flock may return EINTR. There are code using LockShared() to test
existance of the directory. Don't fail spuriously.
Test: pass
Bug: 160457903
Change-Id: I51628abe05599422eb3f344781d8f3acd653c822
In rescue mode, if /metadata is mounted but /metadata/ota does
not exist, immediately unmount /metadata and fallback to the code
path when /metadata is not mounted; that is, old partitions are
overwritten.
Test: in recovery, select wipe then immediately sideload
Bug: 160457903
Change-Id: I412d62b7005c81a7126106edc471622e6a7ef813
Q liblp only supports 10.0 super partition metadata, so
forcefully downgrade the current metadata version too.
On retrofit Virtual A/B devices, the metadata version is
at most 10.1, because the new VIRTUAL_AB flag is not set
on retrofit devices.
In version 10.1, two per-partition flags: UPDATED and DISABLED
are introduced.
- The updated flag is set when the device undergoes a Virtual A/B
update before. Clear it.
- The disabled flag should only be set on metadata files used by
libfiemap ImageManager. It shouldn't be used on super partition metadata.
Hence, this CL should only clear UPDATED flag.
Test: R->R->Q OTA
Bug: 159590481
Change-Id: I8b548c8ce36a75197e7172a77f9207fd44fe4670
SkipMountingPartitions() should only be called from a system process
as the config file is in /system_ext.
Remove it from the vendor variant of libfstab.
Bug: 158301941
Test: build hardware/interfaces/boot/1.1/default/boot_control and check symbol
Change-Id: I834183a623c0711dd79b89486fc3fc80f9710801
Merged-In: I834183a623c0711dd79b89486fc3fc80f9710801
(cherry picked from e7cb09d226)
In the current implementation vendor profile attributes do not override
system ones and instead generate a warning. Fix that by overriding existing
attribute if a new definition is found.
Bug: 160318642
Test: add vendor attributes and confirm no warnings
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Merged-In: I71a2ee4d4b3c585e7c9a01b791e973390d409cbc
Change-Id: I71a2ee4d4b3c585e7c9a01b791e973390d409cbc
When multiple auth requests come in (e.g. if someone connects over TCP
and USB, or if we send a USB request, and then kill adb and try again),
we need to disambiguate.
Bug: http://b/159061108
Test: manual
Change-Id: I0768dc3c1830456cb8cbd4395c23ef8f193cc420
- zygote needs statsd for logging boot time event.
- statsd starting later leads into stats logging failure which
is reported by all child processes of zygote later.
This brings lots of noise in statsd error.
Bug: 159664734
Test: reboot and check if error log does not show up
E statsd : Found dropped events: 1 error -19 last atom tag 240 from uid 10169
Change-Id: Ie585febb50a9668671c8fda41a872595baae8385
Test: built and booted
Bug: 150040815
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Merged-In: If80758b3d7bf499d428880efa5ed555076bfc291
Change-Id: If80758b3d7bf499d428880efa5ed555076bfc291
Fix a bug that was causing cap_set_flag() fail and logd to exit.
Bug: 159588327
Test: caps are set correctly and logd functions with both, one of, or
none of klogd and auditd enabled.
Merged-In: Ia51f078ad848535ce1ac29edd8a56a2b686a12cc
Change-Id: Ia51f078ad848535ce1ac29edd8a56a2b686a12cc
(cherry picked from commit 54b00a9e3c)
On some devices we see a weird in which /metadata/apex will have a wrong
selinux label. This will effectively prevent such devices from getting
any apex updates. Since we haven't figured out a root cause for this
bug, it's safer to explicitly call restorecon on /metadata/apex to make
sure it's correct.
This change shouldn't affect a normal boot flow, since /metadata/apex
will already have a correct label and restorecon_recursive will be a
no-op.
