Directories should always be encrypted unless there is a specific reason
they can't be. /data/bootanim is unencrypted without a specific reason,
so fix it to be encrypted. It is too late to use encryption=Require.
However, the contents of this directory doesn't need to be preserved on
updates, so we can use encryption=DeleteIfNecessary instead of
encryption=Attempt.
Bug: 232299581
Test: build succeeds
Change-Id: Iae80043f3957a053d47ab4754c42b1fdc8e696b3
Merged-In: I17bcb901ad533cada4e0aa061196fc94d7b213ec
No longer needed as the code to generate flag files based on
this environment variable is removed in Android 13.
Bug: 231946889
Test: Build and boot,
Change-Id: I8ce57619aa4d1e6457f3f864bf5e403f727c040c
(cherry picked from commit ba830eb81b)
Merged-In: I8ce57619aa4d1e6457f3f864bf5e403f727c040c
Set readahead window multiplier for POSIX_FADV_SEQUENTIAL files as 16 to
enhance file read performance like a language package loading.
Bug: 192011293
Test: adb shell cat /dev/sys/fs/by-name/userdata/seq_file_ra_mul
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I7f7e4339651be2d6aa99b07bcb12ab62136a940e
Merged-In: I7f7e4339651be2d6aa99b07bcb12ab62136a940e
Delete all files and directories under
/data/misc/virtualizationservice at boot. Originally they were owned
by the virtualizationservice user; we now run as system, and don't
have permission to remove them after boot.
Bug: 230056726
Test: Create fake stale dir+file, see them deleted
Ignore-AOSP-First: Needed in T, will CP to aosp
Change-Id: I5ff7d055aeeb25ba7693e50876d6b8a830c4bf51
[1] changed the UID of the virtualizationservice daemon and
/data/misc/virtualizationservice directory to `system`. However, this
can cause a permission denial issue when the directory has stale files
when the device was running a build before [1] and an OTA to [1] (or
above) is attempted. The daemon tries to delete the stale files - which
must have been still labeled as old UID and thus the daemon has no
privileged to delete them.
Fixing this issue by ensuring that the directory is always empty by
init.
[1] https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2059527
Bug: 230056726
Test: watch TH
Merged-In: I61c0297503347932b14b83859bec9ff82628336f
Change-Id: I61c0297503347932b14b83859bec9ff82628336f
Previously, virtualizationservice had its own UID
`virtualizationservice`. As a result, crosvm, which is spawed by
virtualizationservice`, also run as the UID. However, that prevented us
from applying task profiles to the crosvm process because joining a
process to a cgroup requires system UID.
To fix that, virtualizationservice now runs as system UID. As a result,
this directory that virtualizationservice accesses has to change its
owner and group to system.
Bug: 223790172
Bug: 216788146
Test: watch TH
Change-Id: I2bdf49e99f1841bf77ff046b0c2455064b174e0a
Experiments can enable/disable MG-LRU using the
persist.device_config.mglru_native.lru_gen_enabled property
which will update the coresponding sysfs control to enable or
disable this feature in the kernel.
Test: adb shell device_config put mglru_native lru_gen_config [none, core, ...]
Test: verify MG RLU is enabled/disabled: cat /sys/kernel/mm/lru_gen/enabled
Bug: 227651406
Bug: 228525049
Change-Id: I0708df8c78a85359d5cb6d5b167836768029380e
This is required so that system_server can read/delete the file(s) in
/data/misc/odsign/metrics & report to statsd
Note the group change in odsign directory was required so that
system_server can get the execute permission to read file in the sub dir
Test: adb shell ls -l /data/misc/odsign/metrics
Bug: 202926606
Change-Id: I6dd80e05bbfb9daf4aa3e996fc22bba1de8bd2ce
Revert "Migrate the blkio controller to the cgroup v2 hierarchy"
Revert "Migrate the blkio controller to the cgroup v2 hierarchy"
Revert "Migrate the blkio controller to the cgroup v2 hierarchy"
Revert submission 1962326-blkio-cgroup-v2
Reason for revert: This set of changes is suspected to have caused a redfin boot time regression for the git_tm-dev branch.
