Bionic libs, regardless of whether they are bootstrap ones or from the
runtime APEX, are available via /system/lib. Since /system/lib is in the
search paths of the default(platform) namespace, there is no need to
list the bionic libs to the namespace link to the runtime namespace.
Bug: 120266448
Test: m; device boots
Test: atest CtsJniTestCases CtsCompilationTestCases CtsBionicTestCases
all passing except for following tests that are also failing at ToT
dl#exec_linker
dl#exec_linker_load_from_zip
dl#exec_linker_load_self
dl#exec_linker_load_file
Change-Id: Ib67acd4f384b2f0e70b5fe8ec6b45a5506367223
This change makes the bionic libs and the dynamic linker from the
runtime APEX (com.android.runtime) available to all processes started
after apexd finishes activating APEXes.
Specifically, the device has two sets of bionic libs and the dynamic
linker: one in the system partition for pre-apexd processes and another
in the runtime APEX for post-apexd processes. The former is referred as
the 'bootstrap' bionic and are located at
/system/lib/{libc|libdl|libm}.so and /system/bin/linker. The latter is
referred as the 'runtime' bionic and are located at
/apex/com.android.runtime/lib/bionic/{libc|libdl|libm}.so and
/apex/com.android.runtime/bin/linker.
Although the two sets are located in different directories, at runtime,
they are accessed via the same path: /system/lib/* and
/system/bin/linker ... for both pre/post-apexd processes. This is done
by bind-mounting the bootstrap or the runtime bionic to the same path.
Keeping the same path is necessary because there are many modules and
apps that explicitly or implicitly depend on the fact that bionic libs
are located in /system/lib and are loaded into the default linker
namespace (which has /system/lib in its search paths).
Before the apexd is started, init executes a built-in action
'prepare_bootstrap_bionic' that bind-mounts the bootstrap bionic to the
mount points. Processes started during this time are provided with the
bootstrap bionic. Then after the apexd is finished, init executes
another built-in action 'setup_runtime_bionic' which again mounts the
runtime bionic to the same mount points, thus hiding the previous mounts
that target the bootstrap bionic. The mounting of the runtime bionic
(which is only for post-apexd processes) is hidden from pre-apexd
processes by changing propagation type of the mount points to 'private'
and execute the pre-apexd processes with a new mount namespace using
unshare(2). If a pre-apexd process crashes and re-launched after the
apexd is on, the process still gets the bootstrap bionic by unmounting
the runtime bionic which effectively un-hides the previous bind-mounts
targeting the bootstrap bionic.
Bug: 120266448
Test: device boots
Test: cat /proc/`pidof zygote`/mountinfo shows that
/system/lib/{libc|libdl|libm}.so and /system/bin/linker are from the
runtime APEX
Test: cat /proc/'pidof vold`/mountinfo shows that the same mount points
are from system partition.
Change-Id: I7ca67755dc0656c0f0c834ba94bf23ba9b1aca68
For consistency with APKs, signature verification is performed
in the system_server. This includes checking that the signature of
an updated install matches the signature of the active package that
it updates. For this, it requires search access to /data/apex and
read access to the files under that directory.
Test: m
Change-Id: I8795b26b9a40ba7126c2a548fbec82ff322a1453
This commit removes the soname filter from the namespace fallback link
from `runtime` to `system` in the vendor process. This fixes the
problem that vendor process might fail to load `libnetd_client.so`,
`libc_malloc_debug.so`, `libc_malloc_debug_leak.so`, and other libc
dependencies.
This commit also removes the namespace fallback link from `runtime` to
`default` in the vendor process. According to the comments in [1], the
original intention was to allow the access to `/system/${LIB}` not
`/vendor/${LIB}`. Furthermore, `com.android.runtime` suppose to work
without libraries from `/vendor/${LIB}`.
[1] https://android-review.googlesource.com/c/858456
Bug: 119867084
Bug: 122025516 # Motivation of this commit
Test: Executables under vendor partition are not blocked by
`libnetd_client.so` not found error.
Change-Id: I682baada9d755910832474bb3d8307cd49c21ece
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
We cannot put the APEX into the search path due to b/120661824,
but we can put it into the permitted path,
Bug: b/122073006
Test: builds, boots
Test: system/netd/tests/runtests.sh
Change-Id: If6f13ba9dc249d019b820a7c37cf6d4cdd8d0a7d
This reverts commit a0d9f2fd6c.
Original change: Needs to support e.g. app_process in "default" ->
libnativehelper in "runtime" -> platform libs in "default" -> libc etc in "runtime".
Always make sure to switch namespaces when switching library paths between
/system and the APEX, so that internal library dependencies in both
locations are loaded from their own directory. E.g. libc++ and libbase live
in both places, and their dependents must always load the version they were
compiled with.
This CL also adds a temporary workaround to not break hwasan builds
(b/121038155).
