Merge "gatekeeperd_service_fuzzer: Add signal() to handle SIGPIPE" into main
diff --git a/fs_mgr/libfstab/fstab.cpp b/fs_mgr/libfstab/fstab.cpp
index 01e0e3d..010fbc8 100644
--- a/fs_mgr/libfstab/fstab.cpp
+++ b/fs_mgr/libfstab/fstab.cpp
@@ -75,6 +75,7 @@
         {"slave", MS_SLAVE},
         {"shared", MS_SHARED},
         {"lazytime", MS_LAZYTIME},
+        {"nosymfollow", MS_NOSYMFOLLOW},
         {"defaults", 0},
 };
 
diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp
index acabd67..ecf567e 100644
--- a/fs_mgr/libsnapshot/snapshot.cpp
+++ b/fs_mgr/libsnapshot/snapshot.cpp
@@ -2404,6 +2404,9 @@
                 PLOG(ERROR) << "Unable to write rollback indicator: " << path;
             } else {
                 LOG(INFO) << "Rollback detected, writing rollback indicator to " << path;
+                if (device_->IsTempMetadata()) {
+                    CleanupScratchOtaMetadataIfPresent();
+                }
             }
         }
         LOG(INFO) << "Not booting from new slot. Will not mount snapshots.";
diff --git a/fs_mgr/tests/fs_mgr_test.cpp b/fs_mgr/tests/fs_mgr_test.cpp
index 8004977..fc3d5dc 100644
--- a/fs_mgr/tests/fs_mgr_test.cpp
+++ b/fs_mgr/tests/fs_mgr_test.cpp
@@ -330,6 +330,7 @@
                 {"slave", MS_SLAVE},
                 {"shared", MS_SHARED},
                 {"lazytime", MS_LAZYTIME},
+                {"nosymfollow", MS_NOSYMFOLLOW},
                 {"defaults", 0},
                 {0, 0},
         };
diff --git a/init/builtins.cpp b/init/builtins.cpp
index c4af5b5..38aed9c 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -471,6 +471,7 @@
     { "private",    MS_PRIVATE },
     { "slave",      MS_SLAVE },
     { "shared",     MS_SHARED },
+    { "nosymfollow", MS_NOSYMFOLLOW },
     { "defaults",   0 },
     { 0,            0 },
 };
diff --git a/libcutils/ashmem-dev.cpp b/libcutils/ashmem-dev.cpp
index 46b8ef2..cebfa5d 100644
--- a/libcutils/ashmem-dev.cpp
+++ b/libcutils/ashmem-dev.cpp
@@ -114,8 +114,14 @@
     // Check if kernel support exists, otherwise fall back to ashmem.
     // This code needs to build on old API levels, so we can't use the libc
     // wrapper.
+    //
+    // MFD_NOEXEC_SEAL is used to match the semantics of the ashmem device,
+    // which did not have executable permissions. This also seals the executable
+    // permissions of the buffer (i.e. they cannot be changed by fchmod()).
+    //
+    // MFD_NOEXEC_SEAL implies MFD_ALLOW_SEALING.
     android::base::unique_fd fd(
-            syscall(__NR_memfd_create, "test_android_memfd", MFD_CLOEXEC | MFD_ALLOW_SEALING));
+            syscall(__NR_memfd_create, "test_android_memfd", MFD_CLOEXEC | MFD_NOEXEC_SEAL));
     if (fd == -1) {
         ALOGE("memfd_create failed: %s, no memfd support.\n", strerror(errno));
         return false;
@@ -289,7 +295,13 @@
 static int memfd_create_region(const char* name, size_t size) {
     // This code needs to build on old API levels, so we can't use the libc
     // wrapper.
-    android::base::unique_fd fd(syscall(__NR_memfd_create, name, MFD_CLOEXEC | MFD_ALLOW_SEALING));
+    //
+    // MFD_NOEXEC_SEAL to match the semantics of the ashmem device, which did
+    // not have executable permissions. This also seals the executable
+    // permissions of the buffer (i.e. they cannot be changed by fchmod()).
+    //
+    // MFD_NOEXEC_SEAL implies MFD_ALLOW_SEALING.
+    android::base::unique_fd fd(syscall(__NR_memfd_create, name, MFD_CLOEXEC | MFD_NOEXEC_SEAL));
 
     if (fd == -1) {
         ALOGE("memfd_create(%s, %zd) failed: %s\n", name, size, strerror(errno));
diff --git a/libprocessgroup/cgrouprc/Android.bp b/libprocessgroup/cgrouprc/Android.bp
index 38b2fa3..9e46b8e 100644
--- a/libprocessgroup/cgrouprc/Android.bp
+++ b/libprocessgroup/cgrouprc/Android.bp
@@ -19,9 +19,6 @@
 cc_library {
     name: "libcgrouprc",
     host_supported: true,
-    ramdisk_available: true,
-    vendor_ramdisk_available: true,
-    recovery_available: true,
     // Do not ever mark this as vendor_available; otherwise, vendor modules
     // that links to the static library will behave unexpectedly. All on-device
     // modules should use libprocessgroup which links to the LL-NDK library
diff --git a/libsysutils/EventLogTags.logtags b/libsysutils/EventLogTags.logtags
index 713f8cd..bb06d34 100644
--- a/libsysutils/EventLogTags.logtags
+++ b/libsysutils/EventLogTags.logtags
@@ -1,4 +1,4 @@
-# See system/core/logcat/event.logtags for a description of the format of this file.
+# See system/logging/logcat/event.logtags for a description of the format of this file.
 