Reverted Changes:
Id18d876b6:Migrate the blkio controller to the cgroup v2 hier...
I7dfa52136:Migrate the blkio controller to the v2 cgroup hier...
I5336167be:Migrate the blkio controller to the cgroup v2 hier...
I3f0131d8f:Migrate the blkio controller to the cgroup v2 hier...
Ibb62b2d4d:Migrate the blkio controller to the cgroup v2 hier...
Bug: 227382327
Bug: 227389363
Change-Id: I6c8183ed1c3044c8947c4fca07799deff98101b3
This patch preserves the following parameter values:
* Foreground BFQ weight: 100
* Foreground CFQ group_idle: 0
* Foreground CFQ weight: 1000
* Background BFQ weight: 10
* Background CFQ group_idle: 0
* Background CFQ weight: 200
The foreground BFQ weight in task_profiles.json is the default BFQ
weight. From
https://www.kernel.org/doc/Documentation/block/bfq-iosched.txt:
"weight (namely blkio.bfq.weight or io.bfq-weight): the weight of the
group inside its parent. Available values: 1..10000 (default 100). The
linear mapping between ioprio and weights, described at the beginning
of the tunable section, is still valid, but all weights higher than
IOPRIO_BE_NR*10 are mapped to ioprio 0."
Bug: 213617178
Test: Booted Android in Cuttlefish and ran the following test:
Test: adb -e shell cat /sys/fs/cgroup/*/*/io.bfq.weight | sort | uniq -c
Test: 22 default 10
Test: 98 default 100
Change-Id: I7dfa521363a316592852fecce9192708c7a90514
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The "vold.post_fs_data_done" system property was only used by FDE, which
is no longer supported, and this code was commented out anyway.
Bug: 208476087
Change-Id: Ib9346d14368c77058a598e5c4f5f2ed72f5a5316
This patch adds a new property, 'dev.mnt.root.<mount_point>', which provides,
for example of /data,
1. dm-N
dev.mnt.dev.data = dm-N
dev.mnt.blk.data = sdaN or mmcblk0pN
dev.mnt.rootdisk.data = sda or mmcblk0
2. sdaN or mmcblk0pN
dev.mnt.dev.data = sdaN or mmcblk0pN
dev.mnt.blk.data = sdaN or mmcblk0pN
dev.mnt.rootdisk.data = sda or mmcblk0
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I0a58a62d416f966f26b5de04112c2f9a7eceb22c
/sys/class/block covers all of dm-[0-9], sd[a-z], mmcblk[0-9].
Use it instead of /sys/devices/virtual/block, which only covers dm
devices.
This allows f2fs tunings to be applied more reliably regardless of
how the userdata partition is set up.
Do note that while everything under /sys/devices/virtual/block are
expected to have correct SELinux labels by AOSP, some under
/sys/class/block are not as it's symlinked to platform-specific paths,
and it is up to the vendors to label them correctly.
Test: Confirm entries under /dev/sys aren't dangling and cp_interval,
gc_urgent_sleep_time, iostat_enable and discard_max_bytes are
all set up properly under FBE, FDE and unencrypted.
Change-Id: I089af5bc068445f33919df6659671e50456d49f9
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
Set permissions to cgroup.procs files in cgroup hierarchies similar to
permissions for tasks files so that SetProcessProfiles can access them.
Bug: 215557553
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Id0c82288392146c8d536d273790a0252580c4203
This folder is used to host bootanim data files.
Bug: 210757252
Test: /data/bootanim is correctly created.
Change-Id: I5019a92df4526865d53797bfd93cd68c3e6d2886
Add AID_READTRACEFS and mount tracefs with gid=AID_READTRACEFS
Bug: 209513178
Test: adb shell ls -l /sys/kernel/tracing/events
Change-Id: Ibbfdf8a4b771bd7520ecbaaf15a1153d6bf0e599
Revert "Demonstrate multi-installed APEXes."
