-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8epjwAKCRDorT+BmrEO
eGPtAJ4xkVvM0OmK/dZBwdVVDMjKroC/zACaAsDXpFeOe6kT2WhEkvc6MqpfuNQ=
=5OoV
-----END PGP SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgPpdpjxPACTIhnlvYz0GM4BR7FJ
+rYv3jMbfxNKD3JvcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQCn8sR4oKubEOLtjfwngAI9k+KVB6e2XzmS6vwsN1oRV3O7k4oSXLnNH+sHPQXQ6lX
4cqrmxPKTONclXrV4Ggw8=
-----END SSH SIGNATURE-----
Merge tag 'android-15.0.0_r20' into staging/lineage-22.2_merge-android-15.0.0_r20
Android 15.0.0 Release 20 (BP1A.250305.019)
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ8epjwAKCRDorT+BmrEO
# eGPtAJ4xkVvM0OmK/dZBwdVVDMjKroC/zACaAsDXpFeOe6kT2WhEkvc6MqpfuNQ=
# =5OoV
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed Mar 5 03:31:59 2025 EET
# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate]
* tag 'android-15.0.0_r20': (183 commits)
Revert "Define ueventd.rc.recovery"
Define ueventd.rc.recovery
Define init_second_stage.recovery
Define reboot.recovery and watchdogd.recovery
debuggerd: Use libprocessgroup to unfreeze
Define toolbox.recovery
Replace partition-specific toybox make module with soong modules
Start aconfigd socket defined in configinfra mainline module
Update trusty to use secretkeeper hal V1
ashmem: Ensure all memfds have non-executable permissions by default
libsnapshot: Cleanup temp metadata during rollback
libprocessgroup: Remove ramdisk_available from libcgrouprc
libprocessgroup: Remove vendor_ramdisk_available from libcgrouprc
libprocessgroup: Remove recovery_available from libcgrouprc
gatekeeperd_service_fuzzer: Add signal() to handle SIGPIPE
libutils OWNERS for shayba@
Deprecate cc_binary aconfigd and the controlling flag
libprefetch: rename property name
Update comments to point to the new location of event.logtags.
Fix the dm-verity Merkle tree caches to not expire so quickly
...
Conflicts:
init/devices.cpp
Change-Id: I16f4b8b40b74074b087b2fc719cf4a322ccd76cf
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IsswAKCRDorT+BmrEO
eHLxAJ9VFRJgjolHUwxeYIHRrAxp7WFw0wCeIiUvtF763IeQx6Ri6gz3/i1V9mY=
=uE+H
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEHrBYPudH862glXQBzJUERRm+ZmkFAmdYsU0XHG1rYmVzdGFz
QGxpbmVhZ2Vvcy5vcmcACgkQzJUERRm+ZmlzEhAAkyT+qSieZv1roFs6MW0sBnjP
60eSCsj/eVetsK91ExBdm+NPHmpFG1XUcwxxiWzlPweIYA+eaECdoP9qngwxH/fy
7m6lxzVx2C9JbSCRWuBmyFWfsm7l+cjDoO8a5QnummBNobhV6/z680+CPzhsXXp5
wQ8cRYLlZEwSMGlgW5KufhbEQISZK1rxWGcx7C0MwoAZybm0V7bcv9ot9XWVZdBI
0uvpZEAYuLqMTTOxd1HNZBKA+cMmWLE+0ALfydGqdHxTkpDXY17Ek4/R3H7KTcy0
mhp6rLQHMKn/atDUsYGvDp/wGs+PWHl9QPXprwj9g9XBNRaAcw/ANi+I/Gc17Qsc
X/5DeC0ycGBljhjnl7ZoXAPwLyN+tYZi+ekwBs0E4+uQCLG5AMSLGZHGHcZafXB1
s0pR1u85BxC/7CoVB22J5utjsLdJT0G8bIgfyrKVVIA9iIe9zO/rsMN+9kffrQ9W
xPohc1XyVrsQ2b6xk/PyqbAI5mk7+IKKhxhX+Vv2Fczp2OCPuefa1aS1lIv4bZBL
rRPlVyodLWsEqxGNhiCo5Hh24uufJGuBTL2w6Rn5/UkqUkvUQZbsRNTg7WQIfcWh
sNvuNNxpgsilXFJC0/aoLE557MjCWq4eolPLnyrz3yR3jPcAa269bMuiMXKsVeEd
PvjxgQawPY8QkE2woe0=
=R9aC
-----END PGP SIGNATURE-----
Merge tag 'android-15.0.0_r6' into staging/lineage-22.0_merge-android-15.0.0_r6
Android 15.0.0 Release 6 (AP4A.241205.013)
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IsswAKCRDorT+BmrEO
# eHLxAJ9VFRJgjolHUwxeYIHRrAxp7WFw0wCeIiUvtF763IeQx6Ri6gz3/i1V9mY=
# =uE+H
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri Dec 6 00:44:03 2024 EET
# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal]
