Current init doesn't order the triggeres it scaned, and there is no
guarantee that general event trigger exec first and then event+property
triggers.
This CL will make sure netd started after post-fs-data trigger is done.
Bug: 35110957
Test: marlin boots
Change-Id: I7bb55af4e00f336682388abfa8a06eac2136b7d4
Avoid breaking internal code when AOSP automerges to internal.
This will be reverted after fixing up the uses on the other end.
Bug: http://b/35858739
Test: treehugger
Change-Id: If1ee03d8d7c218d3ad9f451cfe9a9077753dda02
This change makes init's SELinux policy compilation step target the
highest SELinux policy language version supported by the kernel.
Prior to this change the version was simply hard-coded in init.
P. S. clang-format (part of presubmit for this change) is being
counter-productive trying to format the section with secilc
parameters. The resulting layout is harder to read. This commit thus
disables clang-format for this section of code and formats the code
for improved readability.
Test: Remove precompiled policy, device boots up, no new denials.
Added log statement to print out the policy version passed
into secilc -- it printed 30, as expected.
Bug: 31363362
Change-Id: I151017b5211712861bafb662525e794a44026dd2
We statically link libwinpthread into Windows binaries, but soong
currently can't specify notice files for toolchain_libraries. Add
libwinpthread's COPYING info directly to adb's as a hack.
Bug: http://b/36073965
Test: `make PRODUCT-sdk-win_sdk` + manual inspection of NOTICE.txt
Change-Id: I58d6be0ecf5626b67308f7e94128a2cd44dab161
NOTE: This change affects only devices which use SELinux kernel policy
split over system and vendor directories/partitions.
Prior to this change, init compiled sepolicy from *.cil files on every
boot, thus slowing boot down by about 400 ms. This change enables init
to skip the step compilation and thus avoid spending the 400 ms. The
skipping occurs only if the device's vendor partition includes an
acceptable precompiled policy file. If no acceptable policy is found,
the compilation step takes place same as before.
Because such devices support updating system and vendor partitions
independently of each other, the vendor partition's precompiled policy
is only used if it was compiled against the system partition's policy.
The exact mechanism is that both partitions include a file containing
the SHA-256 digest of the system partition's policy
(plat_sepolicy.cil) and the precompiled policy is considered usable
only if the two digests are identical.
Test: Device with monolithic policy boots up just fine
Test: Device with split policy and with matching precompiled policy
boots up just fine and getprop ro.boottime.init.selinux returns
a number below 100 ms. No "Compiling SELinux policy" message in
dmesg.
Test: Device with split policy and with non-matching precompiled
policy boots up just fine and getpropr ro.boottime.init.selinux
returns a number above 400 ms. There is a "Compiling SELinux
policy" message in dmesg. The non-matching policy was obtained
by adding an allow rule to system/sepolicy, building a new
system image using make systemimage and then flashing it onto
the device.
Bug: 31363362
Change-Id: Ic2e81a83051689b5cd5ef1299ba6aaa1b1df1bdc
Standalone, this logger provides no end-to-end capability. Only
provides a writer, no reader transport. All output goes, logcat-like,
into the stderr stream. Output can be adjusted with environment
variables ANDROID_PRINTF_LOG and ANDROID_LOG_TAGS.
liblog_*.__android_log_bswrite_and_print___max print fails if a string
member is truncated with "Binary log entry conversion failed" and -1.
We expose the truncated content in the tests and in LOGGER_STDERR.
The purpose of this transport selection is for command-line tools,
providing a means to shunt the logs to be mixed in with the tool's
error stream.
Test: gTest liblog-unit-tests
Bug: 27405083
Change-Id: If344b6e3e67df2dc86ce317cfad8af8e857727b7
The style file .clang-format is copied from adb/.clang-format.
Each sub folders still can have different style by adding their own
.clang-format because git-clang-format uses the style file located
in one of the parent directories of the *source file*.
Also see the following link for previous discussions:
https://android-review.googlesource.com/#/c/340106
Bug: 36046320
Test: repo upload, checks pre-submit fails when the uploading commit
doesn't meet the style
Change-Id: I94369af197da1ccce581bbd861c8737f6a197429
While recovering from endpoint errors, the gadget stack was being
signalled even when desriptors were NOT being rewritten. Avoid this
as this might cause enumeration loops.
Bug: 36036550
Change-Id: Iff2b2fc8cded001ef3c77dc170dce3b96848970c
Was leaking log_device_t in command path. Cleanup leak in command
path and add thorough clean up on destroy for insurance.
Start grouping related like-type variables in the context structure
for more effective layout.
Test: gTest logcat-unit-tests
Bug: 35326290
Change-Id: Ibfbddec2d0e1bce24b87b035d67726cac1395574
- This is to collect data to understand if e2fsck -f option
can be dropped wholly based on information from fs.
