Current AVB flow in fs_mgr doesn't allow verification error even if the
device is unlocked. This makes first stage mount fail when the device
is flashed with a different-sized boot.img because there is verification
error (HASH_MISMATCH) for the boot partition.
Fix this by allowing verification error only when the device is
unlocked. Whether to enable dm-verity for HASHTREE partitions is still
controlled by the HASHTREE_DISABLED flag in the top-level vbmeta.
Bug: 37985430
Test: First stage mount /vendor with AVB on a device.
Check dm-verity is enabled on /vendor.
Test: Unlock device, flash a different-sized boot.img. Boot device and check
dm-verity is still enabled on /vendor.
Test: First stage mount /vendor with AVB on a device with HASHTREE_DISABLED
is set on the top-level vbmeta, check dm-verity is not enable on /vendor.
Change-Id: I709431bc1c37e4f86133d171cee8e90621cdb857
Merged-In: I709431bc1c37e4f86133d171cee8e90621cdb857
(cherry picked from commit 1140954877)
- It was using blk dev name from fstab and quota / super block check was always
failing for FDE
bug: 37913441
Test: reboot and confirm quota
(cherry picked from commit 9519688411)
Change-Id: Id5613387924d3a8d9ed4486113654aed89184af9
`buffer` may not be correctly aligned here. Assignment assumes correct
alignment and so then blows up on arm32.
Bug: b/37920153
Test: build, boot device
Change-Id: I23ef7c7f1d1511fd912b9485bba955db59e33832
(cherry pick from commit 4599627492)
Invent keyutils.h to supply capability to set session keyring.
The keyring will hold things like the FBE encryption keys.
Test: gTest logd-unit-tests --gtest_filter=logd.statistics (from master)
Bug: 37751120
Bug: 36645158
Change-Id: Ieb44fa8f53dda6cf506a6243498c72d7f7f3cde7
It has been reported that fs_mgr failed to open /dev/device-mapper
during the first stage mount. It's because other uevent (e.g., i2c
charger device) happens to be sent at the same time we're triggering
the device-mapper uevent to be sent. Current implementation returns
COLDBOOT_STOP unconditionally so it will only process the first received
uevent, leaving device-mapper uevent unhandled when the race happens.
Fix this by only returning COLDBOOT_STOP when the received uevent->path
matches that of device mapper.
Bug: 37745254
Test: first stage mount /vendor with vboot 2.0 (avb) on bullhead
Test: first stage mount /vendor with vboot 1.0 on sailfish
Change-Id: I4a77093ec8f90a5ca981a088f34d082d0270533b
Merged-In: I4a77093ec8f90a5ca981a088f34d082d0270533b
(cherry picked from commit ea5fca4cd0)
"libcutils: fs_config.c mark vendor, odm and oem partitions in duplicate"
Revert just the wifi hardware part.
This partially wqreverts commit fde19425f3.
b/37921982
Test: netflix, play movies, youtube
Change-Id: I1a47b66dbc2a74270eb4ef75c3a5b55624c2013d
The previous fix was taking account just the progress reported by dumpstate,
not progress/percentage. As such, it was not detecting the cases where the
percentage decreased but the progress didn't.
Bug: 37878670
Test: m -j32 adb_test && ./out/host/linux-x86/nativetest64/adb_test/adb_test --gtest_filter=BugreportTest.*
Change-Id: I5830028f3191a9b17f63aeed5c049b29fa7d1179
(cherry picked from commit 4cc03611cd)
In a A/B device, system partition is mounted by kernel as root.
In vboot 1.0, the dm device name of system partition is "system" with
the following configuration in kernel command line:
- dm="system none ro,0 1 android-verity /dev/sda34"
In AVB, the dm device name is switched to vroot as:
- dm="1 vroot none ro 1,0 5201456 verity 1 ..."
When sending ioctl DM_TABLE_STATUS to query status, we should use "vroot" as the
dm device name for AVB. But still pass "system" for the callback function to set
property [partition.system.verified] instead of [partition.vroot.verified].
Bug: 36900078
Test: Use AVB to mount system in a A/B device, checks the property exists
[partition.system.verified]
Test: Use vboot 1.0 to mount system in a A/B device, checks the property exists
[partition.system.verified]
Test: Checks 'adb remount' will output warning message:
- dm_verity is enabled on the system and vendor partitions.
- Use "adb disable-verity" to disable verity.
