Android 15.0.0 release 5

-----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZyveowAKCRDorT+BmrEO eEowAJ0Ut5Tkq4TVDFvrYySEynb9v8QVIQCfSPhFnaHGbSQiqBRHrEdNbZJQS3s= =vYsf -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQJLBAABCgA1FiEEHrBYPudH862glXQBzJUERRm+ZmkFAmcstXAXHG1rYmVzdGFz QGxpbmVhZ2Vvcy5vcmcACgkQzJUERRm+ZmkWQQ//TxtLkYx/axq6FjdEX+/O98Ug SKaMooXZZ+fukX3ZwDCeoqwzJyb/Yho+TdqIE6wtzJsdP79xgeeYofBV+fsTUyTG tgjo/3fIbzpL8IjhxiJrJZdH4yVI7QxhK23Nfk91fvwwqm+XE9bPaiXPFkL1boSV E25OGizCucqWXeY9zoHWTx3F1HeGx2uG/+2p7BZxwP/jbFsnHWrvnUlwTWi3NHz+ KnLCcgd6m1ZPuf141Od3rKPhkuPxEH3Ed3I1bWT+QebI+YvgIuVELdy2MNaDW+JH iOwEqk9IHSDEQJ3jV1WO50dyRUsDej4ihCHe2bZgEe1Nhv8d5f1MhcnJs/S/I9tf 7A1zVcktKpSjrZjv7aFdlxr5oQvPT+OH9XgJqIfajadoaVGk+wnc0fPJwvH9/eUA thmKvxToKJYJ+7DsODidOgJd6M0JsaHrFI37hW+PjiLyVmfyhNv0ihIZ7qyLgGSc sZzbZTqXKav5cl94uSaFVieLN2mtcTTzd1oYmbzKxsCGUq5Cy+T7nualAyai5NpW udKahmbiIxvihgNsvPPJtD8tewG8nqVIKan5h1nLoSq+iySnHS0b/6b1orTZ/nkg 9xZ6YrjeVBVO6oomesiIX5MMm3BmwRioK31mCA7MsY0/RhcyP5gBlsT/cfEEiWxQ 0dLyqPIPIi4Hw/LlbwA= =dQ+a -----END PGP SIGNATURE----- Merge tag 'android-15.0.0_r5' into staging/lineage-22.0_merge-android-15.0.0_r5 Android 15.0.0 release 5 # -----BEGIN PGP SIGNATURE----- # # iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZyveowAKCRDorT+BmrEO # eEowAJ0Ut5Tkq4TVDFvrYySEynb9v8QVIQCfSPhFnaHGbSQiqBRHrEdNbZJQS3s= # =vYsf # -----END PGP SIGNATURE----- # gpg: Signature made Wed Nov 6 23:24:51 2024 EET # gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78 # gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal] # gpg: initial-contribution@android.com: Verified 2336 signatures in the past # 3 years. Encrypted 4 messages in the past 2 years. # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78 # By Akilesh Kailash # Via Android Build Coastguard Worker * tag 'android-15.0.0_r5': libsnapshot: Address GRF config when updating from Android S config libsnapshot: Check if the vendor is updated from Android S for GRF Change-Id: Ib7748aa00d12b2944e84516fec058b04bc18af89
2024-11-07 14:41:19 +02:00 · 2024-11-07 14:41:19 +02:00 · 3f2d09e4b0
commit 3f2d09e4b0
parent 79f7132bc3 32bd7a7dd5
4 changed files with 70 additions and 10 deletions
--- a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
@ -335,6 +335,9 @@ class SnapshotManager final : public ISnapshotManager {
    // after loading selinux policy.
    bool PrepareSnapuserdArgsForSelinux(std::vector<std::string>* snapuserd_argv);

+    // If snapuserd from first stage init was started from system partition.
+    bool MarkSnapuserdFromSystem();
+
    // Detach dm-user devices from the first stage snapuserd. Load
    // new dm-user tables after loading selinux policy.
    bool DetachFirstStageSnapuserdForSelinux();
@ -670,6 +673,7 @@ class SnapshotManager final : public ISnapshotManager {
    std::string GetForwardMergeIndicatorPath();
    std::string GetOldPartitionMetadataPath();
    std::string GetBootSnapshotsWithoutSlotSwitchPath();
+    std::string GetSnapuserdFromSystemPath();

    const LpMetadata* ReadOldPartitionMetadata(LockedFile* lock);

--- a/fs_mgr/libsnapshot/snapshot.cpp
+++ b/fs_mgr/libsnapshot/snapshot.cpp
@ -20,6 +20,7 @@
 #include <sys/file.h>
 #include <sys/types.h>
 #include <sys/unistd.h>
+#include <sys/xattr.h>

