persist.sys.usb.config values can't be combined on build-time when
property files are split into each partition.
So we need to apply the same rule of
build/make/tools/post_process_props.py on runtime.
Test: building succeeded and tested on sailfish.
Bug: 37617113
Bug: 37648659
Merged-In: If1e4279f05d74eccf5ce23eef41a466b7d8e3bde
Merged-In: I1e5ad9da360bfb3cb4970e12a76522fd0a5126b8
Change-Id: I78cdffee446d3ae6a89f138faed5f3149e4b507d
(cherry picked from commit 0cf3a07e14)
Fixes issue where attributes used exclusively in neverallow
rules were removed from policy.
Bug: 37357742
Test: Force on-device compile by removing precompiled policy.
Verify no increase in compile time.
Change-Id: I0d145fd311c2ddcb226a827f2a997f10c20a8379
- late start of zygote_secondary leads into occasional
1 second wait for starting system service.
- Early start secondary zygote so that there is no additional
wait.
bug: 37508384
Test: python packages/services/Car/tools/bootanalyze/bootanalyze.py -r -c packages/services/Car/tools/bootanalyze/config.yaml -n 100 -f -e 16 -w 30
(cherry picked from commit f8532445b4)
Change-Id: Ia46b07f3d6abb090cc169ebd807e21b16694d172
This reverts commit 5e801e7bd5.
The file permissions don't allow access to the lock on devices
where vendor code runs with UID root and GID radio. They are
no longer necessary because we have a more flexible selinux-based
solution in https://android-review.googlesource.com/#/c/354223/ .
Test: strace -f -e flock -p <netmgrd_pid> on angler shows flock succeeds
Test: strace -f -e flock -p <netmgrd_pid> on marlin shows flock succeeds
Test: netd_unit_test passes on marlin
Test: strace -f -e flock -p <netd_pid> on marlin shows flock succeeds
Bug: 36108349
Bug: 37483189
(cherry picked from commit b6e4b35fe4)
Change-Id: Ia1bbf8d93ec6777514be66cbd1a32dfc95df95c0
Merged-In: Ia1bbf8d93ec6777514be66cbd1a32dfc95df95c0
(cherry pick from commit b867beac56)
The gTest should not be able to set ro.device_owner, either as a unit
test or a CTS test. The CTS test should not be able to set
persist.logd.security, the gTest may as it is run on userdebug with
root, so check if we are root to discern expectations.
Test: gTest liblog-unit-tests --gtest_filter=liblog.__security
Test: cts-tradefed run cts-dev -a armeabi-v7a -m CtsLiblogTestCases -t liblog#__security
Bug: 36480230
Change-Id: I1da88aae34da4e2fca8dd88d740eeb879d9c65bb
(cherry pick from commit 3510359a3c)
ro.logd.kernel, ro.config.low_ram, ro.logd.timestamp and ro.debuggable
need to be retrieved prior to logd start in order for the service to
behave in a configured manner. Other essential services are also
dependent on these system properties as well, so it just makes sense
to pick them all up first in 'on fs'.
Test: smoke test
Bug: 37425809
Change-Id: I33ad185f397ee527ed3c84cc2bcb40ff8ca785b5
- Do not use -f if it was cleanly shutdown.
- For unclean shutdown or other operation failures like
mount, tune2fs failure, run full check.
- Still old image will run full check once in 5 reboots
while new image will not run full check unless something
fails.
- Add retry for final mount. If mount fails once, run full fsck
once and try again.
bug: 32246772
bug: 35366616
Test: many reboots
(cherry picked from commit 40db04d640)
Change-Id: If312d91e09aca0648dd926e26a3d1e5f7ddedb46
this will make the implementation more cleaner,
and has error message output when failed on some operations
also add the O_TRUNC flag explicitly for the open function
called in write_file.
