It is required to pass update_engine_unittests in GSI
compliance test. And it's clean to just add this mount
dir unconditionally.
Bug: 172696594
Test: `m init.environ.rc` and checks that $OUT/root/postinstall exists
Change-Id: Ib340a78af442ea66c45cecb373a9eb3c428f8dda
camera-daemon is referred in task-profiles.json so the hierarchy should
be created in aosp's init.rc.
Bug: 170507876
Bug: 171740453
Test: boot and check cgroup
Change-Id: I0e6722b88922abf4ccae3b19623d8b889a6e3cb6
Linkerconfig will be moved into Runtime APEX, so
/system/bin/linkerconfig would not be available before APEX is mounted.
Use bootstrap linkerconfig instead during early init.
Bug: 165769179
Test: Cuttlefish boot succeeded
Change-Id: Iae41f325bbd5f5194aaf4613141860f913dfbff1
First load the verified keys, and then only lock the keyring after apexd
has run. This is in preperation for on-device signing, which will need
to add another key to the fs-verity keyring before it's locked.
Note that I've moved loading of the verified keys up a bit; fsverity_init
used to load keys from Keymaster, but it currently doesn't, so there's
no need to wait for it.
Bug: 165630556
Test: boot, cat /proc/keys
Change-Id: I077673575ae3dafcf3126d8c544fe7f8d34c0225
In task_profiles.json, camera-daemon is referred for both cpu and
cpuset controller, so create them in init.rc officially.
Test: build pass
Bug: 170507876
Change-Id: I655154ab739ffde6fdfd2d499cbaa974597d3ee7
Remove provide libs of system image from file, and generate it at build
time instead
Bug: 172889962
Test: Build cuttlefish and confirmed list is generated in
/system/etc/linker.config.pb
Change-Id: I365252dcb2e8735fd8f6345c9ec2c985b0489d64
Migrate tasks from root group to a subgroup would help us to put soft
cpu bandwidth control correctly. There are few tasks now failed to
migrate due to PF_NO_SETAFFINITY which is the default kernel behavior
which we are not overriding at this moment.
This CL also fixed an issue that most of RT thread lost RT attribute
when kernel with CONFIG_RT_GROUP_SCHED enabled, as the subgroup would be
initialized with 0 RT runtime by default. CONFIG_RT_GROUP_SCHED is not
enabled in GKI kernels but there could be devices with
CONFIG_RT_GROUP_SCHED enabled, so setting some budget for those devices
to make they can still function. OEM can either set proper budget by
themselves or remove CONFIG_RT_GROUP_SCHED completely.
Bug: 171740453
Test: boot and check cgroup
Change-Id: I83babad2751c61d844d03383cb0af09e7513b8e9
If device specifies moving AVB keys to vendor ramdisk, but
doesn't have a dedicated recovery partition, install to
vendor-ramdisk/first_stage_ramdisk.
Test: manual
Bug: 156098440
Change-Id: I05a8731236996dda0d1ab3c09828f7dac46f4ac7
/data/rollback-history is used to store deleted rollbacks
for debugging purpose.
Bug: 172644981
Test: Boot device without this, then try to boot with it without wiping.
Change-Id: I79da5190aad455448ccd73fe42abdc79b3649e86
To make sure it's always called after apexd has run.
Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: Iaff175dea6a658523cdedb8b6894ca23af62bcbf
Reduces disk space usage for commonly used libraries by merging coverage
data across processes.
Bug: 171338125
Test: Forrest run of coverage tests
Change-Id: I2b9e94871fc5d66971c5b7e725b296bcd721ccf2
For devices using utilclamp create cpu controller hierarchy. Do not
remove schedtune hierarchy yet because init.rc is generic and should
work with devices which still use schedtune.
Bug: 170507876
Test: cpuctl groups worked
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I8494b0b64336e0c882847d555c262814bef2ffa1
List up libraries which has dependency with system image in the
configuration file. The list was located in linkerconfig source code,
but this makes dependency between linkerconfig and system image. This
change will remove the dependency.
