For now, export the exact same values, on `post-fs-data` instead of on
`early-init` to soak the change. As a follow up, the actual values will
be generated by a new oneshot service.
See go/updatable-classpath for more details.
Bug: 180105615
Test: manual - device boots
Change-Id: I5f6826a0f87a5e01233e876d820e581feb555bca
The action reads a file with individual `export` actions declared on
each line, and calls `setenv` for each.
See go/updatable-classpath for details on how this is going to be used.
Bug: 180105615
Test: manual
Change-Id: I5390e52cf8ffd9c3babf31ed854eeecc727351eb
configure the cgroup v2 hierarchy for recovery mode, and create uid/pid
groups with attributes following the container cgroup directory.
Bug: 168907513
Test: verified correct pid migration in normal and recovery modes
Change-Id: Idc8b96b4db075383a6a2e523c241b0bc632c7030
With the new uid/pid hierarchy the search path looks into uid_0, which
is always present.
Bug: 168907513
Test: verified that the cgroup v2 hierarchy works correctly in normal
mode
Test: verified that the cgroup v2 hierarchy works correctly in recovery
mode
Change-Id: If33594e4891128148da64bed47e68fa74667013d
This reverts commit 088924af2a.
Bug: 168907513
Test: verified correct function of the cgroup v2 hierarchy in normal and
recovery mode
Change-Id: I6e9d21ebe832326ed5a5b2c356fe8363c1546a80
There's no need for system_server to access this any more, so no need to
have weaker permissions than we'll get by default (ignoring the fact
that SELinux policy is our real protection here anyway).
Bug: http://b/179086242
Test: treehugger
Change-Id: I584e87f027f44e10190c2e5c2eb85785f61f8bd5
Allow batch merge of copy operations during merge.
When metadata is read from COW device, assign
the chunk-id by validating there is no overlap
of copy operations. Furthermore, detect the blocks
which are contiguous and batch merge them.
No regression in merge time for full OTA (~35-40 seconds)
Merge time for incremental OTA of ~200M takes about 2 minutes
as compared to 15-20+ minutes without this change.
Add unit test to test ReadMetadata() functionality.
Multiple incremental OTA and full OTA test done on pixel.
adb reboot during merge and validate the merge resume operations.
Bug: 179629624
Test: incremental OTA and full OTA on pixel,
cow_snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I4cd84e4923e42afacc796b8cec01738b1bb1f420
When there is a transition of daemon from selinux stage, we observe
intermittent hangs during OTA. This is a workaround wherein
we don't do the transition and allow the daemon to continue which
was spawned during selinux stage.
Bug: 179331261
Test: Incremental OTA, full OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I622a0ed8afcd404bac4919b1de00728de2c12eaf
As we are just using it to generate gibberish, we might as well just
hardcode the gibberish in the script.
Also fix unhandled `grep` failure.
Bug: 179752308
Test: Forrest
Change-Id: I534c7cacdb12a104f26d380fe3a571332091490e
... that logs values for an arbitrary health info and
health config.
This allows health 2.1 HAL implementation to log the
updated health info struct, which is not stored in
BatteryMonitor.
Test: healthd kernel log has correct values
Bug: 179326883
Change-Id: I394ef3f317229f94f4db82de5635d9380c183394
We should check FLAGS_VERIFICATION_DISABLED is set or not
after verifying the vbmeta digest against `androidboot.vbmeta.digest`
from bootloader. This is to ensure the /vbmeta content is not
changed since the bootloader has verified it.
We still allow vbmeta digest verification error if the device is
unlocked. Note that this change will introduce a limitation that
the device will not boot if:
1. The image is signed with FLAGS_VERIFICATION_DISABLED is set
2. The device state is locked
However, it should not be a concern as we shouldn't boot a locked
device without verification.
Bug: 179452884
Test: build image with BOARD_AVB_MAKE_VBMETA_IMAGE_ARGS += --flag 2,
boot the device, then `adb shell touch /metadata/gsi/dsu/avb_enforce`.
Reboot the device, checks the device does not boot because
`androidboot.vbmeta.digest` is empty but AVB is enforced.
Change-Id: Id15a25403d16b36d528dc3b8998910807e801ad2
We were already doing this for the text tombstones but not for protos,
which meant that we stopped producing protos once we hit the limit
on the number of tombstones. Move the code for the text tombstones
into a common location and call it for both types.
Change-Id: I4951150da51a32d50821d147458fc5c18200c9d4
This path can be used for clients to verify freezer support on a
specific platform.
Bug: 168058155
Test: verified correct functioning with ActivityManager
Change-Id: Ie15feed274ccbbe31228ee98c50eab3f4dd479a7
This reverts commit 7707909ba2.
Bug: 179006802
Test: verified correct functioning of the freezer after reverting
Change-Id: I848146a18a0879010abf5b00e7081f2771059064
This has been something the kernel does automatically since 2014, so
there's no obvious reason to add extra work during boot to duplicate
that effort.
Bug: http://b/179086242
Test: treehugger
Change-Id: I44cce99a892e4f2a6a303c2126bd29f955f5fb23
bootstat_test is marked host_supported:true but use
a AndroidTest.xml config that can only work for device.
Deleting the explict config to rely on the auto-gen ones.
Adding unit_tests:true to run in presubmit
Test: presubmit, atest bootstat_tests --host
Bug: 179092189
Change-Id: Ib6694f760d9ef5f867cd1982f7e1fe65ce9dd62d
SnapshotManager::New() is now preferred in recovery. Previously we used
NewForFirstStageMount(), which is technically incorrect as that enables
code paths specifically for first-stage init.
We also explicitly label the snapuserd context, since rootfs in recovery
has unlabelled files.
Finally, we add a timeout to internal calls to
CreateSnapshotsAndLogicalPartitions. Without this, WaitForDevice() calls
will terminate immediately, which breaks VABC given the more complex
device stacking that is created.
Bug: 168258606
Test: fastboot snapshot-update merge
Change-Id: I3a663b95c0b1eabaf14e6fde409c6902653c3c5e