# gpg: initial-contribution@android.com: Verified 2481 signatures in the past
# 3 years. Encrypted 4 messages in the past 2 years.
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78
# By Akilesh Kailash (13) and others
# Via Automerger Merge Worker (317) and others
* tag 'android-15.0.0_r6': (158 commits)
trusty: storage: proxy: FS_READY property setting on vendor only
Fix the trigger name for loading bpf programs.
start netd earlier
Replace base::RandInt with std::uniform_int_distribution
trusty: keymint: rename trusty_ipc_dev property
Move the `dist` target of `mke2fs` to `build/core/tasks`
Remove define of SA_EXPOSE_TAGBITS.
Add input event profile to mitigate input latency of input threads
Remove usage of base/string/* in libfs_avb
Add getFdStateDebug to access Looper's callbacks
libsnapshot: CHECK -> CHECK_EQ
Mount /mnt/vm earlier
Define linker.config.json as a filegroup
Remove usage of base/logging.h in libfs_avb
debuggerd: recognize jumps to non-executable memory.
Support vendor partition in non-debuggable pVMs
Remind the reader that they'll need to modify CTS too.
Rename system/core/rootdir/Android.mk to create_root_structure.mk
trusty: keymint/gatekeeper: Pass device name from init scripts
Remove unused variable.
...
Conflicts:
fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
fs_mgr/libsnapshot/snapshot.cpp
init/Android.bp
init/fuzzer/Android.bp
Change-Id: I29c07b3ac76940cb2b82726e98d2beb643b3e6e4
This reverts commit 1df3536b95.
Previous land got reverted because of selinux denial, which is
already taken care of in aosp/3314877
Reason for revert: b/349507086
Change-Id: Id642b4d8726c72f324e369d8506c78eacea331e3
We can hold the storage space of one of f2fs multi-device for data
partition, while allowing the space to be used by another purpose.
f2fs will create a sequential and pinned file as a placeholder and it
can be deallocated and returned back to data partition after it is done
with using it. We can create the file, as we define the device with
"exp_alias:" tag in the fstab.
Bug: 336319772
Test: add a device with "exp_alias" tag in fstab
Change-Id: If55730cedd21ec5a40137d2eb723a97df498c9cb
Signed-off-by: Daeho Jeong <daehojeong@google.com>
std::vector<const T> uses std::allocator<const T>, which is an
undocumented libc++ extension to the C++ standard library. The extension
was removed in llvm.org/PR96319. Use an ordinary non-const T instead.
Bug: http://b/349681543
Bug: http://b/375478563
Test: m libfs_mgr
Flag: EXEMPT, refactor to fix build failure
Change-Id: I759526c7507824dca0e2e4f5cb2bf3c58dece1d8
* In recovery we need to be able to edit the block device
after it's been mounted.
This allows, for example, to wipe system after mounting it
Change-Id: Ie536d275643e9d6063bba789e4cd2fa2671fc8fa
F2FS does not support page_size!=block_size configuration, and
dev option devices need to toggle between 4K/16K mode, hence F2FS
requires a data wipe every time page size changes. This is inconveinent,
skip F2FS formatting instead.
The original CL had a bug where `iter->blk_device` is accessed before
checking if `iter` is out of bounds. Fixed by flipping order of two
conditions in an && operator.
Test: th
Bug: 353436188
This reverts commit 642a98e2a7.
Change-Id: I89551f219efc44bad29a190edff5412a5cc67840
F2FS does not support page_size!=block_size configuration, and
dev option devices need to toggle between 4K/16K mode, hence F2FS
requires a data wipe every time page size changes. This is inconveinent,
skip F2FS formatting instead.
Test: th
Bug: 353436188
Change-Id: Ic33dbc39c16db3aee4c47349a9693aacec240de8
This reverts commit 61c07a09e8.
Reason for revert: Likely culprit for b/359414718 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Change-Id: Ie40dcc6d3549183ba146c4ff37edc0d1e57d0cca
Original CL reverted due to missing permission on vold.
