitized, which prevented the dynamic linker
to find some VNDK libs that only exist in /system/lib/vndk; the old
ld.config.txt does not have the directory in its search paths. So, this
CL fixes the problem by having the same ld.config.txt for both sanitized
and non-sanitizied builds.
Furthermore, ld.config.txt is modified so that dependency to
libclang_rt* libs are redirected to those in /system/lib directory. This
ensures that the sanitizer runtime libs are not dual loaded but are
provided for both platform and vendors.
Bug: 65217017
Test: SANITIZE_TARGET=integer_overflow SANITIZE_TARGET_DIAG=integer_overflow m
on 2017 pixel devices. The build is successful and the device boots to
the UI.
Merged-In: I0e21e20d9aca340b984968e07d4ce542ae10fd31
Change-Id: I0e21e20d9aca340b984968e07d4ce542ae10fd31
(cherry picked from commit faefa6bd36)
Lists of libraries in between the linker namespaces are no longer
hard-coded in ld.config.txt, but instead come from Soong.
Bug: 37139976
Test: build 2017 pixel device with BOARD_VNDK_VERSION=current m -j
Test: the device is bootable, basic functionalities (camera, camcorder,
wifi, bt, gps, etc.) work.
Merged-In: I8170e6c3f6ee04b16359791d64cc46bd2714a073
Change-Id: I8170e6c3f6ee04b16359791d64cc46bd2714a073
(cherry picked from commit 367984602a)
The default namespace for system process now becomes isolated, which
means it can load only the libs that are in search.paths and under
permitted.paths.
/system/framework, /system/app, /system/priv-app, /vendor/app, /data,
etc are added to the permitted paths since libart should be able to
dlopen odex files under the locations.
Following directories become unavailable:
/system/lib/vndk
/system/lib/vndk-sp
Bug: 37013858
Bug: 64888291
Bug: 64950640
Test: 2017 pixel devices builds and boots
Test: android.jni.cts.JniStaticTest#test_linker_namespaces passes
Merged-In: I2bbe9cc19940c3633c2fb901f9bf8ab813e38c13
Change-Id: I2bbe9cc19940c3633c2fb901f9bf8ab813e38c13
(cherry picked from commit 55f05d79f9)
When the vndk is extended by vendor, the libs in vendor/lib(64)/vndk
will override system/lib(64)/vndk libs. Vendor binaries will search
vndk libs in vendor/lib(64)/vndk prior to system/lib(64)/vndk.
Also, remove a workaround for libsdm-color.so
Bug: 65032513
Test: build and boot check for libsdm-color.so will be loaded on boot
Test: currently no libs exist on vendor/lib(64)/vndk. No test for it
Merged-In: I99ed37eb1a9e92c83533e2d92c9c06db11f01e97
Change-Id: I99ed37eb1a9e92c83533e2d92c9c06db11f01e97
(cherry picked from commit 3094de9684)
For vendor process default namespace searches as following order:
1. /vendor/lib/(hw|egl), /vendor/lib: Vendor libs + VNDK-vnd-ext
2. /system/lib/vndk-$(ver): VNDK libs
3. /vendor/lib/vndk-sp-$(ver): VNDK-SP-vnd-ext
4. /system/lib/vndk-sp-$(ver): VNDK-SP
and searches system namespace (/system/lib) only for LL-NDK libs.
This configuarion is used only with BOARD_VNDK_VERSION is defined.
Bug: 37192038
Test: build with 'BOARD_VNDK_VERSION=current' and boot
Merged-In: If9778b9266a084846ba8fe73e6bff25828359d33
Change-Id: If9778b9266a084846ba8fe73e6bff25828359d33
(cherry picked from commit 24c29f1be4)
The new linker namespace config causes problem when the target is
sanitized: vendor libs which are loaded in the sphal namespace can't
link against to libclang_rt* libs which are in /system/lib directory
because the directory is not allowed for sphal namsapce.
Long-term solution would be installing libclang_rt* to both /system/lib
and /vendor/lib so that vendor libs can link against to the one in
/vendor/lib.
Until the work is done, let's just disable the new linker namespace
config when the target is to be sanitized.
Bug: 63535130
Test: make SANITIZE_TARGET=integer_overflow
SANITIZE_TARGET_DIAG=integer_overflow builds and boots to the UI
Merged-In: I6afb69885aaa3d25e554b9ca699a572248bfc50a
Change-Id: I6afb69885aaa3d25e554b9ca699a572248bfc50a
(cherry picked from commit fff6f75fc1)
android.hidl.memory@1.0-impl.so is a SP-HAL located in
/system/lib/vndk-sp/hw. This can't be moved to /vendor/lib since it is a
framework HAL.
Bug: 62930720
Test: 2017 pixel builds and boots with BOARD_VNDK_VERSION on
Merged-In: I9c456983ef68120c5e8c629efc6dd66a26220ecb
Change-Id: I9c456983ef68120c5e8c629efc6dd66a26220ecb
(cherry picked from commit 7d4cf3fd33)
With BOARD_VNDK_VERSION=current, vndk libs will be installed in
system/${LIB}/vndk. To make them available for vendor, it must be
added to default namespace.
Bug: 63866913
Test: build and boot with BOARD_VNDK_VERSION=current
Merged-In: I9e467a6125fc89513754b56a2420975559144f98
Change-Id: I9e467a6125fc89513754b56a2420975559144f98
(cherry picked from commit 90a2487776)
We have both system and vendor tests in the same directory
/data/nativetest. Since we can't distinguish system and vendor tests at
runtime, we choose to run all of them with the legacy namespace
configuration where /system/lib and /vendor/lib are both accessible
without any restriction. Furthermore, /system/lib/vndk-sp is added to
the list of accessible directories for tests since some libs (such as
libion.so) exist only in the directory but not in /system/lib.
This will change in the future when we install system and vendor tests
into different directories (vendor tests goes into ./vendor subdir).
Then, we will run the tests with [system] or [vendor] configurations
depending on their paths.
Bug: 63597267
Test: run bionic-unit-tests
Test: run linker-unit-tests
Merged-In: I810003b2da0b30335200c130f484ea7b041f9f80
Change-Id: I810003b2da0b30335200c130f484ea7b041f9f80
(cherry picked from commit c034a43d44)
Native tests under /data/nativetest[64] directory is now running with
the same linker namespace configuration as /system/bin/* processes.
This allows us to stop mimicing the linker namespace configuration of the
/system/bin/* processes using LD_LIBRARY_PATH.
Bug: 63597267
Test: run bionic-unit-tests
Test: run linker-unit-tests
Merged-In: If8e2ed0b8016e4e07bf6829735b8e02f952042d0
Change-Id: If8e2ed0b8016e4e07bf6829735b8e02f952042d0
(cherry picked from commit 9d1e50b809)
The dep files are not required because change in the command line
triggers the rule.
Test: m -j ld.config.txt llndk.libraries.txt vndksp.libraries.txt
Re-run the build after adding or removing libs to/from the vndk set.
The txt files are updated accordingly.
Change-Id: I9c9e22088cc2afeb66e8b159f611b25d698cf800
Bug: 67678999
Test: Run serial console on Hikey
Change-Id: Ia5fa9c2af4771508d96545f6a8814a81d5ccee3c
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
The permitted and search paths should be changed according to VNDK version.
However these paths are fixed with vndk and vndk-sp. So I define the
directory name as below
- /system/${LIB}/vndk${VNDK_VERSION}
- /system/${LIB}/vndk-sp${VNDK_VERSION}
${VNDK_VERSION} will be set by the property "ro.vndk.version".
