Merge "Fix a memory leak in gatekeeper."
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 716378b..66d0c92 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -28,6 +28,13 @@
       "name": "memunreachable_test"
     },
     {
+      "name": "memunreachable_unit_test"
+    },
+    {
+      "name": "memunreachable_unit_test",
+      "host": true
+    },
+    {
       "name": "memunreachable_binder_test"
     },
     {
diff --git a/adb/client/commandline.cpp b/adb/client/commandline.cpp
index 728e5c1..7211f72 100644
--- a/adb/client/commandline.cpp
+++ b/adb/client/commandline.cpp
@@ -1669,17 +1669,29 @@
             return 0;
         }
     } else if (!strcmp(argv[0], "rescue")) {
+        // adb rescue getprop
         // adb rescue getprop <prop>
         // adb rescue install <filename>
         // adb rescue wipe userdata
-        if (argc != 3) error_exit("rescue requires two arguments");
+        if (argc < 2) error_exit("rescue requires at least one argument");
         if (!strcmp(argv[1], "getprop")) {
-            return adb_connect_command(android::base::StringPrintf("rescue-getprop:%s", argv[2]));
+            if (argc == 2) {
+                return adb_connect_command("rescue-getprop:");
+            }
+            if (argc == 3) {
+                return adb_connect_command(
+                        android::base::StringPrintf("rescue-getprop:%s", argv[2]));
+            }
+            error_exit("invalid rescue getprop arguments");
         } else if (!strcmp(argv[1], "install")) {
+            if (argc != 3) error_exit("rescue install requires two arguments");
             if (adb_sideload_install(argv[2], true /* rescue_mode */) != 0) {
                 return 1;
             }
-        } else if (!strcmp(argv[1], "wipe") && !strcmp(argv[2], "userdata")) {
+        } else if (!strcmp(argv[1], "wipe")) {
+            if (argc != 3 || strcmp(argv[2], "userdata") != 0) {
+                error_exit("invalid rescue wipe arguments");
+            }
             return adb_wipe_devices();
         } else {
             error_exit("invalid rescue argument");
@@ -1811,7 +1823,7 @@
         if (argc < 2) error_exit("install-multiple requires an argument");
         return install_multiple_app(argc, argv);
     } else if (!strcmp(argv[0], "install-multi-package")) {
-        if (argc < 3) error_exit("install-multi-package requires an argument");
+        if (argc < 2) error_exit("install-multi-package requires an argument");
         return install_multi_package(argc, argv);
     } else if (!strcmp(argv[0], "uninstall")) {
         if (argc < 2) error_exit("uninstall requires an argument");
diff --git a/adb/daemon/include/adbd/usb.h b/adb/daemon/include/adbd/usb.h
index 3213f69..fca3c58 100644
--- a/adb/daemon/include/adbd/usb.h
+++ b/adb/daemon/include/adbd/usb.h
@@ -43,7 +43,7 @@
     bool open_new_connection = true;
 
     int (*write)(usb_handle* h, const void* data, int len);
-    int (*read)(usb_handle* h, void* data, int len);
+    int (*read)(usb_handle* h, void* data, int len, bool allow_partial);
     void (*kick)(usb_handle* h);
     void (*close)(usb_handle* h);
 
diff --git a/adb/daemon/usb.cpp b/adb/daemon/usb.cpp
index 96ee6b2..ac739c4 100644
--- a/adb/daemon/usb.cpp
+++ b/adb/daemon/usb.cpp
@@ -169,12 +169,12 @@
 };
 
 struct UsbFfsConnection : public Connection {
-    UsbFfsConnection(unique_fd control, unique_fd read, unique_fd write,
+    UsbFfsConnection(unique_fd* control, unique_fd read, unique_fd write,
                      std::promise<void> destruction_notifier)
         : worker_started_(false),
           stopped_(false),
           destruction_notifier_(std::move(destruction_notifier)),
-          control_fd_(std::move(control)),
+          control_fd_(control),
           read_fd_(std::move(read)),
           write_fd_(std::move(write)) {
         LOG(INFO) << "UsbFfsConnection constructed";
@@ -183,11 +183,6 @@
             PLOG(FATAL) << "failed to create eventfd";
         }
 
