To aid in debugging if there are failures.
Bug: 137267623
Test: add prints to boringssl_self_test and see them
Test: add failure prints to the linker and see them before
boringssl_self_test runs
Change-Id: I89d50c6a46df994d6ea1fadf00e3a8a796043234
Execute mkdir -p /mnt/pass_through/0/emulated
and bootstrap the emulated volume for user 0.
The 'pass_through' paths allow us bind mount the lower
filesystem directly into /storage, bypassing any sdcardfs
of FUSE mounts.
This change is part of enabling upcoming platform changes that are
described in the bug linked below.
Bug: 135341433
Test: builds, boots and pass through directories are created
Change-Id: I46ce207d06a1ec550b8bacac259387371fc0b841
If this check fails and an OTA or mainline module update has recently
happened, we want to rollback the recent change. The easiest way to
handle this is to reboot, which will trigger the fallback mechanisms
that are already in place.
Bug: 141082587
Test: device reboots if self test fails
Test: device rolls back a recently applied OTA with failing self test
Test: device rolls back a recently applied conscrypt apex update with
failing self test
Change-Id: Iff879deff09d347262dc7a2acadb9164a5029d4a
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
is different each time, adb created files in directory.
Change-Id: I44f746acd1040f7baa9123d4824ba39b194f287b
libcrypto performs a self test when it is loaded, unless
a marker file /dev/boringssl/selftest/[hash] exists which
indicates that the self test has already successfully
completed since the last time the device was booted.
Before this CL topic, libcrypto attempted to create the
marker file when the self test successfully completed.
On Android, dedicated boringssl_self_test{32,64} binaries
are run early during boot and are the only binaries
(apart from init and vendor_int) that have permission to
create these files.
Another CL in this topic stops the boringssl self test
creating a marker file unless the environment variable
BORINGSSL_SELF_TEST_CREATE_FLAG is set to a nonempty value.
This CL sets that value to "true" when running the dedicated
self test binaries, but not for other binaries. This has
the effect that other binaries that run the self test
early during boot (before the dedicated self test binaries
have created the marker files) and which run the self test
will no longer attempt to create the marker file, which
SELinux would have denied anyway.
Bug: 137267623
Test: Treehugger
Change-Id: I99317df1a8c3496d33ae83f9ec346782b2286ac9
This replaces the recently added `exec_reboot_on_failure` builtin, since
it'll be cleaner to extend service definitions than extending `exec`.
This is in line with what we decided when adding `exec_start` instead
of extending `exec` to add parameters for priority.
Test: `exec_start` a service with a reboot_on_failure option and watch
the system reboot appropriately when the service is not found and when
the service terminates with a non-zero exit code.
Change-Id: I332bf9839fa94840d159a810c4a6ba2522189d0b
This should ensure that the self tests run before any other binaries
that load libcrypto and which would otherwise run into SELinux denials
trying to create the marker file /dev/boringssl/selftest/[hash]
The invocation of the self test binaries from the Conscrypt apex
requires the apex to be mounted so it remains at a later point in
the boot process.
Bug: 137267623
Test: Treehugger
Change-Id: I34266d6e9d2f394fffa8a2c7725479b5770d119c
The accidental trailing ':' appears to stop the line
triggering.
Bug: 137267623
Test: Checked the /system/bin/boringssl_self_test32
now runs on aosp_cf_x86_phone-userdebug
Change-Id: I7b4b1d6b838d8d1a7a0db7f104a94b34962df030
vold is already started during early-fs which happens before
post-fs-data.
Trying to start it again in post-fs-data is a little bit confusing.
Test: device boots
Change-Id: I5faefe6d1f1bb7472ea3d032b1f157c69da565f1
Instead of init.cpp knowning about the boringssl self
test, use init.rc to exec dedicated self test executables.
Advantages:
- The self test is run not only both the copy of libcrypto
in /system but also /apex/com.android.conscrypt.
- The self test is run not only for the primary (e.g. 64bit)
ABI but also for a secondarry (e.g. 32bit) ABI.
- The dependency on libcrypto is kept to the self test binary.
- The self test binary abstracts the exact native API for
running the self test (this will change soon because the
self test will be run when the library is loaded).
Bug: 137267623
Test: Check that logcat shows both binaries being started as root,
and finishing with exit code 0.
Change-Id: I1e716749ee2133993f0f7b2836483391fd1a62f0
Start the serial console at the 'init' trigger instead of much later
when property triggers happen. This will help debugging early boot
issues.
Test: serial console starts early for a userdebug build
Test: serial console still doesn't start on a user build
Change-Id: I7112a8e7171c9fa865c8787c9a3d14515bc59478
Init sets the encryption policy on these directores when created.
Bug: b/139193659
Test: Boot device without this, then try to boot with it without wiping.
