This patch addresses Fastboot/Fastbootd connection issues seen on ARM Mac devices.
Original ADB patch: https://android-review.googlesource.com/c/platform/packages/modules/adb/+/1699250/
Bug: 238779161
Test: 'fastboot update <path_to_update_archive>.zip' now works on ARM Mac.
Signed-off-by: Nicolas Gagnon <nicolasgagnon@google.com>
Merged-In: Id67904d91abc8b66ef1a00962e1fd57c97df98a7
Change-Id: Id67904d91abc8b66ef1a00962e1fd57c97df98a7
(cherry picked from commit 3efef5694ee242f0fbeeaaa15c128dfb84418798)
If the framework is restarting (and cannot yet aquire
wakelocks to block suspend). Take a kernel wakelock
to allow the system to make sufficient progress before
autosuspend can be triggered.
The wakelock is later disable when the framework has
and invokeds enableAutosuspend() on the suspend service.
Bug: 255898234
Bug: 265513788
Bug: 266077359
Test: adb shell "echo mem > /sys/power/state && killall system_server"
Change-Id: Id8cff6564ef05d8c22a8264c51dd313263cb6a9d
Merged-In: Id8cff6564ef05d8c22a8264c51dd313263cb6a9d
Initiate update verification from daemon. This will help
in two ways:
1: We avoid reading everything into page-cache. Since,
low end devices are already short on memory, we don't
want to read and populate page-cache which can slow
down boot.
2: During boot, once the selinux transition is done, daemon
is all ready to kick off the verification since verity is
already setup. Note that we are still guarded by update_verifier.
Update_verifier will still block marking new slot as
boot success until the verification is completed. So, there
is no change in the behavior.
Bug: 193863442
Bug: 261913544
Test: Full and incremental OTA on Pixel 6
Incremental OTA of 500M (Monthly OTA)
Boot-time (Without this patch): 38 seconds
Boot-time (With this patch): 32 seconds
Full OTA of 2.2G:
Boot-time (Without this patch): 27 seconds
Boot-time (With this patch): 21 seconds
Signed-off-by: Akilesh Kailash <akailash@google.com>
Merged-In: I4f17db19bdd0dd261902c670be6212862d861fe1
Change-Id: I4f17db19bdd0dd261902c670be6212862d861fe1
Adds a system vendor property (ro.vendor.trusty.storage.fs_ready) to
indicate when backing storage on the Android filesystem (e.g. /data) is
ready for use. Before this property is set, the Trusty storage proxy may
restart causing connections in Trusty to the storage service to be
disconnected. All Trusty operations that may require storage and can
wait until the device filesystems are ready should wait on this
property.
Bug: 258018785
Test: manual
Change-Id: I9b1408b72df34a0d0cbcc1b99e9617f15bc47558
Ignore-AOSP-First: Topic did not auto-merge from AOSP
Thermal shutdown could be due to tskin temperature or
battery temperature. Pass reason while rebooting the
system to reflect properly in boot.reason
Bug: 238464124
Test: Build and boot on device. Check reboot reason
for thermal shutdown and battery thermal shutdown with
thermal warmreset enabled.
Ignore-AOSP-First: AOSP already contains the change
Change-Id: I192562fed48ae7da7843e383362cd22a76ce479f
Merged-In: I192562fed48ae7da7843e383362cd22a76ce479f
Also adjust permissions on /dev/hw_random to allow prng_seeder group
read access.
Manual testing protocol:
* Verify prng_seeder daemon is running and has the
correct label and uid/gid.
* Verify prng_seeder socket present and has correct
label and permissions
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
(e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance
Bug: 243933553
Test: Manual - see above
Change-Id: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
Merged-In: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
(cherry picked from commit 6cb61610e6)
turn off both display after first display was turned off
Bug: 242967285
Test: charging animation can show in display correctly
Ignore-AOSP-First: cherry-pick from aosp
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Ie5741b49322aaf8a3750b1977fb203e4d0df3539
Review note: Original change was a p-o-c by agl in
https://r.android.com/2094350 which I think is actually
production quality. I'm just taking it over so that he doesn't
get spammed by any review comments as that's not a good use
of his time.
Needed for the hardware entropy daemon (see bug).
Original commit message:
If one needs to create a service that synchronously starts listening on
a socket then there are currently no good options.
The traditional UNIX solution is to have the service create the socket
and then daemonise. In this situation, init could start the service with
`exec_start` and yet not block forever because the service forks and
exits. However, when the initial child process exits, init kills the
daemon process:
> init: Killed 1 additional processes from a oneshot process group for
> service 'foo'. This is new behavior, previously child processes
> would not be killed in this case.
Next, there is a `socket` option for services and (although the
documentation didn't nail this down), the socket is created
synchronously by `start`. However, init doesn't call `listen` on the
socket so, until the service starts listening on the socket itself,
clients will get ECONNREFUSED.