Bug: 66074376
Test: build & run
Change-Id: I7b8e12327af89d131c4c49cb9b459a393c7dacb8
W/T enforce restrictions on linker paths, which M/S do not.
Because of this, media.extractor was unable to load its extractors on W/T.
Bug: 67405932
Test: play sounds successfully
Change-Id: I8914da74780c909da815beaffcd4d76fbe2cc6b5
Tests in /data/[nativetest|benchmarktest] run with namespace config for
system and tests in /data/[nativetest|benchmarktest]/vendor run with
namespace config for vendor.
They no longer run in the 'test' namespace config which didn't impose
any restriction for libraries.
Bug: 67028906
Test: sailfish/marlin builds and boots
Test: no VTS regression on system.img from GSI + vendor.img from
marlin/sailfish
Test: VtsKernelLibcutilsTest successful in above config
Change-Id: I28cdef960d087565c8a22dca0e9a154fb1c3bb94
The nativeloader tries to find the 'vndk' namespace when there is a
vendor apk in the classloader paths. This can happen even for a
downloaded app if the app is using a vendor apk via <uses-library> tag.
In order to prevent the nativeloader from failing to find the vndk
namespace, the namespace is marked as visible.
Bug: 66482442
Test: download the app mentioned in the bug, it does not crash.
Change-Id: I82e2394eb6eedcb8645e1a5b3735bbfe2735b312
For devices where VNDK restrictions are all enforced, vendor apks are
recognized as unbundled; since system partition and vendor partition can
be updated independently from each other.
However, since vendor apks are still bundled in the vendor partition,
they are allowed to do more than ordinaly unbundled apks that are
downloaded and installed to the data partition.
1) /vendor/lib is allowed. So the path is added to the search_paths and
permitted paths of the classloader namespace.
2) LLNDK libs are allowed in addition to the NDK libs. So, LLNDK lib list
from llndk.libraries.txt is added to the list from public.libraries.txt.
3) VNDK-SP libs are allowed. To do so, the classloader namespace is
linked to the 'vndk' namespace where VNDK-SP libs are searched and
loaded from. The list of available VNDK-SP libs is read from
vndksp.libraries.txt file.
4) Name of the namespace is changed to 'vendor-classloader-namespace'
since the namespace is configured differently from the ordinary
'classloader-namespace'.
Bug: 63553457
Test: 2017 pixel devices build and boots to the UI
Test: a vendor apk (e.g. TimeService.apk) works. Turn the airplain mode on.
Set time. Reboot the device. The time is not reset.
Test: 1) set target as 2017 pixel
2) m -j CtsVendorJniTestCases
3) copy the built apk into /vendor/app/CtsVendorJniTestCases
4) reboot / factory reset
5) adb shell am instrument -w android.jni.vendor.cts
Change-Id: I447452eb025c0a0fd076b5c9ac081d453dc6074e
List of llndk and vndk-sp libraries are written in the txt file so that
they can be available at run-time. The information is used by
libnativeloader to configure the classloader-namespace specially for
vendor apks.
Bug: 64882323
Test: build 2017 pixel devices. check that the two files exist on
/system/etc.
Change-Id: Ifbe339a5862f6ef57a8213a14a022765ccf77283
Fix the bug that caused boot failure on ASAN builds with VNDK
restriciton. The major cause is because incorrect (old) ld.config.txt
was used when the build is sanitized, which prevented the dynamic linker
to find some VNDK libs that only exist in /system/lib/vndk; the old
ld.config.txt does not have the directory in its search paths. So, this
CL fixes the problem by having the same ld.config.txt for both sanitized
and non-sanitizied builds.
Furthermore, ld.config.txt is modified so that dependency to
libclang_rt* libs are redirected to those in /system/lib directory. This
ensures that the sanitizer runtime libs are not dual loaded but are
provided for both platform and vendors.
Bug: 65217017
Test: SANITIZE_TARGET=integer_overflow SANITIZE_TARGET_DIAG=integer_overflow m
on 2017 pixel devices. The build is successful and the device boots to
the UI.
Change-Id: I0e21e20d9aca340b984968e07d4ce542ae10fd31
Lists of libraries in between the linker namespaces are no longer
hard-coded in ld.config.txt, but instead come from Soong.
Bug: 37139976
Test: build 2017 pixel device with BOARD_VNDK_VERSION=current m -j
Test: the device is bootable, basic functionalities (camera, camcorder,
wifi, bt, gps, etc.) work.
Change-Id: I8170e6c3f6ee04b16359791d64cc46bd2714a073
For 2016 pixel devices, where VNDK is not fully enforced, move libz back
to LLNDK so that we can pass the CTS without requiring the default
namespace to be isolated.
If we have libz in vndk-sp directory, test_linker_namespaces fails
because /system/lib/vndk-sp/libz.so becomes accessible. In order to make
the lib inaccessible, we have to make the default namespace isolated,
but this can't be done for 2016 pixel devices where VNDK is not fully
enforced. So, we choose to remove /system/lib/vndk-sp/libz.so and keep
the single copy at /system/lib.
Bug: 65018779
Test: android.jni.cts.JniStaticTest#test_linker_namespaces successful on
2016 pixel devices
Change-Id: Ib6b6560b02be69d2015c0afb86acf07c02b30c2f
The default namespace for system process now becomes isolated, which
means it can load only the libs that are in search.paths and under
permitted.paths.
/system/framework, /system/app, /system/priv-app, /vendor/app, /data,
etc are added to the permitted paths since libart should be able to
dlopen odex files under the locations.
Following directories become unavailable:
/system/lib/vndk
/system/lib/vndk-sp
Bug: 37013858
Bug: 64888291
Bug: 64950640
Test: 2017 pixel devices builds and boots
Test: android.jni.cts.JniStaticTest#test_linker_namespaces passes
Change-Id: I2bbe9cc19940c3633c2fb901f9bf8ab813e38c13
We've seen crashes due to processes exceeding the current soft limit
for open FDs of 1024, mainly due to increases in using FDs for shared
memory and gralloc memory objects.
There is not a compelling reason to keep this limit artificially low,
so we raise it to 32K. This matches my desktop linux limit, so it is
with precedent.
Bug: 64894637
Test: open 32K FDs in a process without failure then fail after 32K
Change-Id: Ibecfc486e9c61f273a432a108893137d2d13a530
Make /proc/net/fib_trie only readable to root.
Bug: 31269937
Test: Device boots, file has appropriate permissions.
Change-Id: I0d01ce5c043d576344a6732b0b9ff93d62fcaa34
When the vndk is extended by vendor, the libs in vendor/lib(64)/vndk
will override system/lib(64)/vndk libs. Vendor binaries will search
vndk libs in vendor/lib(64)/vndk prior to system/lib(64)/vndk.
Also, remove a workaround for libsdm-color.so
Bug: 65032513
Test: build and boot check for libsdm-color.so will be loaded on boot
Test: currently no libs exist on vendor/lib(64)/vndk. No test for it
Change-Id: I99ed37eb1a9e92c83533e2d92c9c06db11f01e97
Switch from /data/misc/reboot/last_reboot_reason to persistent
Android property persist.sys.boot.reason for indicating why the
device is rebooted or shutdown.
persist.sys.boot.reason has a standard as outlined in b/63736262 and
the associated investigation. Made adjustments to the values so that
we did not create a problem even before we started. Compliance is
part of the tests in boot_reason_test.sh.