Bug: 119867084
Bug: 113373927
Bug: 121038155
Change-Id: I58d09ed091dd82b2162c4a0b51555174d9322e0e
Test: Flash and reboot device
Test: Remount / read-write, then on device: rm -f system/lib{,64}/lib{c,m,dl}.so; system/bin/dex2oat -h; stop && start
Test: mmma bionic/tests/ && adb root && adb shell rm -rf /data/nativetest\* && adb push out/target/product/taimen/data/nativetest* /data/ && adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: cts-tradefed run commandAndExit cts-dev -m CtsJniTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsCompilationTestCases
Test: cts-tradefed run commandAndExit cts-dev -m CtsBionicTestCases (8 failures remain unchanged by this CL)
Test: Patch internal; lunch taimen_hwasan-userdebug && m SANITIZE_TARGET=hwaddress && vendor/google/tools/flashall -w && adb shell /vendor/bin/sh -c ls
Staging Manager is a high-level service (yet to be committed) that
manages multi-package sessions requiring a reboot to be applied, for
example if one of the packages is an APEX file. This directory will
contain the session data and the temporary copies of the packages.
Bug: 118865310
Test: N/A
Change-Id: I8aceefab849cf5af17086cb6868b801d1c2615e9
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
We cannot put the APEX into the search path due to b/120661824,
but we can put it into the permitted path,
Test: builds, boots
Test: system/netd/tests/runtests.sh
Test: atest FrameworksNetTests android.net.cts.ConnectivityManagerTest
Change-Id: Ia68df860b7edc92180284f62736146e6029d7655
/dev/* nodes referenced in the removed rules are not present on Pixel
devices, i.e. android platform doesn't depend on these nodes. If a
device relies on one of these rules, the rule should be added to the
device-specific ueventd.rc.
v1->v2:
Added back usb-specific rules
/dev/bus/usb/* 0660 root usb
/dev/mtp_usb 0660 root mtp
Bug: 110962171
Test: boot walleye
Test: init_tests
Test: wired headset plays audio
Test: USB PTP works between 2 devices
Change-Id: Ic2d77806a01c8918b2485fb5f0bd9b670b01d1df
The main "base" copy of time zone data is now found in
the runtime module. The system files will likely be deleted.
Test: CTS: run cts -m CtsHostTzDataTests
Test: PTS (cp'd to internal master): run pts -m PtsTimeZoneTestCases
Bug: 116191025
Bug: 119293618
Bug: 113373927
Test: build / boot with logcat inspection
Change-Id: I8dc8ff0d17aac124262d9c7c54abce61d97397e5
Needs to support e.g. app_process in "default" -> libnativehelper in
"runtime" -> platform libs in "default" -> libc etc in "runtime".
Always make sure to switch namespaces when switching library paths between
/system and the APEX, so that internal library dependencies in both
locations are loaded from their own directory. E.g. libc++ and libbase live
in both places, and their dependents must always load the version they were
compiled with.
Bug: 119867084,113373927
Test: Flash and reboot device
Test: Remount / read-write, then on device: rm -f system/lib{,64}/lib{c,m,dl}.so; system/bin/dex2oat -h; stop && start
Test: mmma bionic/tests/ && adb root && adb shell rm -rf /data/nativetest\* && adb push out/target/product/taimen/data/nativetest* /data/ && adb shell /data/nativetest64/bionic-unit-tests/bionic-unit-tests && adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
Test: cts-tradefed run commandAndExit cts -m CtsJniTestCases
Change-Id: I6c4fc2f1abea1fb8851546e258ffaaa4ef6fe7d0
This reverts commit 2f56b1fff8.
Reason for revert: Breaks bionic-unit-tests's dlfcn.dladdr_libc
and x86 CtsJniTestCases' JniStaticTest.test_linker_namespaces.
Bug: 113373927
Bug: 120661824
Change-Id: I9b34bcb240a42bf99c6d8b58db4b18a4f6d36961
This reverts commit d3b0b2708b.
Reason for revert: Regression in USB audio handling
Test: USB audio playback on Crosshatch
Bug: 120795549
Change-Id: Ibd05cd9b419f3e7988ce24a45f800d4bfe91ef6a
/dev/* nodes referenced in the removed rules are not present on Pixel
devices, i.e. android platform doesn't depend on these nodes. If a
device relies on one of these rules, the rule should be added to the
device-specific ueventd.rc.
Bug: 110962171
Test: boot walleye
Test: init_tests
Change-Id: I3262475d4ff22386e8da0436efaf98b208e4fa1c
Some configurations won't allow ueventd to have CAP_NET_ADMIN, so the
new default size of 16M is not possible for those. Those
configurations also won't need such a large buffer size, so this
change allows devices to customize the SO_RCVBUF(FORCE) size for the
uevent socket.
This is done by adding the line 'uevent_socket_rcvbuf_size <size>' to
your device's ueventd.rc file. <size> is specified as a byte count,
for example '16M' is 16MiB.
The last parsed uevent_socket_rcvbuf_size line is the one that is
used.
Bug: 120485624
Test: boot sailfish
Test: ueventd unit tests
Change-Id: If8123b92ca8a9b089ad50318caada2f21bc94707