-        monitor_event_fd_.reset(eventfd(0, EFD_CLOEXEC));
-        if (monitor_event_fd_ == -1) {
-            PLOG(FATAL) << "failed to create eventfd";
-        }
-
         aio_context_ = ScopedAioContext::Create(kUsbReadQueueDepth + kUsbWriteQueueDepth);
     }
 
@@ -199,7 +194,6 @@
         // We need to explicitly close our file descriptors before we notify our destruction,
         // because the thread listening on the future will immediately try to reopen the endpoint.
         aio_context_.reset();
-        control_fd_.reset();
         read_fd_.reset();
         write_fd_.reset();
 
@@ -246,13 +240,6 @@
             PLOG(FATAL) << "failed to notify worker eventfd to stop UsbFfsConnection";
         }
         CHECK_EQ(static_cast<size_t>(rc), sizeof(notify));
-
-        rc = adb_write(monitor_event_fd_.get(), &notify, sizeof(notify));
-        if (rc < 0) {
-            PLOG(FATAL) << "failed to notify monitor eventfd to stop UsbFfsConnection";
-        }
-
-        CHECK_EQ(static_cast<size_t>(rc), sizeof(notify));
     }
 
   private:
@@ -271,33 +258,24 @@
         monitor_thread_ = std::thread([this]() {
             adb_thread_setname("UsbFfs-monitor");
 
-            bool bound = false;
             bool enabled = false;
             bool running = true;
             while (running) {
                 adb_pollfd pfd[2] = {
-                  { .fd = control_fd_.get(), .events = POLLIN, .revents = 0 },
-                  { .fd = monitor_event_fd_.get(), .events = POLLIN, .revents = 0 },
+                        {.fd = control_fd_->get(), .events = POLLIN, .revents = 0},
                 };
 
-                // If we don't see our first bind within a second, try again.
-                int timeout_ms = bound ? -1 : 1000;
-
-                int rc = TEMP_FAILURE_RETRY(adb_poll(pfd, 2, timeout_ms));
+                int rc = TEMP_FAILURE_RETRY(adb_poll(pfd, 2, -1));
                 if (rc == -1) {
                     PLOG(FATAL) << "poll on USB control fd failed";
-                } else if (rc == 0) {
-                    LOG(WARNING) << "timed out while waiting for FUNCTIONFS_BIND, trying again";
-                    break;
                 }
 
                 if (pfd[1].revents) {
-                    // We were told to die.
-                    break;
+                    // We were told to die, continue reading until FUNCTIONFS_UNBIND.
                 }
 
                 struct usb_functionfs_event event;
-                rc = TEMP_FAILURE_RETRY(adb_read(control_fd_.get(), &event, sizeof(event)));
+                rc = TEMP_FAILURE_RETRY(adb_read(control_fd_->get(), &event, sizeof(event)));
                 if (rc == -1) {
                     PLOG(FATAL) << "failed to read functionfs event";
                 } else if (rc == 0) {
@@ -313,28 +291,10 @@
 
                 switch (event.type) {
                     case FUNCTIONFS_BIND:
-                        if (bound) {
-                            LOG(WARNING) << "received FUNCTIONFS_BIND while already bound?";
-                            running = false;
-                            break;
-                        }
-
-                        if (enabled) {
-                            LOG(WARNING) << "received FUNCTIONFS_BIND while already enabled?";
-                            running = false;
-                            break;
-                        }
-
-                        bound = true;
+                        LOG(FATAL) << "received FUNCTIONFS_BIND after already opened?";
                         break;
 