Cherrypicked-From: 7bf42f148a
Change-Id: I6b26710674b51d62fa4a07b06e06c539571fb7ac
Merged-In: I6b26710674b51d62fa4a07b06e06c539571fb7ac
This directory is intended to be used by boringssl
(through the bssl_self_test{,64} binaries) to create /
check for the existence of marker files indicating that
the self test has successfully run.
It appears that because this is an .rc script for init
rather than a shell,
mkdir -p /dev/boringssl/selftest 0755 root root
wouldn't work.
Bug: 139348610
Bug: 136262690
Test: Checked that after booting, /dev/boringssl/selftest
exists:
$ su root ls -l /dev/boringssl
total 0
drwxr-xr-x 2 root root 40 1972-02-11 03:27 selftest
Test: Checked that if I instead try:
mkdir -p /dev/boringssl/selftest 0755 root root
in init.rc then the directory isn't created (there is
no error message in logcat because logd is only
started in line 311).
Change-Id: I12fdd08c8ead152ac4e62cbd0a2099a9d6170ddb
This change is part of enabling upcoming platform changes that are
described in the bug linked below.
Bug: 135341433
Test: builds, boots successfully and external storage remains
an sdcardfs mount by default and works correctly
Test: cat /proc/1/mountinfo is unchanged
Change-Id: Idf851b3a42910e0ce8fdd75daea1cce91dd1aa98
This CL implements some of the libsnapshot internals necessary to work
with update_engine. In particular it implements snapshot and update
state, as well as creating and mapping snapshot devices. It does not
implement anything related to merging, nor does it implement the full
update_engine flow.
Update state is stored in /metadata/ota/state. To synchronize callers of
libsnapshot, we always flock() this file at the top of public functions
in SnapshotManager. Internal functions are only called while the lock is
held, and a "LockedFile" guard object is always passed through to
indicate proof-of-lock.
Low-level functions, such as snapshot management, have been moved to
private methods. Higher-level methods designed for update_engine will
ultimately call into these.
This CL also adds some functional tests for SnapshotManager. Test state
is stored in /metadata/ota/test to avoid conflicts with the rest of the
system.
Bug: 136678799
Test: libsnapshot_test gtest
Change-Id: I78c769ed33b307d5214ee386bb13648e35db6cc6
/metadata/ota will store the update state ("none", "applying",
"booting", "merging") for each dynamic partition. The data will be
managed by libsnapshot, whose primary consumer will be update_engine
but will also be available to recovery/fastbootd.
Bug: 136678799
Test: /metadata/ota exists
Change-Id: I3e06484cafeb363904914767abc8984adaa37021
system_suspend need to be an early_hal as it's required before storage
encryption can get unlock on FDE devices.
/sys/power/wake_lock is a dependency of system_suspend (only in Q and
earlier). Permissions on this file need to be set early enough.
Bug: 136777986
Bug: 133175847
Test: boot blueline
Change-Id: I8a9d3374b327e451fb98d2279d1bac9477a9560d
This reverts commit 997a2d93d7.
Reason for revert: This revert is needed, just also need some selinux rules for changes to the script that runs if this folder is present.
Bug: 136199978
Change-Id: Ie0544954965e3c90abc2f833c41949976c3bea65
(cherry picked from commit 35708b9d7b)
Create linkerconfig tmpfs mount and create ld.config.txt using
linkerconfig during init
Bug: 135004088
Test: m -j & tested from device
Change-Id: Iea30259871ef26d6c04beebf42b17ba7b494db0d
We need vold on early-fs so we can handle userdata checkpointing.
Without this, devices will take an extra minute or two as checkpointing
related vdc calls attempt to reach vold before it is available.
Bug: 134114000
Test: Boot, see vold has started before vdc checkpointing tries to call
out to vold.
Merged-In: Idfdb304503a163fbb91f9317949eb98c06fecce1
Change-Id: Idfdb304503a163fbb91f9317949eb98c06fecce1
We need vold on early-fs so we can handle userdata checkpointing.
Without this, devices will take an extra minute or two as checkpointing
related vdc calls attempt to reach vold before it is available.
Bug: 134114000
Test: Boot, see vold has started before vdc checkpointing tries to call
out to vold.
Change-Id: Idfdb304503a163fbb91f9317949eb98c06fecce1
The old "time zone updates via APK" feature installs time zone data
files in /data. tzdatacheck is run during boot to guard against an
OTA leaving the data in /data older, or in a different format, than the
files that exist elsewhere on device. If such files existed the system
could use old versions of tzdb (and related) data or even end up
unstable.
Soon, the time zone data mainline module will be made "functionally
mandatory" by the removal of most time zone data files from the
runtime module APEX, i.e. the time zone data module cannot be absent,
and the runtime module won't have files to compare against.
This change modifies the command line args for tzdatacheck to reference
the contents of time zone data module instead of the runtime module.
Bug: 132168458
Test: Build / boot / inspect logcat
Change-Id: Iac8023b7cbb72213df344d603c121caa867a196f
