/default.prop is moved to /system/etc/prop.default for full Treblized
devices. Modifies property_service to load it from there first.
In recovery mode, the file is renamed as /prop.default. This path is
tried if /system/etc/prop.default is not available.
Bug: 37815285
Test: Tested with ag/2419001. Booted pixel phones, checked the location
of prop.default, verified the symlink at /default.prop, checked a
few properties via adb shell and manually tested a few apps.
Booted to recovery and ran 'adb sideload' successfully.
Change-Id: I485231f21fc86b0aec58edf867e229a31e77d85e
Merged-In: I485231f21fc86b0aec58edf867e229a31e77d85e
(cherry-picked from 527d80d945)
The generic system.img released from project Treble can't contain any verity
metadata (e.g., vboot 1.0, AVB, or any other implementation) because it's
*generic*. To make any device can boot with it, `avbctl disable-verification`
is introduced to set a new flag AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED
in the top-level vbmeta to disable the entire AVB verification process. This
should be done prior to flash the generic system.img. See the following link
for details:
https://android-review.googlesource.com/#/c/418399/
This CL checks whether AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED is
set in the top-level vbmeta. When set, skip verifying the vbmeta structs
against androidboot.vbmeta.{hash_alg, size, digest} because it will be
absent in kernel cmdline. Also, only top-level vbmeta struct is read then
returned by libavb in this case.
Note that another flag AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED, usually
set by `adb disable-verity`, is used to signal fs_mgr to skip setting up
dm-verity, but libavb still verifies all vbmeta structs. fs_mgr will
also verify all vbmeta structs against androidboot.vbmeta.{hash_alg,
size, digest} from kernel cmdline as well.
Also rename SetUpAvb() to SetUpAvbHashtree() to better fit its usage.
This function will return kDisabled when any of the above two flags is set.
Finally, regardless of which flag is set or not set, we still only allow two
return values from avb_slot_verify():
- AVB_SLOT_VERIFY_RESULT_OK: it's still possible to get this value
when any of these flags are set in build time. e.g.,
BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2
- AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION: in most cases we should
get this value, because the flags are likely set at run time.
Bug: 62523303
Test: boot device with 'avbctl disable-verification'.
Test: boot device with 'avbctl enable-verification'.
Test: boot device with 'adb disable-verity'.
Test: boot device with 'adb enable-verity'.
Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS=--flags 2, then boot device.
repeat the above steps to boot device again.
Change-Id: Ie8436f3e0e82c78490208f3b85eac5238a9fdfdb
1) property_set() takes const std::string& for both of its arguments,
so stop using .c_str() with its parameters
2) Simplify a few places where StringPrintf() is used to concatenate strings
3) Use std::to_string() instead of StringPrintf() where it's better suited
Test: Boot bullhead
Test: init unit tests
Change-Id: I68ebda0e469f6230c8f9ad3c8d5f9444e0c4fdfd
In case of non-secure builds (eng variant) fs_mgr_setup_verity() skips
verity checks regardless of fstab options. This is slightly different
than 'adb disable-verity' where it would first read the verity metadata
to check if verity is disabled.
So, this change adds a new return value of FS_MGR_SETUP_VERITY_SKIPPED
instead of piggy backing on the FS_MGR_SETUP_VERITY_DISABLED.
Bug: 62864413
Test: Boot sailfish
Change-Id: I42bf2bdce0ecb18b4c3b568e2bc96bf1590dfb35
Signed-off-by: Sandeep Patil <sspatil@google.com>
First stage mount in init currently attempts to regenerate uevents for
specific devices to create the corresponding dev nodes. However, this
is racy as first stage mount happens early in the boot process and
it's possible that some of these devices have not yet been created by
the kernel.
To fix this issue, init will poll on the uevent socket for up to 10
seconds waiting for the kernel to create the required device. It will
return false and panic if this 10 second timeout passes.
Note that the same uevent socket is used in the uevent regeneration
and the polling code, so there is no race if the device is created
after the uevent regeneration and before polling starts; the first
poll will pick up the device.
Bug: 62681642
Bug: 62682821
Test: Boot bullhead
Test: Boot sailfish
Test: Boot hikey + hotplug/unplug sdcard
Change-Id: I4a6ff043eb7115b729ca4954ebc6c9e000132993
In order to create symlinks for USB and block devices, the path for
their parent platform device must be known.
Previously, ueventd would save each platform device that it encounters
to a list and query this list when creating the symlinks. That,
however, is racy because the uevent socket does not differentiate
uevents from RegenerateUevents() and uevents sent by the kernel when
probing a device first the first time. The below scenario is the
faulty case:
1) Kernel probes parent platform device for a block device
2) ueventd calls RegenerateUevents() and starts processing uevents
3) Kernel probes block device and sends its uevents
4) ueventd picks up the block device uevent during its uevent processing,
without yet regenerating the platform device uevent, causing improper
symlinks to be created.
