Merge "libsnapshot:snapuserd: Terminate daemon after applying OTA."
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 796a39a..950fc96 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -680,7 +680,7 @@
}
}
-bool ReadFstabFromFile(const std::string& path, Fstab* fstab) {
+bool ReadFstabFromFile(const std::string& path, Fstab* fstab_out) {
auto fstab_file = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
if (!fstab_file) {
PERROR << __FUNCTION__ << "(): cannot open file: '" << path << "'";
@@ -689,31 +689,43 @@
bool is_proc_mounts = path == "/proc/mounts";
- if (!ReadFstabFile(fstab_file.get(), is_proc_mounts, fstab)) {
+ Fstab fstab;
+ if (!ReadFstabFile(fstab_file.get(), is_proc_mounts, &fstab)) {
LERROR << __FUNCTION__ << "(): failed to load fstab from : '" << path << "'";
return false;
}
- if (!is_proc_mounts && !access(android::gsi::kGsiBootedIndicatorFile, F_OK)) {
- // This is expected to fail if host is android Q, since Q doesn't
- // support DSU slotting. The DSU "active" indicator file would be
- // non-existent or empty if DSU is enabled within the guest system.
- // In that case, just use the default slot name "dsu".
- std::string dsu_slot;
- if (!android::gsi::GetActiveDsu(&dsu_slot)) {
- PWARNING << __FUNCTION__ << "(): failed to get active dsu slot";
+ if (!is_proc_mounts) {
+ if (!access(android::gsi::kGsiBootedIndicatorFile, F_OK)) {
+ // This is expected to fail if host is android Q, since Q doesn't
+ // support DSU slotting. The DSU "active" indicator file would be
+ // non-existent or empty if DSU is enabled within the guest system.
+ // In that case, just use the default slot name "dsu".
+ std::string dsu_slot;
+ if (!android::gsi::GetActiveDsu(&dsu_slot) && errno != ENOENT) {
+ PERROR << __FUNCTION__ << "(): failed to get active DSU slot";
+ return false;
+ }
+ if (dsu_slot.empty()) {
+ dsu_slot = "dsu";
+ LWARNING << __FUNCTION__ << "(): assuming default DSU slot: " << dsu_slot;
+ }
+ // This file is non-existent on Q vendor.
+ std::string lp_names;
+ if (!ReadFileToString(gsi::kGsiLpNamesFile, &lp_names) && errno != ENOENT) {
+ PERROR << __FUNCTION__ << "(): failed to read DSU LP names";
+ return false;
+ }
+ TransformFstabForDsu(&fstab, dsu_slot, Split(lp_names, ","));
+ } else if (errno != ENOENT) {
+ PERROR << __FUNCTION__ << "(): failed to access() DSU booted indicator";
+ return false;
}
- if (dsu_slot.empty()) {
- dsu_slot = "dsu";
- }
-
- std::string lp_names;
- ReadFileToString(gsi::kGsiLpNamesFile, &lp_names);
- TransformFstabForDsu(fstab, dsu_slot, Split(lp_names, ","));
}
- SkipMountingPartitions(fstab, false /* verbose */);
- EnableMandatoryFlags(fstab);
+ SkipMountingPartitions(&fstab, false /* verbose */);
+ EnableMandatoryFlags(&fstab);
+ *fstab_out = std::move(fstab);
return true;
}
@@ -788,10 +800,8 @@
// Loads the fstab file and combines with fstab entries passed in from device tree.
bool ReadDefaultFstab(Fstab* fstab) {
- Fstab dt_fstab;
- ReadFstabFromDt(&dt_fstab, false /* verbose */);
-
- *fstab = std::move(dt_fstab);
+ fstab->clear();
+ ReadFstabFromDt(fstab, false /* verbose */);
std::string default_fstab_path;
// Use different fstab paths for normal boot and recovery boot, respectively
@@ -802,16 +812,14 @@
}
Fstab default_fstab;
- if (!default_fstab_path.empty()) {
- ReadFstabFromFile(default_fstab_path, &default_fstab);
+ if (!default_fstab_path.empty() && ReadFstabFromFile(default_fstab_path, &default_fstab)) {
+ for (auto&& entry : default_fstab) {
+ fstab->emplace_back(std::move(entry));
+ }
} else {
LINFO << __FUNCTION__ << "(): failed to find device default fstab";
}
- for (auto&& entry : default_fstab) {
- fstab->emplace_back(std::move(entry));
- }
-
return !fstab->empty();
}
diff --git a/libcutils/Android.bp b/libcutils/Android.bp
index 0f3763c..a99cae2 100644
--- a/libcutils/Android.bp
+++ b/libcutils/Android.bp
@@ -363,8 +363,9 @@
local_include_dirs: ["include"],
bindgen_flags: [
"--whitelist-function", "multiuser_get_app_id",
- "--whitelist-function", "multiuser_get_user_id",
"--whitelist-function", "multiuser_get_uid",
+ "--whitelist-function", "multiuser_get_user_id",
+ "--whitelist-var", "AID_KEYSTORE",
"--whitelist-var", "AID_USER_OFFSET",
],
}
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 9a30ead..e3b1c4c 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -471,9 +471,6 @@
chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
start lmkd
- # Set an initial boot level - start at 10 in case we need to add earlier ones.
