Merge "Rename FstabEntry::metadata_encryption to metadata_encryption_options"
diff --git a/fs_mgr/liblp/TEST_MAPPING b/fs_mgr/liblp/TEST_MAPPING
index 04bcbda..875ccb0 100644
--- a/fs_mgr/liblp/TEST_MAPPING
+++ b/fs_mgr/liblp/TEST_MAPPING
@@ -3,5 +3,10 @@
     {
       "name": "liblp_test"
     }
+  ],
+  "hwasan-postsubmit": [
+    {
+      "name": "liblp_test"
+    }
   ]
 }
diff --git a/fs_mgr/libsnapshot/snapshot_test.cpp b/fs_mgr/libsnapshot/snapshot_test.cpp
index 04d228d..36abf71 100644
--- a/fs_mgr/libsnapshot/snapshot_test.cpp
+++ b/fs_mgr/libsnapshot/snapshot_test.cpp
@@ -2411,8 +2411,15 @@
     // fit in super, but not |prd|.
     constexpr uint64_t partition_size = 3788_KiB;
     SetSize(sys_, partition_size);
+    SetSize(vnd_, partition_size);
+    SetSize(prd_, 18_MiB);
 
-    AddOperationForPartitions({sys_});
+    // Make sure |prd| does not fit in super at all. On VABC, this means we
+    // fake an extra large COW for |vnd| to fill up super.
+    vnd_->set_estimate_cow_size(30_MiB);
+    prd_->set_estimate_cow_size(30_MiB);
+
+    AddOperationForPartitions();
 
     // Execute the update.
     ASSERT_TRUE(sm->BeginUpdate());
@@ -2422,8 +2429,25 @@
         GTEST_SKIP() << "Test does not apply to userspace snapshots";
     }
 
-    ASSERT_TRUE(WriteSnapshotAndHash("sys_b"));
+    // Test that partitions prioritize using space in super.
+    auto tgt = MetadataBuilder::New(*opener_, "super", 1);
+    ASSERT_NE(tgt, nullptr);
+    ASSERT_NE(nullptr, tgt->FindPartition("sys_b-cow"));
+    ASSERT_NE(nullptr, tgt->FindPartition("vnd_b-cow"));
+    ASSERT_EQ(nullptr, tgt->FindPartition("prd_b-cow"));
+
+    // Write some data to target partitions.
+    for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
+        ASSERT_TRUE(WriteSnapshotAndHash(name));
+    }
+
+    // Assert that source partitions aren't affected.
+    for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) {
+        ASSERT_TRUE(IsPartitionUnchanged(name));
+    }
+
     ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
+
     ASSERT_TRUE(UnmapAll());
 
     class DmStatusFailure final : public DeviceMapperWrapper {
diff --git a/healthd/TEST_MAPPING b/healthd/TEST_MAPPING
index 5893d10..17e363d 100644
--- a/healthd/TEST_MAPPING
+++ b/healthd/TEST_MAPPING
@@ -3,5 +3,10 @@
     {
       "name": "libhealthd_charger_test"
     }
+  ],
+  "hwasan-postsubmit": [
+    {
+      "name": "libhealthd_charger_test"
+    }
   ]
 }
diff --git a/init/README.md b/init/README.md
index c82dbfb..13c6ebd 100644
--- a/init/README.md
+++ b/init/README.md
@@ -804,13 +804,18 @@
 `init.svc.<name>`
 > State of a named service ("stopped", "stopping", "running", "restarting")
 
-`dev.mnt.blk.<mount_point>`
+`dev.mnt.dev.<mount_point>`, `dev.mnt.blk.<mount_point>`, `dev.mnt.rootdisk.<mount_point>`
 > Block device base name associated with a *mount_point*.
   The *mount_point* has / replaced by . and if referencing the root mount point
-  "/", it will use "/root", specifically `dev.mnt.blk.root`.
-  Meant for references to `/sys/device/block/${dev.mnt.blk.<mount_point>}/` and
-  `/sys/fs/ext4/${dev.mnt.blk.<mount_point>}/` to tune the block device
-  characteristics in a device agnostic manner.
+  "/", it will use "/root".
+  `dev.mnt.dev.<mount_point>` indicates a block device attached to filesystems.
+    (e.g., dm-N or sdaN/mmcblk0pN to access `/sys/fs/ext4/${dev.mnt.dev.<mount_point>}/`)
+
+  `dev.mnt.blk.<mount_point>` indicates the disk partition to the above block device.
+    (e.g., sdaN / mmcblk0pN to access `/sys/class/block/${dev.mnt.blk.<mount_point>}/`)
+
+  `dev.mnt.rootdisk.<mount_point>` indicates the root disk to contain the above disk partition.
+    (e.g., sda / mmcblk0 to access `/sys/class/block/${dev.mnt.rootdisk.<mount_point>}/queue`)
 