This this change adds a `+listen` option, similar to `+passcred` which
allows a socket service to reliably handle connections.
Bug: 243933553
Test: Started prng_seeder from init using the new listen flag
Change-Id: I91b3b2b1fd38cc3d96e19e92b76c8e95788191d5
Merged-In: I91b3b2b1fd38cc3d96e19e92b76c8e95788191d5
(cherry picked from commit ecc14a5958)
Create a mirror directory for misc_ce and misc_de storage by bind
mounting the respective directories. This is done for the defaul null
volume only, and other volumes are handled at a later staged.
When an SDK sandbox process is spawned and data isolation needs to
occur, the sdksandbox directories present in the misc directories will
be used to bind mount from, after tmpfs is mounted on the original.
Bug: 214241165
Test: atest GtsSdkSandboxInprocessTests
Ignore-AOSP-First: Will cherry pick based on other CLs in the topic
Change-Id: Icb1dc7d7fbd53a5c3853acf2f9d4d75b278d7295
Merged-In: Icb1dc7d7fbd53a5c3853acf2f9d4d75b278d7295
Add a specific error message to the Android CLI tool for the case
where the apploader rejected an attempt to load an application
which requested encryption of its ELF image via its manifest while
containing an unencrypted ELF image.
Bug: 241824652
Change-Id: Ib2a3c881015700492b8166be38c41753bf51b3b2
(cherry picked from commit db9a554a2f)
Merged-In: Ib2a3c881015700492b8166be38c41753bf51b3b2
Document the APPLOADER_ERR_POLICY_VIOLATION value in enum
apploader_error.
Bug: 208968719
Change-Id: Ia9b17f4ea705d13567b2ba74f2dcd6df5a0c7d73
(cherry picked from commit c5253819f8)
Merged-In: Ia9b17f4ea705d13567b2ba74f2dcd6df5a0c7d73
Without the directory (this happens on the very first boot),
load_persist_props can't create an initial version of
/data/property/persistent_properties (probably empty). This leads to
persisting all in-memory "persist.*" properties later when a persistent
property is set. This is regression from Android S because persistent
props from, for example, build.prop will be persisted even when there's
no process to explicitly setprop.
Bug: 242264580
Bug: 243958304
Test: launch cuttlefish and verify that there's no props from build.prop
Merged-In: I5819a97750e4d5d1ee5a7c308bf944c7aeab2f90
Change-Id: I5819a97750e4d5d1ee5a7c308bf944c7aeab2f90
(cherry picked from commit 9561496303)
This test has always been flaky, and is not testing something super
valuable: we know that image creation succeeds throughout the rest of
the suite, so it's not very interesting to know that it can succeed in a
low-space scenario.
The inverse test is much more valuable, since we want the correct status
code when creation fails due to low space.
Bug: 240391002
Test: vts_libsnapshot_test
Change-Id: I6235d11033d2f30efe530077b877863ba2574810
(cherry picked from commit 97e8a2f0e9)
Using vector + unordered_map to retrieve the index in
a COW op vector consumes significant memory; this
is a problem especially when there are hundreds
of thousands of operations.
Instead, just store the index of the COW op vector
during pre-processing.
On Pixel, peak memory usage when all the partitions
are mapped:
Without patch:
RssAnon: 118804 kB
With path:
RssAnon: 55772 kB
Additionally, post OTA reboot, memory usage further goes
down as the partition merge completes.
Bug: 237490659
Test: OTA on Pixel
Ignore-AOSP-First: cherry-pick from aosp
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Icc68a9688ceb89572821cee2dac689779f5e7c11
Fsync failures are special because they may indicate a failure of an
operation before the current operation. Report these cases as a new,
distinct error.
Test: Cause fsync failure and check error response
Bug: 239105007
Change-Id: Ie9d4a1949586e90006256c975786e21ced655e66
Merged-In: Ie9d4a1949586e90006256c975786e21ced655e66
(cherry picked from commit 1c75d1e3a7)
Previously we did not support STORAGE_MSG_FLAG_POST_COMMIT for anything
but RPMB operations (in which case it was a no-op). We need to support
this flag in order to store a superblock in non-secure storage, as we
need that write to commit atomically wrt all other writes.
Test: com.android.storage-unittest.nsp
Bug: 228793975
Change-Id: Ia453c1916970e0b65a91e42f18b920ac4e1f01db
Merged-In: Ia453c1916970e0b65a91e42f18b920ac4e1f01db
(cherry picked from commit 57770a5318)
This will be in sync with incremental OTA's where the sync
is done every 2MB. This improves performance on devices
with low memory.
Merge times for full OTA may increase by couple of seconds but
that is ok given it decreases the memory footprint.