                     case FUNCTIONFS_ENABLE:
-                        if (!bound) {
-                            LOG(WARNING) << "received FUNCTIONFS_ENABLE while not bound?";
-                            running = false;
-                            break;
-                        }
-
                         if (enabled) {
                             LOG(WARNING) << "received FUNCTIONFS_ENABLE while already enabled?";
                             running = false;
@@ -346,10 +306,6 @@
                         break;
 
                     case FUNCTIONFS_DISABLE:
-                        if (!bound) {
-                            LOG(WARNING) << "received FUNCTIONFS_DISABLE while not bound?";
-                        }
-
                         if (!enabled) {
                             LOG(WARNING) << "received FUNCTIONFS_DISABLE while not enabled?";
                         }
@@ -363,13 +319,40 @@
                             LOG(WARNING) << "received FUNCTIONFS_UNBIND while still enabled?";
                         }
 
-                        if (!bound) {
-                            LOG(WARNING) << "received FUNCTIONFS_UNBIND when not bound?";
-                        }
-
-                        bound = false;
                         running = false;
                         break;
+
+                    case FUNCTIONFS_SETUP: {
+                        LOG(INFO) << "received FUNCTIONFS_SETUP control transfer: bRequestType = "
+                                  << static_cast<int>(event.u.setup.bRequestType)
+                                  << ", bRequest = " << static_cast<int>(event.u.setup.bRequest)
+                                  << ", wValue = " << static_cast<int>(event.u.setup.wValue)
+                                  << ", wIndex = " << static_cast<int>(event.u.setup.wIndex)
+                                  << ", wLength = " << static_cast<int>(event.u.setup.wLength);
+
+                        if ((event.u.setup.bRequestType & USB_DIR_IN)) {
+                            LOG(INFO) << "acking device-to-host control transfer";
+                            ssize_t rc = adb_write(control_fd_->get(), "", 0);
+                            if (rc != 0) {
+                                PLOG(ERROR) << "failed to write empty packet to host";
+                                break;
+                            }
+                        } else {
+                            std::string buf;
+                            buf.resize(event.u.setup.wLength + 1);
+
+                            ssize_t rc = adb_read(control_fd_->get(), buf.data(), buf.size());
+                            if (rc != event.u.setup.wLength) {
+                                LOG(ERROR)
+                                        << "read " << rc
+                                        << " bytes when trying to read control request, expected "
+                                        << event.u.setup.wLength;
+                            }
+
+                            LOG(INFO) << "control request contents: " << buf;
+                            break;
+                        }
+                    }
                 }
             }
 
@@ -394,6 +377,12 @@
                 uint64_t dummy;
                 ssize_t rc = adb_read(worker_event_fd_.get(), &dummy, sizeof(dummy));
                 if (rc == -1) {
+                    if (errno == EINTR) {
+                        // We were interrupted either to stop, or because of a backtrace.
+                        // Check stopped_ again to see if we need to exit.
+                        continue;
+                    }
+
                     PLOG(FATAL) << "failed to read from eventfd";
                 } else if (rc == 0) {
                     LOG(FATAL) << "hit EOF on eventfd";
@@ -430,6 +419,7 @@
         }
 
         worker_thread_.join();
+        worker_started_ = false;
     }
 
     void PrepareReadBlock(IoBlock* block, uint64_t id) {
@@ -647,10 +637,13 @@
     std::once_flag error_flag_;
 
     unique_fd worker_event_fd_;
-    unique_fd monitor_event_fd_;
 
     ScopedAioContext aio_context_;
-    unique_fd control_fd_;
+
+    // We keep a pointer to the control fd, so that we can reuse it to avoid USB reconfiguration,
+    // and still be able to reset it to force a reopen after FUNCTIONFS_UNBIND or running into an
+    // unexpected situation.
+    unique_fd* control_fd_;
     unique_fd read_fd_;
     unique_fd write_fd_;
 
@@ -679,15 +672,16 @@
 static void usb_ffs_open_thread() {
     adb_thread_setname("usb ffs open");
 