Test: system/core/bootstat/boot_reason_test.sh
Bug: 64687998
Change-Id: I812c55a12faf7cb7ff92101009be058ad9958d07
For vendor process default namespace searches as following order:
1. /vendor/lib/(hw|egl), /vendor/lib: Vendor libs + VNDK-vnd-ext
2. /system/lib/vndk-$(ver): VNDK libs
3. /vendor/lib/vndk-sp-$(ver): VNDK-SP-vnd-ext
4. /system/lib/vndk-sp-$(ver): VNDK-SP
and searches system namespace (/system/lib) only for LL-NDK libs.
This configuarion is used only with BOARD_VNDK_VERSION is defined.
Bug: 37192038
Test: build with 'BOARD_VNDK_VERSION=current' and boot
Change-Id: If9778b9266a084846ba8fe73e6bff25828359d33
This allows us to dlopen libRS_internal.so directly from the rs
namespace, not from the sphal namespace.
Bug: 64747884
Test: VtsHalRenderscriptV1_0TargetTest successful on the device built
with BOARD_VNDK_VERSION=current and [system] namespace config is applied
to /data/nativetest[64]/* processes.
Change-Id: I0b441791e395798e80a84592ca01e771bb1c201a
libft2.so is changed to ll-ndk that is available only for rs
namespace.
Bug: 64425518
Test: build and boot with BOARD_VNDK_VERSION=current
Change-Id: I991dc774ca9b92fb6e95a7656243a6a4ecdc0ab9
Look for asan options under /data/asan so that multi-process coverage
can be enabled on a newly-started remote process without disabling
verity and without forcing it to be always-on.
Test: adb shell echo "include_if_exists=/data/asan/asan.options.%b" >>
/system/asan.options && adb shell echo
"coverage=1\ncoverage_dir=/data/misc/trace" >
/data/asan/asan.options.android.hardware.light@2.0-service && adb shell killall
android.hardware.light@2.0-service
Bug: 64019182
Change-Id: I241ad8478439323681dc1cfde2fa0770f030ae75
android.hidl.memory@1.0-impl.so is a SP-HAL located in
/system/lib/vndk-sp/hw. This can't be moved to /vendor/lib since it is a
framework HAL.
Bug: 62930720
Test: 2017 pixel builds and boots with BOARD_VNDK_VERSION on
Change-Id: I9c456983ef68120c5e8c629efc6dd66a26220ecb
Folks don't know how to add public native API. Point them in the right
direction.
Bug: 63905942
Test: boots
Change-Id: I5e1f04fb852348255a2f7f87aa961948c41c47fd
This is a temporary fix, since we're still not sure exactly what the
bug is.
Bug: 62547086
Test: Built, flashed, and booted Sailfish. Verified that the file has
the correct permission and that wifi and atrace work.
Change-Id: I43275e974a11754eca274f1b77d15cdd03a3b365
(cherry picked from commit 62962dd5b7)
We can't copy /default.prop so just write the value of
$(ro.build.fingerprint) to /data/misc/recovery/ro.build.fingerprint
and rotate it after reboot instead.
Bug: 62793047
Test: manual - reboot phone and check /data/misc/recovery
Change-Id: I130a4b7a01d9e1bfe9baecde2781626eb72e768b
(cherry picked from commit b9b76de6ff)
We can't copy /default.prop so just write the value of
$(ro.build.fingerprint) to /data/misc/recovery/ro.build.fingerprint
and rotate it after reboot instead.
Bug: 62793047
Test: manual - reboot phone and check /data/misc/recovery
Change-Id: I130a4b7a01d9e1bfe9baecde2781626eb72e768b
With BOARD_VNDK_VERSION=current, vndk libs will be installed in
system/${LIB}/vndk. To make them available for vendor, it must be
added to default namespace.
Bug: 63866913
Test: build and boot with BOARD_VNDK_VERSION=current
Change-Id: I9e467a6125fc89513754b56a2420975559144f98
We have both system and vendor tests in the same directory
/data/nativetest. Since we can't distinguish system and vendor tests at
runtime, we choose to run all of them with the legacy namespace
configuration where /system/lib and /vendor/lib are both accessible
without any restriction. Furthermore, /system/lib/vndk-sp is added to
the list of accessible directories for tests since some libs (such as
libion.so) exist only in the directory but not in /system/lib.
This will change in the future when we install system and vendor tests
into different directories (vendor tests goes into ./vendor subdir).
Then, we will run the tests with [system] or [vendor] configurations
depending on their paths.
Bug: 63597267
Test: run bionic-unit-tests
Test: run linker-unit-tests
Change-Id: I810003b2da0b30335200c130f484ea7b041f9f80
Native tests under /data/nativetest[64] directory is now running with
the same linker namespace configuration as /system/bin/* processes.
This allows us to stop mimicing the linker namespace configuration of the
/system/bin/* processes using LD_LIBRARY_PATH.
Bug: 63597267
Test: run bionic-unit-tests
Test: run linker-unit-tests
Change-Id: If8e2ed0b8016e4e07bf6829735b8e02f952042d0
(cherry pick from commit 93394034a2)
Rotate /default.prop and /proc/version into /data/misc/recovery/
as an aid in determining the vintage of the LAST_LOGCAT and
LAST_DMESG in the bugreport collection.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Test: manually confirm content rotation through reboots
Bug: 62793047
Change-Id: Ibbe546c76041f20e308e58e5548939afac75db97
Rotate /default.prop and /proc/version into /data/misc/recovery/
as an aid in determining the vintage of the LAST_LOGCAT and
LAST_DMESG in the bugreport collection.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Test: manually confirm content rotation through reboots
Bug: 62793047
Change-Id: Ibbe546c76041f20e308e58e5548939afac75db97
Use mem cgroups if the kernel is built with CONFIG_MEMCG=y,
additionally add system group.
test: verified on both kernel with/without memcg enabled
Change-Id: Ia2ae89efa3905e9da68fa77adac1225c667864d1
The new linker namespace config causes problem when the target is
sanitized: vendor libs which are loaded in the sphal namespace can't
link against to libclang_rt* libs which are in /system/lib directory
because the directory is not allowed for sphal namsapce.
Long-term solution would be installing libclang_rt* to both /system/lib
and /vendor/lib so that vendor libs can link against to the one in
/vendor/lib.
Until the work is done, let's just disable the new linker namespace
config when the target is to be sanitized.
Bug: 63535130
Test: make SANITIZE_TARGET=integer_overflow
SANITIZE_TARGET_DIAG=integer_overflow builds and boots to the UI
Change-Id: I6afb69885aaa3d25e554b9ca699a572248bfc50a
We have been seeing panics and errors during shutdown sequence in
some vendor's platform, and it is required to disable error handling
during shutdown.
This CL separates the shutdown request to execute another "shutdown"
trigger at the beginning of shutdown stage. And vendor can use this
trigger to add custom commands needed for shutting down gracefully.
Bug: 38203024
Bug: 62084631
Test: device reboot/shutdown
Change-Id: I3fac4ed59f06667d86e477ee55ed391cf113717f
(cherry picked from commit eeab491efd)
- "shutdown critical" prevents killing the service during
shutdown. And the service will be started if not running.
- Without it, services will be killed by SIGTERM / SIGKILL during shutdown.
- Even services with "shutdown critical" will be killed if shutdown
times out.
- Removes ueventd and vold from hard coded list. Each service's rc will
be updated to add "shutdown critical". watchdogd is still kept in the list.
bug: 37626581
Test: reboot and check last kmsg
(cherry picked from commit cccb34fce8)
Change-Id: I3c6aeb7151e64beca4b435f843ae64455217262d
- "shutdown critical" prevents killing the service during
shutdown. And the service will be started if not running.
- Without it, services will be killed by SIGTERM / SIGKILL during shutdown.
- Even services with "shutdown critical" will be killed if shutdown
times out.
