This CL change the mini-keyctl tool to make it compitable with libkeyctl
tool to make it more useful.
Bug: 112038861
Test: mini-keyctl padd asymmetric 'desc' .fs-verity < /path/to/cert.der
Test: mini-keyctl unlink <key_id> <keyring_id>
Test: mini-keyctl restrict_keyring <keyring_id>
Change-Id: I950f07c7718f173823ce5a5cd08e0d1a0e23a007
This is a temporal fix. With this change, the extractor plug-ins uses
unstable libs under /system/lib[64]. The right resolution is being
discussed.
Test: applied the same change to ld.config.txt and checked
the memory map of media.extractor on cuttlefish.
Bug: 127791685
Change-Id: Ifd5b79831f27ef4017bb8aa774671aa9b2c5264e
Removing 'updatable' from zygote as zygote is started after apexd. All
APEXes are guaranteed to be activated at the moment.
Sequence of actions:
1) /data mounted. post-fs-data is triggered.
2) apexd starts. APEXes are activated. Init does not execute more
commands until the activation finishes.
3) all post-fs-data sections from other *.rc are executed.
4) zygote-start is triggered.
Bug: 123404717
Bug: 126555629
Bug: 125549215
Test: device boots
Test: no following message on the logcat log
Could not restart 'zygote': Cannot start an updatable service 'zygote' before configs from APEXes are all loaded. Queued for execution.
Merged-In: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
Change-Id: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
(cherry picked from commit 3bddd540dd)
Our servers can comfortably run more than 16 emulators, and this is
much easier than messing with hypervisors or docker port allocation.
Assumes you know how to avoid clashes with Google Wear's default port.
Test: manual - still registers emulators.
Change-Id: I47cfd28725a550de0bd77fd11fcd94cdd11d2cc2
This adds few new methods to introduce write support to SplitFiemap:
(1) Write(), which has an internal cursor to stream data into the split
files. As the end of one file is reached, the next is opened.
(2) Flush(), which calls fsync() on each internal FiemapWriter.
(3) HasPinnedExtents(), which calls the same on each internal
FiemapWriter.
Included are some tests for edge cases in Write().
Bug: 126230649
Test: fiemap_writer_test gtest
Change-Id: I9fd509215975dbbb20a44b020315d3c1b287d1a0
1. Don't clear O_CLOEXEC on an fd we're duping to stdin/out/err: dup2
does that for us if oldfd != newfd, and we know the fd can't be
stdin/out/err.
2. Use unique_fd.
3. Remove gotos by breaking the remount logic into its own function.
Test: mma
Change-Id: If9929e7f20de445322fd498e1379a2d4e572cb52
For devices that do not support overlayfs that are system as root,
need to pull /dev/root device from / mount point in fstab.
Test: adb-remount-test.sh
Bug: 126256072
Change-Id: I198c0e8c60770508737318afde95db2966294ff5
Report any discrepancy in the active slot.
Fix a problem with problematic error propagation for adb_cat()
Test: adb-remount-test.sh
Bug: 126256072
Change-Id: I8a5d4e364945c5e60d252333886987b8dca0cfb3
This directory is used to store the Weaver/GateKeeper slot map so GSIs
do not overwrite host keys in secure storage.
Bug: 123716647
Test: /metadata/password_slots exists after boot
Change-Id: Ib0ca13edec38e68cba1fc2124465571feedc4be7
In order to test Trusty gatekeeper automatically, the storage proxy
needs to be active inside the emulator. This patch allows storageproxyd
to speak a length-framed RPMB to an external RPMB daemon.
For a concrete example of a daemon speaking this protocol, see rpmb_dev
in the Trusty tree.
Bug: 124277696
Test: Launch storageproxyd with -t virt, use Trusty test infra
Change-Id: I391d4768976f0eb1f3b8df58eefd58fc3a9409cd
Currently, moving or copying a Maps object leads to double free of MapInfo.
Even moving a Maps object did not prevent this, as after a move
the object only has to be in an "unspecified but valid state", which can
be the original state for a vector of raw pointers (but not for a vector
of unique_ptrs).
Changing to unique_ptrs is the most failsafe way to make sure we never
accidentally destruct MapInfo.
Test: atest libuwindstack_test
Failed LocalUnwinderTest#unwind_after_dlopen which also fails at master.
Change-Id: Id1c9739b334da5c1ba532fd55366e115940a66d3
Log min_score_adj when lmkd kills a process to determine the oom_score
levels that lmkd considers during the kill.
Bug: 123024834
Change-Id: I986ae8f2808199b1654bc8d2a32dd88046c79aa3
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Summary: Boot sequence around apexd is changed to make it possible for
pre-apexd processes to use libraries from APEXes. They no longer need to
wait for the apexd to finish activating APEXes, which again can be
done only after /data/ is mounted. This improves overall boot
performance.
Detail: This change fixes the problem that processes that are started
before apexd (so called pre-apexd processes) can't access libraries
that are provided only by the APEXes but are not found in the system
partition (e.g. libdexfile_external.so, etc.). Main idea is to activate
system APEXes (/system/apex/*.apex) before /data is mounted and then
activate the updated APEXes (/data/apex/*.apex) after the /data mount.
Detailed boot sequence is as follows.
1) init prepares the bootstrap and default mount namespaces. A tmpfs is
mounted on /apex and the propagation type of the mountpoint is set to
private.
2) before any other process is started, apexd is started in bootstrap
mode. When executed in the mode, apexd only activates APEXes under
/system/apex. Note that APEXes activated in this phase are mounted in
the bootstrap mount namespace only.
3) other pre-apexd processes are started. They are in the bootstrap
mount namespace and thus are provided with the libraries from the system
APEXes.
4) /data is mounted. init switches into the default mount namespace and
starts apexd as a daemon as usual.
5) apexd scans both /data/apex and /system/apex, and activate latest
APEXes from the directories. Note that APEXes activated in this phase
are mounted in the default namespaces only and thus are not visible to
the pre-apexd processes.
Bug: 125549215
Test: m; device boots
Change-Id: I21c60d0ebe188fa4f24d6e6861f85ca204843069
Can supply a specific partition to remount. Partitions can be
specified by name or mount point. Some extra work to differentiate
an unknown partition, invalid partition, or one that is covered by
overlayfs.
Test: adb-remount-test.sh
Bug: 122602260
Change-Id: Iab6f51c2b5ebe01f1cea3fb235445d5e2f495365