This change stops storing the platform devices in a list, and instead
traverses up the directory structure for each USB or block device
until it reaches a platform device, defined as one whose subsystem is
the platform bus. This fixes the race and simplifies the ueventd
code.
Bug: 62436493
Bug: 62681642
Test: Boot bullhead
Test: Boot sailfish
Test: Init unit tests
Test: Boot hikey + hotplug/unplug sdcard
Change-Id: I21636355d8e434f30e0cba568598a6cf139e67f9
ueventd already does restorecon() for /sys/{block,class,devices}, so
instead of duplicating this effort with init, move the restorecon()
that init does for all of /sys to ueventd.
Bug: 62420036
Change-Id: I6125f8ff5316a0cf45872d1100d089d71802958f
Merged-In: I6125f8ff5316a0cf45872d1100d089d71802958f
Test: Boot sailfish, bullhead
ueventd already does restorecon() for /sys/{block,class,devices}, so
instead of duplicating this effort with init, move the restorecon()
that init does for all of /sys to ueventd.
Bug: 62420036
Change-Id: I6125f8ff5316a0cf45872d1100d089d71802958f
Test: Boot sailfish, bullhead
restorecon_recursive may take a long time if there are a lot of files on
the volume. This can trigger a watchdog timeout in any process that
tries to set a property while it is running. Fix this by running
restorecon_recursive in its own process.
See https://jira.lineageos.org/browse/BUGBASH-555
Change-Id: I2ce26ff2b5bfc9a133ea42f4dbac50a3ac289c04
Current first stage mount only allows three mount points: system, vendor
and/or odm. This was introduced by project Treble to mount those
verified partitions early. However, there might be some other custom
partitions needs to be mounted early as well. This CL removes the
restriction and does first stage mount for whatever specified in
fstab-dt.
Bug: 62423887
Test: first stage mount /vendor with vboot 1.0
Test: first stage mount /vendor with vboot 2.0 (AVB)
Change-Id: I6c146c64e673c35c2823523ccbde193590430c48
libprocessgroup kills the cgroup associated with a given pid and uid,
but not the POSIX process group associated with it. This means that
to kill both, two of the same signals must be sent, which may cause
some issues.
This change kills all POSIX process groups whose group leaders are
found within a cgroup. It only then kills processes in the cgroup
that are not part of the POSIX process groups that have been killed.
Bug: 37853905
Bug: 62418791
Test: Boot, kill zygote, reboot
Change-Id: Id1d96935745899b4c454c36c351ec16a0b1d3827
fork() subprocesses to handle uevents in parallel.
This reduces coldboot time on bullhead from ~446ms to ~230ms.
This reduces coldboot time on sailfish from ~690ms to ~360ms.
This reduces coldboot time on ryu from ~187ms to ~122ms.
Bug: 33785894
Test: boot bullhead x40, observe no major differences in /dev and /sys
Test: boot sailfish x40, observe no major differences in /dev and /sys
Test: boot ryu x40, observe no major differences in /dev and /sys
Test: boottime tests on bullhead and sailfish
Test: init unit tests
Change-Id: Ie2f63e000b8af78d187477d31fe109f20304d749
Bug: 62114389
Test: boot bullhead, get/set properties with ':' via command line
Test: trigger an init trigger with a property containing a ':'
Change-Id: Ib51853a1ef9d4f79d510c8175c0d9684e2025e23
devices.cpp handles too many things for creating one class. This
change breaks it up into various files and classes.
* Parsing is moved to ueventd_parser.cpp
* Reading from the uevent socket and Cold booting is moved to a
UeventListener class, in uevent_listener.cpp
* Firmware handling is moved to firmware_handler.cpp
* The remaining contents form a DeviceHandler class within devices.cpp
Bug: 33785894
Test: boot bullhead x40, observe no major differences in /dev and /sys
Test: boot sailfish x40, observe no major differences in /dev and /sys
Test: init unit tests
Change-Id: I846a2e5995fbb344c7a8e349065c18a934fa6aba
/default.prop may be moved to /system/etc/ and renamed as prop.default.
/{system,vendor,odm}/build.prop may be moved to /{system,vendor,odm}/etc/
and renamed as prop.build.
This patch makes property_service load prop.* from the new locations
first. Also replaces NULL with nullptr for C++ cleanup.
Bug: 37815285
Test: Booted pixel phones, checked the locations of prop.*, verified
symlinks, checked a few properties (via adb shell getprop)
and manually tested a few apps (Camera, Maps etc).
ODM is not tested as it does not exist on the tested device.
Change-Id: Id8eeb3c1a5728dd04005dfad4733b8e6336f9093
Move libinit, init_tests, and test_service to Android.bp
Leave init in Android.mk as it has unfulfilled dependencies, but
create a comment in Android.bp for future use.
Remove libinit_parser and init_parser_tests as that code was never
used in init.
Bug: 36970783
Bug: 37512442
Test: Build, boot bullhead, init unit tests
Change-Id: Id81cd10ea09453a5fd762ba9189276aad79d5444