The missing permission is added in aosp/3202313 , hence re-submit.
This reverts commit 1f00f794e6.
Reason for revert: b/349507086
Change-Id: Ia1086f3c8c65c476bdc119fe59ed4fd3a21f8591
Mount option "nomblk_io_submit" was deleted from
upstream kernel v3.9 in 36ade451a5d736e61ac8302b64aacc5acb5e440f
and has not reappeared since then.
Now it only generates 'Ignoring removed nomblk_io_submit option'
in the logs
Test: manual
Change-Id: Ie609e7d3d38e808eeede1f1c55435ed027726025
This CL adds a check to ensure that there is enough free space on
the device before creating the zram backing device.
If there is not enough space, the zram backing device will not be
created.
Adding a system property 'ro.zram_backing_device_min_free_mb' to
define the minimum free space reserved for booting.
If the property is not set, skip the available space check.
Bug: 322821637
Bug: 326877642
Test: Fill up userdata, enlarge zram backing device size on next
boot.
Change-Id: I135b4beee2a8a21f8214f6579368a8d0d8792255
If we're partially through setting up metadata encryption, failures
leave the partition in a known bad state, and we can avoid an eventual
boot into recovery by taking the format path.
Bug: 351704691
Test: Inserted debug code to reboot during initial encryption setup
Verified device boots successfully on second attempt
Change-Id: I2d8591fa68ab0656e42b7b12f69001a5897e1a61
This reverts commit c6dfdbb761.
Reason for revert: Likely culprit for b/356319388 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Change-Id: Ibd85b26a02f0278676f330c6825d3cb15eefe3fc
With metadata encryption, if partition is wiped (or) cryptfs failed , it will do format without length which make partition size is grown large to occupy remaining space instead of restricting the Android defined partition size
Bug: 343159184
Test: Add length flag in fstab && fastboot erase userdata && fastboot reboot && df -h /data
Signed-off-by: Ashok Mutyala <quic_amutyala@quicinc.com>
Change-Id: Ifce4b78df5edb899c84a032004895802766cd5cf
This adds a raw partition to /data.
Bug: 336319772
Change-Id: Iaae51452be621a15ccd9c2530dae44f4c8714b2f
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Some testcases assume that /dev/block/by-name/userdata is writable, but
mount_with_alternatives() will mark block device as RO if mount flag
includes MS_RDONLY. Fix it by marking the block device as RW again.
Test: th
Bug: 319156415
Change-Id: Ic04acd4b6175d3f0aeea88675da44309e8df15e8
According to aosp/1908136, the current flow is
1. factory reset formatted raw disk.
2. next boot tries to convert it to metadata encryption
2.a mount sda27
2.b umount sda27
2.c encrypt_inplace()
2.d fsck on dm-x
2.e mount dm-x
If there are some write file operations between 2.a and 2.b, encryption
might fail. To mitigate, change the mount in 2.a to readonly if we know
we are going to do encrypt_inplace.
Test: th
Bug: 313962438
Change-Id: I7f4bbd36e1e6c978dde84f5396ffb90bbbdcae87
Right now there is a bug in second-stage-init that screws up the
overlayfs overrides. This happens because:
1. second-stage-init mount_all might be executed in the "bootstrap"
mount namespace.
2. In order to move (MS_MOVE) submounts in fs_mgr_overlayfs_mount_all(),
we change the mount propagation type of overridden filesystems to
MS_PRIVATE.
3. This means that the "default" mount namespace would not receive the
mount events of the overlayfs overrides.
4. After /data is mounted, init would switch to the "default" namespace.
This means any new processes spawned after this period would not be
able to see the overlayfs overrides.
We fix this by changing the mount order of second-stage-init mount_all
to mount the overlayfs override of a partition immediately after the
partition is mounted. This way we don't need to move any submounts as
there can't be any, thus we don't need to set any mountpoint to
MS_PRIVATE so the mount event of the overlayfs would be propagated to
the "default" mount namespace, too.
Bug: 309407859
Bug: 306124139
Test: adb-remount-test
Test: verify that overlayfs tookover successfully from second-stage-init
Change-Id: If2ff4852516292ccbc7abdeebe0e9a7c1c7ba606
Framework or applications can try to find userdata dm target from "/proc/mounts"
which gives "/dev/block/mapper/userdata".
That causes breaking the assumption in all the places.