Revert "Adds a new prop context for choosing between multi-insta..."
Revert "Adds multi_install_skip_symbol_files field (default fals..."
Revert submission 1869814-vapex-multi-config
Bug: 206551398
Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/tests/view?invocationId=I55600009996329947&testResultId=TR93527797572038984, bug b/206551398
Reverted Changes:
I0cd9d748d:Adds multi_install_skip_symbol_files field (defaul...
I5912a18e3:Demonstrate multi-installed APEXes.
I0e6881e3a:Load persist props before starting apexd.
I932442ade:Adds a new prop context for choosing between multi...
I754ecc3f7:Allow users to choose between multi-installed vend...
Change-Id: I27a4985061b112af7d0e9b95b6d42ccd9b846471
apexd now reads persist props to select between multi-installed APEXes
for debug builds.
Bug: 199290365
Test: see https://r.android.com/1872018
Change-Id: I0e6881e3a5a3775560b580556a7de2e2da043d34
Create a new group for dex2oat in cpu cgroup, which is dedicated for
dex2oat processes. Also modify task profiles for this change.
Bug: 201223712
Test: dex2oat group created
Change-Id: Ic61f4b8a64d01c03549b680970805e12b9ce4fcc
This is required since Android 12, because
CtsNativeVerifiedBootTestCases will read property
"partition.${partition}.verified.hash_alg" to
check that sha1 is not used.
Also see https://r.android.com/1546980 for more details.
Bug: 175236047
Bug: 203720638
Test: build and boot a device
Change-Id: I300265f4af9c2781d40537f391bda9eaf62c27ba
The tracing instance takes extra RAM and is not needed on devices running older kernels.
Bug: 194156700
Test: manual on a Pixel device
Change-Id: I794062741688ebea0e4bc500723a966f8f646ee1
Signed-off-by: Alexander Potapenko <glider@google.com>
In order for crashes when executables are run from the
/data/local/tests directory, set the executable bit for that
directory and sub-directories. Without this, neither the root
user nor shell user can read any executables or shared libraries in
the tests directory.
Bug: 197229540
Test: Used the crasher executable and copied it to /data/local/tests
Test: and verified that running it as root and shell results in
Test: tombstones that have full unwinds with function names.
Change-Id: Ice669358decad9766e0496c156aa84d4ecacd124
sys.sysctl.extra_free_kbytes property controls the value set to the
/proc/sys/vm/extra_free_kbytes out-of-tree kernel knob. Replace its
use with execution of extra_free_kbytes.sh script which calculates
and sets corresponding value to /proc/sys/vm/watermark_scale_factor
upstream-supported kernel knob.
Bug: 109664768
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Iaece28eb858a20c8c39578a28dc6bbc6adc13c40
The main users of this instance are KFENCE and MTE-aided KASAN, which are only supported on arm64.
Skip creation of this tracing instance on 32-bit systems to save ~6Mb memory on low-end devices.
Bug: 195089948
Bug: 194719088
Bug: 194156700
Change-Id: Icaf762715fed7a282b1ad738c10bcb45dc848f4d
In newer kernel, it introduces watermark boost feature
to enhance memory fragmentation problems. This feature
will dynamically boost/down watermark level which conflicts
with LMKD assumption and causing LMKD not to work properly.
Disabling this feature first until we address it.
Bug: 189938926
Test: check vm parameter.
Signed-off-by: Martin Liu <liumartin@google.com>
Change-Id: I6db5163f843f1129080bb944df7cbb8c799a58e0
The sysfs node of sd blk_device is /sys/fs/f2fs/sd-<num>, we shouldn't
skip partition number at this time.
Bug: 189257443
Test: access sd-<num> sysfs correctly
Signed-off-by: Guo Weichao <guoweichao@oppo.com>
Signed-off-by: Huang Jianan <huangjianan@oppo.com>
Change-Id: Ibcd7bb265f8fca9cd26f8770403f1bafad433acb
We never use CONFIG_RT_GROUP_SCHED in GKI kernel, but that could be set
on legacy devices. Remove system cgroup migration and also RT settings
as we should not have any task under those groups.
