/adb_keys will be moved to /product/etc/security as it's a
product-specific file. To prevent regression, /adb_keys will be a
symlink to the new location.
Bug: 353430323
Test: boot and connect adb with ADB_VENDOR_KEYS
Change-Id: I3dd200a1583be8f99bd5c30ecfed1bdc544ca783
Init is responsible for initializing the /dev/[u]random entropy
pool, to ensure that high quality random numbers are available
to all Android processes. Previously Android mixed in data
from /system/etc/prop.default, which included properties which
differed on a device-by-device basis. That file no longer exists,
and init generates the following error at boot:
init: Command 'copy /system/etc/prop.default /dev/urandom'
action=init (/system/etc/init/hw/init.rc:106) took 0ms and
failed: Could not read input file '/system/etc/prop.default':
open() failed: No such file or directory
Instead of reading a property file, this change modifies init.rc
to read from /proc/bootconfig. The bootconfig file contains
per-device data which was previously on the command line, such
as androidboot.serialno. Additionally, it contains device-class
information such as androidboot.hardware,
androidboot.hardware.platform, and data which frequently churns
such as androidboot.vbmeta.digest. These help ensure that the
random number initialization is at least unique on a per
device-class basis.
Relying on /proc/bootconfig accomplishes the same goal that
relying on /system/etc/prop.default was intended to accomplish.
And /proc/bootconfig is in a more stable location than
/system/etc/prop.default, hopefully preventing future regressions.
Bug: 361624398
Test: Device boots and error above goes away
Change-Id: Id5c891e871217d62ff6517c5804b4acc2d723622
post_data was used by Userspace Reboot, which was removed.
Bug: 293377020
Test: atest CtsInitTestCases
Change-Id: I1a5bf328f62b8afbe58eef62c64689471e6b018c
`ramdisk_node_list` is a hardcoded dependency in
`build/make/core/Makefile`, but it only serves as an input for
generating `ramdisk.img` and isn't installed on the device.
Therefore, we can directly use a `filegroup` and set
`export_to_make_var` for use in build/make/core/Makefile.
In addition, since there are no `Android.mk` files in the
subdirectories of `system/core/rootdir/`,
`include (callall−makefiles−under,(LOCAL_PATH))` can also be
deleted.
Bug: 359423289
Test: m -j $(PRODUCT_OUT)/ramdisk.img
Change-Id: Ia2bf636bfd7917bf7044d9726b4b52932bb161c8
In multi-window mode, currently the focused window will be top-app,
and others will be foreground. However, the cpu resource we assign to
typical foreground group may not meet the performance need of those
windows. Therefore, create a new group for them so that we could
distinguish their performance need.
Bug: 200769420
Test: group created
Change-Id: I84c61f9ed4d167e156dafb7a816b6482e80a8523
Makefile module still remains to handle post install commands. We're
going to move that to somewhere else as a followup.
Relanding with a fix for hwasan build.
HWADDRESS_SANITIZER_GLOBAL_OPTIONS is set by Soong's MakeVars, so we
can't refer the variable on soong config modules. Instead, as the
variable is hard-coded, this change hard-codes options in Android.bp.
Bug: 353429422
Test: boot cuttlefish w/ and w/o USE_SOONG_DEFINED_SYSTEM_IMAGE
Test: boot shiba with SANITIZE_TARGET=hwaddress
Change-Id: I4f61d7f800e0563c49dec0151d4a648ce9814bc9
Revert submission 3197177-init_environ_rc_soong
Reason for revert: DroidMonitor: Potential culprit for b/356587212 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted changes: /q/submissionid:3197177-init_environ_rc_soong
Change-Id: I3834d7f76f4baef747f3536167ad9bd2d2a474b4
Makefile module still remains to handle post install commands. We're
going to move that to somewhere else as a followup.
Bug: 353429422
Test: boot with and without USE_SOONG_DEFINED_SYSTEM_IMAGE
Change-Id: I85ec048e6e57981ad4496ea90762aa34bd9a5ca1
Add post-fs-data-checkpointed trigger when vold completes checkpointing
after an OTA update.