+    unique_fd control;
+    unique_fd bulk_out;
+    unique_fd bulk_in;
+
     while (true) {
         if (gFfsAioSupported.has_value() && !gFfsAioSupported.value()) {
             LOG(INFO) << "failed to use nonblocking ffs, falling back to legacy";
             return usb_init_legacy();
         }
 
-        unique_fd control;
-        unique_fd bulk_out;
-        unique_fd bulk_in;
         if (!open_functionfs(&control, &bulk_out, &bulk_in)) {
             std::this_thread::sleep_for(1s);
             continue;
@@ -698,7 +692,7 @@
         std::promise<void> destruction_notifier;
         std::future<void> future = destruction_notifier.get_future();
         transport->SetConnection(std::make_unique<UsbFfsConnection>(
-                std::move(control), std::move(bulk_out), std::move(bulk_in),
+                &control, std::move(bulk_out), std::move(bulk_in),
                 std::move(destruction_notifier)));
         register_transport(transport);
         future.wait();
diff --git a/adb/daemon/usb_ffs.cpp b/adb/daemon/usb_ffs.cpp
index 07b4ba8..1b54022 100644
--- a/adb/daemon/usb_ffs.cpp
+++ b/adb/daemon/usb_ffs.cpp
@@ -37,9 +37,12 @@
 // Number of buffers needed to fit MAX_PAYLOAD, with an extra for ZLPs.
 #define USB_FFS_NUM_BUFS ((4 * MAX_PAYLOAD / USB_FFS_BULK_SIZE) + 1)
 
+#define USB_EXT_PROP_UNICODE 1
+
 #define cpu_to_le16(x) htole16(x)
 #define cpu_to_le32(x) htole32(x)
 
+// clang-format off
 struct func_desc {
     struct usb_interface_descriptor intf;
     struct usb_endpoint_descriptor_no_audio source;
@@ -64,6 +67,34 @@
     struct func_desc fs_descs, hs_descs;
 } __attribute__((packed));
 
+template <size_t PropertyNameLength, size_t PropertyDataLength>
+struct usb_os_desc_ext_prop {
+    uint32_t dwSize = sizeof(*this);
+    uint32_t dwPropertyDataType = cpu_to_le32(USB_EXT_PROP_UNICODE);
+
+    // Property name and value are transmitted as UTF-16, but the kernel only
+    // accepts ASCII values and performs the conversion for us.
+    uint16_t wPropertyNameLength = cpu_to_le16(PropertyNameLength);
+    char bPropertyName[PropertyNameLength];
+
+    uint32_t dwPropertyDataLength = cpu_to_le32(PropertyDataLength);
+    char bProperty[PropertyDataLength];
+} __attribute__((packed));
+
+using usb_os_desc_guid_t = usb_os_desc_ext_prop<20, 39>;
+usb_os_desc_guid_t os_desc_guid = {
+    .bPropertyName = "DeviceInterfaceGUID",
+    .bProperty = "{64379D6C-D531-4BED-BBEC-5A16FC07D6BC}",
+};
+
+struct usb_ext_prop_values {
+    usb_os_desc_guid_t guid;
+} __attribute__((packed));
+
+usb_ext_prop_values os_prop_values = {
+    .guid = os_desc_guid,
+};
+
 struct desc_v2 {
     struct usb_functionfs_descs_head_v2 header;
     // The rest of the structure depends on the flags in the header.
@@ -75,9 +106,10 @@
     struct ss_func_desc ss_descs;
     struct usb_os_desc_header os_header;
     struct usb_ext_compat_desc os_desc;
+    struct usb_os_desc_header os_prop_header;
+    struct usb_ext_prop_values os_prop_values;
 } __attribute__((packed));
 
