Merge "trusty: utils: trusty-ut-ctrl: add to system_ext" into main
diff --git a/fastboot/Android.mk b/fastboot/Android.mk
deleted file mode 100644
index cde0cb2..0000000
--- a/fastboot/Android.mk
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright (C) 2007 Google Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH:= $(call my-dir)
-
-#
-# Package fastboot-related executables.
-#
-
-my_dist_files := $(HOST_OUT_EXECUTABLES)/mke2fs
-my_dist_files += $(HOST_OUT_EXECUTABLES)/make_f2fs
-my_dist_files += $(HOST_OUT_EXECUTABLES)/make_f2fs_casefold
-$(call dist-for-goals,dist_files sdk,$(my_dist_files))
-my_dist_files :=
diff --git a/init/README.md b/init/README.md
index de57208..560c528 100644
--- a/init/README.md
+++ b/init/README.md
@@ -501,9 +501,10 @@
reformatted here if it couldn't mount in first-stage init.
6. `post-fs-data-checkpointed` - Triggered when vold has completed committing a checkpoint
after an OTA update. Not triggered if checkpointing is not needed or supported.
- 7. `zygote-start` - Start the zygote.
- 8. `early-boot` - After zygote has started.
- 9. `boot` - After `early-boot` actions have completed.
+ 7. `bpf-progs-loaded` - Starts things that want to start ASAP but need eBPF (incl. netd)
+ 8. `zygote-start` - Start the zygote.
+ 9. `early-boot` - After zygote has started.
+ 10. `boot` - After `early-boot` actions have completed.
Commands
--------
diff --git a/init/first_stage_mount.cpp b/init/first_stage_mount.cpp
index ece430b..c26b31e 100644
--- a/init/first_stage_mount.cpp
+++ b/init/first_stage_mount.cpp
@@ -156,6 +156,13 @@
return fstab;
}
+static bool IsRequestingMicrodroidVendorPartition(const std::string& cmdline) {
+ if (virtualization::IsEnableTpuAssignableDeviceFlagEnabled()) {
+ return access("/proc/device-tree/avf/vendor_hashtree_descriptor_root_digest", F_OK) == 0;
+ }
+ return cmdline.find("androidboot.microdroid.mount_vendor=1") != std::string::npos;
+}
+
// Note: this is a temporary solution to avoid blocking devs that depend on /vendor partition in
// Microdroid. For the proper solution the /vendor fstab should probably be defined in the DT.
// TODO(b/285855430): refactor this
@@ -166,7 +173,7 @@
if (!ReadDefaultFstab(&fstab)) {
return Error() << "failed to read fstab";
}
- if (cmdline.find("androidboot.microdroid.mount_vendor=1") == std::string::npos) {
+ if (!IsRequestingMicrodroidVendorPartition(cmdline)) {
// We weren't asked to mount /vendor partition, filter it out from the fstab.
auto predicate = [](const auto& entry) { return entry.mount_point == "/vendor"; };
fstab.erase(std::remove_if(fstab.begin(), fstab.end(), predicate), fstab.end());
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 4b3ad82..1acd637 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -567,7 +567,8 @@
trigger post-fs-data
# Should be before netd, but after apex, properties and logging is available.
- trigger load_bpf_programs
+ trigger load-bpf-programs
+ trigger bpf-progs-loaded
# Now we can start zygote.
trigger zygote-start
@@ -1109,6 +1110,22 @@
on property:vold.checkpoint_committed=1
trigger post-fs-data-checkpointed
+# It is important that we start bpfloader after:
+# - /sys/fs/bpf is already mounted,
+# - apex (incl. rollback) is initialized (so that we can load bpf
+# programs shipped as part of apex mainline modules)
+# - logd is ready for us to log stuff
+#
+# At the same time we want to be as early as possible to reduce races and thus
+# failures (before memory is fragmented, and cpu is busy running tons of other
+# stuff) and we absolutely want to be before netd and the system boot slot is
+# considered to have booted successfully.
