Merge "Remove unnecessary getpriority() system call" into main
diff --git a/fs_mgr/libsnapshot/snapuserd/user-space-merge/read_worker.cpp b/fs_mgr/libsnapshot/snapuserd/user-space-merge/read_worker.cpp
index ef311d4..33767d6 100644
--- a/fs_mgr/libsnapshot/snapuserd/user-space-merge/read_worker.cpp
+++ b/fs_mgr/libsnapshot/snapuserd/user-space-merge/read_worker.cpp
@@ -104,6 +104,8 @@
 }
 
 bool ReadWorker::ProcessXorOp(const CowOperation* cow_op, void* buffer) {
+    using WordType = std::conditional_t<sizeof(void*) == sizeof(uint64_t), uint64_t, uint32_t>;
+
     if (!ReadFromSourceDevice(cow_op, buffer)) {
         return false;
     }
@@ -120,9 +122,12 @@
         return false;
     }
 
-    auto xor_out = reinterpret_cast<uint8_t*>(buffer);
-    for (size_t i = 0; i < BLOCK_SZ; i++) {
-        xor_out[i] ^= xor_buffer_[i];
+    auto xor_in = reinterpret_cast<const WordType*>(xor_buffer_.data());
+    auto xor_out = reinterpret_cast<WordType*>(buffer);
+    auto num_words = BLOCK_SZ / sizeof(WordType);
+
+    for (auto i = 0; i < num_words; i++) {
+        xor_out[i] ^= xor_in[i];
     }
     return true;
 }
diff --git a/fs_mgr/libsnapshot/snapuserd/user-space-merge/snapuserd_readahead.cpp b/fs_mgr/libsnapshot/snapuserd/user-space-merge/snapuserd_readahead.cpp
index 6b1ed0c..9a1d441 100644
--- a/fs_mgr/libsnapshot/snapuserd/user-space-merge/snapuserd_readahead.cpp
+++ b/fs_mgr/libsnapshot/snapuserd/user-space-merge/snapuserd_readahead.cpp
@@ -458,6 +458,7 @@
 void ReadAhead::ProcessXorData(size_t& block_xor_index, size_t& xor_index,
                                std::vector<const CowOperation*>& xor_op_vec, void* buffer,
                                loff_t& buffer_offset) {
+    using WordType = std::conditional_t<sizeof(void*) == sizeof(uint64_t), uint64_t, uint32_t>;
     loff_t xor_buf_offset = 0;
 
     while (block_xor_index < blocks_.size()) {
@@ -470,13 +471,14 @@
             // Check if this block is an XOR op
             if (xor_op->new_block == new_block) {
                 // Pointer to the data read from base device
-                uint8_t* buffer = reinterpret_cast<uint8_t*>(bufptr);
+                auto buffer_words = reinterpret_cast<WordType*>(bufptr);
                 // Get the xor'ed data read from COW device
-                uint8_t* xor_data = reinterpret_cast<uint8_t*>((char*)bufsink_.GetPayloadBufPtr() +
-                                                               xor_buf_offset);
+                auto xor_data_words = reinterpret_cast<WordType*>(
+                        (char*)bufsink_.GetPayloadBufPtr() + xor_buf_offset);
+                auto num_words = BLOCK_SZ / sizeof(WordType);
 
-                for (size_t byte_offset = 0; byte_offset < BLOCK_SZ; byte_offset++) {
-                    buffer[byte_offset] ^= xor_data[byte_offset];
+                for (auto i = 0; i < num_words; i++) {
+                    buffer_words[i] ^= xor_data_words[i];
                 }
 
                 // Move to next XOR op
diff --git a/init/README.md b/init/README.md
index de57208..560c528 100644
--- a/init/README.md
+++ b/init/README.md
@@ -501,9 +501,10 @@
       reformatted here if it couldn't mount in first-stage init.
    6. `post-fs-data-checkpointed` - Triggered when vold has completed committing a checkpoint
       after an OTA update. Not triggered if checkpointing is not needed or supported.
-   7. `zygote-start` - Start the zygote.
-   8. `early-boot` - After zygote has started.
-   9. `boot` - After `early-boot` actions have completed.
+   7. `bpf-progs-loaded` - Starts things that want to start ASAP but need eBPF (incl. netd)
+   8. `zygote-start` - Start the zygote.
+   9. `early-boot` - After zygote has started.
+  10. `boot` - After `early-boot` actions have completed.
 
