Note: bootloaders can still change the reboot target using cmdline.
Change-Id: I982ddb0b5720c660026e9b8b2ec4d0c3196b6442
Signed-off-by: Alexander Martinz <amartinz@shiftphones.com>
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
Sometimes we need to override ro.* properties by using our vendor init
extension.
Previously there was a security check which was blocking that.
To resolve the issue, we need to weaken the security check during the
execution of our vendor init extension.
This is safe because the vendor init extension gets executed as part of init
construction and it is considered a trusted system component.
Change-Id: I6198b453745cb92c65d3e3d49e3262354cddd2a2
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
This is a squash of the following commits.
Author: Danny Lin <danny@kdrag0n.dev>
Date: Wed Oct 7 00:24:54 2020 -0700
init: Set properties to make SafetyNet pass
Google's SafetyNet integrity checks will check the values of these
properties when performing basic attestation. Setting fake values helps
us pass basic SafetyNet with no Magisk Hide or kernel patches necessary.
Note that these properties need to be set very early, before parsing the
kernel command-line, as they are read-only properties that the bootloader
sets using androidboot kernel arguments. The bootloader's real values
cause SafetyNet to fail with an unlocked bootloader and/or custom
software because the verified boot chain is broken in that case.
Change-Id: I66d23fd91d82906b00d5eb020668f01ae83ec31f
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
Author: Jarl-Penguin <jarlpenguin@outlook.com>
Date: Wed Jun 16 11:28:46 2021 +0000
init: Don't spoof SafetyNet properties in recovery mode
Change-Id: Ib6d3808c3b8f3e0cffab685a24d3cdd436b0fe9b
Change-Id: I0a219245b8e8f59ab1acc31068b4f8f98f708d81
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
When opening and closing activities in Settings, a measurably
significant amount of CPU time is spent processing and logging stats
events in statsd:
0.02% /apex/com.android.os.statsd/lib64/libstatspull.so @plt
0.01% /apex/com.android.os.statsd/bin/statsd @plt
0.01% /apex/com.android.os.statsd/bin/statsd SocketListener::runListener()
0.01% /apex/com.android.os.statsd/bin/statsd android::os::statsd::LogEvent::parseBuffer(unsigned char*, unsigned long)
0.01% /apex/com.android.os.statsd/bin/statsd android::os::statsd::LogEvent::parseAnnotations(unsigned char, int)
Over longer device uptimes with real-world usage, statsd uses a
substantial amount of total CPU time. We have no use for the stats
recorded by statsd, so disable the service entirely to save CPU in
potential hotpaths.
This is the system/core part of the change; changes to frameworks/base
are also required.
Test: simpleperf record -a; verify that statsd no longer appears in
sample hits
Change-Id: Idf6fdb0eff987169bd5f370dd72315e831a669e6
Signed-off-by: Hưng Phan <phandinhhungvp2001@gmail.com>
Signed-off-by: Dmitrii <bankersenator@gmail.com>
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
Signed-off-by: rmp22 <195054967+rmp22@users.noreply.github.com>
To relieve memory pressure on Android, we should start writing
dirty data sooner than later.
The Linux kernel's default is way too conservative on Android.
Android doesn't have a good reason to delay writing dirty data
anyways.
This change will make the kernel start writing dirty data when
it reaches 50M and switch to synchronous on 200M, which is far
more sensible values than 1.2G and 2.4G respectively on a device
with 12G of RAM.
Change-Id: I22f9ec9010dd028710a1a5c2e3d26d8444a4c914
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
In a previous commit bb0838b511, the gc_urgent_sleep_time for F2FS was aggressively set to 50ms to optimize GC.
This change, however, led to performance regressions on most devices, particularly of those running in 4.19+ kernels.
From our tests, the heightened CPU and I/O activity from this aggressive garbage collection setting is the likely cause.
To address this, we're revising the gc_urgent_sleep_time parameter to strike a balance between aggressive GC and device performance, taking
bb0838b511 goal into consideration.
Furthermore, the dirty writeout policy has been aligned with the latest configurations used in Pixel devices,
and cp_interval has been adjusted to surpass dirty_expire_centisecs for improved power efficiency during idle times.
Test: booted partner device, monitor performance
Change-Id: Ie4d0c870d734e915aaebcc53e64acdabac47b6dc
Signed-off-by: minaripenguin <minaripenguin@users.noreply.github.com>
Set swappiness of apps and system under /dev/memcg from init.rc
CRs-Fixed: 2791027
Change-Id: I90e5feb8e52f9e98582b8d8666537b12d4864ce8
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
dm-verity's overhead is non-negligible.
As we're optimizing for performance over security, always use
"check_at_most_once".
This feature is available on kernels v4.17 and onwards and is
equivalent to CONFIG_DM_ANDROID_VERITY_AT_MOST_ONCE_DEFAULT_ENABLED
on older kernels.
