This reverts commit 67a09e5791.
Exempt-From-Owner-Approval: Fixes P0 failures.
Bug: 123185917
Reason for revert: media namespace needs to be introduced.
Change-Id: I0c28798a3143c1e627278c3a908207e670171416
And have the linker translate a java library path from an apex
to a linker namespace.
Bug: 122874359
Test: m, boots, gtest, run-test, CtsJdwpTests
Change-Id: I216c3509c45589d28acdac068aec53877aeb104a
Exempt-From-Owner-Approval: Carrying Jiyong's +2
It depends on libdexfile_external, libnative{bridge,helper,loader} and
libart(d), which are provided by the Runtime APEX.
Test: flash & boot
Test: atest CtsJdwpTestCases
Bug: 113373927
Change-Id: I0df99f444e892c47a5f06bd1bcf5d184defb4517
This will be used for system internals to access
secondary volumes without having to bypass sdcardfs.
This reverts commit 54b8844b13
Bug: 121277410
Test: manual
Change-Id: Id5b995dc5899b5999f1dea662ba1c3ee475a0e46
It's replaced with entries in PRODUCT_PACKAGES_DEBUG in
build/make/target/product/base_system.mk
Test: treehugger
Change-Id: I4dc69c34ddc2c494fc74bc4afee6efa240c9b0d3
This reverts commit 2599088ff6.
Reason: Breaks some 3p apps.
Bug: 122920047
Test: run the app, login.
Change-Id: Idea332b1f91e9d2ac6ebd3879da7820c8ba2284f
System server needs to be able to write to idle and
writeback nodes in the zram sysfs directory.
Bug: 117682284
Bug: 122674343
Test: Test writeback on go ref device
Change-Id: I1cd663b73a7ebb255fe7e459601e720961bbd69e
*/build.prop files are now loaded much earlier than before; from 'on
post-fs' to the time when the property service is started which is
before init starts the action loop.
This ensures that all processes that are launched by init have a
consistent view of system properties. Previously, the processes that
started before 'on post-fs' were initially with the small number of
sysprops loaded from */default.prop and then suddenly get additional
sysprops from */build.prop while they are executing.
Bug: 122714998
Test: device boots
Change-Id: Ic07528421dfbe8d4f43673cea41175d33cfbf298
This will be used for system internals to access
secondary volumes without having to bypass sdcardfs.
Bug: 121277410
Test: manual
Change-Id: I6546fa8df419157b3c2adcf5ff3faa4db4458cff
Bionic libs, regardless of whether they are bootstrap ones or from the
runtime APEX, are available via /system/lib. Since /system/lib is in the
search paths of the default(platform) namespace, there is no need to
list the bionic libs to the namespace link to the runtime namespace.
Bug: 120266448
Test: m; device boots
Test: atest CtsJniTestCases CtsCompilationTestCases CtsBionicTestCases
all passing except for following tests that are also failing at ToT
dl#exec_linker
dl#exec_linker_load_from_zip
dl#exec_linker_load_self
dl#exec_linker_load_file
Change-Id: Ib67acd4f384b2f0e70b5fe8ec6b45a5506367223
This change makes the bionic libs and the dynamic linker from the
runtime APEX (com.android.runtime) available to all processes started
after apexd finishes activating APEXes.
Specifically, the device has two sets of bionic libs and the dynamic
linker: one in the system partition for pre-apexd processes and another
in the runtime APEX for post-apexd processes. The former is referred as
the 'bootstrap' bionic and are located at
/system/lib/{libc|libdl|libm}.so and /system/bin/linker. The latter is
referred as the 'runtime' bionic and are located at
/apex/com.android.runtime/lib/bionic/{libc|libdl|libm}.so and
/apex/com.android.runtime/bin/linker.
Although the two sets are located in different directories, at runtime,
they are accessed via the same path: /system/lib/* and
/system/bin/linker ... for both pre/post-apexd processes. This is done
by bind-mounting the bootstrap or the runtime bionic to the same path.
Keeping the same path is necessary because there are many modules and
apps that explicitly or implicitly depend on the fact that bionic libs
are located in /system/lib and are loaded into the default linker
namespace (which has /system/lib in its search paths).
