Checking androidboot.mode properties will never work on devices where this
property is always absent, primarily non-Pixel devices.
Use existing IsRecoveryMode() check instead which is ugly, but works for this
very purpose.
Change-Id: Idc79fb2bf45f0416b242a1e1aa12bdb07bcf56b9
Signed-off-by: Albert I <kras@raphielgang.org>
Signed-off-by: Alexander Winkowski <dereference23@outlook.com>
Signed-off-by: Dmitrii <bankersenator@gmail.com>
The real prop values must be retained in recovery/fastbootd in
order for fastbootd to allow/deny flashing correctly based on the
bootloader lock state. This is accomplished by checking androidboot keys
in the kernel cmdline and bootconfig (necessary on Pixel 6), and not
spoofing anything if the boot isn't a normal full-blown Android boot.
@jhenrique09 - Adapt to PE
Change-Id: I8795b16a90eea4e5a03f64a7a56478f01144256b
Signed-off-by: Dmitrii <bankersenator@gmail.com>
aswinas@pixysos: add some more props from magisk hide to userspace hack by arter97
Change-Id: Ib6ad1df4582a2f8333b0cbf650e79e947f6576d0
Signed-off-by: Dmitrii <bankersenator@gmail.com>
Doing this in the userspace allows more properties to be spoofed
and eliminate the needs for a hack in the kernel.
Change-Id: I6ad755c085491c958c8a7d75db7df2c8e5481a55
Signed-off-by: Dmitrii <bankersenator@gmail.com>
Sometimes we need to override ro.* properties by using our vendor init
extension.
Previously there was a security check which was blocking that.
To resolve the issue, we need to weaken the security check during the
execution of our vendor init extension.
This is safe because the vendor init extension gets executed as part of init
construction and it is considered a trusted system component.
Change-Id: I6095bbf92267fcb78ab53f37b5d7b443239ce80b
Signed-off-by: Dmitrii <bankersenator@gmail.com>
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IsswAKCRDorT+BmrEO
eHLxAJ9VFRJgjolHUwxeYIHRrAxp7WFw0wCeIiUvtF763IeQx6Ri6gz3/i1V9mY=
=uE+H
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEHrBYPudH862glXQBzJUERRm+ZmkFAmdYsU0XHG1rYmVzdGFz
QGxpbmVhZ2Vvcy5vcmcACgkQzJUERRm+ZmlzEhAAkyT+qSieZv1roFs6MW0sBnjP
60eSCsj/eVetsK91ExBdm+NPHmpFG1XUcwxxiWzlPweIYA+eaECdoP9qngwxH/fy
7m6lxzVx2C9JbSCRWuBmyFWfsm7l+cjDoO8a5QnummBNobhV6/z680+CPzhsXXp5
wQ8cRYLlZEwSMGlgW5KufhbEQISZK1rxWGcx7C0MwoAZybm0V7bcv9ot9XWVZdBI
0uvpZEAYuLqMTTOxd1HNZBKA+cMmWLE+0ALfydGqdHxTkpDXY17Ek4/R3H7KTcy0
mhp6rLQHMKn/atDUsYGvDp/wGs+PWHl9QPXprwj9g9XBNRaAcw/ANi+I/Gc17Qsc
X/5DeC0ycGBljhjnl7ZoXAPwLyN+tYZi+ekwBs0E4+uQCLG5AMSLGZHGHcZafXB1
s0pR1u85BxC/7CoVB22J5utjsLdJT0G8bIgfyrKVVIA9iIe9zO/rsMN+9kffrQ9W
xPohc1XyVrsQ2b6xk/PyqbAI5mk7+IKKhxhX+Vv2Fczp2OCPuefa1aS1lIv4bZBL
rRPlVyodLWsEqxGNhiCo5Hh24uufJGuBTL2w6Rn5/UkqUkvUQZbsRNTg7WQIfcWh
sNvuNNxpgsilXFJC0/aoLE557MjCWq4eolPLnyrz3yR3jPcAa269bMuiMXKsVeEd
PvjxgQawPY8QkE2woe0=
=R9aC
-----END PGP SIGNATURE-----
Merge tag 'android-15.0.0_r6' into staging/lineage-22.0_merge-android-15.0.0_r6
Android 15.0.0 Release 6 (AP4A.241205.013)
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ1IsswAKCRDorT+BmrEO
# eHLxAJ9VFRJgjolHUwxeYIHRrAxp7WFw0wCeIiUvtF763IeQx6Ri6gz3/i1V9mY=
# =uE+H
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri Dec 6 00:44:03 2024 EET
# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal]
# gpg: initial-contribution@android.com: Verified 2481 signatures in the past
# 3 years. Encrypted 4 messages in the past 2 years.
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78
# By Akilesh Kailash (13) and others
# Via Automerger Merge Worker (317) and others
* tag 'android-15.0.0_r6': (158 commits)
trusty: storage: proxy: FS_READY property setting on vendor only
Fix the trigger name for loading bpf programs.
start netd earlier
Replace base::RandInt with std::uniform_int_distribution
trusty: keymint: rename trusty_ipc_dev property
Move the `dist` target of `mke2fs` to `build/core/tasks`
Remove define of SA_EXPOSE_TAGBITS.
