fs_mgr_update_verity_state() is invoked by 'verity_update_state' in
init.rc. It will then set property "partition.system.verified" and
"partition.vendor.verified" to verify_mode. We should support this for
AVB as well.
Also change the order of static libs in init to fix the build error
after this change:
system/extras/ext4_utils/ext4_crypt.cpp:69: error: undefined reference to 'property_get'
Bug: 35416769
Test: Mount /system and /vendor with vboot 2.0 (AVB), check the following properties exist.
- [partition.system.verified]: [2]
- [partition.vendor.verified]: [2]
Test: Mount /system and /vendor with vboot 1.0, check the following properties exist.
- [partition.system.verified]: [0]
- [partition.vendor.verified]: [0]
Change-Id: I4328d66a8cb93f26e7960e620a0b2292d5f15900
libavb requires verifying AVB metadata on all verified partitions at
once. For example, /vbmeta, /boot, /system and /vendor. We need to
invoke device_init() for those partitions even if we only want to early
mount some of them, like /vendor and /system.
This CL gets all AVB partitions and the early mount partitions from
device tree through "firmware/android/vbmeta" and "firmware/fstab",
respectively. The following is an example to early mount /vendor
partition on bullhead:
firmware {
android {
compatible = "android,firmware";
vbmeta {
compatible = "android,vbmeta";
parts = "boot,system,vendor";
by_name_prefix="/dev/block/platform/soc.0/f9824900.sdhci/by-name"
};
fstab {
compatible = "android,fstab";
vendor {
compatible = "android,vendor";
dev = "/dev/block/platform/soc.0/f9824900.sdhci/by-name/vendor";
type = "ext4";
mnt_flags = "ro,barrier=1,inode_readahead_blks=8";
fsmgr_flags = "wait,avb";
};
};
};
};
Bug: 33254008
Test: early mount /vendor with vboot 2.0 (AVB) on bullhead
Test: early mount /system without dm-verity on bullhead
Test: early mount /vendor with vboot 1.0 on sailfish
Change-Id: I89a1f77c97124f309346b33d9e700544b92ecf05
Default signature WriteStringToFile creates world-writeable files.
Set owner and group system and remove read/write for non-owner.
Bug: 37251463
Test: Manual: reboot, inspect
Change-Id: I6a29c678168dcae611b120dc52170f4eee7069a9
* changes:
ueventd: Fix up string handling in handle_*_device_event()
ueventd: convert mkdir_recursive() to std::string
ueventd: move subsystem logic from code to ueventd.rc
write() method was one-shot, a second shot on -EBUSY would always
return -EBUSY even if successful. Reset internal error if -EBUSY
when retransmitting. write() now reports a positive count for
transmission success. Composition errors trump transmission errors.
Test: gTest logcat-unit-tests --gtest_filter=*.descriptive while
under heavy DOS stress levels of logging.
Bug: 31456426
Change-Id: Ib1920c3f10cf1df8ad8eb6a884724794b577b29d
Several changes in this CL:
- Moves class FsManagerAvbHandle to public API
- Adds a parameter 'wait_for_verity_dev' for FsManagerAvbHandle::SetUpAvb()
to allow not to wait for verity device gets created
- Adds FsManagerAvbHandle::AvbHashtreeDisabled() to query whether AVB is disabled
- Adds fs_mgr_is_avb() to query whether a fstab_rec has MF_AVB flag
Bug: 33254008
Test: test AVB on bullhead
Change-Id: I89c43ca574ae632db8a700fc2590a1f80212c993
Adds two classes FsManagerAvbhandle and FsManagerAvbVerifier to replace the
following functions or struct:
- fs_mgr_load_vbmeta_images() -> FsManagerAvbhandle::Open()
- fs_mgr_unload_vbmeta_images() -> deleted
- fs_mgr_setup_avb() -> FsManagerAvbhandle::SetUpAvb()
- androidboot_vbmeta -> FsManagerAvbVerifier
- load_vbmeta_prop() -> FsManagerAvbVerifier::Create()
- verify_vbmeta_images() -> FsManagerAvbVerifier::VerifyVbmetaImages()
And only invokes FsManagerAvbhandle::Open() when there is a fstab entry having
'avb' flag (need HASHTREE descriptor). fs_mgr_is_avb_used() can be
removed as it only checks system property "ro.boot.vbmeta.hash_alg" to
decide whether vbmeta needs to be loaded, which might not be accurate.
For example, there are only HASH descriptors in the verified chain but
no HASHTREE descriptors. In this case, the fs_mgr doesn't have to do
anything because it only takes care of HASHTREE descriptors.
Also adds a new class FsManagerAvbOps to provide the C++ binding
FsManagerAvbOps::AvbSlotVerify() for libavb->avb_slot_verify().