-// clang-format off
 static struct func_desc fs_descriptors = {
     .intf = {
         .bLength = sizeof(fs_descriptors.intf),
@@ -172,13 +204,13 @@
 struct usb_ext_compat_desc os_desc_compat = {
     .bFirstInterfaceNumber = 0,
     .Reserved1 = cpu_to_le32(1),
-    .CompatibleID = {0},
+    .CompatibleID = { 'W', 'I', 'N', 'U', 'S', 'B', '\0', '\0'},
     .SubCompatibleID = {0},
     .Reserved2 = {0},
 };
 
 static struct usb_os_desc_header os_desc_header = {
-    .interface = cpu_to_le32(1),
+    .interface = cpu_to_le32(0),
     .dwLength = cpu_to_le32(sizeof(os_desc_header) + sizeof(os_desc_compat)),
     .bcdVersion = cpu_to_le32(1),
     .wIndex = cpu_to_le32(4),
@@ -186,6 +218,14 @@
     .Reserved = cpu_to_le32(0),
 };
 
+static struct usb_os_desc_header os_prop_header = {
+    .interface = cpu_to_le32(0),
+    .dwLength = cpu_to_le32(sizeof(os_desc_header) + sizeof(os_prop_values)),
+    .bcdVersion = cpu_to_le32(1),
+    .wIndex = cpu_to_le32(5),
+    .wCount = cpu_to_le16(1),
+};
+
 #define STR_INTERFACE_ "ADB Interface"
 
 static const struct {
@@ -221,12 +261,14 @@
     v2_descriptor.fs_count = 3;
     v2_descriptor.hs_count = 3;
     v2_descriptor.ss_count = 5;
-    v2_descriptor.os_count = 1;
+    v2_descriptor.os_count = 2;
     v2_descriptor.fs_descs = fs_descriptors;
     v2_descriptor.hs_descs = hs_descriptors;
     v2_descriptor.ss_descs = ss_descriptors;
     v2_descriptor.os_header = os_desc_header;
     v2_descriptor.os_desc = os_desc_compat;
+    v2_descriptor.os_prop_header = os_prop_header;
+    v2_descriptor.os_prop_values = os_prop_values;
 
     if (out_control->get() < 0) {  // might have already done this before
         LOG(INFO) << "opening control endpoint " << USB_FFS_ADB_EP0;
@@ -255,8 +297,33 @@
             PLOG(ERROR) << "failed to write USB strings";
             return false;
         }
-        // Signal only when writing the descriptors to ffs
+
+        // Signal init after we've wwritten our descriptors.
         android::base::SetProperty("sys.usb.ffs.ready", "1");
+
+        // Read until we get FUNCTIONFS_BIND from the control endpoint.
+        while (true) {
+            struct usb_functionfs_event event;
+            ssize_t rc = TEMP_FAILURE_RETRY(adb_read(control.get(), &event, sizeof(event)));
+
+            if (rc == -1) {
+                PLOG(FATAL) << "failed to read from FFS control fd";
+            } else if (rc == 0) {
+                LOG(WARNING) << "hit EOF on functionfs control fd during initialization";
+            } else if (rc != sizeof(event)) {
+                LOG(FATAL) << "read functionfs event of unexpected size, expected " << sizeof(event)
+                           << ", got " << rc;
+            }
+
+            if (event.type != FUNCTIONFS_BIND) {
+                LOG(FATAL) << "first read on functionfs control fd returned non-bind: "
+                           << event.type;
+            } else {
+                break;
+            }
+        }
+
+        *out_control = std::move(control);
     }
 
     bulk_out.reset(adb_open(USB_FFS_ADB_OUT, O_RDONLY));
@@ -271,7 +338,6 @@
         return false;
     }
 
-    *out_control = std::move(control);
     *out_bulk_in = std::move(bulk_in);
     *out_bulk_out = std::move(bulk_out);
     return true;
diff --git a/adb/daemon/usb_legacy.cpp b/adb/daemon/usb_legacy.cpp
index b65727a..fe80e7d 100644
--- a/adb/daemon/usb_legacy.cpp
+++ b/adb/daemon/usb_legacy.cpp
@@ -142,11 +142,12 @@
     return orig_len;
 }
 