Change-Id: Ib8b13d8429ac62bb1553ae81a7175d33fdb2e471
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
It is only intended for performance analysis and can
impact I/O throughput.
Change-Id: Ia7d3a449d52625d911e2cea16249972d01e5cfcf
Signed-off-by: Adithya <gh0strider.2k18.reborn@gmail.com>
Signed-off-by: Nishant Kumar <www.rajsonu13@gmail.com>
Former-commit-id: a766ea9189219e8ff4450bf86358f6f9c20cc7eb
Change-Id: I202956b4427b4ae7f88df496a108d717a6b8be57
Signed-off-by: minaripenguin <minaripenguin@users.noreply.github.com>
Set ipv4 min/default/max write and read memory size and socket max send/receive memory size to values that are high enough to reach 1+Gbps over wifi and cellular. Moving forward there is no need to override them in per device init.rc or framework config file.
Bug: 213596972
Test: manual test to confirm TCP memory size is increased and wifi TCP throughput with default TCP window size can reach 700Mbps in HE80 mode.
Change-Id: I0eb644453ab44804d33e3ed21e64aaccdc8c1ecd
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
This can have a major impact on performance.
We don't want this, even on userdebug/eng builds.
Use the new property "ro.console.enable" to
enable the console service explicitly.
Change-Id: I93e7c65e92261443d1c9c70cfef9aa2ed5ff328a
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
Signed-off-by: Jason Edson <jaysonedson@gmail.com>
Signed-off-by: Dmitrii <bankersenator@gmail.com>
Signed-off-by: Joey Huab <joey@evolution-x.org>
Former-commit-id: 4d36ac6b9fe0a26dcfa4fc32de377c502f49eb3e
Former-commit-id: 1dc24bca6c98f3a9a23ce5ec3bf76c2019973694
Former-commit-id: c31e332873ff454d4203da5c67188a79260d2c1c
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8epjwAKCRDorT+BmrEO
eGPtAJ4xkVvM0OmK/dZBwdVVDMjKroC/zACaAsDXpFeOe6kT2WhEkvc6MqpfuNQ=
=5OoV
-----END PGP SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgPpdpjxPACTIhnlvYz0GM4BR7FJ
+rYv3jMbfxNKD3JvcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQCn8sR4oKubEOLtjfwngAI9k+KVB6e2XzmS6vwsN1oRV3O7k4oSXLnNH+sHPQXQ6lX
4cqrmxPKTONclXrV4Ggw8=
-----END SSH SIGNATURE-----
Merge tag 'android-15.0.0_r20' into staging/lineage-22.2_merge-android-15.0.0_r20
Android 15.0.0 Release 20 (BP1A.250305.019)
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8epjwAKCRDorT+BmrEO
# eGPtAJ4xkVvM0OmK/dZBwdVVDMjKroC/zACaAsDXpFeOe6kT2WhEkvc6MqpfuNQ=
# =5OoV
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed Mar 5 03:31:59 2025 EET
# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate]
* tag 'android-15.0.0_r20': (183 commits)
Revert "Define ueventd.rc.recovery"
Define ueventd.rc.recovery
Define init_second_stage.recovery
Define reboot.recovery and watchdogd.recovery
debuggerd: Use libprocessgroup to unfreeze
Define toolbox.recovery
Replace partition-specific toybox make module with soong modules
Start aconfigd socket defined in configinfra mainline module
Update trusty to use secretkeeper hal V1
ashmem: Ensure all memfds have non-executable permissions by default
libsnapshot: Cleanup temp metadata during rollback
libprocessgroup: Remove ramdisk_available from libcgrouprc
libprocessgroup: Remove vendor_ramdisk_available from libcgrouprc
libprocessgroup: Remove recovery_available from libcgrouprc
gatekeeperd_service_fuzzer: Add signal() to handle SIGPIPE
libutils OWNERS for shayba@
Deprecate cc_binary aconfigd and the controlling flag
libprefetch: rename property name
Update comments to point to the new location of event.logtags.
Fix the dm-verity Merkle tree caches to not expire so quickly
...