 Init responds to properties that begin with `ctl.`.  These properties take the format of
 `ctl.[<target>_]<command>` and the _value_ of the system property is used as a parameter.  The
diff --git a/init/TEST_MAPPING b/init/TEST_MAPPING
index 03b9eaa..fa1627c 100644
--- a/init/TEST_MAPPING
+++ b/init/TEST_MAPPING
@@ -9,5 +9,16 @@
     {
       "name": "MicrodroidHostTestCases"
     }
+  ],
+  "hwasan-postsubmit": [
+    {
+      "name": "CtsInitTestCases"
+    },
+    {
+      "name": "init_kill_services_test"
+    },
+    {
+      "name": "MicrodroidHostTestCases"
+    }
   ]
 }
diff --git a/init/init.cpp b/init/init.cpp
index eca7bc5..5a0b3a6 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -578,12 +578,29 @@
     HandlePowerctlMessage("shutdown,container");
 }
 
+static constexpr std::chrono::milliseconds kDiagnosticTimeout = 10s;
+
 static void HandleSignalFd() {
     signalfd_siginfo siginfo;
-    ssize_t bytes_read = TEMP_FAILURE_RETRY(read(signal_fd, &siginfo, sizeof(siginfo)));
-    if (bytes_read != sizeof(siginfo)) {
-        PLOG(ERROR) << "Failed to read siginfo from signal_fd";
-        return;
+    auto started = std::chrono::steady_clock::now();
+    for (;;) {
+        ssize_t bytes_read = TEMP_FAILURE_RETRY(read(signal_fd, &siginfo, sizeof(siginfo)));
+        if (bytes_read < 0 && errno == EAGAIN) {
+            auto now = std::chrono::steady_clock::now();
+            std::chrono::duration<double> waited = now - started;
+            if (waited >= kDiagnosticTimeout) {
+                LOG(ERROR) << "epoll() woke us up, but we waited with no SIGCHLD!";
+                started = now;
+            }
+
+            std::this_thread::sleep_for(100ms);
+            continue;
+        }
+        if (bytes_read != sizeof(siginfo)) {
+            PLOG(ERROR) << "Failed to read siginfo from signal_fd";
+            return;
+        }
+        break;
     }
 
     switch (siginfo.ssi_signo) {
@@ -639,7 +656,7 @@
         LOG(FATAL) << "Failed to register a fork handler: " << strerror(result);
     }
 
-    signal_fd = signalfd(-1, &mask, SFD_CLOEXEC);
+    signal_fd = signalfd(-1, &mask, SFD_CLOEXEC | SFD_NONBLOCK);
     if (signal_fd == -1) {
         PLOG(FATAL) << "failed to create signalfd";
     }
@@ -938,7 +955,7 @@
     setpriority(PRIO_PROCESS, 0, 0);
     while (true) {
         // By default, sleep until something happens.
-        auto epoll_timeout = std::optional<std::chrono::milliseconds>{};
+        auto epoll_timeout = std::optional<std::chrono::milliseconds>{kDiagnosticTimeout};
 
         auto shutdown_command = shutdown_state.CheckShutdown();
         if (shutdown_command) {
@@ -978,6 +995,13 @@
             for (const auto& function : *pending_functions) {
                 (*function)();
             }
+        } else if (Service::is_exec_service_running()) {
+            std::chrono::duration<double> waited =
+                    std::chrono::steady_clock::now() - Service::exec_service_started();
+            if (waited >= kDiagnosticTimeout) {
+                LOG(ERROR) << "Exec service is hung? Waited " << waited.count()
+                           << " without SIGCHLD";
+            }
         }
         if (!IsShuttingDown()) {
             HandleControlMessages();
diff --git a/init/mount_handler.cpp b/init/mount_handler.cpp
index f0d8d45..227ce2f 100644
--- a/init/mount_handler.cpp
+++ b/init/mount_handler.cpp
@@ -25,6 +25,7 @@
 #include <unistd.h>
 
 #include <algorithm>
+#include <filesystem>
 #include <string>
 #include <utility>
 #include <vector>
@@ -32,6 +33,7 @@
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/properties.h>
+#include <android-base/stringprintf.h>
 #include <android-base/strings.h>
 #include <fs_mgr.h>
 #include <fstab/fstab.h>
@@ -39,6 +41,9 @@
 
 #include "epoll.h"
 
+using android::base::Basename;
+using android::base::StringPrintf;
+
 namespace android {
 namespace init {
 