-static int usb_ffs_read(usb_handle* h, void* data, int len) {
+static int usb_ffs_read(usb_handle* h, void* data, int len, bool allow_partial) {
     D("about to read (fd=%d, len=%d)", h->bulk_out.get(), len);
 
     char* buf = static_cast<char*>(data);
     int orig_len = len;
+    unsigned count = 0;
     while (len > 0) {
         int read_len = std::min(USB_FFS_BULK_SIZE, len);
         int n = adb_read(h->bulk_out, buf, read_len);
@@ -156,6 +157,16 @@
         }
         buf += n;
         len -= n;
+        count += n;
+
+        // For fastbootd command such as "getvar all", len parameter is always set 64.
+        // But what we read is actually less than 64.
+        // For example, length 10 for "getvar all" command.
+        // If we get less data than expected, this means there should be no more data.
+        if (allow_partial && n < read_len) {
+            orig_len = count;
+            break;
+        }
     }
 
     D("[ done fd=%d ]", h->bulk_out.get());
@@ -221,7 +232,7 @@
     }
 }
 
-static int usb_ffs_aio_read(usb_handle* h, void* data, int len) {
+static int usb_ffs_aio_read(usb_handle* h, void* data, int len, bool allow_partial) {
     return usb_ffs_do_aio(h, data, len, true);
 }
 
@@ -299,7 +310,7 @@
 }
 
 int usb_read(usb_handle* h, void* data, int len) {
-    return h->read(h, data, len);
+    return h->read(h, data, len, false /* allow_partial */);
 }
 
 int usb_close(usb_handle* h) {
diff --git a/adb/sysdeps_win32.cpp b/adb/sysdeps_win32.cpp
index 886ded4..f86cd03 100644
--- a/adb/sysdeps_win32.cpp
+++ b/adb/sysdeps_win32.cpp
@@ -2606,7 +2606,9 @@
 extern "C" int wmain(int argc, wchar_t **argv) {
     // Convert args from UTF-16 to UTF-8 and pass that to main().
     NarrowArgs narrow_args(argc, argv);
-    return main(argc, narrow_args.data());
+
+    // Avoid destructing NarrowArgs: argv might have been mutated to point to string literals.
+    _exit(main(argc, narrow_args.data()));
 }
 