Bug: 350362101
Test: ABTD
Change-Id: I647a73a942174015b46c5f40bd8f8d3347977ecd
In the original Android.mk, `asan.option` is only enabled when
"address" is present in SANITIZE_TARGET.
`asan_extract` is only enabled when `SANITIZE_TARGET_SYSTEM` is `true`
and `address` is present in SANITIZE_TARGET.
However, in the normal build system design, a module should `not`
decide when it should be enabled.
Therefore, the `ifeq` condition should be directly removed during
conversion.
The correct approach is:
Wait until converting `init.environ.rc`, then use `select` or similar
methods to determine whether it should use `asan.option` or
`asan_extract`.
Bug: 353164536
Test: SANITIZE_TARGET=address m init.environ.rc
SANITIZE_TARGET_SYSTEM=true SANITIZE_TARGET=address m init.environ.rc
Change-Id: I69af3199536a3ba9f54dcfa198295826303e2d22
Use `soong_config_module_type` to install `*-developer-gsi.avbpubkey`
to either `ramdisk` or `vendor_ramdisk` based on the value of
`BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT` in each device.
In build/soong/android/paths.go's modulePartition() function, there is
already logic to construct `vendor_ramdisk` and `ramdisk` partitions
based on the different values of
`BOARD_MOVE_RECOVERY_RESOURCES_TO_VENDOR_BOOT` and
`BOARD_USES_RECOVERY_AS_BOOT`. And the logic is identical to the
original Android.mk.
Therefore, this change only needs to determine whether the avb public
keys should be placed in `vendor_ramdisk` or `ramdisk` based on the
value of `BOARD_MOVE_GSI_AVB_KEYS_TO_VENDOR_BOOT`. The rest of the
judgment logic can be ignored.
Bug: 347636127
Test: 1) lunch aosp_cf_x86_64_phone && m q-developer-gsi.avbpubkey
2) check it installed to vendor_ramdisk/first_stage_ramdisk/avb/
3) lunch yukawa && m q-developer-gsi.avbpubkey
4) check it installed to ramdisk/avb/q-developer-gsi.avbpubkey
Change-Id: I6de1a038261f2feeae4504d8097c7392b166848d
It has been reported that CL "Make foreground and background I/O
priority different" causes Android devices equipped with eMMC storage
to reboot if there is sufficient I/O activity. Hence revert commit
7f3fe0aaf2.
Bug: 186902601
Bug: 342034992
Change-Id: I4fa9c782eb0e801b410cb358e20fe41acebe1094
Signed-off-by: Bart Van Assche <bvanassche@google.com>
In I3aad4b4b1d2f54db9e7ba86db8a655d8552bad0a we set MaxPerformance
for zygote64_32, and in I7fcceeb22b722c2164b9acf0b517a32ce34731fd
we synced up zygote64 to match this.
However, this change never made it into the zygote32 rc file,
which we fix here.
Bug: 324014808
Test: Basic testing on 32-bit device
Change-Id: I6f0c4490330d05551952fd5d844e02a6b638ca68
This reverts commit 65430f8de6.
Reason for revert: Checking to see if this is the root cause for b/342673274.
Change-Id: I9bb319e73443e57b4ac0b61f5209048d5eb7e6c0
public.libraries.android.txt was not installable as it was used only
from microdroid. However, this module can also be used from system
image, as there is no difference from the content. This change marks the
module as no_full_install, so it can be installed in the system image
defined in Android.bp
Bug: 343357947
Test: AOSP CF build succeeded
Change-Id: I15fd47b173b5b718972a6ee18b3aecb58826909c
aconfigd-mainline-init is the service target to initialize mainline
storage files. aconfigd is the service target to start aconfigd socket
for incoming messages.
Bug: b/312444587
Test: m and avd
Change-Id: Ic8052eaf933501da3371812c482ad816ec353b27
Currently sanitizer.libraries.txt module is defined from Makefile, while
all logics to create the list of modules is implmented within the Soong.