 Commands
 --------
diff --git a/libstats/expresslog/Android.bp b/libstats/expresslog/Android.bp
index 96ab59b..f70252a 100644
--- a/libstats/expresslog/Android.bp
+++ b/libstats/expresslog/Android.bp
@@ -1,4 +1,3 @@
-
 //
 // Copyright (C) 2023 The Android Open Source Project
 //
@@ -16,6 +15,7 @@
 //
 package {
     default_applicable_licenses: ["Android-Apache-2.0"],
+    default_team: "trendy_team_android_telemetry_client_infra",
 }
 
 cc_defaults {
@@ -28,6 +28,7 @@
 
 cc_library {
     name: "libexpresslog",
+    host_supported: true,
     defaults: ["expresslog_defaults"],
     cflags: [
         "-DNAMESPACE_FOR_HASH_FUNCTIONS=farmhash",
@@ -74,6 +75,7 @@
 
 cc_library_static {
     name: "libstatslog_express",
+    host_supported: true,
     generated_sources: ["statslog_express.cpp"],
     generated_headers: ["statslog_express.h"],
     export_generated_headers: ["statslog_express.h"],
@@ -119,5 +121,5 @@
     ],
     shared_libs: [
         "libstatssocket",
-    ]
+    ],
 }
diff --git a/libstats/pull_rust/Android.bp b/libstats/pull_rust/Android.bp
index 6902026..2a8939e 100644
--- a/libstats/pull_rust/Android.bp
+++ b/libstats/pull_rust/Android.bp
@@ -61,7 +61,6 @@
     srcs: ["stats_pull.rs"],
     rustlibs: [
         "liblog_rust",
-        "libonce_cell",
         "libstatslog_rust_header",
         "libstatspull_bindgen",
     ],
diff --git a/libstats/pull_rust/stats_pull.rs b/libstats/pull_rust/stats_pull.rs
index b2bebcc..03929e3 100644
--- a/libstats/pull_rust/stats_pull.rs
+++ b/libstats/pull_rust/stats_pull.rs
@@ -14,13 +14,12 @@
 
 //! A Rust interface for the StatsD pull API.
 
-use once_cell::sync::Lazy;
 use statslog_rust_header::{Atoms, Stat, StatsError};
 use statspull_bindgen::*;
 use std::collections::HashMap;
 use std::convert::TryInto;
 use std::os::raw::c_void;
-use std::sync::Mutex;
+use std::sync::{LazyLock, Mutex};
 
 /// The return value of callbacks.
 pub type StatsPullResult = Vec<Box<dyn Stat>>;
@@ -107,8 +106,8 @@
     }
 }
 
-static COOKIES: Lazy<Mutex<HashMap<i32, fn() -> StatsPullResult>>> =
-    Lazy::new(|| Mutex::new(HashMap::new()));
+static COOKIES: LazyLock<Mutex<HashMap<i32, fn() -> StatsPullResult>>> =
+    LazyLock::new(|| Mutex::new(HashMap::new()));
 
 /// # Safety
 ///
diff --git a/property_service/libpropertyinfoserializer/property_info_serializer_test.cpp b/property_service/libpropertyinfoserializer/property_info_serializer_test.cpp
index a484441..bed4a73 100644
--- a/property_service/libpropertyinfoserializer/property_info_serializer_test.cpp
+++ b/property_service/libpropertyinfoserializer/property_info_serializer_test.cpp
@@ -729,7 +729,6 @@
       {"sys.ims.QMI_DAEMON_STATUS", "u:object_r:qcom_ims_prop:s0"},
       {"sys.listeners.registered", "u:object_r:qseecomtee_prop:s0"},
       {"sys.logbootcomplete", "u:object_r:system_prop:s0"},
-      {"sys.oem_unlock_allowed", "u:object_r:system_prop:s0"},
       {"sys.qcom.devup", "u:object_r:system_prop:s0"},
       {"sys.sysctl.extra_free_kbytes", "u:object_r:system_prop:s0"},
       {"sys.usb.config", "u:object_r:system_radio_prop:s0"},
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 4b3ad82..1acd637 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -567,7 +567,8 @@
     trigger post-fs-data
 
     # Should be before netd, but after apex, properties and logging is available.
-    trigger load_bpf_programs
+    trigger load-bpf-programs
+    trigger bpf-progs-loaded
 
     # Now we can start zygote.
     trigger zygote-start
@@ -1109,6 +1110,22 @@
 on property:vold.checkpoint_committed=1
     trigger post-fs-data-checkpointed
 