+on load-bpf-programs
+ exec_start bpfloader
+
+on bpf-progs-loaded
+ start netd
+
# It is recommended to put unnecessary data/ initialization from post-fs-data
# to start-zygote in device's init.rc to unblock zygote start.
on zygote-start
@@ -1116,7 +1133,6 @@
# A/B update verifier that marks a successful boot.
exec_start update_verifier
start statsd
- start netd
start zygote
start zygote_secondary
@@ -1277,7 +1293,7 @@
# controlling access. On older kernels, the paranoid value is the only means of
# controlling access. It is normally 3 (allow only root), but the shell user
# can lower it to 1 (allowing thread-scoped pofiling) via security.perf_harden.
-on load_bpf_programs && property:sys.init.perf_lsm_hooks=1
+on load-bpf-programs && property:sys.init.perf_lsm_hooks=1
write /proc/sys/kernel/perf_event_paranoid -1
on property:security.perf_harden=0 && property:sys.init.perf_lsm_hooks=""
write /proc/sys/kernel/perf_event_paranoid 1
diff --git a/trusty/storage/proxy/Android.bp b/trusty/storage/proxy/Android.bp
index e362b8b..7ef0e6f 100644
--- a/trusty/storage/proxy/Android.bp
+++ b/trusty/storage/proxy/Android.bp
@@ -47,7 +47,12 @@
"libtrustystorageinterface",
"libtrusty",
],
-
+ target: {
+ vendor: {
+ // vendor variant requires this flag
+ cflags: ["-DVENDOR_FS_READY_PROPERTY"],
+ },
+ },
cflags: [
"-Wall",
"-Werror",
diff --git a/trusty/storage/proxy/storage.c b/trusty/storage/proxy/storage.c
index ca39f6a..72c4e93 100644
--- a/trusty/storage/proxy/storage.c
+++ b/trusty/storage/proxy/storage.c
@@ -54,6 +54,8 @@
/* List head for storage mapping, elements added at init, and never removed */
static struct storage_mapping_node* storage_mapping_head;
+#ifdef VENDOR_FS_READY_PROPERTY
+
/*
* Properties set to 1 after we have opened a file under ssdir_name. The backing
* files for both TD and TDP are currently located under /data/vendor/ss and can
@@ -75,16 +77,6 @@
static bool fs_ready_set = false;
static bool fs_ready_rw_set = false;
-static enum sync_state fs_state;
-static enum sync_state fd_state[FD_TBL_SIZE];
-
-static bool alternate_mode;
-
-static struct {
- struct storage_file_read_resp hdr;
- uint8_t data[MAX_READ_SIZE];
-} read_rsp;
-
static bool property_set_helper(const char* prop) {
int rc = property_set(prop, "1");
if (rc == 0) {
@@ -96,6 +88,18 @@
return rc == 0;
}
+#endif // #ifdef VENDOR_FS_READY_PROPERTY
+
+static enum sync_state fs_state;
+static enum sync_state fd_state[FD_TBL_SIZE];
+
+static bool alternate_mode;
+
+static struct {
+ struct storage_file_read_resp hdr;
+ uint8_t data[MAX_READ_SIZE];
+} read_rsp;
+
static uint32_t insert_fd(int open_flags, int fd, struct storage_mapping_node* node) {
uint32_t handle = fd;
@@ -535,6 +539,7 @@
free(path);
path = NULL;
+#ifdef VENDOR_FS_READY_PROPERTY
/* a backing file has been opened, notify any waiting init steps */
if (!fs_ready_set || !fs_ready_rw_set) {
bool is_checkpoint_active = false;
@@ -552,6 +557,7 @@
}
}
}
+#endif // #ifdef VENDOR_FS_READY_PROPERTY
return ipc_respond(msg, &resp, sizeof(resp));