- Removes ueventd and vold from hard coded list. Each service's rc will
be updated to add "shutdown critical". watchdogd is still kept in the list.
bug: 37626581
Test: reboot and check last kmsg
Change-Id: Ie8cc699d1efbc59b9a2561bdd40fec64aed5a4bb
We have been seeing panics and errors during shutdown sequence in
some vendor's platform, and it is required to disable error handling
during shutdown.
This CL separates the shutdown request to execute another "shutdown"
trigger at the beginning of shutdown stage. And vendor can use this
trigger to add custom commands needed for shutting down gracefully.
Bug: 38203024
Bug: 62084631
Test: device reboot/shutdown
Change-Id: I3fac4ed59f06667d86e477ee55ed391cf113717f
This commit removes libz.so from the exported libs of "vndk" linker
namespace and export libz.so from "default" linker namespace instead.
We have to remove libz.so from vndk-sp because we don't have a good
mechanism to stop "classloader" linker namespace from loading
/system/lib[64]/vndk-sp/libz.so. Other alternatives require significant
changes to dynamic linker or CTS test cases.
Let's temporarily revert the commit to fix b/62195853 for oc-dr1-dev.
The long-term solution will be discussed in b/37617391.
This reverts commit 63226400f3.
Bug: 62195853
Bug: 37617391
Test: Boot sailfish to home screen.
Change-Id: I4a97819b080f7091b633152d4a11353b24c463ee
Use mem cgroups if the kernel is built with CONFIG_MEMCG=y,
additionally add system group.
test: verified on both kernel with/without memcg enabled
Change-Id: Ib9d1c8e3c797e75f160e0e92edf3f11c9d8e9f17
This commit exports android.hidl.memory@1.0-impl.so from default linker
namespace to vndk (VNDK-SP) linker namespace. This fixes
libhidlmemory.so failure.
Note: Exposing android.hidl.memory@1.0-impl.so from default linker
namespace to vndk (VNDK-SP) linker namespace shall be fine because its
APIs are frozen and won't be changed in the future.
Note: android.hidl.memory@1.0-impl.so is NOT exported to sphal linker
namespace.
Bug: 35107583
Bug: 62778280
Test: Write a test SP-HAL lib which links libhidlmemory.so, load that
SP-HAL lib into system executable, and make sure mapMemory() works.
Test: sailfish boots w/o problems.
Merged-In: Ia36350dcf1f8c8dc6d7bf2c7a6ae65e0ebaef578
Merged-In: Iddb723558c3a814a905cd42797594a707bc651da
Change-Id: I69034595b2cd355e786ce7943fed7dddf1b12525
(cherry picked from commit bd7503dae7)
(cherry picked from commit 3251e582f2)
This commit exports android.hidl.memory@1.0-impl.so from default linker
namespace to vndk (VNDK-SP) linker namespace. This fixes
libhidlmemory.so failure.
Note: Exposing android.hidl.memory@1.0-impl.so from default linker
namespace to vndk (VNDK-SP) linker namespace shall be fine because its
APIs are frozen and won't be changed in the future.
Note: android.hidl.memory@1.0-impl.so is NOT exported to sphal linker
namespace.
Bug: 35107583
Bug: 62778280
Test: Write a test SP-HAL lib which links libhidlmemory.so, load that
SP-HAL lib into system executable, and make sure mapMemory() works.
Test: sailfish boots w/o problems.
Change-Id: Ia36350dcf1f8c8dc6d7bf2c7a6ae65e0ebaef578
This commit adds libhidlmemory.so and android.hidl.memory@1.0.so to the
exported libs of the `vndk` linker namespace (aka. VNDK-SP). This is
necessary because some vendors' GLES implementation uses
libhidlmemory.so. Check http://b/35107583#comment15 for the context.
Bug: 35107583
Test: sailfish boots
Merged-In: Idb5ba4ed4a89795e0e6105d55a84e7f6bbffff51
Change-Id: I1556b7499bd981af995f000519b7a314c70567d1
This commit adds libhidlmemory.so and android.hidl.memory@1.0.so to the
exported libs of the `vndk` linker namespace (aka. VNDK-SP). This is
necessary because some vendors' GLES implementation uses
libhidlmemory.so. Check http://b/35107583#comment15 for the context.
Bug: 35107583
Test: sailfish boots
Change-Id: Idb5ba4ed4a89795e0e6105d55a84e7f6bbffff51
This commit adds libhidlmemory.so and android.hidl.memory@1.0.so to the
exported libs of the `vndk` linker namespace (aka. VNDK-SP). This is
necessary because some vendors' GLES implementation uses
libhidlmemory.so. Check http://b/35107583#comment15 for the context.
Bug: 35107583
Test: sailfish boots
Merged-In: Idb5ba4ed4a89795e0e6105d55a84e7f6bbffff51
Merged-In: I1556b7499bd981af995f000519b7a314c70567d1
Change-Id: I5af7c954d432a2e8de6c6b744cedbada836bbd98
This is a temporary fix, since we're still not sure exactly what the
bug is.
Bug: 62547086
Test: Built, flashed, and booted Marlin. Verified that the file has
the correct permission and that traceur does not popup an error.
Change-Id: I43275e974a11754eca274f1b77d15cdd03a3b365
libui.so is not VNDK-SP, so it must not be allowed to RS drivers.
Bug: 37550338
Test: camerascript app works well in 2017 pixel devices
Change-Id: I34971baebdc91f11935d1eb4ddd07d89d4c38958
This commit adds libion.so to VNDK-SP so that some vendor's
gralloc.${chipset}.so can run without problems.
Bug: 62280700
Test: Boots a device from our partners
Merged-In: I2bcfe40ed9342de6d81dd310313e984a2c64964b
Change-Id: Ib745dfe52107d792296426b097e13b7c7755d88c
This commit adds libion.so to VNDK-SP so that some vendor's
gralloc.${chipset}.so can run without problems.
Bug: 62280700
Test: Boots a device from our partners
Merged-In: Ib745dfe52107d792296426b097e13b7c7755d88c
Merged-In: I2bcfe40ed9342de6d81dd310313e984a2c64964b
Change-Id: If30657b93157a2abea29fadcdb0004b37ad9eaf2
This commit adds libion.so to VNDK-SP so that some vendor's
gralloc.${chipset}.so can run without problems.
Bug: 62280700
Test: Boots a device from our partners
Change-Id: I2bcfe40ed9342de6d81dd310313e984a2c64964b
'vndk' namespace is the place for VNDK-SP libs. So /vendor/lib must be
removed from its search paths. It was there just because libhardware
(which is VNDK-SP) is loading HAL libs in vendor partition from there.
However this problem has been solved by modifying the libhardware so
that HAL libs are loaded from the 'sphal' namespace and not from the
current (the 'vndk') namespace.
Bug: 37731053
Test: sailfish builds and boots
Change-Id: Ia88934a975aa8811e05b5ba408e42d132f20f4e9
init uses /acct and optionally /dev/memcg for tracking services and
therefore these must be started before any services start.
Test: check that cgroups are mounted appropriately.
Change-Id: Ice095287963181fe687dbe6b7d291076e674d1cc
/init.${ro.hardware}.rc would sometime rely on being parsed before other
.rc files. In this case all vendors are still able to have a .rc file
included before all the ones in /vendor/etc/init.
Merged-In: I3fb6df13a39204a516874ea94f5e5ad84bca42c6
Bug: 38301110
Change-Id: I3fb6df13a39204a516874ea94f5e5ad84bca42c6
(cherry picked from commit f7c34ad4bf)
/init.${ro.hardware}.rc would sometime rely on being parsed before other
.rc files. In this case all vendors are still able to have a .rc file
included before all the ones in /vendor/etc/init.