+# It is important that we start bpfloader after:
+#   - /sys/fs/bpf is already mounted,
+#   - apex (incl. rollback) is initialized (so that we can load bpf
+#     programs shipped as part of apex mainline modules)
+#   - logd is ready for us to log stuff
+#
+# At the same time we want to be as early as possible to reduce races and thus
+# failures (before memory is fragmented, and cpu is busy running tons of other
+# stuff) and we absolutely want to be before netd and the system boot slot is
+# considered to have booted successfully.
+on load-bpf-programs
+    exec_start bpfloader
+
+on bpf-progs-loaded
+    start netd
+
 # It is recommended to put unnecessary data/ initialization from post-fs-data
 # to start-zygote in device's init.rc to unblock zygote start.
 on zygote-start
@@ -1116,7 +1133,6 @@
     # A/B update verifier that marks a successful boot.
     exec_start update_verifier
     start statsd
-    start netd
     start zygote
     start zygote_secondary
 
@@ -1277,7 +1293,7 @@
 # controlling access. On older kernels, the paranoid value is the only means of
 # controlling access. It is normally 3 (allow only root), but the shell user
 # can lower it to 1 (allowing thread-scoped pofiling) via security.perf_harden.
-on load_bpf_programs && property:sys.init.perf_lsm_hooks=1
+on load-bpf-programs && property:sys.init.perf_lsm_hooks=1
     write /proc/sys/kernel/perf_event_paranoid -1
 on property:security.perf_harden=0 && property:sys.init.perf_lsm_hooks=""
     write /proc/sys/kernel/perf_event_paranoid 1
diff --git a/trusty/metrics/include/trusty/metrics/tipc.h b/trusty/metrics/include/trusty/metrics/tipc.h
index b4428d5..4c4d37d 100644
--- a/trusty/metrics/include/trusty/metrics/tipc.h
+++ b/trusty/metrics/include/trusty/metrics/tipc.h
@@ -43,6 +43,8 @@
 
 #define UUID_STR_SIZE (37)
 
+#define HASH_SIZE_BYTES 64
+
 /**
  * enum metrics_cmd - command identifiers for metrics interface
  * @METRICS_CMD_RESP_BIT:             message is a response
@@ -112,10 +114,22 @@
  *          "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  * @crash_reason: architecture-specific code representing the reason for the
  *                crash
+ * @far: Fault Address Register corresponding to the crash. It is set to 0 and
+ *       not always revealed
+ * @far_hash: Fault Address Register obfuscated, always revealed
+ * @elr: Exception Link Register corresponding to the crash. It is set to 0 and
+ *       not always revealed
+ * @elr_hash: Exception Link Register obfuscated, always revealed
+ * @is_hash: Boolean value indicating whether far and elr have been ob
  */
 struct metrics_report_crash_req {
     char app_id[UUID_STR_SIZE];
     uint32_t crash_reason;
+    uint64_t far;
+    uint8_t far_hash[HASH_SIZE_BYTES];
+    uint64_t elr;
+    uint8_t elr_hash[HASH_SIZE_BYTES];
+    bool is_hash;
 } __attribute__((__packed__));
 
 enum TrustyStorageErrorType {
diff --git a/trusty/storage/interface/Android.bp b/trusty/storage/interface/Android.bp
index d031b0c..769f53d 100644
--- a/trusty/storage/interface/Android.bp
+++ b/trusty/storage/interface/Android.bp
@@ -20,6 +20,7 @@
 
 cc_library_static {
     name: "libtrustystorageinterface",
-    vendor: true,
+    vendor_available: true,
+    system_ext_specific: true,
     export_include_dirs: ["include"],
 }
diff --git a/trusty/storage/proxy/Android.bp b/trusty/storage/proxy/Android.bp
index e362b8b..f32188a 100644
--- a/trusty/storage/proxy/Android.bp
+++ b/trusty/storage/proxy/Android.bp
@@ -18,10 +18,8 @@
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
-cc_binary {
-    name: "storageproxyd",
-    vendor: true,
-
+cc_defaults {
+    name: "storageproxyd.defaults",
     srcs: [
         "checkpoint_handling.cpp",
         "ipc.c",
@@ -47,9 +45,22 @@
         "libtrustystorageinterface",
         "libtrusty",
     ],
-
     cflags: [
         "-Wall",
         "-Werror",
     ],
 }
+
+cc_binary {
+    name: "storageproxyd",
+    defaults: ["storageproxyd.defaults"],
+    vendor: true,
+    // vendor variant requires this flag
+    cflags: ["-DVENDOR_FS_READY_PROPERTY"],
+}
+
+cc_binary {
+    name: "storageproxyd.system",
+    defaults: ["storageproxyd.defaults"],
+    system_ext_specific: true,
+}
diff --git a/trusty/storage/proxy/storage.c b/trusty/storage/proxy/storage.c
index ca39f6a..72c4e93 100644
--- a/trusty/storage/proxy/storage.c
+++ b/trusty/storage/proxy/storage.c
@@ -54,6 +54,8 @@
 /* List head for storage mapping, elements added at init, and never removed */
 static struct storage_mapping_node* storage_mapping_head;
 