Change-Id: Iaee7eb2b00b03729bc07fa24f1b449488716d2ea
Merged-In: Iaee7eb2b00b03729bc07fa24f1b449488716d2ea
(cherry picked from commit 48fdc292f9)
In N we moved some code from C to C++ without realizing that EVP_EncodedLength
includes space for a terminating NUL and EVP_EncodeBlock writes one. Because
our key reading code copes with the NUL, we never noticed.
Distinguish between the required space returned by EVP_EncodedLength and the
actual number of bytes (not including NUL) used return by EVP_EncodeBlock.
Bug: http://b/36187819
Test: hexdump of ~/.android/adbkey.pub
(cherry picked from commit 0b771b33fd)
Change-Id: I6e16b8d48d097b4054417c1d1a225bf7ece985b9
(cherry picked from commit f0b53d0726)
(added "system/vendor/bin/hostapd" to list)
Cover both direct and symlink indirect paths to the referenced
files in the vendor, odm and oem partitions.
Test: compile and hand-verify properties
Bug: 37703469
Change-Id: I5b3a887e904baee2ac193ac4a73aaaee0bbfdb9f
Add unit test to ensure all POD types of Service are initialized.
Bug: 37855222
Test: Ensure bugreport is triggered via keychord properly.
Test: New unit tests
Merged-In: If2cfea15a74ab417a7b909a60c264cb8eb990de7
Change-Id: If2cfea15a74ab417a7b909a60c264cb8eb990de7
(cherry picked from commit 7da548578c)
The enum is being introduced into libnativewindow, but back ported here
since window-deprecated.h is still being depended by other system
componenets.
Bug: 35726763
Test: videoplayer-nodrm-protected.apk and videoplayer-drm-protected.apk
both works.
Change-Id: I9298ff9b1ddd7f868e59db41e1a84e2cdd3d02b5
* changes:
init: fix first stage mount failure when two fstab entries have verity_loc
init: set ro.boot.avb_version in recovery mode
init: moving early mount logic into init_first_stage.cpp
See build/soong/README.md for more information.
Test: m -j checkbuild
Bug: 37567578
cherry picked from cafe889aa8
Merged-In: Ia11dffde6fc4d89be6ee651be06b48131c877dc0
Change-Id: Ia11dffde6fc4d89be6ee651be06b48131c877dc0
- allows easier tracking of wait time from monitoring tools
- this change also reduces unnecessary log spam
- service exit log looks like this:
init: Service 'exec 4 (/system/bin/otapreopt_slot)' (pid 611) exited with status 0 waiting took 0.060771 seconds
bug: 37752410
Test: reboot and check log
(cherry picked from commit 4de31e1481)
Change-Id: Icb83a6a23b45ebd9b4c9d86ee37df8ee3d6e790a
Applications can set abort messages via android_set_abort_message
without actually aborting. This leads to following non-fatal dumps
printing their output to logcat in the same format as a regular crash.
Bug: http://b/37754992
Test: debuggerd_test
Change-Id: I9c5e942984dfda36448860202b0ff1c2950bdd07
(cherry picked from commit e06f2a4886)
This got moved when refactoring the reboot commands.
Bug: 37540660
Test: verify bullhead's last_reboot_reason is correct
Change-Id: I3b86496fc469ca41645df7e7ba8bb51dd25b6b38
(cherry picked from commit 47336cebc3)
- Test data shows that most shutdown finishes in 6 secs.
- The original 10 secs is too long wih no shutdown animation
running in screen.
bug: 36657139
Test: check time with reboot
(cherry picked from commit 7feab68238)
Change-Id: I2e0ec81baa7b6cdb1ff0163c16f643c2549d74ab
- init will only keep animation related services as shutdown critical.
- external component like system server can start shutdown animation.
bug: 37500823
Test: reboot
(cherry picked from commit e2b04b71ae)
Change-Id: I9a0432148887557b705d6b8bbe35f5fb1ffad5b9
The Bluetooth HAL has threads that process Bluetooth audio. They need
to be scheduled as RT priority, so allow the Bluetooth HAL to set its
threads to RT scheduling.
Bug 37518404
Test: play Bluetooth audio, confirm priority via systrace
Merged-In: I4928cf182a0805c0714e4d073cba15c864fbe328
Change-Id: I4928cf182a0805c0714e4d073cba15c864fbe328
(cherry picked from commit e08303d8cf)
The previous check is incorrect because it compares the basename of
previous verity_loc with the full path of current verity_loc.
