For now, export the exact same values, on `post-fs-data` instead of on
`early-init` to soak the change. As a follow up, the actual values will
be generated by a new oneshot service.
See go/updatable-classpath for more details.
Bug: 180105615
Test: manual - device boots
Change-Id: I5f6826a0f87a5e01233e876d820e581feb555bca
When installing an OTA, update_engine needs to reserve some space on
filesystem by writing to a specific directory(/data/apex/ota_reserved/),
therefore we need to create this dir on system start up.
We are also pro-actively enabling encryption on this directory so that
we can create hard links to /data/apex/decompressed. This will be needed
when we start decompresssing capex from post-install script before
reboot and on boot we can then simply hard link to these files.
Test: th
Bug: 172911822
Change-Id: Ia6a63efcedcfdad9817ba88b54f96683d34df6ce
This is currently used for persisting the compat framework overrides
across reboots.
Test: atest CompatConfigTest
Bug: 145509340
Change-Id: I9205388b44a337a5b56b78cb6cc78f09494a623e
This binary checks and refreshes ART compilation artifacts that are
necessary for the system to boot.
Bug: 165630556
Test: inspect init log output on boot
Change-Id: I15074989a0fb6e5b1036292bc2cd824a141a0252
A future early-boot daemon (on-device signing) needs to access
/data/misc before fs-verity keys are locked. Therefore, move the
restorecon of /data up a bit, to make sure the labels are correct. To be
safe, only run it after init_user0, since that function is responsible
for loading DE keys.
Also move early boot keys and fs-verity key locking a bit later, since
the on-device signing daemon needs to use both of these, but it also
needs the restorecon to function correctly.
Bug: 174740982
Test: manual
Change-Id: I9b6e44d9b547d420e1c6ba01fb3d3accc0625e20
We want to decompress into an encrypted directory so that it can later
be hard linked to other encrypted directories, such as /data/rollback.
Bug: 172911820
Test: atest ApexCompressionTests#testCompressedApexIsDecompressed
Change-Id: I98bc567ba7e8b1ea1b335830d71d1b1f38e6ea33
This change will help non-user builds with keeping debugfs
disabled during run time. Instead, debugfs will be mounted by init
to enable boot time initializations to set up vendor debug data
collection and unmounted after boot. It will be also be mounted by
dumpstate for bug report generation and unmounted after.
This change is only intended to help vendors (who depend on debugfs to
collect debug information from userdebug/eng builds) keep debugfs
disabled during runtime. Platform code must not depend on debugfs at all.
Test: manual
Bug: 176936478
Change-Id: I2e89d5b9540e3de094976563682d4b8c5c125876
This directory will be used to store the mitigation count
from Package Watchdog in the case of a boot loop, in
order to persist the value across fs-checkpointing
rollbacks. One integer will be stored in a file in this
directory, which will be read and then deleted at the
next boot. No userdata is stored.
See go/rescue-party-reboot for more context.
Test: Manual test using debug.crash_sysui property
and inspecting file
Bug: 171951174
Change-Id: I2bd5e1ebe14d7e9e4f0e0dbeb90cf76b8400752e
Unlike apexd, tombstoned uses the regular dynamic linker path
(/system/bin/linker64). As a result, starting it after we have
switched to the default mount namespace but before APEXes have been
activated fails, because /system/bin/linker64 does not exist between
those two events. Fix that by starting tombstoned even earlier,
before we have switched mount namespace.
To avoid reintroducing the bug fixed by 2c9c8eb5ff ("init.rc:
create /data/vendor* earlier"), also make sure that /data/vendor* is
still created before /data/vendor/tombstones.
While at it, move the creation of /data/anr before starting
tombstoned, because tombstoned assumes that /data/anr exists.
Fixes: 81c94cdce6 ("Start tombstoned early in post-fs-data.")
Test: boot fvp-eng and fvp_mini-eng, check that tombstoned starts
succesfully on the first attempt
Change-Id: Ic52383c35fb39c61c2f0e0665fd10e795895d50d
Package verifiers (e.g, phonesky) needs to access the folders inside
/data/app-staging to be able to verify them. Without the execute
permission on app-staging folder, it cannot stat any of the sub-dirs
inside app-staging.
This also aligns with permission of /data/app folder.
Bug: 175163376
Test: manual
Test: installed a staged session and observed that Phonesky did not log
about not finding the apks in /data/app-staging folder
Change-Id: I9774ed800da9f15401d3cee653142a37bf54ef4a
camera-daemon is referred in task-profiles.json so the hierarchy should
be created in aosp's init.rc.
Bug: 170507876
Bug: 171740453
Test: boot and check cgroup
Change-Id: I0e6722b88922abf4ccae3b19623d8b889a6e3cb6
Linkerconfig will be moved into Runtime APEX, so
/system/bin/linkerconfig would not be available before APEX is mounted.
Use bootstrap linkerconfig instead during early init.
Bug: 165769179
Test: Cuttlefish boot succeeded
Change-Id: Iae41f325bbd5f5194aaf4613141860f913dfbff1
First load the verified keys, and then only lock the keyring after apexd
has run. This is in preperation for on-device signing, which will need
to add another key to the fs-verity keyring before it's locked.
