These reserved blocks used to root or claim to CAP_SYS_RESOURCES process.
Change-Id: I4893bdb08399bf31a7640d4a63f4952cd636576f
Merged-In: I4893bdb08399bf31a7640d4a63f4952cd636576f
Signed-off-by: liminghao <liminghao@xiaomi.com>
With this option the fstab can include a parameter for zram
the enables more streams for kernels that does not have
dynamic stream task handling.
Test: Made sure max_comp_streams is set according to fstab.
Change-Id: I22e158a075a8a86b4e80d3b13989896929c0d223
This allows a remount to be performed on partitions which have been
verified at boot, without causing the verity service to complain of
"corrupted" blocks that could have been modified as a result of a
remount (while the verity checksum remained unchanged).
Bug: 32638755
Change-Id: I77cf7dd20ee5c5f5dac80f73f292e32583fe5906
Pointer from strdup is lost hence triggers mem leak warning from
clang, since ptr returned from basename may not point to start of
duplicated string any more.
Switch to use gnu version of basename which doesn't modify input
string so that strdup is no longer necessary.
Bug: 27126348
Change-Id: Iadb5cf343437a1e27e588ee067b084897633ea07
Merged-In: I937a68c01c223230932c932bffdd35da6503c3c4
Running dm-verity on heavily accessed partitions leads to performance
slowdowns, especially on low-RAM and slow-CPU devices.
This patch introduces a flag to allow an entire verified partition to be
read once at boot, to check for corruptions. If the reads are
successful, we can mount the partition as raw & read-only, and if not,
we can revert to mounting it as a verity partition, just like before.
Usage of this flag will entail a slowdown of time-to-boot, but should
lead to improvements in runtime performance.
Bug: 32433608
Change-Id: I97717683a00ad6fa347e63b72b1a9bf1d2946315
This will make it possible to start some key services before mounting
data partition
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
(cherry picked from commit abfbec342f)
This will make it possible to start some key services before mounting
data partition
(cherry picked from commit abfbec342f)
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
This will make it possible to start some key services before mounting
data partition
(cherry picked from commit abfbec342f)
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
Right now these two partitions are mounted in the fs stage of the init
process. As a result, many vendor/ODM files needed earlier in the boot
process (e.g., init.<hardware>.rc, fstab.<hardware>.rc,
uevent.<hardware>.rc, SELinux policy files etc) can only live on the root
partition.
To prevent vendors/ODMs from polluting the root partition, this patch makes
it possible to mount the vendor and ODM partitions in the first stage of the
init process. The fstab info of both partitions to be mounted early is
composed from new kernel cmdline arguments android.early.prefix and
android.early.fstab.
For example, with:
android.early.prefix=/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/
android.early.fstab=mmcblk0p10+/odm+ext4+ro+verify\nmmcblk0p09+/vendor+ext4+ro+verify
the final fstab string will be:
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p10 /odm ext4 ro verify
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p09 /vendor ext4 ro verify
The android.early.prefix is optional. When it is missing, the final fstab
string will be directly converted from android.early.fstab.
This patch also makes sure that the early mounted partitions are dm-verity
enabled so that they are trust worthy to store system files.
BUG=27805372
Change-Id: I3cf32482a5ec65445ba3aedab2164c7ba8f12694
* Use const reference type for for-loop index variables
to avoid unnecessary copy.
Bug: 30413223
Change-Id: I5514384ef3af77c00aa3e8417acd8d70981e0afb
Test: build with WITH_TIDY=1
I'll come back and remove klog_init when I've removed other calls to it.
Change-Id: Iad7fd26d853b4ddc54e9abd44516b6f138cbbfcb
Test: booted N9, looked at "adb shell dmesg" output.
Use the correct device name when system is mounted as root, and
validate dm-verity status to avoid confusing it with dm-linear.
Bug: 29277442
Change-Id: I36e115189f9a9430bad4bf89f26a376bcb8e8168
If signature verification fails and we have an error corrected
signature available, attempt to verify that instead.
Needs changes from
Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19
Bug: 28943429
Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d
(cherry picked from commit 830126637a)
This fixes a bug introduced by
https://android-review.googlesource.com/#/c/212781/ which would make
fs_mgr crash when hitting one of the error paths.
Bug: 28585197
Change-Id: I40e6612e2eb3e6f584e70c608afc6d4378d73c4f
If signature verification fails and we have an error corrected
signature available, attempt to verify that instead.
Needs changes from
Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19
Bug: 28943429
Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d
