Merge "start netd earlier" into main
diff --git a/debuggerd/handler/debuggerd_handler.cpp b/debuggerd/handler/debuggerd_handler.cpp
index 42f0aa0..ddc3244 100644
--- a/debuggerd/handler/debuggerd_handler.cpp
+++ b/debuggerd/handler/debuggerd_handler.cpp
@@ -838,7 +838,6 @@
// Use the alternate signal stack if available so we can catch stack overflows.
action.sa_flags |= SA_ONSTACK;
-#define SA_EXPOSE_TAGBITS 0x00000800
// Request that the kernel set tag bits in the fault address. This is necessary for diagnosing MTE
// faults.
action.sa_flags |= SA_EXPOSE_TAGBITS;
diff --git a/fastboot/Android.mk b/fastboot/Android.mk
deleted file mode 100644
index cde0cb2..0000000
--- a/fastboot/Android.mk
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright (C) 2007 Google Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH:= $(call my-dir)
-
-#
-# Package fastboot-related executables.
-#
-
-my_dist_files := $(HOST_OUT_EXECUTABLES)/mke2fs
-my_dist_files += $(HOST_OUT_EXECUTABLES)/make_f2fs
-my_dist_files += $(HOST_OUT_EXECUTABLES)/make_f2fs_casefold
-$(call dist-for-goals,dist_files sdk,$(my_dist_files))
-my_dist_files :=
diff --git a/fs_mgr/libfs_avb/tests/avb_util_test.cpp b/fs_mgr/libfs_avb/tests/avb_util_test.cpp
index 5dc26ac..85eeeb0 100644
--- a/fs_mgr/libfs_avb/tests/avb_util_test.cpp
+++ b/fs_mgr/libfs_avb/tests/avb_util_test.cpp
@@ -16,10 +16,11 @@
#include <endian.h>
+#include <random>
+
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
#include <base/files/file_util.h>
-#include <base/rand_util.h>
#include <libavb/libavb.h>
#include "avb_util.h"
@@ -727,7 +728,10 @@
// Introduces a new modification.
if (length > 0) {
- int modify_location = base::RandInt(offset, offset + length - 1);
+ // mersenne_twister_engine seeded with the default seed source.
+ static std::mt19937 gen(std::random_device{}());
+ std::uniform_int_distribution<> rand_distribution(offset, offset + length - 1);
+ int modify_location = rand_distribution(gen);
file_content[modify_location] ^= 0x80;
last_file_path = file_path.value();
last_modified_location = modify_location;
diff --git a/init/first_stage_mount.cpp b/init/first_stage_mount.cpp
index ece430b..c26b31e 100644
--- a/init/first_stage_mount.cpp
+++ b/init/first_stage_mount.cpp
@@ -156,6 +156,13 @@
return fstab;
}
+static bool IsRequestingMicrodroidVendorPartition(const std::string& cmdline) {
+ if (virtualization::IsEnableTpuAssignableDeviceFlagEnabled()) {
+ return access("/proc/device-tree/avf/vendor_hashtree_descriptor_root_digest", F_OK) == 0;
+ }
+ return cmdline.find("androidboot.microdroid.mount_vendor=1") != std::string::npos;
+}
+
// Note: this is a temporary solution to avoid blocking devs that depend on /vendor partition in
// Microdroid. For the proper solution the /vendor fstab should probably be defined in the DT.
// TODO(b/285855430): refactor this
@@ -166,7 +173,7 @@
if (!ReadDefaultFstab(&fstab)) {
return Error() << "failed to read fstab";
}
- if (cmdline.find("androidboot.microdroid.mount_vendor=1") == std::string::npos) {
+ if (!IsRequestingMicrodroidVendorPartition(cmdline)) {
// We weren't asked to mount /vendor partition, filter it out from the fstab.
auto predicate = [](const auto& entry) { return entry.mount_point == "/vendor"; };
fstab.erase(std::remove_if(fstab.begin(), fstab.end(), predicate), fstab.end());
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 41b9451..d80416d 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -495,6 +495,14 @@
start hwservicemanager
start vndservicemanager
+ # Mount /mnt/vm ASAP to allow early VMs to run.
+ mkdir /mnt/vm 0755 root root
+ mount tmpfs tmpfs /mnt/vm nosuid nodev noexec rw
+ restorecon /mnt/vm
+ chown system system /mnt/vm
+ chmod 0770 /mnt/vm
+ mkdir /mnt/vm/early 0770 system system
+
# Run boringssl self test for each ABI. Any failures trigger reboot to firmware.
import /system/etc/init/hw/init.boringssl.${ro.zygote}.rc
@@ -662,14 +670,6 @@
chmod 0755 /sys/kernel/tracing
chmod 0755 /sys/kernel/debug/tracing
- # Early HALs may use early VM. Mount /mnt/vm before starting such HALs.
- mkdir /mnt/vm 0755 root root
- mount tmpfs tmpfs /mnt/vm nosuid nodev noexec rw
- restorecon /mnt/vm
- chown system system /mnt/vm
- chmod 0770 /mnt/vm
- mkdir /mnt/vm/early 0770 system system
-
# HALs required before storage encryption can get unlocked (FBE)
class_start early_hal
diff --git a/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.system.nonsecure.rc b/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.system.nonsecure.rc
index 318c13b..2799188 100644
--- a/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.system.nonsecure.rc
+++ b/trusty/keymint/android.hardware.security.keymint-service.rust.trusty.system.nonsecure.rc
@@ -1,6 +1,6 @@
service system.keymint.rust-trusty.nonsecure \
/system_ext/bin/hw/android.hardware.security.keymint-service.rust.trusty.system.nonsecure \
- --dev ${ro.hardware.trusty_ipc_dev.keymint:-/dev/trusty-ipc-dev0}
+ --dev ${system.keymint.trusty_ipc_dev:-/dev/trusty-ipc-dev0}
disabled
user nobody
group drmrpc
@@ -12,6 +12,6 @@
# TODO(b/357821690): Start the KeyMint HALs when the KeyMint VM is ready once the Trusty VM
# has a mechanism to notify the host.
on late-fs && property:ro.hardware.security.keymint.trusty.system=1 && \
- property:ro.hardware.trusty_vm_cid=*
- setprop ro.hardware.trusty_ipc_dev.keymint VSOCK:${ro.hardware.trusty_vm_cid}:1
+ property:trusty_vm_system.vm_cid=*
+ setprop system.keymint.trusty_ipc_dev VSOCK:${trusty_vm_system.vm_cid}:1
start system.keymint.rust-trusty.nonsecure