Add input event profile to mitigate input latency of input threads
Remove usage of base/string/* in libfs_avb
Add getFdStateDebug to access Looper's callbacks
libsnapshot: CHECK -> CHECK_EQ
Mount /mnt/vm earlier
Define linker.config.json as a filegroup
Remove usage of base/logging.h in libfs_avb
debuggerd: recognize jumps to non-executable memory.
Support vendor partition in non-debuggable pVMs
Remind the reader that they'll need to modify CTS too.
Rename system/core/rootdir/Android.mk to create_root_structure.mk
trusty: keymint/gatekeeper: Pass device name from init scripts
Remove unused variable.
...
Conflicts:
fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
fs_mgr/libsnapshot/snapshot.cpp
init/Android.bp
init/fuzzer/Android.bp
Change-Id: I29c07b3ac76940cb2b82726e98d2beb643b3e6e4
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZyveowAKCRDorT+BmrEO
eEowAJ0Ut5Tkq4TVDFvrYySEynb9v8QVIQCfSPhFnaHGbSQiqBRHrEdNbZJQS3s=
=vYsf
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQJLBAABCgA1FiEEHrBYPudH862glXQBzJUERRm+ZmkFAmcstXAXHG1rYmVzdGFz
QGxpbmVhZ2Vvcy5vcmcACgkQzJUERRm+ZmkWQQ//TxtLkYx/axq6FjdEX+/O98Ug
SKaMooXZZ+fukX3ZwDCeoqwzJyb/Yho+TdqIE6wtzJsdP79xgeeYofBV+fsTUyTG
tgjo/3fIbzpL8IjhxiJrJZdH4yVI7QxhK23Nfk91fvwwqm+XE9bPaiXPFkL1boSV
E25OGizCucqWXeY9zoHWTx3F1HeGx2uG/+2p7BZxwP/jbFsnHWrvnUlwTWi3NHz+
KnLCcgd6m1ZPuf141Od3rKPhkuPxEH3Ed3I1bWT+QebI+YvgIuVELdy2MNaDW+JH
iOwEqk9IHSDEQJ3jV1WO50dyRUsDej4ihCHe2bZgEe1Nhv8d5f1MhcnJs/S/I9tf
7A1zVcktKpSjrZjv7aFdlxr5oQvPT+OH9XgJqIfajadoaVGk+wnc0fPJwvH9/eUA
thmKvxToKJYJ+7DsODidOgJd6M0JsaHrFI37hW+PjiLyVmfyhNv0ihIZ7qyLgGSc
sZzbZTqXKav5cl94uSaFVieLN2mtcTTzd1oYmbzKxsCGUq5Cy+T7nualAyai5NpW
udKahmbiIxvihgNsvPPJtD8tewG8nqVIKan5h1nLoSq+iySnHS0b/6b1orTZ/nkg
9xZ6YrjeVBVO6oomesiIX5MMm3BmwRioK31mCA7MsY0/RhcyP5gBlsT/cfEEiWxQ
0dLyqPIPIi4Hw/LlbwA=
=dQ+a
-----END PGP SIGNATURE-----
Merge tag 'android-15.0.0_r5' into staging/lineage-22.0_merge-android-15.0.0_r5
Android 15.0.0 release 5
# -----BEGIN PGP SIGNATURE-----
#
# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZyveowAKCRDorT+BmrEO
# eEowAJ0Ut5Tkq4TVDFvrYySEynb9v8QVIQCfSPhFnaHGbSQiqBRHrEdNbZJQS3s=
# =vYsf
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed Nov 6 23:24:51 2024 EET
# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78
# gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [marginal]
# gpg: initial-contribution@android.com: Verified 2336 signatures in the past
# 3 years. Encrypted 4 messages in the past 2 years.
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78
# By Akilesh Kailash
# Via Android Build Coastguard Worker
* tag 'android-15.0.0_r5':
libsnapshot: Address GRF config when updating from Android S config
libsnapshot: Check if the vendor is updated from Android S for GRF
Change-Id: Ib7748aa00d12b2944e84516fec058b04bc18af89
In this change we're moving the asynchronous netd startup ahead of
the async statd and *synchronous* update_verifier.
This is desirable as we want a netd failure (which could
happen due to some mainline incompatibility wrt. bpf
or mainline shipped shared libs: resolver or netd updatable)
to be considered a signal for a bad boot.
It's still asynchronous though, so it's not ideal.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib3e252f085f569864feddaf20ac80858a3bb969d
In a GRF config, if Vendor partition is updated from Android 12; post
OTA reboot, first stage init will communicate to daemon to check if the
daemon can support socket handoff. If that succeeds, then it is a signal
that the vendor has been updated from Android 12. Use a marker in
/metadata to signal that the vendor was updated. If the marker is present,
then post OTA reboot, userspace snapshot will be used.