@@ -67,41 +72,82 @@
     return MountHandlerEntry(fields[0], fields[1], fields[2]);
 }
 
+// return sda25 for dm-4, sda25 for sda25, or mmcblk0p24 for mmcblk0p24
+std::string GetDiskPart(std::string blockdev) {
+    if (blockdev.find('/') != std::string::npos) return {};
+
+    while (android::base::StartsWith(blockdev, "dm-")) {
+        auto& dm = dm::DeviceMapper::Instance();
+        std::optional<std::string> parent = dm.GetParentBlockDeviceByPath("/dev/block/" + blockdev);
+        if (parent) {
+            blockdev = android::base::Basename(*parent);
+        } else {
+            return {};
+        }
+    }
+    return blockdev;
+}
+
+// return sda for sda25, or mmcblk0 for mmcblk0p24
+std::string GetRootDisk(std::string blockdev) {
+    if (blockdev.empty()) return {};
+    if (blockdev.find('/') != std::string::npos) return {};
+
+    std::error_code ec;
+    for (const auto& entry : std::filesystem::directory_iterator("/sys/block", ec)) {
+        const std::string path = entry.path().string();
+        if (std::filesystem::exists(StringPrintf("%s/%s", path.c_str(), blockdev.c_str()))) {
+            return Basename(path);
+        }
+    }
+    return {};
+}
+
 void SetMountProperty(const MountHandlerEntry& entry, bool add) {
     static constexpr char devblock[] = "/dev/block/";
     if (!android::base::StartsWith(entry.blk_device, devblock)) return;
-    std::string value;
+    auto target = entry.blk_device.substr(strlen(devblock));
+    std::string diskpart, rootdisk;
     if (add) {
-        value = entry.blk_device.substr(strlen(devblock));
-        if (android::base::StartsWith(value, "sd")) {
-            // All sd partitions inherit their queue characteristics
-            // from the whole device reference.  Strip partition number.
-            auto it = std::find_if(value.begin(), value.end(), [](char c) { return isdigit(c); });
-            if (it != value.end()) value.erase(it, value.end());
-        }
-        auto queue = "/sys/block/" + value + "/queue";
+        diskpart = GetDiskPart(target);
+        rootdisk = GetRootDisk(diskpart);
+
         struct stat sb;
-        if (stat(queue.c_str(), &sb) || !S_ISDIR(sb.st_mode)) value = "";
-        if (stat(entry.mount_point.c_str(), &sb) || !S_ISDIR(sb.st_mode)) value = "";
+        if (stat(entry.mount_point.c_str(), &sb) || !S_ISDIR(sb.st_mode)) rootdisk = "";
         // Clear the noise associated with loopback and APEX.
-        if (android::base::StartsWith(value, "loop")) value = "";
-        if (android::base::StartsWith(entry.mount_point, "/apex/")) value = "";
+        if (android::base::StartsWith(target, "loop")) rootdisk = "";
+        if (android::base::StartsWith(entry.mount_point, "/apex/")) rootdisk = "";
     }
     auto mount_prop = entry.mount_point;
     if (mount_prop == "/") mount_prop = "/root";
     std::replace(mount_prop.begin(), mount_prop.end(), '/', '.');
     auto blk_mount_prop = "dev.mnt.blk" + mount_prop;
     auto dev_mount_prop = "dev.mnt.dev" + mount_prop;
-    // Set property even if its value does not change to trigger 'on property:'
+    auto rootdisk_mount_prop = "dev.mnt.rootdisk" + mount_prop;
+    // Set property even if its rootdisk does not change to trigger 'on property:'
     // handling, except for clearing non-existent or already clear property.
     // Goal is reduction of empty properties and associated triggers.
-    if (value.empty() && android::base::GetProperty(blk_mount_prop, "").empty()) return;
-    android::base::SetProperty(blk_mount_prop, value);
-    if (!value.empty()) {
-        android::base::SetProperty(dev_mount_prop, entry.blk_device.substr(strlen(devblock)));
-    } else {
+    if (rootdisk.empty() && android::base::GetProperty(blk_mount_prop, "").empty()) return;
+
+    if (rootdisk.empty()) {
+        android::base::SetProperty(blk_mount_prop, "");
         android::base::SetProperty(dev_mount_prop, "");
+        android::base::SetProperty(rootdisk_mount_prop, "");
+        return;
     }
+
+    // 1. dm-N
+    //  dev.mnt.dev.data = dm-N
+    //  dev.mnt.blk.data = sdaN or mmcblk0pN
+    //  dev.mnt.rootdisk.data = sda or mmcblk0
+    //
+    // 2. sdaN or mmcblk0pN
+    //  dev.mnt.dev.data = sdaN or mmcblk0pN
+    //  dev.mnt.blk.data = sdaN or mmcblk0pN
+    //  dev.mnt.rootdisk.data = sda or mmcblk0
+    android::base::SetProperty(dev_mount_prop, target);
+    android::base::SetProperty(blk_mount_prop, diskpart);
+    android::base::SetProperty(rootdisk_mount_prop, rootdisk);
 }
 