Changes it to compare the full device file path instead of just the basename
of verity_loc. This can catch the case of two different verity_loc
values with the same basename, e.g.,
- verify=/dev/block/platform/SOC.0/by-name/metadata
- verify=/dev/block/platform/SOC.1/by-name/metadata
Bug: 37413399
Bug: 37619597
Test: first stage mount /system and /vendor with the following fs_mgr_flags on bullhead
- wait,verify=/dev/block/platform/soc.0/f9824900.sdhci/by-name/metadataa
Test: first stage mount /system and /vendor with different verity_loc values
on bullhead, checks it bails out
Change-Id: I017c8bd9f0790d45e08e57df9a2878e4f62c5f9c
Merged-In: I017c8bd9f0790d45e08e57df9a2878e4f62c5f9c
(cherry picked from commit 71881fffd6)
VNDK-SP is relocated back to /system partition from /vendor partition,
following the original design.
In addition, the namespace for RenderScript is added. The namespace is
dedicated for loading VNDK-SP libs for RenderScript such as
libRS_internal.so. The reason for having a separate namespace is that
RenderScript requires more permitted paths (/data/*) which should not be
allowed for normal SP-HALs.
Bug: 37522144
Bug: 37550338
Test: sailfish builds and boots well
Test: lsof shows VNDK-SP libs are loaded from /system/lib/vndk-sp
Test: RenderScript app (CameraScript) runs well
Change-Id: Id139f626cafae2e43ee4eefc5a57a204e31bbbc9
Currently zygote is started early for FBE device but update_verifier is run later
which creates a potential risk. This CL ensures update_verifier run before
zygote touches anything within data/ partition. With this change, we also start zygote
early for unencrypted/unsupported encryption state device.
Bug: 37543411
Test: marlin boots
(cherry picked from commit 5dc05effec)
Change-Id: I97cde0c20f74b1b17c995d84c2e31c86fe006395
Previously we set ro.boot.avb_version during the first stage mount in normal mode:
- https://android-review.googlesource.com/#/c/371774/
As the first stage mount is not performed in recovery mode, we need to set the
property separately in recovery mode.
Bug: 37414003
Test: first stage mount /vendor with vboot 2.0 (avb) on bullhead in normal mode
Test: first stage mount /system without verity on bullhead in normal mode
Test: checks ro.boot.avb_version is 1.0 on bullhead in recovery mode
Test: first mount /vendor with with vboot 1.0 on sailfish in normal mode
Test: checks ro.boot.avb_version doesn't exist on sailfish in recovery mode
Change-Id: I262e75b8b557c4de7609b4049ccb01793644245e
Merged-In: I262e75b8b557c4de7609b4049ccb01793644245e
(cherry picked from commit fd18a452be)
Also renames "early mount" to "first stage mount" to prevent confusion
with "mount_all --early", which is run in the init second stage.
Also creates a base class: FirstStageMount and two derived classes:
FirstStageMountVBootV1 and FirstStageMountVBootV2 to replace/refactor
existing functions:
- early_mount() -> DoFirstStageMount() and FirstStageMount::DoFirstStageMount()
- vboot_1_0_early_partitions -> FirstStageMountVBootV1::GetRequiredDevices()
- vboot_2_0_early_partitions -> FirstStageMountVBootV2::GetRequiredDevices()
- vboot_1_0_mount_partitions ->
FirstStageMount::MountPartitions() and
FirstStageMountVBootV1::SetUpDmVerity()
- vboot_2_0_mount_partitions ->
FirstStageMount::MountPartitions() and
FirstStageMountVBootV2::SetUpDmVerity()
Bug: 37413399
Test: first stage mount /vendor with vboot 2.0 (avb) on bullhead
Test: first stage mount /system with without verity on bullhead
Test: first stage mount /vendor with vboot 1.0 on sailfish
Change-Id: I6584bdf7d832c9fbc8740f97c9b8b94e68a90783
Merged-In: I6584bdf7d832c9fbc8740f97c9b8b94e68a90783
(cherry picked from commit d262017fef)
Add asan counterparts.
Bug: 37579959
Test: m && m SANITIZE_TARGET=address
Merged-in: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
Change-Id: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
persist.sys.usb.config values can't be combined on build-time when
property files are split into each partition.
So we need to apply the same rule of
build/make/tools/post_process_props.py on runtime.
Test: building succeeded and tested on sailfish.
Bug: 37617113
Bug: 37648659
Merged-In: If1e4279f05d74eccf5ce23eef41a466b7d8e3bde
Merged-In: I1e5ad9da360bfb3cb4970e12a76522fd0a5126b8
Change-Id: I78cdffee446d3ae6a89f138faed5f3149e4b507d
(cherry picked from commit 0cf3a07e14)