Bug: 33254008
Test: test AVB on bullhead
Change-Id: I8fe15ba01c277152630a2a5c1c5c7f25fbf34030
The function returns "_a" or "_b" based on two possible values in
kernel cmdline:
- androidboot.slot = a or b OR
- androidboot.slot_suffix = _a or _b
Bug: 33254008
Bug: 36533366
Test: boot sailfish
Change-Id: Ia0a524e4145ebf61af5821f42ecad212c95ed748
(cherry picked from commit c27f12a3d396f113c5ae09d2f2c8ff7de3f8b551)
logd assumes that it is running in UTC time zone.
However, if persist.sys.timezone is set at some point later,
that affects and confuses logd behavior.
To avoid such a case, this CL sets TZ to UTC, which overrides
the property's behavior.
Test: Ran CtsOsTestCases.
Test: gTest liblog-unit-tests, logd-unit-tests and logcat-unit-tests
Bug: 33566779
Change-Id: Ib9edd4cb06f019a33aaf8d77d33bd82fdbbda480
By setting vendor_available, the following may become true:
* a prebuilt library from this release may be used at runtime by
in a later releasse (by vendor code compiled against this release).
so this library shouldn't depend on runtime state that may change
in the future.
* this library may be loaded twice into a single process (potentially
an old version and a newer version). The symbols will be isolated
using linker namespaces, but this may break assumptions about 1
library in 1 process (your singletons will run twice).
Background:
This means that these modules may be built and installed twice --
once for the system partition and once for the vendor partition. The
system version will build just like today, and will be used by the
framework components on /system. The vendor version will build
against a reduced set of exports and libraries -- similar to, but
separate from, the NDK. This means that all your dependencies must
also mark vendor_available.
At runtime, /system binaries will load libraries from /system/lib*,
while /vendor binaries will load libraries from /vendor/lib*. There
are some exceptions in both directions -- bionic(libc,etc) and liblog
are always loaded from /system. And SP-HALs (OpenGL, etc) may load
/vendor code into /system processes, but the dependencies of those
libraries will load from /vendor until it reaches a library that's
always on /system. In the SP-HAL case, if both framework and vendor
libraries depend on a library of the same name, both versions will be
loaded, but they will be isolated from each other.
It's possible to compile differently -- reducing your source files,
exporting different include directories, etc. For details see:
https://android-review.googlesource.com/368372
None of this is enabled unless the device opts into the system/vendor
split with BOARD_VNDK_VERSION := current.
Bug: 36426473
Bug: 36079834
Test: m -j libutils
Test: attempt to compile with BOARD_VNDK_VERSION := current
Change-Id: I6c1279a74ef071851401e38bbdd377f13827694c
tasks in system-background cgroup will be shown as below:
580 580 system 12 -8 1% S 190656K 19408K unk surfaceflinger /system/bin/surfaceflinger
This patch fix this issue.
Change-Id: Ib39ff892010498548d7fbfb4021df62498acd033
Signed-off-by: Ganesh Mahendran <opensource.ganesh@gmail.com>
This CL disables module loading by writing 1 to
/proc/sys/kernel/modules_disabled when the property sys.boot_completed
is set to 1 by ActivityManagerService (at the broadcast of
PHASE_BOOT_COMPLETED).
Bug: 36515654
Test: tested on sailfish and verified that module loading is disabled in
userdebug and enabled in eng mode
Merged-In: Id38d34a6395966ab21e440614337c0cfca791ad0
(cherry picked from commit 6ed19d1675)
Change-Id: I2faa459b450b3a64f854c832c6b91cbf682bbffa
- Old tool will set it to 10 while mke2fs will set it to -1.
- For now, only tag it.
- TODO: possibly add different policy per image tool version.
bug: 32246772
Test: check dmesg after reboot
Change-Id: Ib763f8ba64957412d2b02a9d6e3fc2bfcf55851e
This was marked deprecated in 2014 and removed in 2015, let's remove
the uevent rule now too.
Test: see that logging still works on bullhead
Change-Id: Idaf3f49a1afe7046eba6c976628b9f1c8b3ec094
Key/value support for adb backup was added in ag/1946677, and help text
for adb shell bu is added in ag/2088937. This CL points the user to this
helptext instead of keeping it here, since it can quickly get out of
sync.
BUG=36170696
Test: adb
Change-Id: Ic40679f421a32e60f292ad20b726a89bfff03349
Soong handles these automatically now.
Bug: 33241851
Test: Android-aosp_arm.mk is the same before/after
Test: build.ninja is the same before/after
Test: build-aosp_arm.ninja is the same before/after
Merged-In: Ica4eedda51bb34db2f39d2c64ea436e1f633bfc3
Change-Id: Ica4eedda51bb34db2f39d2c64ea436e1f633bfc3
We change the GPB in the LocalFileHeader if the entry can not
have a trailing DataDescriptor. Make sure to patch the
CentralFileHeader to have the same bits set.
Modify ZipArchive to check that the data descriptor bit is consistent
between Central and Local file headers.
(cherry-pick of commit e0eca55fe6)
Test: make ziparchive-tests
Bug: 36686974
Change-Id: Ied167570abcf6426b1c678cd40123e5ad65909db