Bug: 38301110
Change-Id: I3fb6df13a39204a516874ea94f5e5ad84bca42c6
Exteded vndk-sp should go to /vendor/lib/vndk-sp.
Bug: 37940694
Test: sailfish builds and boots
Test: manually copying a lib from /system/lib/vndk-sp to
/vendor/lib/vndk-sp. Check that the copied one in /vendor partition is
loaded instead of the original one.
Change-Id: Ia5dd6f35bd31d4a20a794bec148e1fc3c6d7b72b
Test: I solemnly swear I tested this conflict resolution.
Merged-In: I137c17d55940b783eab6d0125bc4d26b96bcc2f2
Change-Id: I90c3ff7c82a9b53ce00057fd87cf227d5faf0975
This commit moves libz.so from default namespace to vndk namespace.
Accodring to b/37617391, libz.so is not as stable as we thought, thus
it should be vndk-sp instead of ll-ndk.
Bug: 37617391
Test: sailfish builds, boots, no new dynamic linker errors in log
Change-Id: I3922895a169303c33914a8a0f4b50cb993a724c9
libvndksupport.so is a new member of ll-ndk.
Bug: 37323945
Test: sailfish builds and boots
Merged-In: Ic5db48292a30a6face7f263d939f27a0760240b1
Change-Id: Ic5db48292a30a6face7f263d939f27a0760240b1
(cherry picked from commit 7000859b7c)
libbacktrace and its dependents are now VNDK-SP. Since they are in
/vendor/lib/vndk-sp directory, they are accessible directly from the
vndk namespace. Therefore, libbacktrace is removed from the exported
shared libs list of the default namespace.
Bug: 37413104
Test: sailfish builds and boots
Merged-In: I137c17d55940b783eab6d0125bc4d26b96bcc2f2
Change-Id: I137c17d55940b783eab6d0125bc4d26b96bcc2f2
(cherry picked from commit b2a4b8cd18)
Add a new boost group for rt tasks. Device specific changes will be in
the device init rc.
Bug: 33085313
Change-Id: I99ca085d0933d878795bb0eda639bb2075419415
Signed-off-by: Joel Fernandes <joelaf@google.com>
This CL is in support of another CL c/2048848, topic
'Refactor hid command in /frameworks/base/cmds' in
internal master. Adding the permissions for
shell here to access uhid_node as part of the
new 'uhid' group.
Bug: 34052337
Test: Tested on angler, bluetooth mouse works OK.
Change-Id: If9e100aa1262d689fb8adc5c0ce93f157c96399e
This reverts commit 6ed19d1675.
Allow devices to decide for themselves whether to allow
module loading after boot.
Bug: 38204366
Test: boot sailfish, load a kernel module
Change-Id: Ib9e77381de9003fb5160463664015a95316ddfc5
libbacktrace and its dependents are now VNDK-SP. Since they are in
/vendor/lib/vndk-sp directory, they are accessible directly from the
vndk namespace. Therefore, libbacktrace is removed from the exported
shared libs list of the default namespace.
Bug: 37413104
Test: sailfish builds and boots
Change-Id: I137c17d55940b783eab6d0125bc4d26b96bcc2f2
android.hidl.base@1.0 and android.hidl.manager@1.0 are built into libhidltransport.
Test: boot internal marlin
Bug: 33276472
Change-Id: I32dc22607f2df5c71555161178865900b35fc75b
(cherry picked from commit fa5ea6a81a)
For legacy reason, /data/data is a real dir and /data/user/0 is a
symbolic link to it. Overhead for linux kernel to walk through
symbolic link is not negligible. This is unnessary overhead to
carry over. This patch is to make /data/user/0 a a real dir and
make legacy folder /data/data a symbolic link. OTAed system does
not get impacted.
Test: Manual test
Change-Id: I419564a75f6ebf3154badb8725ba9831164592b6
Signed-off-by: cjbao <cathy.bao@intel.com>
android.hidl.base@1.0 and android.hidl.manager@1.0 are built into libhidltransport.
Test: boot internal marlin
Bug: 33276472
Change-Id: I32dc22607f2df5c71555161178865900b35fc75b
Bug: 26778031
Test: Boots, reboots, sector 0 of userdata encrypted
Make sure an FDE device, both default and password protected,
boots.
Make sure an FBE device without metadata encryption boots.
Change-Id: I55135f2d81002f4010a857c021ee840f792f7917
This trigger resets ffs.ready in situations where
adbd is stopped via commandline.
Test: stop adbd
Change-Id: Ib5028d55c4883a8291d6de2dbcb0641ff8eb7a48
This allows devices to use functionfs for mtp and ptp instead
of the ordinary functions. The property is set regardless of
which function is enabled so mtp and ptp functions will continue
to work.
Bug: 33220530
Test: use mtp with ffs and non ffs devices
Change-Id: I4527e153bd10ef1e262e487482ae455835d1c698
VNDK-SP is relocated back to /system partition from /vendor partition,
following the original design.
In addition, the namespace for RenderScript is added. The namespace is
dedicated for loading VNDK-SP libs for RenderScript such as
libRS_internal.so. The reason for having a separate namespace is that
RenderScript requires more permitted paths (/data/*) which should not be
allowed for normal SP-HALs.
Bug: 37522144
Bug: 37550338
Test: sailfish builds and boots well
Test: lsof shows VNDK-SP libs are loaded from /system/lib/vndk-sp
Test: RenderScript app (CameraScript) runs well
Change-Id: Id139f626cafae2e43ee4eefc5a57a204e31bbbc9
Currently zygote is started early for FBE device but update_verifier is run later
which creates a potential risk. This CL ensures update_verifier run before
zygote touches anything within data/ partition. With this change, we also start zygote
early for unencrypted/unsupported encryption state device.
Bug: 37543411
Test: marlin boots
(cherry picked from commit 5dc05effec)
Change-Id: I97cde0c20f74b1b17c995d84c2e31c86fe006395
Add asan counterparts.
Bug: 37579959
Test: m && m SANITIZE_TARGET=address
Merged-in: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
Change-Id: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
Currently zygote is started early for FBE device but update_verifier is run later
which creates a potential risk. This CL ensures update_verifier run before
zygote touches anything within data/ partition. With this change, we also start zygote
early for unencrypted/unsupported encryption state device.
Bug: 37543411
Test: marlin boots
Change-Id: I95daa73bc1a503eecb70d7be78251b74b773abf8
- late start of zygote_secondary leads into occasional
1 second wait for starting system service.
- Early start secondary zygote so that there is no additional
wait.
bug: 37508384
Test: python packages/services/Car/tools/bootanalyze/bootanalyze.py -r -c packages/services/Car/tools/bootanalyze/config.yaml -n 100 -f -e 16 -w 30
(cherry picked from commit f8532445b4)
Change-Id: Ia46b07f3d6abb090cc169ebd807e21b16694d172
- late start of zygote_secondary leads into occasional
1 second wait for starting system service.
- Early start secondary zygote so that there is no additional
wait.
bug: 37508384
Test: python packages/services/Car/tools/bootanalyze/bootanalyze.py -r -c packages/services/Car/tools/bootanalyze/config.yaml -n 100 -f -e 16 -w 30
Change-Id: I2e4eb0b59a9a8417b56a72fe2de6fa2a6e1ab0a2
rc-style powerctl has beem removed. Accordingly, asan_extract now
needs to access sys.powerctl directly.
