NOTE: This change affects only devices which use SELinux kernel policy
split over system and vendor directories/partitions.
Prior to this change, init compiled sepolicy from *.cil files on every
boot, thus slowing boot down by about 400 ms. This change enables init
to skip the step compilation and thus avoid spending the 400 ms. The
skipping occurs only if the device's vendor partition includes an
acceptable precompiled policy file. If no acceptable policy is found,
the compilation step takes place same as before.
Because such devices support updating system and vendor partitions
independently of each other, the vendor partition's precompiled policy
is only used if it was compiled against the system partition's policy.
The exact mechanism is that both partitions include a file containing
the SHA-256 digest of the system partition's policy
(plat_sepolicy.cil) and the precompiled policy is considered usable
only if the two digests are identical.
Test: Device with monolithic policy boots up just fine
Test: Device with split policy and with matching precompiled policy
boots up just fine and getprop ro.boottime.init.selinux returns
a number below 100 ms. No "Compiling SELinux policy" message in
dmesg.
Test: Device with split policy and with non-matching precompiled
policy boots up just fine and getpropr ro.boottime.init.selinux
returns a number above 400 ms. There is a "Compiling SELinux
policy" message in dmesg. The non-matching policy was obtained
by adding an allow rule to system/sepolicy, building a new
system image using make systemimage and then flashing it onto
the device.
Bug: 31363362
Change-Id: Ic2e81a83051689b5cd5ef1299ba6aaa1b1df1bdc
Standalone, this logger provides no end-to-end capability. Only
provides a writer, no reader transport. All output goes, logcat-like,
into the stderr stream. Output can be adjusted with environment
variables ANDROID_PRINTF_LOG and ANDROID_LOG_TAGS.
liblog_*.__android_log_bswrite_and_print___max print fails if a string
member is truncated with "Binary log entry conversion failed" and -1.
We expose the truncated content in the tests and in LOGGER_STDERR.
The purpose of this transport selection is for command-line tools,
providing a means to shunt the logs to be mixed in with the tool's
error stream.
Test: gTest liblog-unit-tests
Bug: 27405083
Change-Id: If344b6e3e67df2dc86ce317cfad8af8e857727b7
The style file .clang-format is copied from adb/.clang-format.
Each sub folders still can have different style by adding their own
.clang-format because git-clang-format uses the style file located
in one of the parent directories of the *source file*.
Also see the following link for previous discussions:
https://android-review.googlesource.com/#/c/340106
Bug: 36046320
Test: repo upload, checks pre-submit fails when the uploading commit
doesn't meet the style
Change-Id: I94369af197da1ccce581bbd861c8737f6a197429
While recovering from endpoint errors, the gadget stack was being
signalled even when desriptors were NOT being rewritten. Avoid this
as this might cause enumeration loops.
Bug: 36036550
Change-Id: Iff2b2fc8cded001ef3c77dc170dce3b96848970c
Was leaking log_device_t in command path. Cleanup leak in command
path and add thorough clean up on destroy for insurance.
Start grouping related like-type variables in the context structure
for more effective layout.
Test: gTest logcat-unit-tests
Bug: 35326290
Change-Id: Ibfbddec2d0e1bce24b87b035d67726cac1395574
- This is to collect data to understand if e2fsck -f option
can be dropped wholly based on information from fs.
- Ideally e2fsck should not fix fs if it was clean shutdown
or if it is not enabling quota.
- The log is added to /dev/fscklogs/log and other system components
can collect it later.
TODO: add mechanism to distinguish old vs new fs generation tool.
bug: 32246772
Test: reboot and check saved logs under different shutdown conditions (clean, non-clean)
Change-Id: Id00fad4c5f8ebbb9f9908164a1026e415df06721
* changes:
DO NOT MERGE ANYWHERE Qemu: make the qemu_pipe_open compatible with old apis
DO NOT MERGE ANYWHERE Emulator: Enhance qemu_pipe.h to handle partial read and write
So _LOG could be overridden by customized logging
implementations in non-Android systems.
Bug: 35919515
Test: Test on device
Change-Id: I0885c15353c0b1bf66f6f156e7f502f326b85d57
Don't try to connect to ourselves in a signal handler (e.g. if someone
does `killall -ABRT tombstoned`).
Test: killall -ABRT tombstoned
Change-Id: Ib69a206f741acb523c9f2883d474c940b6ebfab2
Make tombstones group readable to allow them to be picked up by the
dropbox service.
Bug: http://b/35979630
Test: killall -ABRT rild; dumpsys dropbox
Change-Id: If57cc17563c80d5b5c4887b0937905bffef6b231
Resolve one of the threading issues by creating a private C++ified
copy of getopt_long_r that started out its life as the bionic
getopt_long, but is reentrant. Adds a new state context for the
stderr stream called optstderr. Utilize this new function in logcat.
Control opterr and optstderr to match liblogcat expectations. Correct
and fortify const.
Alternative would be to lock around _all_ getopt callers. This has
the advantage of requiring _no_ locks that could get in the way of
using liblogcat in a signal handler. The log reader interface does
run the risk of incurring locks and heap allocations though, so there
is more work to be done for that final goal.
Test: gTest logcat-unit-tests
Bug: 35326290
Change-Id: Ibb1b374c55d357d5d7fa5ad00bfaf07ae0bc4ba5
To start Treble VTS test, a single AOSP system.img will be flashed onto
the device. The size of AOSP system.img might be different than the
system partition size on device, making locating verity metadata fail
(at the last fixed size of the partition).
This change allows disabling dm-verity on system partition when the
device is unlocked (orange device state) with invalid metadata.
BUG: 35603549
Test: Boot bullhead with a different-sized system.img, checks verity is
not enabled via:
"adb shell getprop | grep partition.system.verified"
Change-Id: Id89d023e82c78ff1902ab7a528431cf7f65e49ad
This makes init log stderr of secilc invoked to compile SELinux
policy. Having an explanation for why secilc failed is very useful for
debugging boot issues.
Test: Device with PRODUCT_FULL_TREBLE boots up just fine
Test: Modified init.cpp to reference non-existent .cil file on a device
with PRODUCT_FULL_TREBLE and confirmed that dmesg now contains the
error message from secilc saying that the file was not found.
Bug: 31363362
Change-Id: I6a3b3576daf0d6fd09e2c79bc43ae63850f44a00