Bug: 168262631
Test: cuttlefish and crosshatch boot succeeded
Change-Id: Id0abc0070b475d834096a85b90a8e88e535c6171
The critical services can now using the interface `critical
[window=<fatal crash window mins>] [target=<fatal reboot target>]` to
setup the timing window that when there are more than 4 crashes in it,
the init will regard it as a fatal system error and reboot the system.
Config `window=${zygote.critical_window.minute:-off}' and
`target=zygote-fatal' for all system-server services, so platform that
configures ro.boot.zygote_critical_window can escape the system-server
crash-loop via init fatal handler.
Bug: 146818493
Change-Id: Ib2dc253616be6935ab9ab52184a1b6394665e813
This is to allow the tracing service to temporarily
lower kptr_restrict for the time it takes to build
its internal symbolization map (~200ms), only on
userdebug/eng builds.
kptr_restrict unfortunately cannot be lowered by
the tracing service itself. The main reason for that
is the fact that the kernel enforces a CAP_SYS_ADMIN
capability check at write() time, so the usual pattern
of opening the file in init and passing the FD to the
service won't work.
For more details see the design doc go/perfetto-kallsyms.
Bug: 136133013
Test: perfetto_integrationtests --gtest_filter=PerfettoTest.KernelAddressSymbolization in r.android.com/1454882
Change-Id: Ib2a8c69ed5348cc436223ff5e3eb8fd8df4ab860
In many cases, it's a common practice to use the name of the
domain type of a process or the type of the usage category
instead of using ambiguous terms like sys, system, etc.
Update the property name with net. prefix for better naming to
fit the usage of the system property.
Bug: 170917042
Test: 1. m -j10
2. Check if /proc/sys/net/ipv4/tcp_default_init_rwnd is
updated as expected
Change-Id: I0267880d62cc504a419827732780d2db97b2dfef
A recent change moved creating /data/vendor/tombstone earlier than
/data/vendor was created, which would cause /data/vendor/tombstone to
not be created until the second time a device boots, instead of the
first.
This change moves the creation of /data/vendor* earlier, allowing
/data/vendor/tombstone to be created on the first boot.
Bug: 169659307
Test: boot CF for the first time and see /data/vendor/tombstone is
created
Change-Id: I53ee8fbc282bc533d50756ebb4cc65a5ca582088
This change does the following:
- Create /second_stage_resources empty dir at root.
- At runtime:
- At first stage init:
- mount tmpfs to /second_stage_resources.
- Copy /system/etc/ramdisk/build.prop to
/second_stage_resources/system/etc/ramdisk/build.prop
- At second stage init:
- Load prop from the above path
- umount /second_stage_resources
Test: getprop -Z
Test: getprop
Bug: 169169031
Change-Id: I18b16aa5fd42fa44686c858982a17791b2d43489
If BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT is set, move GSI AVB keys
to vendor_boot. The existence of these keys are device-specific, and
should not exist in the generic boot image.
Test: manual
Bug: 156098440
Change-Id: Iabe002a9f1ecd2fdf109beed98db6edd3f092399
Without enabling the encryption on this folder, we will not be able to
rename files from this folder to /data/app folder, since /data/app
folder is encrypted. Trying to rename files between unencrypted folder
to encrypted folder throws EXDEV error.
Turning on encryption for /data/app-staging has the following concerns:
1. Turning on the encryption will erase all of its content. But this is fine
since during OTA we fail all staged sessions anyway.
2. We need to create hardlinks from /data/app-staging to
/data/apex/active. This is also fine since we will be creating link from
encrypted folder (/data/app-staging) to non-encrypted folder and this
does not throw EXDEV error.
Bug: 163037460
Test: atest StagedInstallTest
Change-Id: Ie78f6df0c0e08de54a39c5e406957ad0a56b7727
Martijn Coenen