 }  // namespace
diff --git a/init/service.cpp b/init/service.cpp
index 8a9cc0a..2ebf87e 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -127,6 +127,7 @@
 
 unsigned long Service::next_start_order_ = 1;
 bool Service::is_exec_service_running_ = false;
+std::chrono::time_point<std::chrono::steady_clock> Service::exec_service_started_;
 
 Service::Service(const std::string& name, Subcontext* subcontext_for_restart_commands,
                  const std::vector<std::string>& args, bool from_apex)
@@ -388,6 +389,7 @@
 
     flags_ |= SVC_EXEC;
     is_exec_service_running_ = true;
+    exec_service_started_ = std::chrono::steady_clock::now();
 
     LOG(INFO) << "SVC_EXEC service '" << name_ << "' pid " << pid_ << " (uid " << proc_attr_.uid
               << " gid " << proc_attr_.gid << "+" << proc_attr_.supp_gids.size() << " context "
diff --git a/init/service.h b/init/service.h
index 3f12aa2..d233cbf 100644
--- a/init/service.h
+++ b/init/service.h
@@ -102,6 +102,9 @@
     size_t CheckAllCommands() const { return onrestart_.CheckAllCommands(); }
 
     static bool is_exec_service_running() { return is_exec_service_running_; }
+    static std::chrono::time_point<std::chrono::steady_clock> exec_service_started() {
+        return exec_service_started_;
+    }
 
     const std::string& name() const { return name_; }
     const std::set<std::string>& classnames() const { return classnames_; }
@@ -154,6 +157,8 @@
 
     static unsigned long next_start_order_;
     static bool is_exec_service_running_;
+    static std::chrono::time_point<std::chrono::steady_clock> exec_service_started_;
+    static pid_t exec_service_pid_;
 
     std::string name_;
     std::set<std::string> classnames_;
diff --git a/libcutils/TEST_MAPPING b/libcutils/TEST_MAPPING
index e512ab7..cca7d93 100644
--- a/libcutils/TEST_MAPPING
+++ b/libcutils/TEST_MAPPING
@@ -3,5 +3,10 @@
     {
       "name": "libcutils_test"
     }
+  ],
+  "hwasan-postsubmit": [
+    {
+      "name": "libcutils_test"
+    }
   ]
 }
diff --git a/libpackagelistparser/TEST_MAPPING b/libpackagelistparser/TEST_MAPPING
index 51773f9..d69a7fb 100644
--- a/libpackagelistparser/TEST_MAPPING
+++ b/libpackagelistparser/TEST_MAPPING
@@ -3,5 +3,10 @@
     {
       "name": "libpackagelistparser_test"
     }
+  ],
+  "hwasan-postsubmit": [
+    {
+      "name": "libpackagelistparser_test"
+    }
   ]
 }
diff --git a/libprocessgroup/Android.bp b/libprocessgroup/Android.bp
index c68552d..7b0e0d3 100644
--- a/libprocessgroup/Android.bp
+++ b/libprocessgroup/Android.bp
@@ -73,3 +73,29 @@
     ],
     min_sdk_version: "29",
 }
+
+cc_test {
+    name: "task_profiles_test",
+    host_supported: true,
+    cflags: [
+        "-Wall",
+        "-Werror",
+        "-Wexit-time-destructors",
+        "-Wno-unused-parameter",
+    ],
+    srcs: [
+        "task_profiles_test.cpp",
+    ],
+    header_libs: [
+        "libcutils_headers",
+        "libprocessgroup_headers",
+    ],
+    shared_libs: [
+        "libbase",
+        "libcgrouprc",
+        "libprocessgroup",
+    ],
+    static_libs: [
+        "libgmock",
+    ],
+}
diff --git a/libprocessgroup/profiles/task_profiles.proto b/libprocessgroup/profiles/task_profiles.proto
index 1de4395..2a09217 100644
--- a/libprocessgroup/profiles/task_profiles.proto
+++ b/libprocessgroup/profiles/task_profiles.proto
@@ -25,11 +25,12 @@
     repeated AggregateProfiles aggregateprofiles = 3 [json_name = "AggregateProfiles"];
 }
 
