Execute mkdir -p /mnt/pass_through/0/emulated
and bootstrap the emulated volume for user 0.
The 'pass_through' paths allow us bind mount the lower
filesystem directly into /storage, bypassing any sdcardfs
of FUSE mounts.
This change is part of enabling upcoming platform changes that are
described in the bug linked below.
Bug: 135341433
Test: builds, boots and pass through directories are created
Change-Id: I46ce207d06a1ec550b8bacac259387371fc0b841
For using Gtest to run vts_security_avb_test and test it in the
vts-core, we have to add this rule to copy the *-gsi.avbpubkey to the
testcase folder.
Bug: 132702215
Test: 1. add data: "q-gsi.avbpubkey" to Android.bp of the module
2. m module_name
Change-Id: I810231f39c970da4d2b8ab63daeee02379c7f952
If this check fails and an OTA or mainline module update has recently
happened, we want to rollback the recent change. The easiest way to
handle this is to reboot, which will trigger the fallback mechanisms
that are already in place.
Bug: 141082587
Test: device reboots if self test fails
Test: device rolls back a recently applied OTA with failing self test
Test: device rolls back a recently applied conscrypt apex update with
failing self test
Change-Id: Iff879deff09d347262dc7a2acadb9164a5029d4a
No longer required for hwasan builds, since b/140790209 is fixed.
This reverts change-id I27069b20f7c7068b931340f548b284ce1676466c.
This also reverts the identified change for the memory regression in
b/140648539.
Test: Build & boot on taimen_hwasan-userdebug
Test: Build & boot on crosshatch_hwasan-userdebug
Bug: 140790209
Bug: 139408016
Bug: 140648539
Change-Id: Ib61c53571a4de0970a86ebc391a2ce780247943a
Any used files need to be in the dependencies list for rules. In this
case, this is more than what's actually read in the script, but the
older ones shouldn't change as much, and replicating the logic is
non-trivial.
Bug: 130111713
Test: run with RBE, no longer see error about file not found
Change-Id: I88baf541ce6250a5dbf7b8a7d6b8005ed7cf5cc6
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
is different each time, adb created files in directory.
Change-Id: I44f746acd1040f7baa9123d4824ba39b194f287b
libcrypto performs a self test when it is loaded, unless
a marker file /dev/boringssl/selftest/[hash] exists which
indicates that the self test has already successfully
completed since the last time the device was booted.
Before this CL topic, libcrypto attempted to create the
marker file when the self test successfully completed.
On Android, dedicated boringssl_self_test{32,64} binaries
are run early during boot and are the only binaries
(apart from init and vendor_int) that have permission to
create these files.
Another CL in this topic stops the boringssl self test
creating a marker file unless the environment variable
BORINGSSL_SELF_TEST_CREATE_FLAG is set to a nonempty value.
This CL sets that value to "true" when running the dedicated
self test binaries, but not for other binaries. This has
the effect that other binaries that run the self test
early during boot (before the dedicated self test binaries
have created the marker files) and which run the self test
will no longer attempt to create the marker file, which
SELinux would have denied anyway.
Bug: 137267623
Test: Treehugger
Change-Id: I99317df1a8c3496d33ae83f9ec346782b2286ac9
This replaces the recently added `exec_reboot_on_failure` builtin, since
it'll be cleaner to extend service definitions than extending `exec`.
This is in line with what we decided when adding `exec_start` instead
of extending `exec` to add parameters for priority.
Test: `exec_start` a service with a reboot_on_failure option and watch
the system reboot appropriately when the service is not found and when
the service terminates with a non-zero exit code.
Change-Id: I332bf9839fa94840d159a810c4a6ba2522189d0b
This should ensure that the self tests run before any other binaries
that load libcrypto and which would otherwise run into SELinux denials
trying to create the marker file /dev/boringssl/selftest/[hash]
The invocation of the self test binaries from the Conscrypt apex
requires the apex to be mounted so it remains at a later point in
the boot process.
Bug: 137267623
Test: Treehugger
Change-Id: I34266d6e9d2f394fffa8a2c7725479b5770d119c
The accidental trailing ':' appears to stop the line
triggering.
Bug: 137267623
Test: Checked the /system/bin/boringssl_self_test32
now runs on aosp_cf_x86_phone-userdebug
Change-Id: I7b4b1d6b838d8d1a7a0db7f104a94b34962df030
vold is already started during early-fs which happens before
post-fs-data.
Trying to start it again in post-fs-data is a little bit confusing.
Test: device boots
Change-Id: I5faefe6d1f1bb7472ea3d032b1f157c69da565f1
The installed file name of modules may not match the module name.
Use module-installed-files to get the installed file name.
Bug: 117607748
Test: m checkbuild
Test: only libprotobuf-cpp-*-3.9.1.so changed in ld.config.R.txt
Change-Id: I83b7519f344b65b6cd98c4cabcf9bce0e753ba92
Merged-In: I83b7519f344b65b6cd98c4cabcf9bce0e753ba92
Instead of init.cpp knowning about the boringssl self
test, use init.rc to exec dedicated self test executables.
Advantages:
- The self test is run not only both the copy of libcrypto
in /system but also /apex/com.android.conscrypt.
- The self test is run not only for the primary (e.g. 64bit)
ABI but also for a secondarry (e.g. 32bit) ABI.
- The dependency on libcrypto is kept to the self test binary.
- The self test binary abstracts the exact native API for
running the self test (this will change soon because the
self test will be run when the library is loaded).
Bug: 137267623
Test: Check that logcat shows both binaries being started as root,
and finishing with exit code 0.
Change-Id: I1e716749ee2133993f0f7b2836483391fd1a62f0
For now, keep symlinks only to the binaries demonstrably in use by apps
(dex2oat and dalvikvm).
Test: adb shell ls -l /system/bin
Bug: 124106384
Change-Id: Id662beb4c13785ac9d44bf41f9f33907219b69be
This is a temporary fix to keep the Bionic-associated libraries accessible
in the runtime namespace, pending a proper namespace split.
Test: Build & boot with taimen_hwasan-userdebug
Bug: 139408016
Bug: 139916951
Exempt-From-Owner-Approval: Approved internally
Change-Id: I27069b20f7c7068b931340f548b284ce1676466c
Merged-In: I27069b20f7c7068b931340f548b284ce1676466c
Start the serial console at the 'init' trigger instead of much later
when property triggers happen. This will help debugging early boot
issues.
Test: serial console starts early for a userdebug build
Test: serial console still doesn't start on a user build
Change-Id: I7112a8e7171c9fa865c8787c9a3d14515bc59478