+#ifdef VENDOR_FS_READY_PROPERTY
+
 /*
  * Properties set to 1 after we have opened a file under ssdir_name. The backing
  * files for both TD and TDP are currently located under /data/vendor/ss and can
@@ -75,16 +77,6 @@
 static bool fs_ready_set = false;
 static bool fs_ready_rw_set = false;
 
-static enum sync_state fs_state;
-static enum sync_state fd_state[FD_TBL_SIZE];
-
-static bool alternate_mode;
-
-static struct {
-   struct storage_file_read_resp hdr;
-   uint8_t data[MAX_READ_SIZE];
-}  read_rsp;
-
 static bool property_set_helper(const char* prop) {
     int rc = property_set(prop, "1");
     if (rc == 0) {
@@ -96,6 +88,18 @@
     return rc == 0;
 }
 
+#endif  // #ifdef VENDOR_FS_READY_PROPERTY
+
+static enum sync_state fs_state;
+static enum sync_state fd_state[FD_TBL_SIZE];
+
+static bool alternate_mode;
+
+static struct {
+    struct storage_file_read_resp hdr;
+    uint8_t data[MAX_READ_SIZE];
+} read_rsp;
+
 static uint32_t insert_fd(int open_flags, int fd, struct storage_mapping_node* node) {
     uint32_t handle = fd;
 
@@ -535,6 +539,7 @@
     free(path);
     path = NULL;
 
+#ifdef VENDOR_FS_READY_PROPERTY
     /* a backing file has been opened, notify any waiting init steps */
     if (!fs_ready_set || !fs_ready_rw_set) {
         bool is_checkpoint_active = false;
@@ -552,6 +557,7 @@
             }
         }
     }
+#endif  // #ifdef VENDOR_FS_READY_PROPERTY
 
     return ipc_respond(msg, &resp, sizeof(resp));
 
diff --git a/fastboot/Android.mk b/trusty/trusty-storage-cf.mk
similarity index 61%
rename from fastboot/Android.mk
rename to trusty/trusty-storage-cf.mk
index cde0cb2..3b46445 100644
--- a/fastboot/Android.mk
+++ b/trusty/trusty-storage-cf.mk
@@ -1,4 +1,5 @@
-# Copyright (C) 2007 Google Inc.
+#
+# Copyright (C) 2024 The Android Open-Source Project
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,15 +12,14 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
-LOCAL_PATH:= $(call my-dir)
-
-#
-# Package fastboot-related executables.
 #
 