-// Next: 4
+// Next: 5
 message Attribute {
     string name = 1 [json_name = "Name"];
     string controller = 2 [json_name = "Controller"];
     string file = 3 [json_name = "File"];
+    string optional = 4 [json_name = "Optional"];
 }
 
 // Next: 3
diff --git a/libprocessgroup/task_profiles.cpp b/libprocessgroup/task_profiles.cpp
index dc7c368..4a2bf38 100644
--- a/libprocessgroup/task_profiles.cpp
+++ b/libprocessgroup/task_profiles.cpp
@@ -206,6 +206,14 @@
     }
 
     if (!WriteStringToFile(value_, path)) {
+        if (errno == ENOENT) {
+            if (optional_) {
+                return true;
+            } else {
+                LOG(ERROR) << "No such cgroup attribute: " << path;
+                return false;
+            }
+        }
         PLOG(ERROR) << "Failed to write '" << value_ << "' to " << path;
         return false;
     }
@@ -675,11 +683,12 @@
             } else if (action_name == "SetAttribute") {
                 std::string attr_name = params_val["Name"].asString();
                 std::string attr_value = params_val["Value"].asString();
+                bool optional = strcmp(params_val["Optional"].asString().c_str(), "true") == 0;
 
                 auto iter = attributes_.find(attr_name);
                 if (iter != attributes_.end()) {
-                    profile->Add(
-                            std::make_unique<SetAttributeAction>(iter->second.get(), attr_value));
+                    profile->Add(std::make_unique<SetAttributeAction>(iter->second.get(),
+                                                                      attr_value, optional));
                 } else {
                     LOG(WARNING) << "SetAttribute: unknown attribute: " << attr_name;
                 }
diff --git a/libprocessgroup/task_profiles.h b/libprocessgroup/task_profiles.h
index 9ee3781..4747511 100644
--- a/libprocessgroup/task_profiles.h
+++ b/libprocessgroup/task_profiles.h
@@ -102,8 +102,8 @@
 // Set attribute profile element
 class SetAttributeAction : public ProfileAction {
   public:
-    SetAttributeAction(const IProfileAttribute* attribute, const std::string& value)
-        : attribute_(attribute), value_(value) {}
+    SetAttributeAction(const IProfileAttribute* attribute, const std::string& value, bool optional)
+        : attribute_(attribute), value_(value), optional_(optional) {}
 
     const char* Name() const override { return "SetAttribute"; }
     bool ExecuteForProcess(uid_t uid, pid_t pid) const override;
@@ -112,6 +112,7 @@
   private:
     const IProfileAttribute* attribute_;
     std::string value_;
+    bool optional_;
 };
 