- setprop keystore.boot_level 10
-
# Start essential services.
start servicemanager
start hwservicemanager
@@ -630,8 +627,6 @@
write /sys/kernel/tracing/instances/bootreceiver/events/error_report/error_report_end/enable 1
on post-fs-data
- # Boot level 30 - at this point daemons like apexd and odsign run
- setprop keystore.boot_level 30
mark_post_data
@@ -652,6 +647,9 @@
mkdir /data/bootchart 0755 shell shell encryption=Require
bootchart start
+ # Avoid predictable entropy pool. Carry over entropy from previous boot.
+ copy /data/system/entropy.dat /dev/urandom
+
mkdir /data/vendor 0771 root root encryption=Require
mkdir /data/vendor_ce 0771 root root encryption=None
mkdir /data/vendor_de 0771 root root encryption=None
@@ -667,6 +665,23 @@
# Make sure that apexd is started in the default namespace
enter_default_mount_ns
+ # set up keystore directory structure first so that we can end early boot
+ # and start apexd
+ mkdir /data/misc 01771 system misc encryption=Require
+ mkdir /data/misc/keystore 0700 keystore keystore
+
+ # Boot level 30
+ # odsign signing keys have MAX_BOOT_LEVEL=30
+ # This is currently the earliest boot level, but we start at 30
+ # to leave room for earlier levels.
+ setprop keystore.boot_level 30
+
+ # Now that /data is mounted and we have created /data/misc/keystore,
+ # we can tell keystore to stop allowing use of early-boot keys,
+ # and access its database for the first time to support creation and
+ # use of MAX_BOOT_LEVEL keys.
+ exec - system system -- /system/bin/vdc keymaster earlyBootEnded
+
# /data/apex is now available. Start apexd to scan and activate APEXes.
mkdir /data/apex 0755 root system encryption=None
mkdir /data/apex/active 0755 root system
@@ -678,11 +693,7 @@
mkdir /data/apex/ota_reserved 0700 root system encryption=Require
start apexd
- # Avoid predictable entropy pool. Carry over entropy from previous boot.
- copy /data/system/entropy.dat /dev/urandom
-
- # create basic filesystem structure
- mkdir /data/misc 01771 system misc encryption=Require
+ # create rest of basic filesystem structure
mkdir /data/misc/recovery 0770 system log
copy /data/misc/recovery/ro.build.fingerprint /data/misc/recovery/ro.build.fingerprint.1
chmod 0440 /data/misc/recovery/ro.build.fingerprint.1
@@ -706,7 +717,6 @@
mkdir /data/misc/nfc 0770 nfc nfc
mkdir /data/misc/nfc/logs 0770 nfc nfc
mkdir /data/misc/credstore 0700 credstore credstore
- mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/gatekeeper 0700 system system
mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/net 0750 root shell
@@ -914,14 +924,13 @@
# odsign to be done with the key
wait_for_prop odsign.key.done 1
- # After apexes are mounted, tell keymaster early boot has ended, so it will
- # stop allowing use of early-boot keys
- exec - system system -- /system/bin/vdc keymaster earlyBootEnded
-
# Lock the fs-verity keyring, so no more keys can be added
exec -- /system/bin/fsverity_init --lock
- setprop keystore.boot_level 40
+ # Bump the boot level to 1000000000; this prevents further on-device signing.
+ # This is a special value that shuts down the thread which listens for
+ # further updates.
+ setprop keystore.boot_level 1000000000
# Allow apexd to snapshot and restore device encrypted apex data in the case
# of a rollback. This should be done immediately after DE_user data keys