Bug: 191925901
Test: Build
Signed-off-by: Wei Wang <wvw@google.com>
Merged-In: I492833975e28e9888e412711e80670ca0901010d
Change-Id: I492833975e28e9888e412711e80670ca0901010d
(cherry picked from commit b4e79853cd)
Due to aosp/1708274, ref data directory is now world accessible.
We need to fix ref data directory so that it does not leak app
visibility information.
Bug: 189787375
Test: AppDataIsolationTests
Change-Id: I716852478ce0734c7038934c88c36a567c06393f
ART wants to optimize the time when the profile information
is saved for an app. To do so, it needs access to both, the current
profile, and the reference profile. This will allow ART to access
the ref profiles, which previously was not needed.
Test: m & flash
Bug: 185979271
Change-Id: Ie07bce81d2fba9c0b0ae4f322418e960c024e15d
On first boot, FDE devices hang on the command
'wait_for_prop apexd.status activated'. This is because apexd was
already started with the tmpfs /data, then was stopped by
vold.decrypt=trigger_shutdown_framework. Then when apexd is started
again with the real /data, it sees that apexd.status="ready" already, so
it doesn't consider itself to be starting from scratch again. So it
doesn't move apexd.status back to "activated" as expected.
Fix the above by resetting apexd.status to its initial value of the
empty string before trying to start apexd in the post-fs-data trigger.
Note that this also takes care of the userspace reboot case which was
previously handled in the userspace-reboot-requested trigger.
Also, FDE devices hang at the same place on non-first boots with default
encryption (i.e., when no PIN is set) because apexd is still running
after having been started with the tmpfs /data. This is because
vold.decrypt=trigger_shutdown_framework isn't run in that case, but
rather vold manually kills processes that have open files on /data --
which doesn't include apexd. But, apexd should be restarted too.
Fix that by using 'restart apexd' rather than 'start apexd'.
Note that these changes are needed even though FDE devices don't support
updatable APEXes, as apexd is needed regardless.
This is one of a set of changes that is needed to get FDE working again
so that devices that launched with FDE can be upgraded to Android 12.
Bug: 186165644
Test: Tested FDE on Cuttlefish. Also tested userspace reboot (with FBE)
Change-Id: I4fa57cf15d77b64d1167eaf966347d2a9d6a9b72
Now that we are activating APEX directly from /data/apex/decompressed
directory, without this permission, PackageManager fails to parse
decompressed APEX. This permission setting is same as what we have for
/data/apex/active.
Bug: 185886528
Test: atest ApexCompressionTests
Change-Id: Ief36a6ddc5760faff2c390fa913984385fda99a6
Soong generates classpaths.proto config and puts it into
/system/etc/classpaths/ for derive_classpath to read at runtime. There
is no need to plumb these values via make anymore.
Bug: 180105615
Test: m && launch_cvd; presubmit / DeviceBootTest
Change-Id: I514c5036871233ae865b972effea8321dbe4aea9
Revert submission revert-1660531-max-boot-level-crypto-KFMCEDKSIV
Reason for revert: topic:vold-use-keystore2 has landed fixing the bug
Reverted changes:
Ibf63734a: Revert "Set earlyBootEnded before apex starts"
Id02f63a7: Revert "Expose AID_KEYSTORE"
Ibcedeff4: Revert "Cryptographic security for MAX_BOOT_LEVEL"
Restored changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Reverted-SHA1: 82cfe66794
Original commit message:
earlyBootEnded signals to keystore2 to read the database for the first
time, and start the MAX_BOOT_LEVEL system. It must therefore run
after /data is mounted and /data/misc/keystore is created, but before
apexd or odsign starts.
Bug: 176450483
Test: atest com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles
Change-Id: Ib9c2b4bbdddecdf73924125f9bdc75c82e1dd257