 // Set cgroup profile element
diff --git a/libprocessgroup/task_profiles_test.cpp b/libprocessgroup/task_profiles_test.cpp
new file mode 100644
index 0000000..09ac44c
--- /dev/null
+++ b/libprocessgroup/task_profiles_test.cpp
@@ -0,0 +1,209 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "task_profiles.h"
+#include <android-base/logging.h>
+#include <gtest/gtest.h>
+#include <mntent.h>
+#include <processgroup/processgroup.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include <fstream>
+
+using ::android::base::ERROR;
+using ::android::base::LogFunction;
+using ::android::base::LogId;
+using ::android::base::LogSeverity;
+using ::android::base::SetLogger;
+using ::android::base::VERBOSE;
+using ::testing::TestWithParam;
+using ::testing::Values;
+
+namespace {
+
+bool IsCgroupV2Mounted() {
+    std::unique_ptr<FILE, int (*)(FILE*)> mnts(setmntent("/proc/mounts", "re"), endmntent);
+    if (!mnts) {
+        LOG(ERROR) << "Failed to open /proc/mounts";
+        return false;
+    }
+    struct mntent* mnt;
+    while ((mnt = getmntent(mnts.get()))) {
+        if (strcmp(mnt->mnt_fsname, "cgroup2") == 0) {
+            return true;
+        }
+    }
+    return false;
+}
+
+class ScopedLogCapturer {
+  public:
+    struct log_args {
+        LogId log_buffer_id;
+        LogSeverity severity;
+        std::string tag;
+        std::string file;
+        unsigned int line;
+        std::string message;
+    };
+
+    // Constructor. Installs a new logger and saves the currently active logger.
+    ScopedLogCapturer() {
+        saved_severity_ = SetMinimumLogSeverity(android::base::VERBOSE);
+        saved_logger_ = SetLogger([this](LogId log_buffer_id, LogSeverity severity, const char* tag,
+                                         const char* file, unsigned int line, const char* message) {
+            if (saved_logger_) {
+                saved_logger_(log_buffer_id, severity, tag, file, line, message);
+            }
+            log_.emplace_back(log_args{.log_buffer_id = log_buffer_id,
+                                       .severity = severity,
+                                       .tag = tag,
+                                       .file = file,
+                                       .line = line,
+                                       .message = message});
+        });
+    }
+    // Destructor. Restores the original logger and log level.
+    ~ScopedLogCapturer() {
+        SetLogger(std::move(saved_logger_));
+        SetMinimumLogSeverity(saved_severity_);
+    }
+    ScopedLogCapturer(const ScopedLogCapturer&) = delete;
+    ScopedLogCapturer& operator=(const ScopedLogCapturer&) = delete;
+    // Returns the logged lines.
+    const std::vector<log_args>& Log() const { return log_; }
+
+  private:
+    LogSeverity saved_severity_;
+    LogFunction saved_logger_;
+    std::vector<log_args> log_;
+};
+
+// cgroup attribute at the top level of the cgroup hierarchy.
+class ProfileAttributeMock : public IProfileAttribute {
+  public:
+    ProfileAttributeMock(const std::string& file_name) : file_name_(file_name) {}
+    ~ProfileAttributeMock() override = default;
+    void Reset(const CgroupController& controller, const std::string& file_name) override {
+        CHECK(false);
+    }
+    const CgroupController* controller() const override {
+        CHECK(false);
+        return {};
+    }
+    const std::string& file_name() const override { return file_name_; }
+    bool GetPathForTask(int tid, std::string* path) const override {
+#ifdef __ANDROID__
+        CHECK(CgroupGetControllerPath(CGROUPV2_CONTROLLER_NAME, path));
+        CHECK_GT(path->length(), 0);
+        if (path->rbegin()[0] != '/') {
+            *path += "/";
+        }
+#else
+        // Not Android.
+        *path = "/sys/fs/cgroup/";
+#endif
+        *path += file_name_;
+        return true;
+    };
+
+  private:
+    const std::string file_name_;
+};
+
+struct TestParam {
+    const char* attr_name;
+    const char* attr_value;
+    bool optional_attr;
+    bool result;
+    LogSeverity log_severity;
+    const char* log_prefix;
+    const char* log_suffix;
+};
+
+class SetAttributeFixture : public TestWithParam<TestParam> {
+  public:
+    ~SetAttributeFixture() = default;
+};
+
+TEST_P(SetAttributeFixture, SetAttribute) {
+    // Treehugger runs host tests inside a container without cgroupv2 support.
+    if (!IsCgroupV2Mounted()) {
+        GTEST_SKIP();
+        return;
+    }
+    const TestParam params = GetParam();
+    ScopedLogCapturer captured_log;
+    ProfileAttributeMock pa(params.attr_name);
+    SetAttributeAction a(&pa, params.attr_value, params.optional_attr);
+    EXPECT_EQ(a.ExecuteForProcess(getuid(), getpid()), params.result);
+    auto log = captured_log.Log();
+    if (params.log_prefix || params.log_suffix) {
+        ASSERT_EQ(log.size(), 1);
+        EXPECT_EQ(log[0].severity, params.log_severity);
+        if (params.log_prefix) {
+            EXPECT_EQ(log[0].message.find(params.log_prefix), 0);
+        }
+        if (params.log_suffix) {
+            EXPECT_NE(log[0].message.find(params.log_suffix), std::string::npos);
+        }
+    } else {
+        ASSERT_EQ(log.size(), 0);
+    }
+}
+
+// Test the four combinations of optional_attr {false, true} and cgroup attribute { does not exist,
+// exists }.
+INSTANTIATE_TEST_SUITE_P(
+        SetAttributeTestSuite, SetAttributeFixture,
+        Values(
+                // Test that attempting to write into a non-existing cgroup attribute fails and also
+                // that an error message is logged.
+                TestParam{.attr_name = "no-such-attribute",
+                          .attr_value = ".",
+                          .optional_attr = false,
+                          .result = false,
+                          .log_severity = ERROR,
+                          .log_prefix = "No such cgroup attribute"},
+                // Test that attempting to write into an optional non-existing cgroup attribute
+                // results in the return value 'true' and also that no messages are logged.
+                TestParam{.attr_name = "no-such-attribute",
+                          .attr_value = ".",
+                          .optional_attr = true,
+                          .result = true},
+                // Test that attempting to write an invalid value into an existing optional cgroup
+                // attribute fails and also that it causes an error
+                // message to be logged.
+                TestParam{.attr_name = "cgroup.procs",
+                          .attr_value = "-1",
+                          .optional_attr = true,
+                          .result = false,
+                          .log_severity = ERROR,
+                          .log_prefix = "Failed to write",
+                          .log_suffix = geteuid() == 0 ? "Invalid argument" : "Permission denied"},
+                // Test that attempting to write into an existing optional read-only cgroup
+                // attribute fails and also that it causes an error message to be logged.
+                TestParam{
+                        .attr_name = "cgroup.controllers",
+                        .attr_value = ".",
+                        .optional_attr = false,
+                        .result = false,
+                        .log_severity = ERROR,
+                        .log_prefix = "Failed to write",
+                        .log_suffix = geteuid() == 0 ? "Invalid argument" : "Permission denied"}));
+
+}  // namespace
diff --git a/libstats/pull_lazy/TEST_MAPPING b/libstats/pull_lazy/TEST_MAPPING
index 89b8c2a..92f1e6a 100644
--- a/libstats/pull_lazy/TEST_MAPPING
+++ b/libstats/pull_lazy/TEST_MAPPING
@@ -3,5 +3,10 @@
     {
       "name" : "libstatspull_lazy_test"
     }
+  ],
+  "hwasan-postsubmit" : [
+    {
+      "name" : "libstatspull_lazy_test"
+    }
   ]
 }
\ No newline at end of file
diff --git a/libstats/socket_lazy/TEST_MAPPING b/libstats/socket_lazy/TEST_MAPPING
index 13afc00..b182660 100644
--- a/libstats/socket_lazy/TEST_MAPPING
+++ b/libstats/socket_lazy/TEST_MAPPING
@@ -3,5 +3,10 @@
     {
       "name" : "libstatssocket_lazy_test"
     }
+  ],
+  "hwasan-postsubmit" : [
+    {
+      "name" : "libstatssocket_lazy_test"
+    }
   ]
 }
\ No newline at end of file
diff --git a/libutils/RefBase.cpp b/libutils/RefBase.cpp
index 99fefee..4ddac3d 100644
--- a/libutils/RefBase.cpp
+++ b/libutils/RefBase.cpp
@@ -50,7 +50,7 @@
 // log all reference counting operations
 #define PRINT_REFS 0
 