And add more test on read_file and write_file functions
Bug: 36726045
Bug: 36576280
Test: manual with hikey
Test: boot and init tests on bullhead
Test: cast with fugu, per b/36726045
Merged-In: If3c30a2fff58cfece2fcd27e69c30382146e6808
Change-Id: If3c30a2fff58cfece2fcd27e69c30382146e6808
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
(cherry picked from commit dbe88e7953)
The content parameter of write_file() previously took a char* that was
then converted to a std::string in WriteStringToFd(). One unfortunate
effect of this, is that it is impossible to write data that contains
'\0' within it, as the new string will only contain characters up
until the '\0'.
This changes write_file() to take an std::string, such that
std::string::size() is used to determine the length of the string,
allowing it to contain null characters.
Also change the path parameter of read_file() and write_file() for
consistency.
Lastly, add a test for handling strings with '\0' in them.
Bug: 36726045
Bug: 36576280
Test: Boot bullhead, run unit tests
Change-Id: Idad60e4228ee2de741ab3ab6a4917065b5e63cd8
(cherry picked from commit 53089aa25c)
(cherry pick from commit 9fcaaba85d)
When BOOL_DEFAULT_FLAG_ENG and/or BOOL_DEFAULT_FLAG_SVELTE is set for
flags parameter in __android_logger_property_get_bool, they can not be
overridden by a supplied property value. Reset these two flags if
there is something in the specified property.
Test: gTest liblog-unit-tests, logcat-unit-tests and logd-unit-tests
Bug: 37425809
Change-Id: I5fc2d727e8c30bc1e781f8b365f44ec62dd36b4d
Currently if a process sets the sys.powerctl property, init adds this
property change into the event queue, just like any other property.
The actual logic to shutdown the device is not executed until init
gets to the action associated with the property change.
This is bad for multiple reasons, but explicitly causes deadlock in
the follow scenario:
A service is started with `exec` or `exec_start`
The same service sets sys.powerctl indicating to the system to
shutdown
The same service then waits infinitely
In this case, init doesn't process any further commands until the exec
service completes, including the command to reboot the device.
This change causes init to immediately handle sys.powerctl and reboot
the device regardless of the state of the event queue, wait for exec,
or wait for property conditions.
Bug: 37209359
Bug: 37415192
Test: Init reboots normally
Test: Update verifier can reboot the system
Change-Id: Iff2295aed970840f47e56c4bacc93001b791fa35
(cherry picked from commit 98ad32a967)
(cherry pick from commit 24aa9a41e1)
Failure to open socket misbehaved and told us nothing.
Test: gTest logd-unit-tests
Bug: 37378309
Change-Id: Iec369a50ccb1027e96947465e90d9572c9f4047f
(cherry pick from commit 3614a0c5d4)
Add checking for impossible(tm) scenarios within LogBuffer::flushTo:
1) When iterating through the log entries, check if the iterator
returns two identical element references and break out of the loop.
2) Cap the maximum number of log entries we will skip while holding
the iterator lock at 4194304, break out of the loop.
We print a message to the kernel logs if we hit these cases.
ToDo: Remove this paranoia at some future date.
Test: gTest liblog-unit-tests logcat-unit-tests and logd-unit-tests
Bug: 37378309
Change-Id: I789594649db14093238828b9f6d1daeca8b780c2
(cherry pick from commit 5836379b21)
Deal with a regression introduced in commit
5a34d6ea43 (logd: drop mSequence from
LogBufferElement) where log_time was compared against nsec() time
miscalculating the watermark boundary. When dealing with logcat
-t/-T, or any tail reading, add a margin to prune to back off by a
period of 3 seconds (pruneMargin).
Test: gTest liblog-unit-tests logcat-unit-tests and logd-unit-tests
Bug: 37378309
Change-Id: I72ea858e4e7b5fa91741ea84c40d2e7c3c4aa031
libui.so is not used by SP-HALs, so it is removed from the list of libs
exposed from the default namespace.