Test: rm -Rf /metadata/apex && \
mkdir /metadata/apex &&
mkdir /metadata/apex/sessions
Bug: 149317789
Change-Id: I971ffe35c93bb79d9e71106c24515ec0ee70333a
If the flashed boot image is smaller than the block device, the AVB
footer will not be at the end of the partition. Although images are
normally created to match the partition size the GKI boot.img must work
on all devices, and the size of the boot partition will vary.
Copy the AVB footer to the end of the partition before flashing, if it
is not there already.
Bug: 159377163
Change-Id: I5a5e25fb54dc9d6a2930fda63434968808ffa1f0
Merged-In: I5a5e25fb54dc9d6a2930fda63434968808ffa1f0
Documentation is synchronized to match external, to ease updating.
blacklist is replaced with ignorelist or ignore depending on context.
Bug: 159345740
Test: none
Merged-In: I6db7ad321684759e3c5ac1f66f940b6e8a5709a0
Change-Id: I6db7ad321684759e3c5ac1f66f940b6e8a5709a0
Bug: 156225476
Test: Build for f2fs and ext4 device, make sure checkpoints roll back
and commit
Merged-In: I7a772ff712dec9e69df175de840d69d296c65923
Change-Id: I7a772ff712dec9e69df175de840d69d296c65923
Improve app startup performance before the new app is in the top-app
cpuset.
Test: boots, zygote64 in top-app stune group
Bug: 159201879
Change-Id: I3aad4b4b1d2f54db9e7ba86db8a655d8552bad0a
d3ecc66b9c "liblog: support extended logger_entry headers" removed
the logger_entry::msg variable and instead uses hdr_size as an offset
from logger_entry to where the message starts in parent log_msg
buffer.
In pmsg, hdr_size is not recorded and therefore uninitialized when it
was referenced, causing corruption when reading last logcat. This
change uses sizeof(log_msg->entry) instead.
Bug: 158263230
Test: last logcat works
Merged-In: Ic01e73bf4d8ba8419cc770138565aa1210a6078b
Change-Id: Ic01e73bf4d8ba8419cc770138565aa1210a6078b
(cherry picked from commit 34d7bd98ad)
There are two locks used by AppFuseBridge.
First is it's object lock, and the second is a mutex lock in app fuse library.
There are two oppsite routines to get those locks.
(Thread A) Got Java lock -> Try to get Native lock
(Thread B) Got Native lock -> Try to get Java lock
The order must be followed to obtain two locks.
If not, the dead lock will be caused.
Therefore we change the routine to get the mutex lock first, and the object lock later.
Signed-off-by: hyeeun.jun@samsung.com <hyeeun.jun@samsung.com>
Bug: https://issuetracker.google.com/issues/145707568
Bug: 157535024
Test: atest --test-mapping apex/blobstore
Change-Id: I0ab002da9a0b7ca2f518d50ab477a080cabe3788
As the EXT4_MAX_BLOCK_SIZE defined as 65536 which reached maxium value
of unsigned int. The superblock value maybe larger than 65536. This is
found by the Integer Overflow Sanitizer.
This patch fixed below boot error when userdata is corrupted:
init: processing action (fs) from
(/vendor/etc/init/hw/init.freescale.rc:221)
init: [libfs_mgr]Invalid ext4 superblock on '/dev/block/by-name/userdata'
init: InitFatalReboot: signal 6 init: #00 pc 00000000000af7e8 /system/bin/init
(android::init::InitFatalReboot(int)+208) init: #01 pc 00000000000afbd0 /system/bin/init
(android::init::InstallRebootSignalHandlers()::$_22::__invoke(int)+32)
init: #02 pc 00000000000006bc [vdso:0000ffff9691b000] (__kernel_rt_sigreturn)
init: #03 pc 000000000004e070 /system/lib64/bootstrap/libc.so (abort+176)
init: #04 pc 000000000003427c /system/lib64/libfs_mgr.so
(read_ext4_superblock(std::__1::basic_string<char, std::__1::char_
traits<char>, std::__1::allocator<char> > const&,
android::fs_mgr::FstabEntry const&, ext4_super_block*, int*)+1804)
Test: boot with corrupted ext4 superblock
Bug: 156200421
Signed-off-by: Haoran.Wang <elven.wang@nxp.com>
Change-Id: Ib1b69bf4623f69696cb637b226ec3359fc2ed409
(cherry picked from commit cb472b92e5)
SnapshotUpdateTest uses a relatively small super partition, which
requires a small alignment and 0 alignment offset to work. For the
purpose of this test, hardcode the alignment and offset.