 #include <filesystem>
 #include <optional>
@ -88,7 +89,10 @@ static constexpr char kBootSnapshotsWithoutSlotSwitch[] =
        "/metadata/ota/snapshot-boot-without-slot-switch";
 static constexpr char kBootIndicatorPath[] = "/metadata/ota/snapshot-boot";
 static constexpr char kRollbackIndicatorPath[] = "/metadata/ota/rollback-indicator";
+static constexpr char kSnapuserdFromSystem[] = "/metadata/ota/snapuserd-from-system";
 static constexpr auto kUpdateStateCheckInterval = 2s;
+static constexpr char kOtaFileContext[] = "u:object_r:ota_metadata_file:s0";
+
 /*
 * The readahead size is set to 32kb so that
 * there is no significant memory pressure (/proc/pressure/memory) during boot.
@ -318,7 +322,7 @@ bool SnapshotManager::RemoveAllUpdateState(LockedFile* lock, const std::function
    std::vector<std::string> files = {
            GetSnapshotBootIndicatorPath(),          GetRollbackIndicatorPath(),
            GetForwardMergeIndicatorPath(),          GetOldPartitionMetadataPath(),
-            GetBootSnapshotsWithoutSlotSwitchPath(),
+            GetBootSnapshotsWithoutSlotSwitchPath(), GetSnapuserdFromSystemPath(),
    };
    for (const auto& file : files) {
        RemoveFileIfExists(file);
@ -1457,6 +1461,10 @@ std::string SnapshotManager::GetRollbackIndicatorPath() {
    return metadata_dir_ + "/" + android::base::Basename(kRollbackIndicatorPath);
 }

+std::string SnapshotManager::GetSnapuserdFromSystemPath() {
+    return metadata_dir_ + "/" + android::base::Basename(kSnapuserdFromSystem);
+}
+
 std::string SnapshotManager::GetForwardMergeIndicatorPath() {
    return metadata_dir_ + "/allow-forward-merge";
 }
@ -2122,6 +2130,34 @@ bool SnapshotManager::UpdateUsesODirect(LockedFile* lock) {
    return update_status.o_direct();
 }

+bool SnapshotManager::MarkSnapuserdFromSystem() {
+    auto path = GetSnapuserdFromSystemPath();
+
+    if (!android::base::WriteStringToFile("1", path)) {
+        PLOG(ERROR) << "Unable to write to vendor update path: " << path;
+        return false;
+    }
+
+    unique_fd fd(open(path.c_str(), O_PATH));
+    if (fd < 0) {
+        PLOG(ERROR) << "Failed to open file: " << path;
+        return false;
+    }
+
+    /*
+     * This function is invoked by first stage init and hence we need to
+     * explicitly set the correct selinux label for this file as update_engine
+     * will try to remove this file later on once the snapshot merge is
+     * complete.
+     */
+    if (fsetxattr(fd.get(), XATTR_NAME_SELINUX, kOtaFileContext, strlen(kOtaFileContext) + 1, 0) <
+        0) {
+        PLOG(ERROR) << "fsetxattr for the path: " << path << " failed";
+    }
+
+    return true;
+}
+
 /*
 * Please see b/304829384 for more details.
 *
@ -2158,14 +2194,35 @@ bool SnapshotManager::UpdateUsesODirect(LockedFile* lock) {
 *         iii: If both (i) and (ii) are true, then use the dm-snapshot based
 *         approach.
 *
+ * 3: Post OTA reboot, if the vendor partition was updated from Android 12 to
+ * any other release post Android 12, then snapuserd binary will be "system"
+ * partition as post Android 12, init_boot will contain a copy of snapuserd
+ * binary. Thus, during first stage init, if init is able to communicate to
+ * daemon, that gives us a signal that the binary is from "system" copy. Hence,
+ * there is no need to fallback to legacy dm-snapshot. Thus, init will use a
+ * marker in /metadata to signal that the snapuserd binary from first stage init
+ * can handle userspace snapshots.
+ *
 */
 bool SnapshotManager::IsLegacySnapuserdPostReboot() {
-    if (is_legacy_snapuserd_.has_value() && is_legacy_snapuserd_.value() == true) {
-        auto slot = GetCurrentSlot();
-        if (slot == Slot::Target) {
+    auto slot = GetCurrentSlot();
+    if (slot == Slot::Target) {
+        /*
+            If this marker is present, the daemon can handle userspace snapshots.
+            During post-OTA reboot, this implies that the vendor partition is
+            Android 13 or higher. If the snapshots were created on an
+            Android 12 vendor, this means the vendor partition has been updated.
+        */
+        if (access(GetSnapuserdFromSystemPath().c_str(), F_OK) == 0) {
+            is_snapshot_userspace_ = true;
+            return false;
+        }
+        // If the marker isn't present and if the vendor is still in Android 12
+        if (is_legacy_snapuserd_.has_value() && is_legacy_snapuserd_.value() == true) {
            return true;
        }
    }
+
    return false;
 }

--- a/init/first_stage_mount.cpp
+++ b/init/first_stage_mount.cpp
@ -395,12 +395,7 @@ bool FirstStageMountVBootV2::CreateSnapshotPartitions(SnapshotManager* sm) {

    use_snapuserd_ = sm->IsSnapuserdRequired();
    if (use_snapuserd_) {
-        if (sm->UpdateUsesUserSnapshots()) {
-            LaunchFirstStageSnapuserd();
-        } else {
-            LOG(FATAL) << "legacy virtual-ab is no longer supported";
-            return false;
-        }
+        LaunchFirstStageSnapuserd();
    }

    sm->SetUeventRegenCallback([this](const std::string& device) -> bool {
--- a/init/snapuserd_transition.cpp
+++ b/init/snapuserd_transition.cpp
@ -100,6 +100,10 @@ void LaunchFirstStageSnapuserd() {
    }
    if (client->SupportsSecondStageSocketHandoff()) {
        setenv(kSnapuserdFirstStageInfoVar, "socket", 1);
+        auto sm = SnapshotManager::NewForFirstStageMount();
+        if (!sm->MarkSnapuserdFromSystem()) {
+            LOG(ERROR) << "Failed to update MarkSnapuserdFromSystem";
+        }
    }

    setenv(kSnapuserdFirstStagePidVar, std::to_string(pid).c_str(), 1);