Before the apexd is started, init executes a built-in action
'prepare_bootstrap_bionic' that bind-mounts the bootstrap bionic to the
mount points. Processes started during this time are provided with the
bootstrap bionic. Then after the apexd is finished, init executes
another built-in action 'setup_runtime_bionic' which again mounts the
runtime bionic to the same mount points, thus hiding the previous mounts
that target the bootstrap bionic. The mounting of the runtime bionic
(which is only for post-apexd processes) is hidden from pre-apexd
processes by changing propagation type of the mount points to 'private'
and execute the pre-apexd processes with a new mount namespace using
unshare(2). If a pre-apexd process crashes and re-launched after the
apexd is on, the process still gets the bootstrap bionic by unmounting
the runtime bionic which effectively un-hides the previous bind-mounts
targeting the bootstrap bionic.
Bug: 120266448
Test: device boots
Test: cat /proc/`pidof zygote`/mountinfo shows that
/system/lib/{libc|libdl|libm}.so and /system/bin/linker are from the
runtime APEX
Test: cat /proc/'pidof vold`/mountinfo shows that the same mount points
are from system partition.
Change-Id: I7ca67755dc0656c0f0c834ba94bf23ba9b1aca68
For consistency with APKs, signature verification is performed
in the system_server. This includes checking that the signature of
an updated install matches the signature of the active package that
it updates. For this, it requires search access to /data/apex and
read access to the files under that directory.
Test: m
Change-Id: I8795b26b9a40ba7126c2a548fbec82ff322a1453
This commit removes the soname filter from the namespace fallback link
from `runtime` to `system` in the vendor process. This fixes the
problem that vendor process might fail to load `libnetd_client.so`,
`libc_malloc_debug.so`, `libc_malloc_debug_leak.so`, and other libc
dependencies.
This commit also removes the namespace fallback link from `runtime` to
`default` in the vendor process. According to the comments in [1], the
original intention was to allow the access to `/system/${LIB}` not
`/vendor/${LIB}`. Furthermore, `com.android.runtime` suppose to work
without libraries from `/vendor/${LIB}`.
[1] https://android-review.googlesource.com/c/858456
Bug: 119867084
Bug: 122025516 # Motivation of this commit
Test: Executables under vendor partition are not blocked by
`libnetd_client.so` not found error.
Change-Id: I682baada9d755910832474bb3d8307cd49c21ece
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
We cannot put the APEX into the search path due to b/120661824,
but we can put it into the permitted path,
Bug: b/122073006
Test: builds, boots
Test: system/netd/tests/runtests.sh
Change-Id: If6f13ba9dc249d019b820a7c37cf6d4cdd8d0a7d
This reverts commit a0d9f2fd6c.
Original change: Needs to support e.g. app_process in "default" ->
libnativehelper in "runtime" -> platform libs in "default" -> libc etc in "runtime".
Always make sure to switch namespaces when switching library paths between
/system and the APEX, so that internal library dependencies in both
locations are loaded from their own directory. E.g. libc++ and libbase live
in both places, and their dependents must always load the version they were
compiled with.
This CL also adds a temporary workaround to not break hwasan builds
(b/121038155).
Bug: 119867084
Bug: 113373927
Bug: 121038155
Change-Id: I58d09ed091dd82b2162c4a0b51555174d9322e0e
Test: Flash and reboot device
Test: Remount / read-write, then on device: rm -f system/lib{,64}/lib{c,m,dl}.so; system/bin/dex2oat -h; stop && start
Test: mmma bionic/tests/ && adb root && adb shell rm -rf /data/nativetest\* && adb push out/target/product/taimen/data/nativetest* /data/ && adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: cts-tradefed run commandAndExit cts-dev -m CtsJniTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsCompilationTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsBionicTestCases (8 failures remain unchanged by this CL)
Test: Patch internal; lunch taimen_hwasan-userdebug && m SANITIZE_TARGET=hwaddress && vendor/google/tools/flashall -w && adb shell /vendor/bin/sh -c ls
Staging Manager is a high-level service (yet to be committed) that
manages multi-package sessions requiring a reboot to be applied, for
example if one of the packages is an APEX file. This directory will
contain the session data and the temporary copies of the packages.
Bug: 118865310
Test: N/A
Change-Id: I8aceefab849cf5af17086cb6868b801d1c2615e9
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
We cannot put the APEX into the search path due to b/120661824,
but we can put it into the permitted path,
Test: builds, boots
Test: system/netd/tests/runtests.sh
Test: atest FrameworksNetTests android.net.cts.ConnectivityManagerTest
Change-Id: Ia68df860b7edc92180284f62736146e6029d7655