This test isn't about testing liblp or libdm.
Fixes: 154355449
Fixes: 157437632
Bug: 158718136
Bug: 157633441
Bug: 154646936
Test: atest on devices with alignment of data partition >= 512KiB
Change-Id: I1d0474f028cc824bd4197d0228350395239b3b81
(cherry picked from commit 31739669e91c7a3afc5bee23e43bc45fb4154667)
Merged-In: I1d0474f028cc824bd4197d0228350395239b3b81
If the superblock of /data is corrupted, fs_mgr would skip check_fs.
But, e2fsck actually may reference backup superblock to recover
the filesystem. This fix gives fs_mgr second chance to fix corrupted
ext4 /data.
Bug: 156200421
Test: boot with corrupted ext4 superblock
Signed-off-by: Randall Huang <huangrandall@google.com>
Change-Id: Ieb89e7274d772962fe37927dcd62567dd5aa4657
(cherry picked from commit 72abd7b246)
Pushed atoms do not need to be truncated because only the bytes added to
the buffer are written to the socket. Pulled atoms do not need to be
truncated because within stats_pull_atom_callback.cpp, we only copy the
valid parts of the buffer to the StatsEventParcel object.
This improves performance by avoiding a needless call to realloc.
+ removed dead benchmarking code
Test: m libstatssocket
Test: atest libstatssocket_test
Test: atest GtsStatsdHostTestCases
Bug: 158717786
Change-Id: I6965f8832758203ca566336ba12d0acaf5f756d5
This test doesn't exist on AOSP anymore, and the bugs around
alignment_offset have been fixed in R. There is no need for the test
anymore.
Bug: 157398966
Test: liblp_test gtest
Change-Id: I00ac7486faf8db8b18f764e61db1d545feb0312c
Merged-In: I563122282e940e07a7ece97ed1a9846ad1f3253c
Increase AStatsEvent max byte size to 50 KB for pulled events.
All AStatsEvent instances are treated as pulled events unless
AStatsEvent_write() is called.
- Set the default max size to 50 KB
- The starting buffer size is still ~4 KB for pushed and pulled events.
- If a write would exceed the buffer bounds, double buffer size until
write fits or 50 KB limit is exceeded in which case the overflow bit is
set to true.
- If AStatsEvent_write() is called, max size is set to ~4 KB. And if
the current payload exceeds this limit, set overflow bit to true.
- Fix error mask checking in stats_event_test.
- Set ERROR_NO_ATOM_ID when atom id is missing.
- Make sure tests don't hit ERROR_TOO_MANY_FIELDS when testing buffer
overflow.
- Rename event->size to event->numBytesWritten
Fixes: 158214941
Test: libstatssocket_test
Change-Id: Ia26aeb775f7e4f2ffe87707bab6d0119e21da10e
The same adbd module prebuilt will get used for both user and userdebug
builds in the post-APEX world, so we can't guard functionality with
product variable ifdefs anymore.
The code that was previously compiled out runs before we drop root, so
the increased attack surface essentially consists of an attacker having
control over system properties, and that likely implies that we're
doomed already (either they have filesystem control, or they have code
execution in init).
Bug: http://b/158156979
Test: treehugger
Change-Id: Ia70d3140189e5212beb813ff719355e30ca5fa04
(cherry picked from commit d076857c4f)