- Ideally e2fsck should not fix fs if it was clean shutdown
or if it is not enabling quota.
- The log is added to /dev/fscklogs/log and other system components
can collect it later.
TODO: add mechanism to distinguish old vs new fs generation tool.
bug: 32246772
Test: reboot and check saved logs under different shutdown conditions (clean, non-clean)
Change-Id: Id00fad4c5f8ebbb9f9908164a1026e415df06721
* changes:
DO NOT MERGE ANYWHERE Qemu: make the qemu_pipe_open compatible with old apis
DO NOT MERGE ANYWHERE Emulator: Enhance qemu_pipe.h to handle partial read and write
So _LOG could be overridden by customized logging
implementations in non-Android systems.
Bug: 35919515
Test: Test on device
Change-Id: I0885c15353c0b1bf66f6f156e7f502f326b85d57
Don't try to connect to ourselves in a signal handler (e.g. if someone
does `killall -ABRT tombstoned`).
Test: killall -ABRT tombstoned
Change-Id: Ib69a206f741acb523c9f2883d474c940b6ebfab2
Make tombstones group readable to allow them to be picked up by the
dropbox service.
Bug: http://b/35979630
Test: killall -ABRT rild; dumpsys dropbox
Change-Id: If57cc17563c80d5b5c4887b0937905bffef6b231
Resolve one of the threading issues by creating a private C++ified
copy of getopt_long_r that started out its life as the bionic
getopt_long, but is reentrant. Adds a new state context for the
stderr stream called optstderr. Utilize this new function in logcat.
Control opterr and optstderr to match liblogcat expectations. Correct
and fortify const.
Alternative would be to lock around _all_ getopt callers. This has
the advantage of requiring _no_ locks that could get in the way of
using liblogcat in a signal handler. The log reader interface does
run the risk of incurring locks and heap allocations though, so there
is more work to be done for that final goal.
Test: gTest logcat-unit-tests
Bug: 35326290
Change-Id: Ibb1b374c55d357d5d7fa5ad00bfaf07ae0bc4ba5
To start Treble VTS test, a single AOSP system.img will be flashed onto
the device. The size of AOSP system.img might be different than the
system partition size on device, making locating verity metadata fail
(at the last fixed size of the partition).
This change allows disabling dm-verity on system partition when the
device is unlocked (orange device state) with invalid metadata.
BUG: 35603549
Test: Boot bullhead with a different-sized system.img, checks verity is
not enabled via:
"adb shell getprop | grep partition.system.verified"
Change-Id: Id89d023e82c78ff1902ab7a528431cf7f65e49ad
This makes init log stderr of secilc invoked to compile SELinux
policy. Having an explanation for why secilc failed is very useful for
debugging boot issues.
Test: Device with PRODUCT_FULL_TREBLE boots up just fine
Test: Modified init.cpp to reference non-existent .cil file on a device
with PRODUCT_FULL_TREBLE and confirmed that dmesg now contains the
error message from secilc saying that the file was not found.
Bug: 31363362
Change-Id: I6a3b3576daf0d6fd09e2c79bc43ae63850f44a00
- three properties: .early, .default, .late
- for tracking critical early boot times
bug: 35949600
Test: manual, getprop after boot
Change-Id: I851891518428e6e21cb43a2a6f982ab7db281d4c
Some unittests require libbinderwrapper_test_support.so and fail
because it isn't on userdebug images.
Bug: 30631078, 35804180
Test: `make dist`
(cherry picked from commit 6515f36e43082ea105115de7e34d9cd09c77220a)
Change-Id: I4d8878de8963d0cbd29d6aca4b233ba674121688
android_log_processBinaryLogBuffer and android_log_processLogBuffer
error return should have message and messageLen fields set to zero,
or to a valid-but-truncated buffer so that we can discern the
difference. This will resolve an issue with reporting content from
an uninitialized field in liblogcat should caller add --debug flag.
To enhance the debugging capability, truncated string events because
of the logger limits are provided rather than dropping the field, but
still with an error return.
Some minor coding style issues resolved. Add required, or remove
extraneous spaces. Use C-style comments only.
Test: gtest liblog-unit-tests
Bug: 27405083
Bug: 35326290
Change-Id: I4a7ddd7278fb1c582f921e1ba10e0765fadb791b
The three CIL files comprising split sepolicy are being moved from the
root directory to system and vendor directories based on whether the
file is for platform/system policy or non-platform/vendor policy.
Test: Device boots, no additional SELinux denials. This test was run
for a device which has split policy and for a device which has
monolithic policy.
Bug: 31363362
Change-Id: Ica49f0beae56be0f1cea7117e48bf2f6af8b848b