Bug: 36458146
Test: m && m SANITIZE_TARGET=address SANITIZE_TARGET_SYSTEM=true
Change-Id: Ic65a858962b4b3dd613fdbfa09f93d21425bf892
After untar-ing, set correct access flags.
Bug: 36458146
Test: m && m SANITIZE_TARGET=address SANITIZE_TARGET_SYSTEM=true
Change-Id: Ibd98dfaeb58a0040ff2a9fee0bb880a281a673e8
Under full-disk encryption, we must skip extracting libraries
into the temporary /data directory. It is too small, and the
framework will not be able to come up.
Add a check for the vold.decrypt system property. As it turns
out that we can't reliably use this, also add a size check
(and use 512M = 131072 4K blocks as the limit).
Bug: 36458146
Test: m && m SANITIZE_TARGET=address SANITIZE_TARGET_SYSTEM=true
Change-Id: Ib350094b049b6e75832d393527b8b62a58a7fece
(cherry pick from commit 3510359a3c)
ro.logd.kernel, ro.config.low_ram, ro.logd.timestamp and ro.debuggable
need to be retrieved prior to logd start in order for the service to
behave in a configured manner. Other essential services are also
dependent on these system properties as well, so it just makes sense
to pick them all up first in 'on fs'.
Test: smoke test
Bug: 37425809
Change-Id: I33ad185f397ee527ed3c84cc2bcb40ff8ca785b5
ro.logd.kernel, ro.config.low_ram, ro.logd.timestamp and ro.debuggable
need to be retrieved prior to logd start in order for the service to
behave in a configured manner. Other essential services are also
dependent on these system properties as well, so it just makes sense
to pick them all up first in 'on fs'.
Test: smoke test
Bug: 37425809
Change-Id: I33ad185f397ee527ed3c84cc2bcb40ff8ca785b5
Currently if a process sets the sys.powerctl property, init adds this
property change into the event queue, just like any other property.
The actual logic to shutdown the device is not executed until init
gets to the action associated with the property change.
This is bad for multiple reasons, but explicitly causes deadlock in
the follow scenario:
A service is started with `exec` or `exec_start`
The same service sets sys.powerctl indicating to the system to
shutdown
The same service then waits infinitely
In this case, init doesn't process any further commands until the exec
service completes, including the command to reboot the device.
This change causes init to immediately handle sys.powerctl and reboot
the device regardless of the state of the event queue, wait for exec,
or wait for property conditions.
Bug: 37209359
Bug: 37415192
Test: Init reboots normally
Test: Update verifier can reboot the system
Change-Id: Iff2295aed970840f47e56c4bacc93001b791fa35
(cherry picked from commit 98ad32a967)
Currently if a process sets the sys.powerctl property, init adds this
property change into the event queue, just like any other property.
The actual logic to shutdown the device is not executed until init
gets to the action associated with the property change.
This is bad for multiple reasons, but explicitly causes deadlock in
the follow scenario:
A service is started with `exec` or `exec_start`
The same service sets sys.powerctl indicating to the system to
shutdown
The same service then waits infinitely
In this case, init doesn't process any further commands until the exec
service completes, including the command to reboot the device.
This change causes init to immediately handle sys.powerctl and reboot
the device regardless of the state of the event queue, wait for exec,
or wait for property conditions.
Bug: 37209359
Bug: 37415192
Test: Init reboots normally
Test: Update verifier can reboot the system
Change-Id: Iff2295aed970840f47e56c4bacc93001b791fa35
libui.so is not used by SP-HALs, so it is removed from the list of libs
exposed from the default namespace.
Also, this fixes a warning message "property value is empty" caused by
the automatically removed trailing '/' for the section 'legacy'. Since
the legacy behavior is already implemented by the linker itself, the
behavior doesn't need to specified in ld.config.txt.
Test: marlin/sailfish boots
Test: no warning message is shown
Change-Id: Ib679794d63b01c6794663dc88f1ab7e72cfb11d3
Starting zygote early requires cpuset to be initialized to all cores for
foreground cpuset. Change to expolit all cores by default at boot and
let device manufacturers override to proper values in device specific
init script.
Bug: 36576280
Test: marlin boot fast and checked cpuset during early boot
Change-Id: I2c1ce0630e58a7b04d1a453c6740d3f0bce9de9f
(cherry picked from commit 2e83b86a8a)
Starting zygote early requires cpuset to be initialized to all cores for
foreground cpuset. Change to expolit all cores by default at boot and
let device manufacturers override to proper values in device specific
init script.
Bug: 36576280
Test: marlin boot fast and checked cpuset during early boot
Change-Id: I2c1ce0630e58a7b04d1a453c6740d3f0bce9de9f
Now, framework process (any process that is executing /system/bin/* or
/system/xbin/*) are started with three namespaces; default, sphal and
vndk.
default namespace is the namespace that is responsible for loading libs
from /system/lib. It can't load libs from other places such as
/vendor/lib. (However, we temporarily open the path since we haven't
finished the system partition cleanup, but will do eventually).
sphal namespace is the namespace where SP-HAL (Same-process HAL) is
loaded. SP-HAL are the only vendor libraries that are allowed to be
loaded inside framework processes. libEGL_<chipset>.so and
android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs. When
framework needs to load those SP-HALs, it explicitly loads it from this
namespace using android_get_exported_namespace() and
android_dlopen_ext().
vndk namespace is the namespace for loading vndk-sp (Vendor-NDK for
Same-Process) libs, which is a small set of framework libraries that
SP-HALs can link against. These libraries are compiled for the same
version of Android that the vendor partition is compiled against.
SP-HALs can not use libraries other than vndk-sp and ndk libs.
Membership to vndk-sp and ndk are strictly closed.
Note that in a system, there are two copies of vndk-sp libs. One at
/system/lib and the other at /vendor/lib/vndk-sp. As a result, there can
be two instances of a same library in a process.
Also adds ld.config.legacy.txt which is used on non-Treble devices where
PRODUCT_FULL_TREBLE is not set to true.
Note, this split can be cleaned up further after b/37139976 is solved.
Bug: 34407260
Test: git diff HEAD:rootdir/etc/ld.config.legacy.txt
HEAD^:rootdir/etc/ld.config.txt => 0
Test: sailfish boots (because BOARD_VNDK_VERSION is not set to
'current')
Change-Id: I8331d94edc38f22c4f8abc66cdf2050af9d0605b
* changes:
ueventd: Fix up string handling in handle_*_device_event()
ueventd: convert mkdir_recursive() to std::string
ueventd: move subsystem logic from code to ueventd.rc
With the binder traffic of composer moved to vndbinder,
vndservicemanager is needed to be started early to get bootanim
displayed quickly.
Also servicemanager is required to be start early to support early
bootanim and sufaceflinger.
Bug: 37306311
Test: bootanim regression fixed
Change-Id: Ice1e05bdb3fe4e67a63a49f1db8afdb018c7b61b
This CL disables module loading by writing 1 to
/proc/sys/kernel/modules_disabled when the property sys.boot_completed
is set to 1 by ActivityManagerService (at the broadcast of
PHASE_BOOT_COMPLETED).
Bug: 36515654
Test: tested on sailfish and verified that module loading is disabled in
userdebug and enabled in eng mode
Merged-In: Id38d34a6395966ab21e440614337c0cfca791ad0
(cherry picked from commit 6ed19d1675)
Change-Id: I2faa459b450b3a64f854c832c6b91cbf682bbffa
This was marked deprecated in 2014 and removed in 2015, let's remove
the uevent rule now too.
