/init.${ro.hardware}.rc would sometime rely on being parsed before other
.rc files. In this case all vendors are still able to have a .rc file
included before all the ones in /vendor/etc/init.
Bug: 38301110
Change-Id: I3fb6df13a39204a516874ea94f5e5ad84bca42c6
Exteded vndk-sp should go to /vendor/lib/vndk-sp.
Bug: 37940694
Test: sailfish builds and boots
Test: manually copying a lib from /system/lib/vndk-sp to
/vendor/lib/vndk-sp. Check that the copied one in /vendor partition is
loaded instead of the original one.
Change-Id: Ia5dd6f35bd31d4a20a794bec148e1fc3c6d7b72b
libvndksupport.so is a new member of ll-ndk.
Bug: 37323945
Test: sailfish builds and boots
Merged-In: Ic5db48292a30a6face7f263d939f27a0760240b1
Change-Id: Ic5db48292a30a6face7f263d939f27a0760240b1
(cherry picked from commit 7000859b7c)
libbacktrace and its dependents are now VNDK-SP. Since they are in
/vendor/lib/vndk-sp directory, they are accessible directly from the
vndk namespace. Therefore, libbacktrace is removed from the exported
shared libs list of the default namespace.
Bug: 37413104
Test: sailfish builds and boots
Merged-In: I137c17d55940b783eab6d0125bc4d26b96bcc2f2
Change-Id: I137c17d55940b783eab6d0125bc4d26b96bcc2f2
(cherry picked from commit b2a4b8cd18)
This reverts commit 6ed19d1675.
Allow devices to decide for themselves whether to allow
module loading after boot.
Bug: 38204366
Test: boot sailfish, load a kernel module
Change-Id: Ib9e77381de9003fb5160463664015a95316ddfc5
VNDK-SP is relocated back to /system partition from /vendor partition,
following the original design.
In addition, the namespace for RenderScript is added. The namespace is
dedicated for loading VNDK-SP libs for RenderScript such as
libRS_internal.so. The reason for having a separate namespace is that
RenderScript requires more permitted paths (/data/*) which should not be
allowed for normal SP-HALs.
Bug: 37522144
Bug: 37550338
Test: sailfish builds and boots well
Test: lsof shows VNDK-SP libs are loaded from /system/lib/vndk-sp
Test: RenderScript app (CameraScript) runs well
Change-Id: Id139f626cafae2e43ee4eefc5a57a204e31bbbc9
Currently zygote is started early for FBE device but update_verifier is run later
which creates a potential risk. This CL ensures update_verifier run before
zygote touches anything within data/ partition. With this change, we also start zygote
early for unencrypted/unsupported encryption state device.
Bug: 37543411
Test: marlin boots
(cherry picked from commit 5dc05effec)
Change-Id: I97cde0c20f74b1b17c995d84c2e31c86fe006395
Add asan counterparts.
Bug: 37579959
Test: m && m SANITIZE_TARGET=address
Merged-in: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
Change-Id: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
- late start of zygote_secondary leads into occasional
1 second wait for starting system service.
- Early start secondary zygote so that there is no additional
wait.
bug: 37508384
Test: python packages/services/Car/tools/bootanalyze/bootanalyze.py -r -c packages/services/Car/tools/bootanalyze/config.yaml -n 100 -f -e 16 -w 30
(cherry picked from commit f8532445b4)
Change-Id: Ia46b07f3d6abb090cc169ebd807e21b16694d172
(cherry pick from commit 3510359a3c)
ro.logd.kernel, ro.config.low_ram, ro.logd.timestamp and ro.debuggable
need to be retrieved prior to logd start in order for the service to
behave in a configured manner. Other essential services are also
dependent on these system properties as well, so it just makes sense
to pick them all up first in 'on fs'.
Test: smoke test
Bug: 37425809
Change-Id: I33ad185f397ee527ed3c84cc2bcb40ff8ca785b5
Currently if a process sets the sys.powerctl property, init adds this
property change into the event queue, just like any other property.
The actual logic to shutdown the device is not executed until init
gets to the action associated with the property change.
This is bad for multiple reasons, but explicitly causes deadlock in
the follow scenario:
A service is started with `exec` or `exec_start`
The same service sets sys.powerctl indicating to the system to
shutdown
The same service then waits infinitely
In this case, init doesn't process any further commands until the exec
service completes, including the command to reboot the device.
This change causes init to immediately handle sys.powerctl and reboot
the device regardless of the state of the event queue, wait for exec,
or wait for property conditions.
Bug: 37209359
Bug: 37415192
Test: Init reboots normally
Test: Update verifier can reboot the system
Change-Id: Iff2295aed970840f47e56c4bacc93001b791fa35
(cherry picked from commit 98ad32a967)
libui.so is not used by SP-HALs, so it is removed from the list of libs
exposed from the default namespace.
Also, this fixes a warning message "property value is empty" caused by
the automatically removed trailing '/' for the section 'legacy'. Since
the legacy behavior is already implemented by the linker itself, the
behavior doesn't need to specified in ld.config.txt.
Test: marlin/sailfish boots
Test: no warning message is shown
Change-Id: Ib679794d63b01c6794663dc88f1ab7e72cfb11d3
Starting zygote early requires cpuset to be initialized to all cores for
foreground cpuset. Change to expolit all cores by default at boot and
let device manufacturers override to proper values in device specific
init script.