Conflicts:
init/devices.cpp
Change-Id: I16f4b8b40b74074b087b2fc719cf4a322ccd76cf
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IsswAKCRDorT+BmrEO
eHLxAJ9VFRJgjolHUwxeYIHRrAxp7WFw0wCeIiUvtF763IeQx6Ri6gz3/i1V9mY=
=uE+H
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEHrBYPudH862glXQBzJUERRm+ZmkFAmdYsU0XHG1rYmVzdGFz
QGxpbmVhZ2Vvcy5vcmcACgkQzJUERRm+ZmlzEhAAkyT+qSieZv1roFs6MW0sBnjP
60eSCsj/eVetsK91ExBdm+NPHmpFG1XUcwxxiWzlPweIYA+eaECdoP9qngwxH/fy
7m6lxzVx2C9JbSCRWuBmyFWfsm7l+cjDoO8a5QnummBNobhV6/z680+CPzhsXXp5
wQ8cRYLlZEwSMGlgW5KufhbEQISZK1rxWGcx7C0MwoAZybm0V7bcv9ot9XWVZdBI
0uvpZEAYuLqMTTOxd1HNZBKA+cMmWLE+0ALfydGqdHxTkpDXY17Ek4/R3H7KTcy0
mhp6rLQHMKn/atDUsYGvDp/wGs+PWHl9QPXprwj9g9XBNRaAcw/ANi+I/Gc17Qsc
X/5DeC0ycGBljhjnl7ZoXAPwLyN+tYZi+ekwBs0E4+uQCLG5AMSLGZHGHcZafXB1
s0pR1u85BxC/7CoVB22J5utjsLdJT0G8bIgfyrKVVIA9iIe9zO/rsMN+9kffrQ9W
xPohc1XyVrsQ2b6xk/PyqbAI5mk7+IKKhxhX+Vv2Fczp2OCPuefa1aS1lIv4bZBL
rRPlVyodLWsEqxGNhiCo5Hh24uufJGuBTL2w6Rn5/UkqUkvUQZbsRNTg7WQIfcWh
sNvuNNxpgsilXFJC0/aoLE557MjCWq4eolPLnyrz3yR3jPcAa269bMuiMXKsVeEd
PvjxgQawPY8QkE2woe0=
=R9aC
-----END PGP SIGNATURE-----
Merge tag 'android-15.0.0_r6' into staging/lineage-22.0_merge-android-15.0.0_r6
Android 15.0.0 Release 6 (AP4A.241205.013)
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IsswAKCRDorT+BmrEO
# eHLxAJ9VFRJgjolHUwxeYIHRrAxp7WFw0wCeIiUvtF763IeQx6Ri6gz3/i1V9mY=
# =uE+H
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri Dec 6 00:44:03 2024 EET
# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal]
# gpg: initial-contribution@android.com: Verified 2481 signatures in the past
# 3 years. Encrypted 4 messages in the past 2 years.
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78
# By Akilesh Kailash (13) and others
# Via Automerger Merge Worker (317) and others
* tag 'android-15.0.0_r6': (158 commits)
trusty: storage: proxy: FS_READY property setting on vendor only
Fix the trigger name for loading bpf programs.
start netd earlier
Replace base::RandInt with std::uniform_int_distribution
trusty: keymint: rename trusty_ipc_dev property
Move the `dist` target of `mke2fs` to `build/core/tasks`
Remove define of SA_EXPOSE_TAGBITS.
Add input event profile to mitigate input latency of input threads
Remove usage of base/string/* in libfs_avb
Add getFdStateDebug to access Looper's callbacks
libsnapshot: CHECK -> CHECK_EQ
Mount /mnt/vm earlier
Define linker.config.json as a filegroup
Remove usage of base/logging.h in libfs_avb
debuggerd: recognize jumps to non-executable memory.
Support vendor partition in non-debuggable pVMs
Remind the reader that they'll need to modify CTS too.
Rename system/core/rootdir/Android.mk to create_root_structure.mk
trusty: keymint/gatekeeper: Pass device name from init scripts
Remove unused variable.
...
Conflicts:
fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
fs_mgr/libsnapshot/snapshot.cpp
init/Android.bp
init/fuzzer/Android.bp
Change-Id: I29c07b3ac76940cb2b82726e98d2beb643b3e6e4
This reverts commit f9b38f91ac.
Reason for revert: <Froidmonitor created revert due to b/382795480.Will be verified through ABTD for standard invesigation.>
Change-Id: Ib6f759fc3dee7800acf9a2c1e24eea2962730167
By removing `recovery_available` property from "ueventd.rc" and
defining a dedicated recovery-specific module for "ueventd.rc".
`recovery_available` property should be used to allow the reverse
dependencies recovery modules to depend on the module, not to
install the module to the recovery partition.
Test: m soong_generated_recovery_filesystem_test
Bug: 381888358
Change-Id: I6921cae72a1757e065003efc9d77241625f645e9
By removing `recovery_available` property from "init_second_stage"
and defining a dedicated recovery-specific module for
"init_second_stage". `recovery_available` property should be used
to allow the reverse dependencies recovery modules to depend on
the module, not to install the module to the recovery partition.
Test: m soong_generated_recovery_filesystem_test
Bug: 381888358
Change-Id: Ie9b93b8453bc1e40f7a28e57f498313d3bc4cedb
By removing the "recovery_available" property from "reboot" and
"watchdogd" modules.
"recovery_available" property should be used to allow the reverse
dependencies recovery modules to depend on the module, not to
install the module to the recovery partition.
Test: m soong_generated_recovery_filesystem_test
Bug: 381888358
Change-Id: I48014774714957885f3ad648ac302cc3c13687ae