-#if !defined(_WIN32) && !defined(__APPLE__)
+#if defined(__linux__)
 // CallStack is only supported on linux type platforms.
 #define CALLSTACK_ENABLED 1
 #else
diff --git a/libutils/include/utils/Compat.h b/libutils/include/utils/Compat.h
index 6002567..3221899 100644
--- a/libutils/include/utils/Compat.h
+++ b/libutils/include/utils/Compat.h
@@ -71,19 +71,17 @@
 #define CONSTEXPR
 #endif
 
-/*
- * TEMP_FAILURE_RETRY is defined by some, but not all, versions of
- * <unistd.h>. (Alas, it is not as standard as we'd hoped!) So, if it's
- * not already defined, then define it here.
- */
+/* TEMP_FAILURE_RETRY is not available on macOS, but still useful there. */
 #ifndef TEMP_FAILURE_RETRY
 /* Used to retry syscalls that can return EINTR. */
-#define TEMP_FAILURE_RETRY(exp) ({         \
-    typeof (exp) _rc;                      \
-    do {                                   \
-        _rc = (exp);                       \
-    } while (_rc == -1 && errno == EINTR); \
-    _rc; })
+#define TEMP_FAILURE_RETRY(exp)                \
+    ({                                         \
+        __typeof__(exp) _rc;                   \
+        do {                                   \
+            _rc = (exp);                       \
+        } while (_rc == -1 && errno == EINTR); \
+        _rc;                                   \
+    })
 #endif
 
 #if defined(_WIN32)
diff --git a/libutils/include/utils/Errors.h b/libutils/include/utils/Errors.h
index d14d223..22fb36d 100644
--- a/libutils/include/utils/Errors.h
+++ b/libutils/include/utils/Errors.h
@@ -34,15 +34,13 @@
  * All error codes are negative values.
  */
 
-// Win32 #defines NO_ERROR as well.  It has the same value, so there's no
-// real conflict, though it's a bit awkward.
-#ifdef _WIN32
-# undef NO_ERROR
-#endif
-
 enum {
     OK                = 0,    // Preferred constant for checking success.
+#ifndef NO_ERROR
+    // Win32 #defines NO_ERROR as well.  It has the same value, so there's no
+    // real conflict, though it's a bit awkward.
     NO_ERROR          = OK,   // Deprecated synonym for `OK`. Prefer `OK` because it doesn't conflict with Windows.
+#endif
 
     UNKNOWN_ERROR       = (-2147483647-1), // INT32_MIN value
 
@@ -76,10 +74,4 @@
 // Human readable name of error
 std::string statusToString(status_t status);
 