-my_dist_files := $(HOST_OUT_EXECUTABLES)/mke2fs
-my_dist_files += $(HOST_OUT_EXECUTABLES)/make_f2fs
-my_dist_files += $(HOST_OUT_EXECUTABLES)/make_f2fs_casefold
-$(call dist-for-goals,dist_files sdk,$(my_dist_files))
-my_dist_files :=
+#
+# This makefile should be included by the cuttlefish device
+# when enabling the Trusty VM to pull in the baseline set
+# of storage specific modules
+
+PRODUCT_PACKAGES += \
+	storageproxyd.system \
+	rpmb_dev.system \
+
diff --git a/trusty/utils/rpmb_dev/Android.bp b/trusty/utils/rpmb_dev/Android.bp
index 603a1a8..13f151d 100644
--- a/trusty/utils/rpmb_dev/Android.bp
+++ b/trusty/utils/rpmb_dev/Android.bp
@@ -15,11 +15,8 @@
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
-cc_binary {
-    name: "rpmb_dev",
-    vendor: true,
-    host_supported: true,
-
+cc_defaults {
+    name: "rpmb_dev.cc_defaults",
     srcs: [
         "rpmb_dev.c",
     ],
@@ -32,7 +29,23 @@
         "-Wall",
         "-Werror",
     ],
+}
+
+cc_binary {
+    name: "rpmb_dev",
+    defaults: ["rpmb_dev.cc_defaults"],
+    vendor: true,
+    host_supported: true,
     init_rc: [
         "rpmb_dev.rc",
     ],
 }
+
+cc_binary {
+    name: "rpmb_dev.system",
+    defaults: ["rpmb_dev.cc_defaults"],
+    system_ext_specific: true,
+    init_rc: [
+        "rpmb_dev.system.rc",
+    ],
+}
diff --git a/trusty/utils/rpmb_dev/rpmb_dev.system.rc b/trusty/utils/rpmb_dev/rpmb_dev.system.rc
new file mode 100644
index 0000000..b78c4e2
--- /dev/null
+++ b/trusty/utils/rpmb_dev/rpmb_dev.system.rc
@@ -0,0 +1,64 @@
+service storageproxyd_system /system_ext/bin/storageproxyd.system \
+        -d ${storageproxyd_system.trusty_ipc_dev:-/dev/trusty-ipc-dev0} \
+        -r /dev/socket/rpmb_mock_system \
+        -p /data/secure_storage_system \
+        -t sock
+    disabled
+    user system
+    group system
+
+service rpmb_mock_init_system /system_ext/bin/rpmb_dev.system \
+        --dev /mnt/secure_storage_rpmb_system/persist/RPMB_DATA --init --size 2048
+    disabled
+    user system
+    group system
+    oneshot
+
+service rpmb_mock_system /system_ext/bin/rpmb_dev.system \
+        --dev /mnt/secure_storage_rpmb_system/persist/RPMB_DATA \
+        --sock rpmb_mock_system
+    disabled
+    user system
+    group system
+    socket rpmb_mock_system stream 660 system system
+
+# storageproxyd
+on late-fs && \
+    property:trusty_vm_system_nonsecure.ready=1 && \
+    property:storageproxyd_system.trusty_ipc_dev=*
+    wait /dev/socket/rpmb_mock_system
+    start storageproxyd_system
+
+
+# RPMB Mock
+on post-fs && \
+    property:trusty_vm_system_nonsecure.ready=1 && \
+    property:trusty_vm_system.vm_cid=*
+    # Create a persistent location for the RPMB data
+    # (work around lack of RPMb block device on CF).
+    # file contexts secure_storage_rpmb_system_file
+    # (only used on Cuttlefish as this is non secure)
+    mkdir /metadata/secure_storage_rpmb_system 0770 system system
+    mkdir /mnt/secure_storage_rpmb_system 0770 system system
+    symlink /metadata/secure_storage_rpmb_system \
+            /mnt/secure_storage_rpmb_system/persist
+    # Create a system persist directory in /metadata
+    # (work around lack of dedicated system persist partition).
+    # file contexts secure_storage_persist_system_file
+    mkdir /metadata/secure_storage_persist_system 0770 system system
+    mkdir /mnt/secure_storage_persist_system 0770 system system
+    symlink /metadata/secure_storage_persist_system \
+            /mnt/secure_storage_persist_system/persist
+    setprop storageproxyd_system.trusty_ipc_dev VSOCK:${trusty_vm_system.vm_cid}:1
+    exec_start rpmb_mock_init_system
+    start rpmb_mock_system
+
+on post-fs-data && \
+    property:trusty_vm_system_nonsecure.ready=1 && \
+    property:storageproxyd_system.trusty_ipc_dev=*
+    # file contexts secure_storage_system_file
+    mkdir /data/secure_storage_system 0770 root system
+    symlink /mnt/secure_storage_persist_system/persist \
+            /data/secure_storage_system/persist
+    chown root system /data/secure_storage_system/persist
+    restart storageproxyd_system
diff --git a/trusty/utils/trusty-ut-ctrl/Android.bp b/trusty/utils/trusty-ut-ctrl/Android.bp
index 6fc2a48..c255614 100644
--- a/trusty/utils/trusty-ut-ctrl/Android.bp
+++ b/trusty/utils/trusty-ut-ctrl/Android.bp
@@ -16,9 +16,8 @@
     default_applicable_licenses: ["Android-Apache-2.0"],
 }
 
-cc_binary {
-    name: "trusty-ut-ctrl",
-    vendor: true,
+cc_defaults {
+    name: "trusty-ut-ctrl.defaults",
 
     srcs: ["ut-ctrl.c"],
     shared_libs: [
@@ -33,3 +32,15 @@
         "-Werror",
     ],
 }
+
+cc_binary {
+    name: "trusty-ut-ctrl",
+    defaults: ["trusty-ut-ctrl.defaults"],
+    vendor: true,
+}
+
+cc_binary {
+    name: "trusty-ut-ctrl.system",
+    defaults: ["trusty-ut-ctrl.defaults"],
+    system_ext_specific: true,
+}