Bug: 333854394
Test: OTA
Android U (system) + S (vendor) -> Android V (system) + V (Vendor)
Signed-off-by: Akilesh Kailash <akailash@google.com>
(cherry picked from https://android-review.googlesource.com/q/commit:1bbf8f042f7ffb4a38657ccf6dca0798931fecd5)
Merged-In: Ie38c4379010789a84e5b44529b407f9f82135271
Change-Id: Ie38c4379010789a84e5b44529b407f9f82135271
Use the existence of
/proc/device-tree/avf/vendor_hashtree_descriptor_root_digest (rather
than kernel param androidboot.microdroid.mount_vendor=1) to know if the
vendor partition is requested.
Bug: 340506965
Test: TH
Change-Id: I0ac1c773e44454fd9c52559d833dc8eca211889c
Targets like PCs/VMs usually don't have fixed boot devices.
For example, moving the disk to another controller would result
in getting different block device path.
To workaround this situation, add an option to bypass the boot
device filter, so that every block devices would get their
symlink in /dev/block/by-name/.
Usage: Specify `androidboot.boot_devices=any` on bootconfig or cmdline
Test: /dev/block/by-name/* exists when `androidboot.boot_devices=any`
Change-Id: I5ae0faf401dac71352dbb05115a2dd6f3e76adc2
This is to match the changes in post_process_props made in
I33ae5c6f2787017a62e679aa0c28d4b909d45935
Change-Id: If521a8abb4810f8b5d4e3164a06969af4fc12374
Allow optional vendor-specific initializations
within init. This can be used for runtime
initialization setup that init rc scripts do
not support.
Change-Id: I7623a0d59b18f9ec8e3623958e2f7ccd72b877bf
Enables a method for swapping off certain block devices or files. This
will be used before hibernation occurs.
Bug: 339688542
Test: Manual, verified that calling swapoff from a init file swapsoff
location that is specified
Change-Id: I212a6f303a023c3e440b557caae82ad3904ac9c9
std::vector<const T> uses std::allocator<const T>, which is an
undocumented libc++ extension to the C++ standard library. The extension
was removed in llvm.org/PR96319. Use an ordinary non-const T instead.
Bug: http://b/349681543
Test: m fuzzy_fastboot CtsInitTestCases
Test: m MODULES-IN-system-core
Flag: EXEMPT, refactor to fix build failure
Change-Id: Ia98a2f090e87541fd35a89bd75bf9638bc7dc711
Indentation in this file is four spaces, remove an
unnecessary trailing semicolon, put a space between
a type declaration and its structured binding.
clang-format shuffled a line around as well.
Bug: None
Test: compile
Change-Id: Ib4cf17fecb1e54971020dc77b7903d2aac5dd9c1
snapshot metadata files are stored in /metadata. This means, we cannot
wipe after installing any update.
This patch does the following:
1: Create a scratch space in super partition. The scratch space for ota
metadata is just about 1MB.
2: Create ext4 filesystem on top of scratch block device.
3: Mount the scratch on /mnt/scratch_super
4: When snapshot-manager instance is created, point the /mnt/scratch/ota
to metadata_dir_ so that all the snapshot files are stored in the new
path.
All the logic of OTA remains the same. This flow is enabled only on userdebug builds for now and the only consumer would be snapshotctl
$snapshotctl apply-update /data/nbd/ -w
During init, we would have to mount the scratch partition to detect
if there is any pending updates.
With this, we would now be able to wipe the device along with the update flow. This will help incremental flashing wherein we would end up saving ~35-40 seconds on Pixel devices.
With this flow, the end-to-end update for incremental builds takes
~20-30 seconds.
Bug: 330744468
Test: Pixel 6 incremental flashing with wipe, Full OTA, vts_libsnapshot
Change-Id: Iac6ce2cf37b70ea221cd18175c8962988d03d95b
Signed-off-by: Akilesh Kailash <akailash@google.com>
If bootconfig hibernation_resume_device is present in boot config, then
we write that value to /sys/power/resume
Bug: 339688542
Test: Check resume from hibernation/boots with/without config present
Change-Id: I1a9bf63af4dab07e494740722898c1aba33c00b5
ro.boot.hardware.cpu.pagesize is used on some devices to
report the page size. However, we also know what value this
should be from the CPU. Rather than create a separate property
for this, standardize around this property.
This also allows us to test the value of this property on all
devices.
Bug: 358696947
Test: Vts16KPageSizeTest
Change-Id: I7f6260c68e17e7df8a789e9066a7171f3a56f4b0
Previously, ServiceParser did the check, but only when it's invoked by
host_init_verifier. Host_init_verifier can do it directly, which removes
unnecessary runtime dependencies from init.
Bug: 326827772
Test: host_init_verifier detects wrong HIDL interface names.
Change-Id: I4c8bb0e89a5def7341c48c52af730795a6ee13c0
CheckInterfaceInheritanceHierarchy() is for host_init_verifier to check
the interface names at buildtime. We don't need to fuzz the host-side
verification code.
Bug: 326827772
Test: run init_parser_fuzzer
Change-Id: Ie01dc2953fd6e69ef3c2cb9caadf7b9964a3d244
post_data was used by Userspace Reboot, which was removed.
Bug: 293377020
Test: atest CtsInitTestCases
Change-Id: I1a5bf328f62b8afbe58eef62c64689471e6b018c