This change moves sanitizer.libraries.txt module definition into Soong,
so it can be generated without sharing list of modules over Make
variable.
Bug: 339131599
Test: AOSP CF build succeeded, with same list of modules in
/system/etc/sanitizer.libraries.txt
Change-Id: I25cd4cf55b0a0992d05990d1b67869435f37de93
Previously llndk.libraries.txt definition was located in VNDK along with
other vndk related libraries.txt files. As of VNDK deprecation, all
other VNDK libraries.txt files are being removed, and there is no need
to keep llndk.libraries.txt whtin the VNDK project, as LLNDK is not
VNDK. This change moves definition of llndk.libraries.txt into system
core project, to keep with other files installed in /system/etc.
Bug: 328994089
Test: AOSP CF build succeeded
Change-Id: I1535ebbab514ecf81a044c0e5ac4472f964f4312
App metadata bundles, also known as Android Safety Labels (ASL),
contains information about the app's privacy and security practices.
This information is used to help users make more informed choices when,
for example, granting access to permissions.
ASL can currently only be preloaded on the system image or distributed
by the installer and written to a file in the app's codePath. To support
embedded ASL in APK we need to extract ASLs from APKs to a writeable
location. For non-preloaded apps we can write to the app's codePath like
the installer provided ASLs, however, we need to create a new writable
directory for preloaded apps located on read only partitions.
Bug: 336618214
Test: manual
Change-Id: I651b2dab45c3132d8467c507dc4ee304001f73f5
Creating the directory /data/storage_area (which will store each user's directory
of app directories of storage areas) on startup, and adding this directory
/data/storage_area to the tmpfs mirror so it can be protected by app data isolation
in zygote.
Bug: 325121608
Test: atest StorageAreaTest
Change-Id: Ia938e89fd8b794dbcbb844b01b790db7c0a62319
U requires 4.14+
V requires 4.19+
as such this is no longer useful
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I39d01cc16897c6c9174cf074e27c888bc758f1cc
which has been fully replaced by eBpf
(started in android P, finished in android S)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie38e54600a9bb01c7ecdde63d9a9256bed047f41
/data/misc already sets encryption=Require and this causes certain
devices not being able to boot with the following error:
init: Failed to set encryption policy of /data/misc/bootanim to
a5a40d896b46d8c6 v1 modes 127/4 flags 0x0: The directory already
has a different encryption policy.
init: Setting a5a40d896b46d8c6 policy on /data/misc/bootanim failed!
init: Setting policy failed, deleting: /data/misc/bootanim
init: Failed to set encryption policy of /data/misc/bootanim to
a5a40d896b46d8c6 v1 modes 127/4 flags 0x0: The directory already
has a different encryption policy.
init: Setting a5a40d896b46d8c6 policy on /data/misc/bootanim failed!
init: Rebooting into recovery
init: Got shutdown_command 'reboot,recovery' Calling
HandlePowerctlMessage()
Test: m; fastboot flashall, observe device boots successfully
Change-Id: I86a2b2b8fe8e438ca405a0e901739d11550d3ebd
which are dlopen'ed from librutabaga_gfx from com.android.virt
Bug: 325929966
Test: check if crosvm display works
Change-Id: I7245286ed646dc3287ad3c4df6e7c021b1dd439e
Native coverage will be written to /data/local/tmp instead of
/data/misc/trace, allowing coverage tests to run on non-coverage builds.
Test: atest libunwindstack_unit_test --experimental-coverage
Test: m droid && acloud create --local-image
Bug: 332390317
Change-Id: I5840cef04a6e0dc3c749c53121176e1ea42029a0
This change is to clean up VNDK-related code from build. The function
append_vndk_version is not in use.
Bug: 330100430
Test: aosp_cf_x86_64_phone build succeeded
Change-Id: I691093aaedb7f6630cc32145dcaf7d36403bcf90