Bug: 311165039
Change-Id: I9ea1b4589cdd52021d9807f7240c2e4b6d6d05ef
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Trigger fsck on mount of /data if the value of ro.preventative_fsck is
not equal to the contents of /metadata/vold/preventative_fsck, then set
the file to the property to prevent future runs
See b/305658663 for context
Bug: 305658663
Test: Make sure fsck run after first boot and not after second
Ignore-AOSP-First: Critical UDC only bug
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:6c625e5d2e33bdaed7b9933b237502968c4b16e1)
Merged-In: I856c812d22363cc1d1e8aa88706d4d3b89044f52
Change-Id: I856c812d22363cc1d1e8aa88706d4d3b89044f52
The check result can just return the exact mount flags to use, this
reduces code duplication at the caller's side.
Bug: 293695109
Test: adb-remount-test
Change-Id: I9b5c918968f2494c0c1be3cb8d8e6b527a9c4eb2
"Do not reboot with commit failure when ext4 userdata is wiped" has
caused a regression in cuttlefish on f2fs. Overlay.img rapidly grows to
the full userdata size. This updates that CL to only affect partitions
marked for block based checkpointing.
Test: Boot Cuttlefish, monitor overlay.img for 5 minutes
Bug: 285019395
Change-Id: I7d8634e6535ee1531a0df9fb51c6f9c410cbfe92
BUG : 240098675
Skip Dm-Bow load incase size is not a Multiple of 4096.
Rounding down does not hurt, since ext4 will only use full blocks
Change-Id: Ie4e6634b2c49762e4669e66d94effc91d8e581ca
Signed-off-by: Swapneel Mashalkar <quic_smashalk@quicinc.com>
Allow us to check if check_at_most_once is set for any partitions.
This property should be false for any device with a reasonable amount of
RAM and a modern CPU. Enabling check_at_most_once violates AVB best
practices, it should only be allowed on performance limited devices.
Bug: 253033920
Test: Ensure that avbHashtreeNotUsingSha1 CTS test still passes
and that partition.system.verified.check_at_most_once is set.
Change-Id: I8174adf81111cc0df547ea01f81b0dfaca32631f
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
* Categorize functions in fs_mgr_overlayfs.h into three classes:
- Type 1: common and non-critical utilities.
- Type 2: internal routines for facilitating remount.
- Type 3: external entry points for users of fs_mgr_overlayfs, like
fs_mgr_overlayfs_mount_all().
* Move type 1 to common utils header fs_mgr_priv.h & fs_mgr.cpp.
* Move type 2 to new private header fs_mgr_priv_overlayfs.h.
* Keep type 3 in fs_mgr_overlayfs.h.
* Move set-verity-state.cpp under fs_mgr so it can include
fs_mgr_priv_overlayfs.h. File is reformatted as a result. We should
eventually merge and dedup set-verity-state and fs_mgr_remount.
* Add myself to OWNERS for remount-related maintenance work.
Bug: 241179247
Bug: 241688845
Test: Full build -user and -userdebug build.
Test: Presubmit
Test: Treehugger run v2/android-gki/adb_remount
Change-Id: Id5fd0e2b12c693939d712a586dd553cc4d8bfeb1
mount_with_alternatives() supports mounting any of the
consecutive fstab entries. Some log messages shouldn't
be treated as error so changing log level to INFO instead.
Bug: 245468764
Test: TreeHugger
Change-Id: I94a18d4cf91ee5bb58cf5ba5f853a0e6599071d1
If next same mount point also is logical partition, but its blk_device
is not updated yet and still is logical partition name not a mapper
device (/dev/block/dm-X) to cause mount failed.
To support the below fstab configs in fstab.postinstall.
system /postinstall ext4 ro,nosuid,nodev,noexec slotselect_other,logical
system /postinstall erofs ro,nosuid,nodev,noexec slotselect_other,logical
Error logs:
system_b: Can't open blockdev
init: [libfs_mgr]__mount(source=system_b(missing),target=/postinstall,type=erofs)=-1: No such file or directory
Bug: b/241716684
Test: After factory device reset, ensure system_b is mounted as EROFS
Change-Id: I02f20f3dfd8c42be9981915eaff88a5948482724
Include EXT4_FEATURE_COMPAT_STABLE_INODES feature
flag from system/extra.
Test: m
Test: mmma system/core
Signed-off-by: jiajia tang <tangjiajia@xiaomi.com>
Change-Id: I85f4a1c66cdfb37246808d58ca6315861daafe83