Bug: 36576280
Test: marlin boot fast and checked cpuset during early boot
Change-Id: I2c1ce0630e58a7b04d1a453c6740d3f0bce9de9f
(cherry picked from commit 2e83b86a8a)
Now, framework process (any process that is executing /system/bin/* or
/system/xbin/*) are started with three namespaces; default, sphal and
vndk.
default namespace is the namespace that is responsible for loading libs
from /system/lib. It can't load libs from other places such as
/vendor/lib. (However, we temporarily open the path since we haven't
finished the system partition cleanup, but will do eventually).
sphal namespace is the namespace where SP-HAL (Same-process HAL) is
loaded. SP-HAL are the only vendor libraries that are allowed to be
loaded inside framework processes. libEGL_<chipset>.so and
android.hardware.graphics.mapper@2.0-impl.so, etc are SP-HALs. When
framework needs to load those SP-HALs, it explicitly loads it from this
namespace using android_get_exported_namespace() and
android_dlopen_ext().
vndk namespace is the namespace for loading vndk-sp (Vendor-NDK for
Same-Process) libs, which is a small set of framework libraries that
SP-HALs can link against. These libraries are compiled for the same
version of Android that the vendor partition is compiled against.
SP-HALs can not use libraries other than vndk-sp and ndk libs.
Membership to vndk-sp and ndk are strictly closed.
Note that in a system, there are two copies of vndk-sp libs. One at
/system/lib and the other at /vendor/lib/vndk-sp. As a result, there can
be two instances of a same library in a process.
Also adds ld.config.legacy.txt which is used on non-Treble devices where
PRODUCT_FULL_TREBLE is not set to true.
Note, this split can be cleaned up further after b/37139976 is solved.
Bug: 34407260
Test: git diff HEAD:rootdir/etc/ld.config.legacy.txt
HEAD^:rootdir/etc/ld.config.txt => 0
Test: sailfish boots (because BOARD_VNDK_VERSION is not set to
'current')
Change-Id: I8331d94edc38f22c4f8abc66cdf2050af9d0605b
With the binder traffic of composer moved to vndbinder,
vndservicemanager is needed to be started early to get bootanim
displayed quickly.
Also servicemanager is required to be start early to support early
bootanim and sufaceflinger.
Bug: 37306311
Test: bootanim regression fixed
Change-Id: Ice1e05bdb3fe4e67a63a49f1db8afdb018c7b61b
This CL disables module loading by writing 1 to
/proc/sys/kernel/modules_disabled when the property sys.boot_completed
is set to 1 by ActivityManagerService (at the broadcast of
PHASE_BOOT_COMPLETED).
Bug: 36515654
Test: tested on sailfish and verified that module loading is disabled in
userdebug and enabled in eng mode
Change-Id: Id38d34a6395966ab21e440614337c0cfca791ad0
The class early_hal is essentially for the keymaster hal which needs
to be up before vold tries to unlock a storage encryption key (FDE or
FBE). The current position is too early in the boot process, because
on devices with legacy HAL the wrapper service uses system properties
to find the legacy HAL.
This patch moves the start of the early_hal class to the late-fs trigger
action which runs right after the system property action.
Test: Manually tested and update tested on bullhead, sailfish, and
another device.
Bug: 35764921
Change-Id: I34b45b85f8450e9ef18861535fdb2ee963df8c9b
This class is used to start hals which are required in order to mount
data (for instance keymaster).
Test: works to start early_hal in internal
Bug: 36278706
Change-Id: If06908135e59b187683d8cf4cc4a00b490559081
(cherry picked from commit 5d56bad4bd)
This reverts commit 5011270225.
Now starting even earlier.
Reason for revert: Needed change, reverted b/c broken device.
Bug: 36278706
Test: original DOA device boots
Test: angler, bullhead, fugu, marlin, ryu
Test: all these devices boot with wipe
Test: all these devices boot with w/o wipe
Test: lshal shows all included services
Change-Id: Ic639aedf7834b1bd3a26d23d109727f5559317e9
Vendor owns /data/vendor.
HAL data must go in /data/vendor/hardware/.
Bug: 34980020
Test: build and boot AOSP Marlin. Observe /data/vendor and
/data/vendor/hardware exist and are empty.
Change-Id: I6fe96e3c76a10a5eb480ba10e10d4d006de56c12
Also start hals where hwservicemanager was started before.
Bug: 36278706
Test: internal marlin+angler boots
Change-Id: Ia55d2ef747fcbd086a09e1bb856824b14343118b
We have seen cases when threads in this cgroup not scheduled for more than
a few seconds in heavy workload situation and causing device freeze.
In Linux, multiple threads placed in ROOT cgroup cause the CPU resource to
be split per thread, rather than per group.
Currently we have many threads in ROOT cgroup, which makes threads in
bg_non_interactive cgroup to have "tiny" CPU resource other than 5%
quota defined.
Bug: 34193533
Test: on marlin
Change-Id: I7721f6196560fbedf6265e8b6db130cec9edefd7
This file describes how loader should set up
default namespace for different kind of binaries.
Note that vendor and some of system binaries are
not yet ready for this config to be enabled - they
rely on libraries they shouldn't be relying upon.
Bug: http://b/30435785
Test: m
Change-Id: I7d5853a6b55db169be1dc2c38cc682711bf7f7f5
Motivation:
1. Reduce skew between userdebug and user builds.
2. Make the decision to mount debugfs on debug builds on a
per-device basis.
3. Prepare to not mount it at all to reduce the attack surface
of the kernel, reduce boot time, and free up memory.
4. Remove the selinux denial on devices that mount twice, i.e.
unconditionally in the device specific .rc file and in the
init-debug.rc file.
avc: denied { mounton } for path="/sys/kernel/debug" dev="debugfs"
ino=1 scontext=u:r:init:s0 tcontext=u:object_r:debugfs:s0
tclass=dir permissive=0
If desired, debugfs may be mounted in device specific rc files
instead.
Bug: 31856701
Bug: 35197529
Test: Build and boot Marlin. Selinux denial no longer observed.
Change-Id: Ie0d954f77f7cf70ed2b94f67a57a6c9eba45ba8e