-// Restore define; enumeration is in "android" namespace, so the value defined
-// there won't work for Win32 code in a different namespace.
-#ifdef _WIN32
-# define NO_ERROR 0L
-#endif
-
 }  // namespace android
diff --git a/property_service/TEST_MAPPING b/property_service/TEST_MAPPING
index fcdc86a..20f6c84 100644
--- a/property_service/TEST_MAPPING
+++ b/property_service/TEST_MAPPING
@@ -3,5 +3,10 @@
     {
       "name": "propertyinfoserializer_tests"
     }
+  ],
+  "hwasan-postsubmit": [
+    {
+      "name": "propertyinfoserializer_tests"
+    }
   ]
 }
diff --git a/rootdir/init.rc b/rootdir/init.rc
index c4c9eca..404d7ae 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -1085,9 +1085,11 @@
     mkdir /dev/sys/fs/by-name 0755 system system
     symlink /sys/fs/f2fs/${dev.mnt.dev.data} /dev/sys/fs/by-name/userdata
 
-    # to access dm-<num> sysfs
+    # dev.mnt.dev.data=dm-N, dev.mnt.blk.data=sdaN/mmcblk0pN, dev.mnt.rootdisk.data=sda/mmcblk0, or
+    # dev.mnt.dev.data=sdaN/mmcblk0pN, dev.mnt.blk.data=sdaN/mmcblk0pN, dev.mnt.rootdisk.data=sda/mmcblk0
     mkdir /dev/sys/block/by-name 0755 system system
-    symlink /sys/devices/virtual/block/${dev.mnt.dev.data} /dev/sys/block/by-name/userdata
+    symlink /sys/class/block/${dev.mnt.dev.data} /dev/sys/block/by-name/userdata
+    symlink /sys/class/block/${dev.mnt.rootdisk.data} /dev/sys/block/by-name/rootdisk
 
     # F2FS tuning. Set cp_interval larger than dirty_expire_centisecs, 30 secs,
     # to avoid power consumption when system becomes mostly idle. Be careful
@@ -1099,8 +1101,9 @@
 
     # limit discard size to 128MB in order to avoid long IO latency
     # for filesystem tuning first (dm or sda)
-    # Note that, if dm-<num> is used, sda/mmcblk0 should be tuned in vendor/init.rc
+    # this requires enabling selinux entry for sda/mmcblk0 in vendor side
     write /dev/sys/block/by-name/userdata/queue/discard_max_bytes 134217728
+    write /dev/sys/block/by-name/rootdisk/queue/discard_max_bytes 134217728
 
     # Permissions for System Server and daemons.
     chown system system /sys/power/autosleep
diff --git a/trusty/keymaster/set_attestation_key/set_attestation_key.cpp b/trusty/keymaster/set_attestation_key/set_attestation_key.cpp
index df6b0f8..e2f376c 100644
--- a/trusty/keymaster/set_attestation_key/set_attestation_key.cpp
+++ b/trusty/keymaster/set_attestation_key/set_attestation_key.cpp
@@ -342,6 +342,19 @@
     return 0;
 }
 
+static int provision_ids(void) {
+    keymaster::SetAttestationIdsRequest req(4 /* ver */);
+    keymaster::EmptyKeymasterResponse rsp(4 /* ver */);
+
+    req.brand.Reinitialize("trusty", 6);
+    req.device.Reinitialize("trusty", 6);
+    req.product.Reinitialize("trusty", 6);
+    req.manufacturer.Reinitialize("trusty", 6);
+    req.model.Reinitialize("trusty", 6);
+
+    return trusty_keymaster_send(KM_SET_ATTESTATION_IDS, req, &rsp);
+}
+
 int main(int argc, char** argv) {
     int ret = 0;
 
@@ -353,10 +366,22 @@
     ret = trusty_keymaster_connect();
     if (ret) {
         fprintf(stderr, "trusty_keymaster_connect failed %d\n", ret);
-    } else {
-        ret = parse_xml_file(argv[optind]);
-        trusty_keymaster_disconnect();
+        return EXIT_FAILURE;
     }
 
-    return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+    ret = parse_xml_file(argv[optind]);
+    if (ret) {
+        fprintf(stderr, "parse_xml_file failed %d\n", ret);
+        trusty_keymaster_disconnect();
+        return EXIT_FAILURE;
+    }
+
+    ret = provision_ids();
+    if (ret) {
+        fprintf(stderr, "provision_ids failed %d\n", ret);
+        trusty_keymaster_disconnect();
+        return EXIT_FAILURE;
+    }
+
+    return EXIT_SUCCESS;
 }