Test: see that logging still works on bullhead
Change-Id: Idaf3f49a1afe7046eba6c976628b9f1c8b3ec094
This CL disables module loading by writing 1 to
/proc/sys/kernel/modules_disabled when the property sys.boot_completed
is set to 1 by ActivityManagerService (at the broadcast of
PHASE_BOOT_COMPLETED).
Bug: 36515654
Test: tested on sailfish and verified that module loading is disabled in
userdebug and enabled in eng mode
Change-Id: Id38d34a6395966ab21e440614337c0cfca791ad0
The class early_hal is essentially for the keymaster hal which needs
to be up before vold tries to unlock a storage encryption key (FDE or
FBE). The current position is too early in the boot process, because
on devices with legacy HAL the wrapper service uses system properties
to find the legacy HAL.
This patch moves the start of the early_hal class to the late-fs trigger
action which runs right after the system property action.
Test: Manually tested and update tested on bullhead, sailfish, and
another device.
Bug: 35764921
Change-Id: I34b45b85f8450e9ef18861535fdb2ee963df8c9b
(cherry picked from commit 1ad8d21947)
The class early_hal is essentially for the keymaster hal which needs
to be up before vold tries to unlock a storage encryption key (FDE or
FBE). The current position is too early in the boot process, because
on devices with legacy HAL the wrapper service uses system properties
to find the legacy HAL.
This patch moves the start of the early_hal class to the late-fs trigger
action which runs right after the system property action.
Test: Manually tested and update tested on bullhead, sailfish, and
another device.
Bug: 35764921
Change-Id: I34b45b85f8450e9ef18861535fdb2ee963df8c9b
This class is used to start hals which are required in order to mount
data (for instance keymaster).
Test: works to start early_hal in internal
Bug: 36278706
Change-Id: If06908135e59b187683d8cf4cc4a00b490559081
(cherry picked from commit 5d56bad4bd)
This class is used to start hals which are required in order to mount
data (for instance keymaster).
Test: works to start early_hal in internal
Bug: 36278706
Change-Id: If06908135e59b187683d8cf4cc4a00b490559081
Move things over to the new layout.
Bug: 36458146
Test: m && m SANITIZE_TARGET=address SANITIZE_TARGET_SYSTEM=true
Change-Id: I4dba269f82e4f88e39f926c6c2dd3c5efa07b2a1
Add init script and shell script to unzip a tar containing ASAN
libraries on boot.
Bug: 36458146
Test: m && m SANITIZE_TARGET=address
Test: manual (build steps for tar missing)
Change-Id: I1bcf332f86c5bf2e0333cbe3def684999c1002f8
This reverts commit 5011270225.
Now starting even earlier.
Reason for revert: Needed change, reverted b/c broken device.
Bug: 36278706
Test: original DOA device boots
Test: angler, bullhead, fugu, marlin, ryu
Test: all these devices boot with wipe
Test: all these devices boot with w/o wipe
Test: lshal shows all included services
Change-Id: Ic639aedf7834b1bd3a26d23d109727f5559317e9
Vendor owns /data/vendor.
HAL data must go in /data/vendor/hardware/.
Bug: 34980020
Test: build and boot AOSP Marlin. Observe /data/vendor and
/data/vendor/hardware exist and are empty.
Change-Id: I6fe96e3c76a10a5eb480ba10e10d4d006de56c12
Also start hals where hwservicemanager was started before.
Bug: 36278706
Test: internal marlin+angler boots
Change-Id: Ia55d2ef747fcbd086a09e1bb856824b14343118b
We have seen cases when threads in this cgroup not scheduled for more than
a few seconds in heavy workload situation and causing device freeze.
In Linux, multiple threads placed in ROOT cgroup cause the CPU resource to
be split per thread, rather than per group.
Currently we have many threads in ROOT cgroup, which makes threads in
bg_non_interactive cgroup to have "tiny" CPU resource other than 5%
quota defined.
Bug: 34193533
Test: on marlin
Change-Id: I7721f6196560fbedf6265e8b6db130cec9edefd7
This file describes how loader should set up
default namespace for different kind of binaries.
Note that vendor and some of system binaries are
not yet ready for this config to be enabled - they
rely on libraries they shouldn't be relying upon.
Bug: http://b/30435785
Test: m
Change-Id: I7d5853a6b55db169be1dc2c38cc682711bf7f7f5
Motivation:
1. Reduce skew between userdebug and user builds.
2. Make the decision to mount debugfs on debug builds on a
per-device basis.
3. Prepare to not mount it at all to reduce the attack surface
of the kernel, reduce boot time, and free up memory.
4. Remove the selinux denial on devices that mount twice, i.e.
unconditionally in the device specific .rc file and in the
init-debug.rc file.
avc: denied { mounton } for path="/sys/kernel/debug" dev="debugfs"
ino=1 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0
tclass=dir permissive=0
If desired, debugfs may be mounted in device specific rc files
instead.
Bug: 31856701
Bug: 35197529
Test: Build and boot Marlin. Selinux denial no longer observed.
Change-Id: Ie0d954f77f7cf70ed2b94f67a57a6c9eba45ba8e
Add SANITIZE_LITE_SERVICES to drive usage of asan.options for a
large set of native services.
Test: m SANITIZE_TARGET=address SANITIZE_LITE=true
Test: m SANITIZE_TARGET=address SANITIZE_LITE=true SANITIZE_LITE_SERVICES=true
Change-Id: I84458dcc1b193b762daeb3004cf6c49e2fd8fae2
Current init doesn't order the triggeres it scaned, and there is no
guarantee that general event trigger exec first and then event+property
triggers.
This CL will make sure netd started after post-fs-data trigger is done.
Bug: 35110957
Test: marlin boots
Change-Id: I7bb55af4e00f336682388abfa8a06eac2136b7d4
This change makes the init process to always attempts to enable
transient trigger for vibrator. This allows the exported properties to
change the ownership later at the on boot stage.
Test: device vibrates with the driver supports ledtrig-transient
Change-Id: If5eb7b7feaefe803f2ead634fbe4fc7b48da84ea
Signed-off-by: David Lin <dtwlin@google.com>
When native coverage is enabled, add a global GCOV_PREFIX
environment variable specifying that gcda files be output
with path prefix /data/local/tmp.
Bug: 35635587
Test: make NATIVE_COVERAGE=true; check init.environ.rc
Change-Id: I40972aea3ca3168d0687bdc93e9d4b7b3a1071b9
Parts of this change were accidentally reverted by an incorrect
manual merge conflict resolution.
Bug: 35306127
Test: manual
Change-Id: I8e6d6b07dcaa548775213dd42ba9def7431c62d3
This prevents the shell user from injecting input as if it were coming
from an existing input device, which in turn makes it easier for malware
/ abuse analysis to detect when someone is injecting input via the
command line vs a real user using a device.
(cherrypick of 95637eb2a332b9a09914b1bf32c10fccfba4a175.)
Bug: 30861057
Test: ran getevent, saw correct output, played with device
Change-Id: Ib53eea1b7767f25510b5d36fe6109101a9fad8e0
This reverts commit e5aee79e9c.
Given recent improvements to boot timing, and higher paralellization,
the lazy preloading of zygote resources makes boot time slightly slower
by ~100-250ms. Therefore, the change is being reverted until we can do
it properly and defer it to a later point in the boot process. This work
is being tracked by b/34810190
BEFORE
------
successive-online : 17290.0,17633.0,17329.0,17655.0,16802.0,16888.0,17645.0,17369.0,17572.0,16932.0,
successive-online_avg : 17311.5
successive-boot : 24834.0,25119.0,25122.0,25091.0,25617.0,25535.0,25047.0,27462.0,25088.0,25648.0,
successive-boot_avg : 25456.3
AFTER
-----
successive-online : 16973.0,16530.0,17015.0,17953.0,17367.0,17098.0,16887.0,17377.0,18039.0,16742.0,
successive-online_avg : 17198.1
successive-boot : 24921.0,25622.0,25781.0,25449.0,25128.0,24774.0,24554.0,25029.0,24544.0,25809.0,
successive-boot_avg : 25161.1
Test: Boot timings collected with tradefed harness.
