This reverts commit 997a2d93d7.
Reason for revert: This revert is needed, just also need some selinux rules for changes to the script that runs if this folder is present.
Bug: 136199978
Change-Id: Ie0544954965e3c90abc2f833c41949976c3bea65
This reverts commit 891a011394.
Reason for revert: Some Test failed, need more investigation
Bug: 136199978
Change-Id: Ibad0dad02a6701447c39ddcc805d44c9e68bdcce
This reverts commit c6ca823710.
Reason for revert: Q-GSI on Pie devices would crash kernel.
Bug: 136199978
Change-Id: I16a2cb81a1f21627db0cb00324679a322ba42fe0
Update adb, fastboot and mount point
Bug: 134359158
Test: build and check if system_ext.img can be flashed
Change-Id: I6219f72242c5fe42a508008c0b1fd218d74da5b6
We need vold on early-fs so we can handle userdata checkpointing.
Without this, devices will take an extra minute or two as checkpointing
related vdc calls attempt to reach vold before it is available.
Bug: 134114000
Test: Boot, see vold has started before vdc checkpointing tries to call
out to vold.
Merged-In: Idfdb304503a163fbb91f9317949eb98c06fecce1
Change-Id: Idfdb304503a163fbb91f9317949eb98c06fecce1
We need vold on early-fs so we can handle userdata checkpointing.
Without this, devices will take an extra minute or two as checkpointing
related vdc calls attempt to reach vold before it is available.
Bug: 134114000
Test: Boot, see vold has started before vdc checkpointing tries to call
out to vold.
Change-Id: Idfdb304503a163fbb91f9317949eb98c06fecce1
Without this, binaries can't be run out of /data/local/tmp on a HWASANified
device.
Test: Chromium's /data/local/tmp/md5sum/md5sum_bin works on walleye_hwasan-userdebug
Change-Id: Ieceaab8aae0024864022ca42b38aa36e6212cf31
The old "time zone updates via APK" feature installs time zone data
files in /data. tzdatacheck is run during boot to guard against an
OTA leaving the data in /data older, or in a different format, than the
files that exist elsewhere on device. If such files existed the system
could use old versions of tzdb (and related) data or even end up
unstable.
Soon, the time zone data mainline module will be made "functionally
mandatory" by the removal of most time zone data files from the
runtime module APEX, i.e. the time zone data module cannot be absent,
and the runtime module won't have files to compare against.
This change modifies the command line args for tzdatacheck to reference
the contents of time zone data module instead of the runtime module.
Bug: 132168458
Test: Build / boot / inspect logcat
Change-Id: Iac8023b7cbb72213df344d603c121caa867a196f
There is no reason that rlimits cannot be set earlier than they are,
and apexd-bootstrap may want to set the priority service option, which
would require that these rlimits have been set, so we move these to
the beginning of early-init.
Bug: 134668377
Test: apexd-bootstrap can set the priorty service option
Change-Id: I8040190cd4dc5e141784496ae65cfab80d9cad53
This directory is no longer used. OBB content is
placed in /data/media/$user/Android.
Test: make
Test: manually verify the path doesn't exist.
Bug: 129167772
Change-Id: I8549826586b9a68c8cfa3fe2e51295363f9b4e11
Executable in /data/ runs in default linker namespace, not
classloader namespace.
In Q, we moved libicuuc.so and libicui18n into the runtime
namespace, and allow linking from runtime namespace and classloader
namespace.
This change further allows linking from default namespace, and tries
to fix the regression temporarily.
Bug: 130788466
Test: The app issue is fixed after this CL
Merged-In: Ifae52b554124514e433cfe78875643a7450fbabd
Change-Id: Ifae52b554124514e433cfe78875643a7450fbabd
(cherry picked from commit 0c7edece94)
Permitted paths were empty for ASAN builds with the media namespace.
Bug: 131625115
Test: no dlopen failure on libflacextractor.so in aosp_cf_x86_pasan
Change-Id: I90050fc54820ba68d64931412572f3b0954e6616
Executable in /data/ runs in default linker namespace, not
classloader namespace.
In Q, we moved libicuuc.so and libicui18n into the runtime
namespace, and allow linking from runtime namespace and classloader
namespace.
This change further allows linking from default namespace, and tries
to fix the regression temporarily.
Bug: 130788466
Test: The app issue is fixed after this CL
Change-Id: Ifae52b554124514e433cfe78875643a7450fbabd
We used to start update_verifier after mounting userdata (post-fs-data),
as part of zygote-start. This leads to issues in practice for security
updates, where an A/B device falls back into the old slot (for any
reason, which unrelates to this change) but failing to boot due to
upgraded key blob. It essentially breaks the fallback capability offered
by A/B OTA.
This CL mitigates the issue by starting update_verifier early, before
mounting userdata. This avoids the device from falling back to the old
slot with an already-upgraded key blob. update_verifier loses the
opportunity of verifying _all_ the updated blocks based on the info
that's stored in userdata. Instead it will only trigger the minimal
read to finish the work of marking a successful boot. This is a
trade-off in P to avoid putting the device in a bad state after
fallback, which will be improved in Q by better handling the fallback
path in vold.
Bug: 131176531
Test: Flash and boot crosshatch. Check the start of update_verifier and
it marks a successful boot.
Change-Id: I3f4c4333ff38772a9a93c9d027d497db11de1d63
(cherry picked from commit 79cfc7d5a8)
