If there are snapshot metadata persisting in /metadata/ota/snapshots,
remove them before applying a new update. Make sure that
the snapshots are indeed invalid before removing them.
On a sidenote, add a comment in init.cpp related to
b/223076262.
Bug: 228250473
Test: 1: Apply OTA in recovery through adb sideload
2: Reboot
3: Apply OTA OTA again through update_device.py
4: Re-run Full OTA updates just from update_device.py
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I116bbafae09042b9c391ccd58c102704571c214e
* changes:
DO NOT MERGE: Revert "init: Add more diagnostics for signalfd hangs."
DO NOT MERGE: Revert "init: Add diagnostics for signalfd epoll failures."
The wrapper is to call SetProcessFiles (C++ API) from crosvm via FFI.
Bug: 223790172
Bug: 216788146
Test: m
Change-Id: If342ca0d19deb1cb7ee581bba2cc543385199cbe
One is intentionally seeting the abort message. The other is to set
the abort message to null.
Also, make the libseccomp_policy static so that the crasher
executable can be copied to the system afterwards without
requiring libseccomp_policy.so.
Test: Ran both new crash commands on device.
Test: Ran the seccomp crash command to verify seccomp still works.
Change-Id: I255b5f37e6eb188719e5b72302ca3f5911c8d821
Mark this as 29 for easy inclusion in APEXes when debugging. Make
sure we don't introduce calls to things here which would prevent
this from being used on old platforms.
Fixes: 228561718
Test: build
Change-Id: I2574455dbfe681117e4afcf6eef3546be51393fa
Experiments can enable/disable MG-LRU using the
persist.device_config.mglru_native.lru_gen_enabled property
which will update the coresponding sysfs control to enable or
disable this feature in the kernel.
Test: adb shell device_config put mglru_native lru_gen_config [none, core, ...]
Test: verify MG RLU is enabled/disabled: cat /sys/kernel/mm/lru_gen/enabled
Bug: 227651406
Bug: 228525049
Change-Id: I0708df8c78a85359d5cb6d5b167836768029380e
* Add new `recv` method that takes a `Vec<u8>` and automatically
allocates extra buffer space and retries the read call if the buffer
does not have enough capacity.
* Rename the existing `recv` method to `recv_no_alloc`, and update docs
to clarify the behaviors of both methods.
* Add tests for the new `recv` method and update existing tests to use
`recv_no_alloc` instead.
Test: tipc-test-rs -m 1024 -t echo
Bug: 226659377
Change-Id: Ic437b617751e865da119fe0c4ef8aa456a63bf3c
Test logic is based on the tests in the original tipc-test C binary,
but adapted to use the Rust unit test infrastructure to make running
tests easier.
Test: Ran the tests
Bug: 226659377
Change-Id: I998013b2f8b304299acb09d58beb49330747802a
This is required so that system_server can read/delete the file(s) in
/data/misc/odsign/metrics & report to statsd
Note the group change in odsign directory was required so that
system_server can get the execute permission to read file in the sub dir
Test: adb shell ls -l /data/misc/odsign/metrics
Bug: 202926606
Change-Id: I6dd80e05bbfb9daf4aa3e996fc22bba1de8bd2ce
Add a specific error message to the Android CLI tool for the
case where the policy engine (http://go/aog/2051516) disallows
loading.
Test: Load a signed app that violates the policy
Bug: 208968719
Change-Id: I2aaa218ab3a7297ea62448de49baa0bfd6b1ee52
In Android S, snapuserd binary was on vendor partition.
When there is an OTA update from S -> T, it is possible
that vendor partitions are not updated. In that case,
successive OTA updates T1 -> T2 will continue to have
snapuserd from Android S as vendor partition wasn't updated
to T. All this means, we should disable user-space snapshots.
When installing OTA during runtime, check for property
ro.vendor.build.version.release_or_codename; if the property
is set to "12", then skip userspace-snapshots.
Bug: 227614163
Test: Simulate OTA test on Pixel 6 from T1 -> T2 by forcefully
setting the property to 12 and verify OTA is applied
successfully by falling back to dm-snapshot.
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I95f29145e5cd9ffb8d03d28ae414f0037b88be90
writepid usage to add a task to a cgroup was deprecated in favor of the
task_profile command. The reason is that writepid hardcodes cgroup path
and makes it hard to change it in the future, whereas task profiles
configure cgroup paths in one centralized place and are easy to change.
Log a warning when writepid is used with cgroups and try converting it
into a task_profiles command for well-known cgroups. If conversion is
not possible the writepid operation will still be attempted to avoid
breaking existing use cases and an error will be logged.
Bug: 191283136
Test: build and boot
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ie58393468ef7d92ab0ffb41e6f339e36d21f7478
During process startup, system creates a process group and places the
new process in it. If process group creation fails for some reason, the
new child process will stay in its parent's group. This poses danger
when the child is being frozen because the whole group is affected and
its parent is being frozen as well.
Fix this by treating group creation failure as a fatal error which would
prevent the app from starting.
Bug: 227395690
Test: fake group creation failure and confirm service failure to start
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I83261bef803751759c7fd709bf1ccd33ccad3a0b
The callback can be called by the destructor of LruCache, so it needs to be destructed last.
Bug: 227635615
Change-Id: I7d965a2000c1ec32d9c9e88d25ab0c1ba3e9c739