Bug: 34810190
Change-Id: I9a6dd5ce31bda067e74fc088b057711fa4a7a0fb
This prevents the shell user from injecting input as if it were coming
from an existing input device, which in turn makes it easier for malware
/ abuse analysis to detect when someone is injecting input via the
command line vs a real user using a device.
Bug: 30861057
Test: ran getevent, saw correct output, played with device
Change-Id: Ib53eea1b7767f25510b5d36fe6109101a9fad8e0
When vold mounts the encrypted /data partition, it first checks for and
kills processes that have open fds to the tmpfs placeholder at /data.
This resulted in a 20 second boot-time regression (vold's timeout period)
when tombstoned was started before vold.
Bug: http://b/34461270
Test: boot is faster, no messages from vold in console spew
Test: tombstoned still started by init
Change-Id: Ib5e9ddb05f40c9da852f00e103861c6ff2d94888
Also ensure that it uses the highest supported value, and
abort if the value is not above a minimum threshold.
Test: Tested against the curent kernel (maximum value of 2,
set to 0 by the kernel initially) and against a
modified kernel (maximum value of 4, set to 4 by the
kernel initially)
Bug: 30368199
Change-Id: I608db577258b68b390ffe96f452e1f7c0bc9ad8a
for audio_source function instance, there exist 2 function name here:
"audio_source.gs2" and "audio_source.gs3"
I believe this usb accessory audio name "audio_source.gs2" is a typo,
as there is no need to create another audio_source instance.
Test: Manual
Change-Id: I70b513db474632eb990131c285c8d5105c17970f
Signed-off-by: Winter Wang <wente.wang@nxp.com>
Since splitting tracefs out from debugfs, we now need to set the
attributes explicitly on tracing folder.
Test: Run adb shell atrace -c -b 16000 -t 5 gfx
Bug: 34197733
Change-Id: If2a962332b6d1ec227e289bdf952213756e26186
Everything should be using the functionfs interface instead by now.
Bug: http://b/34228376
Test: grepping for f_adb, android_adb in source tree
Test: m
Change-Id: I6bc41049c49a867499832588dac8ed108c636c11
This helps to avoid tearDownInterfaces call from WiFiStateMachine's
constructor.
Bug: 33752168
Test: on device
(cherry picked from commit 0db195d0757e36c73b9da5a95d9b9986386f0f2e)
Change-Id: I55f56dd8daa5089073ff8dd424e92d09326c7d00
This helps to avoid tearDownInterfaces call from WiFiStateMachine's
constructor.
Bug: 33752168
Test: on device
Change-Id: I44527ee39700c5ac3259bba3a007dde6979170ff
The SO_RCVBUFFORCE option requires the caller of uevent_create_socket()
to have net_admin capabilities.
Set platform default rcv/snd buffer sizes to 256kb that will always be
overridden by the device/target. However, it will allow
ueventd / healthd to use the uevent_create_socket() API w/o requiring
the net_admin capability.
Note: All devices override the buffer sizes according to the technology
maximum to at least ~8MB. So, the init.rc change here is to make sure
platform code can work w/o any overrides.
Test: no SELinux failures for healthd with 'net_admin' removed.
Bug: https://b/32733887
Change-Id: Ida346468cd550ad07901bf3a78ad508939849906
Signed-off-by: Sandeep Patil <sspatil@google.com>
Most notably, there's no longer any need to guess an end time.
Bug: http://b/23478578
Bug: http://b/33450491
Test: rebooted with bootcharting on/off
Change-Id: Icb7d6859581da5526d77dfc5aa4d57c9bfbfd7e2
It's 5 characters shorter, has no runtime costs, can be stored on a
read-only partition, and avoids problems like b/27262109 and b/27204904.
It allows makes some security hardening easier.
Bug: 27262109
Bug: 27204904
Bug: 32799236
Test: verified new symlink created and old one not present
Change-Id: Ief362e13569ad9c868a7f0f9c4dbd6a328c96c6b
Use to solve the problem of tracefs conditionally being mounted
under debugfs and needing restorecon'd without boot performance
penalty.
Also move skip-ce to a flag for consistency.
Test: Check that trace_mount has correct attributes after boot
Bug: 32849675
Change-Id: Ib6731f502b6afc393ea5ada96fa95b339f14da49
Start update_verifier in cache group to avoid dac_override
Bug: 30020920
Change-Id: I227b4a0e1c07e7b9bf209b432e9db02275ffe660
Test: mma
(cherry picked from commit 1e4635f0a8)
* changes:
healthd: refactor healthd code to split into 'charger' and 'healthd'
healthd: build 'charger' and 'healthd' binaries
healthd: refactor to split charger and framework facing code
This renames the old '/sbin/healthd' to '/sbin/charger'
which is to be only used in recovery and charger-only mode.
.. and adds a new dynamically linked executable in /system/bin/healthd
to be used as 'healthd' in Android.
text data bss dec hex filename
817404 36704 37960 892068 d9ca4 root/sbin/charger {was healthd}
72717 11064 12984 96765 179fd system/bin/healthd {*new*}
890121 47768 50944 988833 f16a1 (TOTALS)
Corresponding changes in recovery and charger-only .rc files are
required change how 'charger' is launched in each mode.
Update the seclable for healthd with the launch path in init.rc
Test: Boot tested and verified all 3 modes (recovery, charge-only,
android)
Change-Id: I4ada27a4c113258c5be1fd10adb0f58232b10024
Signed-off-by: Sandeep Patil <sspatil@google.com>
restorecon_recursive doesn't traverse filesystem boundaries. On
tracefs systems, tracing is a separate filesystem, so restorecon
this as well
Bug: 30963384
Test: Boot hikey, and check that there are no debugfs_tracing denials in dmesg
Change-Id: I24abd3ad80d2cfdab4f64fecee799fc0c24ed238
In zygote wrapping mode, ZygoteConnection does a check to see if the pid
reported by the wrapped process is either child process that was
forked, or a decendent of it. This requires read access to other
processes /proc files. Grant zygote AID_READPROC to allow this access.
Bug: 32610632
Test: manual inspection of /proc files to verify group.
Test: manual inspection of zygote's children to make sure they do not
inherit AID_READPROC
Change-Id: I3619a9ae33c8077e068e8024f7c7d44cfca6fb76
This will make it possible to start some key services before mounting
data partition
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
(cherry picked from commit abfbec342f)
This will make it possible to start some key services before mounting
data partition
(cherry picked from commit abfbec342f)
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
This will make it possible to start some key services before mounting
data partition
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
persist.sys.usb.config stores the usb functions which need to be enabled
when the phone boots up. When the phone is actually booted, setting this
would also activate the following action trigger on sys.usb.config
From init.usb.rc:
Used to set USB configuration at boot and to switch the configuration
when changing the default configuration
on property:persist.sys.usb.config=*
setprop sys.usb.config ${persist.sys.usb.config}
sys.usb.config is anyways set to the actual functions by UsbDeviceManager
once it is set to none. Therefore add "on boot" condition to the above
action trigger so that persist.sys.usb.config does not race with
sys.usb.config.
BUG: 30440213
Change-Id: I3333d0b8334fb627469c7faad250bf3151bb1ebf
Tom Cherry