Also, this fixes a warning message "property value is empty" caused by
the automatically removed trailing '/' for the section 'legacy'. Since
the legacy behavior is already implemented by the linker itself, the
behavior doesn't need to specified in ld.config.txt.
Test: marlin/sailfish boots
Test: no warning message is shown
Change-Id: Ib679794d63b01c6794663dc88f1ab7e72cfb11d3
We can't reuse the GID range for internal cache files, otherwise
we don't have a way to tease apart the difference when deciding if
it's safe to move apps.
Test: builds, boots
Bug: 37193650
Change-Id: I22c4e575cd557636e74c5c73035adb1d4dcbb7f7
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 36426473
Bug: 36079834
Test: m -j libcutils
Test: attempt to compile with BOARD_VNDK_VERSION := current
Test: (sanity) boot internal marlin
Change-Id: I76f9b28ef08a26d84d1365881e00696cc1dcfe5d
- moved __android_log_is_debuggable to a new public header
(log_properties.h)
- vendor version of sched_policy uses ALOG* instead SLOG*
Test: (sanity) liblog-unit-tests
Test: (sanity) libcutils_test (noting b/b/32972117, two tests continue
to fail)
Test: system/core as a whole makes with BOARD_VNDK_VERSION := current
now with no problems.
Test: boots/works on internal marlin
Bug: 33241851
Change-Id: I5bc1f348dc0f0c8814bec5b5c3d2c52c825ab640
Set ro.boot.avb_version to "AVB_VERSION_MAJOR.AVB_VERSION_MINOR".
During Treble OTA match, the major version must be the same as that in
the avb metadata on disk, while the minor version can be equal or
greater to that in the avb metadata on disk.
See how avb versioning work on the following link:
https://android-review.googlesource.com/#/c/342757/
Also renames AvbHashtreeDisabled() -> hashtree_disabled().
Bug: 35322304
Test: Early mount with AVB, checks [ro.boot.avb_version]: [1.0] exists.
Test: Not enable AVB, checks [ro.boot.avb_version] doesn't exists.
Change-Id: I5aaf476ca53c4fe817779518ba14b68ebcfdc6d6
Merged-In: I5aaf476ca53c4fe817779518ba14b68ebcfdc6d6
(cherry picked from commit 1a898c25f9)
* changes:
fs_mgr: support AVB in fs_mgr_update_verity_state()
init: support early_mount with vboot 2.0 (external/avb/libavb)
fs_mgr: adds/changes some public APIs for early mount in init
fs_mgr_avb: refactors how vbmeta is loaded
fs_mgr: adding fs_mgr_get_slot_suffix() public API
- mount, e2fsck, tune2fs will all fail if magic number does not match.
- mismatch always happen for FDE and is wasting boot-up time to try
all and fail always.
- skip mount steps if it has invalid magic number and do not record
fs_stat either.
- For ext4 fs with corrupt superblock, e2fsck refuses to do anything if
superblock magic is invalid. So simply running e2fsck does not help
anyway.
bug: 36231950
Test: reboot ane check fs_mgr log from dmesg
(cherry picked from commit 6000a3f657)
Change-Id: Ia7120a188c316262da5fdb986c7d9c76db86aa7b
Use of 'inline' without 'static' may allow the C compiler to uninline it
within the compilation unit, depending on the C standard level. Always
using 'static inline' avoids this problem.
Test: build + boot to launcher
Change-Id: Ifb6e1fa6b84286067ddc2daca4c8942c410e56ab
Starting zygote early requires cpuset to be initialized to all cores for
foreground cpuset. Change to expolit all cores by default at boot and
let device manufacturers override to proper values in device specific
init script.
Bug: 36576280
Test: marlin boot fast and checked cpuset during early boot
Change-Id: I2c1ce0630e58a7b04d1a453c6740d3f0bce9de9f
(cherry picked from commit 2e83b86a8a)
