The kernel opens /dev/console and uses that fd for stdin/stdout/stderr
if there is a serial console enabled and no initramfs, otherwise it
does not provide any fds for stdin/stdout/stderr. InitKernelLogging()
is used to close these existing fds if they exist and replace them
with /dev/null.
Currently, InitKernelLogging() is only called in second stage init,
which means that processes exec'ed from first stage init will inherit
the kernel provided fds if any are provided.
In the case that they are provided, the exec of second stage init
causes an SELinux denial as it does not have access to /dev/console.
In the case that they are not provided, exec of any further process is
potentially dangerous as the first fd's opened by that process will
take the stdin/stdout/stderr fileno's, which can cause issues if
printf(), etc is then used by that process.
Lastly, simply moving InitKernelLogging() to first stage init is not
enough, since first stage init still runs in kernel context and future
child processes will not have permissions to access kernel context
resources. Therefore, it must be done for a second time in second
stage init.
Bug: 117281017
Test: no audits when booting marlin.
Change-Id: If27edab5c32b27765e24c32fbed506ef625889de
Allow services to specify a custom restart period via the
restart_period service option. This will allow services to be run
periodically, such as a service that needs to run every hour.
Allow services to specify a timeout period via the timeout_period
service option. This will allow services to be killed after the
timeout expires if they are still running. This can be combined with
restart_period for creating period services.
Test: test app restarts every minute
Change-Id: Iad017820f9a602f9826104fb8cafc91bfb4b28d6
Added fs_mgr_overlayfs_required_devices() as hint to init to make sure
the device gets created before fs_mgr_overlayfs_mount_all().
Test: manual
Bug: 109821005
Change-Id: Iab038f3e0252a357b082bb08db3679512b9badec
The rosegment linker option results in two maps containing the elf data
existing. One is an execute map where the code lives, and the other is the
read-only segment which contains the elf header information. If the file
backing a shared library in memory is not readable, then the new code
will attempt to find the read-only map that has the same name as the
current execute segment, and that is at offest zero in the file.
Add new unit tests for this functionality.
Add the missing MapInfoCreateMemoryTest.cpp to the list of tests.
Bug: 109657296
Test: Pass new unit tests.
Test: All unit libbacktrace/libunwindstack tests pass with rosegment enabled.
Change-Id: If8f69e4a067d77b3f2a7c31e2e5cd989a0702a8c
We ran into an issue with an fd leaking due to missing both CLO_EXEC
and fclose() in related code, so let's make sure we're safe here too.
Test: boot
Change-Id: Ief893c936859815c78fa6d7e06cb88ad34aadbac
This guarantees that the shared library is loaded separately. It allows
this test to be run without depending on the shared library being
somewhere in the system path since the library is now treated as a file
to be dlopen'd.
This also fixes some bugs in the deleted shared library test code. The
previous test was passing when it was really failing. This new test
no longer passes incorrectly. Specifically, the original testlib library
only had a debug_frame on 32 bit host, which is not mapped into memory.
Adding the exceptions option causes a full eh_frame to be generated.
Due to the new dlopen code, also, switching to the new isolated test runner.
Also, changing the memory leak checker to use mallinfo since the new
unwinder allocates everything using the normal allocator. The use
of the isolated runner causes the PSS checker to fail because processes
come and go which changes the PSS distribution to the process doing
the PSS check.
Bug: 109876814
Test: All unit tests pass.
Change-Id: I1b77a783979a8beaae0c0b12823267f363e07977
This patch introduces a new "groups" table in the super partition
metadata. Each entry denotes a named partition group with a maximum
size. All partitions now belong to a group, and the total size of
partitions in a group must not exceed its maximum size. This is enforced
by MetadataBuilder.
There is also a "default" group with no size restriction. This is used
for one-off partitions that aren't restricted by updates, for example,
the scratch partition for overlayfs, or partitions created through
fastbootd.
Bug: 116817738
Test: liblp gtest
Change-Id: I7049ffd35d326e41e25d01b1748cb53a584783a7
+ Record all types of failures which lead to log loss
+ Only record eventual failure after the retries to get a accurate log loss count.
Bug: 80538532
Test: manually tested
Change-Id: I23a55e62e140bf22ae5aa9e6c40539d51149cd66
Merged-In: I23a55e62e140bf22ae5aa9e6c40539d51149cd66
(cherry picked from commit ad3a40bf76)
APEX filesystem images will now be mounted in /apex.
Also, make sure /data/apex is created with the right ACL.
Bug: 112455435
Test: flash and wipe, /apex is mounted as tmpfs, /data/apex is created
Change-Id: Ie27775e9f40a27b510272f212762624a04e94f1d
* Need a body and return value for this function
so the constexpr check can inline it.
* C mode can just use an extern function declaration, but not constexpr.
Bug: 116854606
Bug: 111614304
Test: build with WITH_TIDY=1 and enable static analyzer checks
Change-Id: Ie3f4efbcabed99416d196b6c361a772b8c6a4035
By adding the root context, we cause an issue with kernel security
profile, the kernel can kick back overlay mounts because the sepolicy
is not initialized.
observable error when we have root context setup:
SELinux: Unable to set superblock options before the security\
server is initialized
init: [libfs_mgr]__mount(source=overlay,target=/system,\
type=overlay,upperdir=/cache/overlay/system/upper)=-1:\
Invalid argument
root context was added initially due to paranoia, so the side effects
are non existent unless upperdir sepolicy is adjusted.
Test: manual
Bug: 109821005
Change-Id: Id218add0a32df3b2a4626d8cb8aa783760c78cc4
fs_mgr_overlayfs_mount_all() should pick up /system even if device tree
does not specify / or /system.
Because of change where we pass fstab to fs_mgr_overlayfs_mount_all(),
/ (or rather /system) overlayfs mount got shifted to early init and
did not occur in first stage init. We need the assumption that /
mount is implied when not specified in the dt fstab to be considered
by overlayfs logic.
Test: manual
Bug: 109821005
Bug: 115751838
Change-Id: Ia8fc5d8e8cc50c66197a91efa80e46d66c2d108d
Sparse images with CRC are currently not supported by the
Android build system.
Test: ./fuzzy_fastboot --gtest_filter=Conformance.*
Change-Id: I6a73fb0dc5d4c77a3d1a0384c137789eb06fa956