 # FrameworkListener dispatchCommand overflow
 78001 exp_det_dispatchCommand_overflow
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 060395d..ae6a658 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -54,6 +54,10 @@
     mkdir /linkerconfig/bootstrap 0755
     mkdir /linkerconfig/default 0755
 
+    # Greatly extend dm-verity's Merkle tree cache timeout.  The default timeout
+    # is much too short and is unnecessary, given that there is also a shrinker.
+    write /sys/module/dm_bufio/parameters/max_age_seconds 86400
+
     # Disable dm-verity hash prefetching, since it doesn't help performance
     # Read more in b/136247322
     write /sys/module/dm_verity/parameters/prefetch_cluster 0
@@ -1000,6 +1004,11 @@
     exec_start system_aconfigd_mainline_init
     start system_aconfigd_socket_service
 
+    # start mainline aconfigd init, after transition, the above system_aconfigd_mainline_init
+    # will be deprecated
+    exec_start mainline_aconfigd_init
+    start mainline_aconfigd_socket_service
+
     # Create directories for boot animation.
     mkdir /data/misc/bootanim 0755 system system
 
diff --git a/trusty/secretkeeper/Android.bp b/trusty/secretkeeper/Android.bp
index 6523eda..d399bf8 100644
--- a/trusty/secretkeeper/Android.bp
+++ b/trusty/secretkeeper/Android.bp
@@ -27,18 +27,16 @@
         "src/hal_main.rs",
     ],
     rustlibs: [
+        "android.hardware.security.secretkeeper-V1-rust",
         "libandroid_logger",
         "libauthgraph_hal",
         "libauthgraph_wire",
         "libbinder_rs",
         "liblibc",
         "liblog_rust",
-        "libsecretkeeper_hal",
+        "libsecretkeeper_hal_v1",
         "libtrusty-rs",
     ],
-    defaults: [
-        "secretkeeper_use_latest_hal_aidl_rust",
-    ],
     prefer_rlib: true,
 }
 
diff --git a/trusty/trusty-storage-cf.mk b/trusty/trusty-storage-cf.mk
index 3b46445..acefd3e 100644
--- a/trusty/trusty-storage-cf.mk
+++ b/trusty/trusty-storage-cf.mk
@@ -22,4 +22,5 @@
 PRODUCT_PACKAGES += \
 	storageproxyd.system \
 	rpmb_dev.system \
+	rpmb_dev.test.system \
 
diff --git a/trusty/utils/rpmb_dev/Android.bp b/trusty/utils/rpmb_dev/Android.bp
index ef23cc5..2f362e8 100644
--- a/trusty/utils/rpmb_dev/Android.bp
+++ b/trusty/utils/rpmb_dev/Android.bp
@@ -58,3 +58,12 @@
         "rpmb_dev.wv.system.rc",
     ],
 }
+
+cc_binary {
+    name: "rpmb_dev.test.system",
+    defaults: ["rpmb_dev.cc_defaults"],
+    system_ext_specific: true,
+    init_rc: [
+        "rpmb_dev.test.system.rc",
+    ],
+}
diff --git a/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc b/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
new file mode 100644
index 0000000..2127798
--- /dev/null
+++ b/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
@@ -0,0 +1,56 @@
+service trusty_test_vm /apex/com.android.virt/bin/vm run \
+    /data/local/tmp/TrustyTestVM_UnitTests/trusty-test_vm-config.json
+    disabled
+    user system
+    group system
+
+service storageproxyd_test_system /system_ext/bin/storageproxyd.system \
+        -d VSOCK:${trusty.test_vm.vm_cid}:1 \
+        -r /dev/socket/rpmb_mock_test_system \
+        -p /data/secure_storage_test_system \
+        -t sock
+    disabled
+    class hal
+    user system
+    group system
+
+service rpmb_mock_init_test_system /system_ext/bin/rpmb_dev.test.system \
+        --dev /mnt/secure_storage_rpmb_test_system/persist/RPMB_DATA --init --size 2048
+    disabled
+    user system
+    group system
+    oneshot
+
+service rpmb_mock_test_system /system_ext/bin/rpmb_dev.test.system \
+        --dev /mnt/secure_storage_rpmb_test_system/persist/RPMB_DATA \
+        --sock rpmb_mock_test_system
+    disabled
+    user system
+    group system
+    socket rpmb_mock_test_system stream 660 system system
+
+# RPMB Mock
+on post-fs-data
+    # Create a persistent location for the RPMB data
+    # (work around lack of RPMb block device on CF).
+    # file contexts secure_storage_rpmb_system_file
+    # (only used on Cuttlefish as this is non secure)
+    mkdir /metadata/secure_storage_rpmb_test_system 0770 system system
+    mkdir /mnt/secure_storage_rpmb_test_system 0770 system system
+    symlink /metadata/secure_storage_rpmb_test_system \
+            /mnt/secure_storage_rpmb_test_system/persist
+    # Create a system persist directory in /metadata
+    # (work around lack of dedicated system persist partition).
+    # file contexts secure_storage_persist_system_file
+    mkdir /metadata/secure_storage_persist_test_system 0770 system system
+    mkdir /mnt/secure_storage_persist_test_system 0770 system system
+    symlink /metadata/secure_storage_persist_test_system \
+            /mnt/secure_storage_persist_test_system/persist
+    # file contexts secure_storage_system_file
+    mkdir /data/secure_storage_test_system 0770 root system
+    symlink /mnt/secure_storage_persist_test_system/persist \
+            /data/secure_storage_test_system/persist
+    chown root system /data/secure_storage_test_system/persist
+    # setprop storageproxyd_test_system.trusty_ipc_dev VSOCK:${trusty.test_vm.vm_cid}:1
+    exec_start rpmb_mock_init_test_system
+    start rpmb_mock_test_system