Bug: 237490659
Test: OTA
Ignore-AOSP-First: cherry-pick from aosp
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Ic2c8d2ffdbdb677e0c4d44e5de68ce8ccf86df34
Currently, when daemon is spin up, it runs at the highest
priority with nice value set to -20. This can potetially
lead to a problem in a busy system especially after OTA
reboot when all the merge threads are running in parallel.
Now that we reduced the number of merge threads in-flight
to 2, we reduce the priority as well by setting the nice
value to -5. The other threads which serve I/O's
from dm-user (from root filesystem) still runs at higher
priority. We need this because post OTA reboot, these
threads serve I/O's until merge is completed.
Merge threads on the other hand can run at a relatively
lower priority. We need to make sure that there
is always forward progress even in a busy system
and hence set the priority to -5 as compared
to default value of 0.
No boot time regressions observed.
Output of NICE value of merge and worker threads post OTA reboot:
1 S 0 427 451 1 0 39 -20 64 2314640 dev_r+ ? 00:00:00 8
1 S 0 427 486 1 4 39 -20 64 2314640 dev_r+ ? 00:00:02 8
1 S 0 427 487 1 4 39 -20 64 2314640 dev_r+ ? 00:00:02 8
1 S 0 427 488 1 3 39 -20 64 2314640 dev_r+ ? 00:00:02 8
5 R 0 427 634 1 1 24 -5 64 2314640 0 ? 00:00:00 8
5 R 0 427 935 1 5 24 -5 64 2314640 0 ? 00:00:02 8
Bug: 237490659
Test: Full and incremental OTA
Ignore-AOSP-First: cherry-pick from aosp
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I6791dd72ccd8cd5bba6eff663bb3f9598bce7ed2
Currently, there is one thread per partition
for snapshot merge. When all these threads are
run in parallel, this may stress the system
as the merge threads are both CPU and I/O bound.
Allow only two merge threads to be in-flight
at any point in time. This will ensure that there
is forward progress done with respect to snapshot-merge
and only two cores are used as against using
5-6 cores.
Additionally, system and prodcut partitions are merged
first. This is primarily because /root is mounted
of system partition and faster the merge completes
on /system partition, we can switch the dm tables
immediately. There is no change in the merge phase
from libsnapshot perspective. This prioritization
is based on each merge phase. If the system partition
merge is in second phase, then it takes priority
in that phase.
As a side benefit, this should also
reduce the memory usage when merge is in-flight
given that we now limit the threads.
There is slight delay in overall merge time as
we now throttle the merge.
No boot time regressions observed.
Full OTA:
Merge time (Without this patch): 42 seconds
Merge time (With this patch): 46 seconds
Incremental OTA:
Merge time (Without this patch): 52 seconds
Merge time (With this patch): 57 seconds
system partition merge completes in the first ~12-16 seconds.
App-launch (COLD) on Pixel:
Baseline (After snapshot-merge is completed when there is no daemon):
==========================
Chrome: 250
youtube: 631
camera: 230
==========================
Without this patch when snapshot-merge is in-progress (in ms):
Full - OTA
Chrome: 1729
youtube: 3126
camera: 1525
==========================
With this patch when snapshot-merge is in-progress (in ms):
Full - OTA
Chrome: 1061
youtube: 820
camera: 1378
Incremental - OTA (350M)
Chrome: 495
youtube: 1442
camera: 641
=====================
Bug: 237490659
Ignore-AOSP-First: cherry-pick from aosp
Test: Full and incremental OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I887d5073dba88e9a8a85ac10c771e4ccee7c84ff
This reverts commit da94c7f650.
Reason for revert: It appears this change slows down boot on normal devices.
Technically, this change is not necessary, but it prevents starting the secondary and having it throw an error in the only run 64 bit zygote config. But it's easier to throw the error than slow down boot up.
Bug: 238971179
Test: Verified that on a 64 with 32 config, the secondary zygote
Test: starts but exits.
Change-Id: I7ab0496a402db83e70168d52e5d5911b82a3b06a
Merged-In: I7ab0496a402db83e70168d52e5d5911b82a3b06a
(cherry picked from commit 3fa3f861d4)
This is part of the changes that will allow creating a single
system image but a different set of properties will either
start or not start the secondary zygote.
Bug: 227482437
Test: Verified that secondary doesn't start with same system image
Test: with ro.zygote set to zygote64 and abilists set appropriately.
Test: Verified that secondary does not start when restarting netd.
Test: Verified that secondary does start with same system image
Test: with ro.zygote set to zygote64_32 and abilists set appropriately.
Test: Verified that secondary does start when restarting netd.
Test: Verified that a 64 bit device only starts the primary.
Test: Verified that a 32 bit device only starts the primary.
Change-Id: Id37a223c73f9a61868b2e26450ef4b6964f7b496
Merged-In: Id37a223c73f9a61868b2e26450ef4b6964f7b496