Note that I've moved loading of the verified keys up a bit; fsverity_init
used to load keys from Keymaster, but it currently doesn't, so there's
no need to wait for it.
Bug: 165630556
Test: boot, cat /proc/keys
Change-Id: I077673575ae3dafcf3126d8c544fe7f8d34c0225
In task_profiles.json, camera-daemon is referred for both cpu and
cpuset controller, so create them in init.rc officially.
Test: build pass
Bug: 170507876
Change-Id: I655154ab739ffde6fdfd2d499cbaa974597d3ee7
Migrate tasks from root group to a subgroup would help us to put soft
cpu bandwidth control correctly. There are few tasks now failed to
migrate due to PF_NO_SETAFFINITY which is the default kernel behavior
which we are not overriding at this moment.
This CL also fixed an issue that most of RT thread lost RT attribute
when kernel with CONFIG_RT_GROUP_SCHED enabled, as the subgroup would be
initialized with 0 RT runtime by default. CONFIG_RT_GROUP_SCHED is not
enabled in GKI kernels but there could be devices with
CONFIG_RT_GROUP_SCHED enabled, so setting some budget for those devices
to make they can still function. OEM can either set proper budget by
themselves or remove CONFIG_RT_GROUP_SCHED completely.
Bug: 171740453
Test: boot and check cgroup
Change-Id: I83babad2751c61d844d03383cb0af09e7513b8e9
- /data/fonts/files
The updated font files are placed this directory. This files under
this directory are readable by any apps. Only system_server can write
font files to this directory.
- /data/fonts/config
The font configuration used by system_server is stored in this directory.
Only system_server can read/write this directory.
Bug: 173517579
Test: atest CtsGraphicsTestCases
Change-Id: I3d0edd9e58b456be5f8342a4a7babd77e54e0339
/data/rollback-history is used to store deleted rollbacks
for debugging purpose.
Bug: 172644981
Test: Boot device without this, then try to boot with it without wiping.
Change-Id: I79da5190aad455448ccd73fe42abdc79b3649e86
To make sure it's always called after apexd has run.
Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: Iaff175dea6a658523cdedb8b6894ca23af62bcbf
For devices using utilclamp create cpu controller hierarchy. Do not
remove schedtune hierarchy yet because init.rc is generic and should
work with devices which still use schedtune.
Bug: 170507876
Test: cpuctl groups worked
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I8494b0b64336e0c882847d555c262814bef2ffa1
This is to allow the tracing service to temporarily
lower kptr_restrict for the time it takes to build
its internal symbolization map (~200ms), only on
userdebug/eng builds.
kptr_restrict unfortunately cannot be lowered by
the tracing service itself. The main reason for that
is the fact that the kernel enforces a CAP_SYS_ADMIN
capability check at write() time, so the usual pattern
of opening the file in init and passing the FD to the
service won't work.
For more details see the design doc go/perfetto-kallsyms.
Bug: 136133013
Test: perfetto_integrationtests --gtest_filter=PerfettoTest.KernelAddressSymbolization in r.android.com/1454882
Change-Id: Ib2a8c69ed5348cc436223ff5e3eb8fd8df4ab860
In many cases, it's a common practice to use the name of the
domain type of a process or the type of the usage category
instead of using ambiguous terms like sys, system, etc.
Update the property name with net. prefix for better naming to
fit the usage of the system property.
Bug: 170917042
Test: 1. m -j10
2. Check if /proc/sys/net/ipv4/tcp_default_init_rwnd is
updated as expected
Change-Id: I0267880d62cc504a419827732780d2db97b2dfef
A recent change moved creating /data/vendor/tombstone earlier than
/data/vendor was created, which would cause /data/vendor/tombstone to
not be created until the second time a device boots, instead of the
first.
This change moves the creation of /data/vendor* earlier, allowing
/data/vendor/tombstone to be created on the first boot.
Bug: 169659307
Test: boot CF for the first time and see /data/vendor/tombstone is
created
Change-Id: I53ee8fbc282bc533d50756ebb4cc65a5ca582088
Without enabling the encryption on this folder, we will not be able to
rename files from this folder to /data/app folder, since /data/app
folder is encrypted. Trying to rename files between unencrypted folder
to encrypted folder throws EXDEV error.
Turning on encryption for /data/app-staging has the following concerns:
1. Turning on the encryption will erase all of its content. But this is fine
since during OTA we fail all staged sessions anyway.
2. We need to create hardlinks from /data/app-staging to
/data/apex/active. This is also fine since we will be creating link from
encrypted folder (/data/app-staging) to non-encrypted folder and this
does not throw EXDEV error.
Bug: 163037460
Test: atest StagedInstallTest
Change-Id: Ie78f6df0c0e08de54a39c5e406957ad0a56b7727
Since Android R, the FUSE prop is always on and FUSE-off is no longer
supported
Test: m
Bug: 160159282
Change-Id: I6db20fe8cbf8d260ba21fed5da289eacd4e53ef5