 // Shadow UTF-8 environment variable name/value pairs that are created from
diff --git a/base/Android.bp b/base/Android.bp
index 340f814..25a9f68 100644
--- a/base/Android.bp
+++ b/base/Android.bp
@@ -131,6 +131,7 @@
         "cmsg_test.cpp",
         "endian_test.cpp",
         "errors_test.cpp",
+        "expected_test.cpp",
         "file_test.cpp",
         "logging_test.cpp",
         "macros_test.cpp",
@@ -140,6 +141,7 @@
         "parsenetaddress_test.cpp",
         "properties_test.cpp",
         "quick_exit_test.cpp",
+        "result_test.cpp",
         "scopeguard_test.cpp",
         "stringprintf_test.cpp",
         "strings_test.cpp",
diff --git a/base/expected_test.cpp b/base/expected_test.cpp
new file mode 100644
index 0000000..a74bc1d
--- /dev/null
+++ b/base/expected_test.cpp
@@ -0,0 +1,894 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "android-base/expected.h"
+
+#include <cstdio>
+#include <memory>
+#include <string>
+
+#include <gtest/gtest.h>
+
+using android::base::expected;
+using android::base::unexpected;
+
+typedef expected<int, int> exp_int;
+typedef expected<double, double> exp_double;
+typedef expected<std::string, std::string> exp_string;
+typedef expected<std::pair<std::string, int>, int> exp_pair;
+typedef expected<void, int> exp_void;
+
+struct T {
+  int a;
+  int b;
+  T() = default;
+  T(int a, int b) noexcept : a(a), b(b) {}
+};
+bool operator==(const T& x, const T& y) {
+  return x.a == y.a && x.b == y.b;
+}
+bool operator!=(const T& x, const T& y) {
+  return x.a != y.a || x.b != y.b;
+}
+
+struct E {
+    std::string message;
+    int cause;
+    E(const std::string& message, int cause) : message(message), cause(cause) {}
+};
+
+typedef expected<T,E> exp_complex;
+
+TEST(Expected, testDefaultConstructible) {
+  exp_int e;
+  EXPECT_TRUE(e.has_value());
+  EXPECT_EQ(0, e.value());
+
+  exp_complex e2;
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ(T(0,0), e2.value());
+
+  exp_void e3;
+  EXPECT_TRUE(e3.has_value());
+}
+
+TEST(Expected, testCopyConstructible) {
+  exp_int e;
+  exp_int e2 = e;
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ(0, e.value());
+  EXPECT_EQ(0, e2.value());
+
+  exp_void e3;
+  exp_void e4 = e3;
+  EXPECT_TRUE(e3.has_value());
+  EXPECT_TRUE(e4.has_value());
+}
+
+TEST(Expected, testMoveConstructible) {
+  exp_int e;
+  exp_int e2 = std::move(e);
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ(0, e.value());
+  EXPECT_EQ(0, e2.value());
+
+  exp_string e3(std::string("hello"));
+  exp_string e4 = std::move(e3);
+
+  EXPECT_TRUE(e3.has_value());
+  EXPECT_TRUE(e4.has_value());
+  EXPECT_EQ("", e3.value()); // e3 is moved
+  EXPECT_EQ("hello", e4.value());
+
+  exp_void e5;
+  exp_void e6 = std::move(e5);
+  EXPECT_TRUE(e5.has_value());
+  EXPECT_TRUE(e6.has_value());
+}
+
+TEST(Expected, testCopyConstructibleFromConvertibleType) {
+  exp_double e = 3.3f;
+  exp_int e2 = e;
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ(3.3f, e.value());
+  EXPECT_EQ(3, e2.value());
+}
+
+TEST(Expected, testMoveConstructibleFromConvertibleType) {
+  exp_double e = 3.3f;
+  exp_int e2 = std::move(e);
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ(3.3f, e.value());
+  EXPECT_EQ(3, e2.value());
+}
+
+TEST(Expected, testConstructibleFromValue) {
+  exp_int e = 3;
+  exp_double e2 = 5.5f;
+  exp_string e3 = std::string("hello");
+  exp_complex e4 = T(10, 20);
+  exp_void e5 = {};
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_TRUE(e3.has_value());
+  EXPECT_TRUE(e4.has_value());
+  EXPECT_TRUE(e5.has_value());
+  EXPECT_EQ(3, e.value());
+  EXPECT_EQ(5.5f, e2.value());
+  EXPECT_EQ("hello", e3.value());
+  EXPECT_EQ(T(10,20), e4.value());
+}
+
+TEST(Expected, testConstructibleFromMovedValue) {
+  std::string hello = "hello";
+  exp_string e = std::move(hello);
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_EQ("hello", e.value());
+  EXPECT_EQ("", hello);
+}
+
+TEST(Expected, testConstructibleFromConvertibleValue) {
+  exp_int e = 3.3f; // double to int
+  exp_string e2 = "hello"; // char* to std::string
+  EXPECT_TRUE(e.has_value());
+  EXPECT_EQ(3, e.value());
+
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ("hello", e2.value());
+}
+
+TEST(Expected, testConstructibleFromUnexpected) {
+  exp_int::unexpected_type unexp = unexpected(10);
+  exp_int e = unexp;
+
+  exp_double::unexpected_type unexp2 = unexpected(10.5f);
+  exp_double e2 = unexp2;
+
+  exp_string::unexpected_type unexp3 = unexpected(std::string("error"));
+  exp_string e3 = unexp3;
+
+  exp_void::unexpected_type unexp4 = unexpected(10);
+  exp_void e4 = unexp4;
+
+  EXPECT_FALSE(e.has_value());
+  EXPECT_FALSE(e2.has_value());
+  EXPECT_FALSE(e3.has_value());
+  EXPECT_FALSE(e4.has_value());
+  EXPECT_EQ(10, e.error());
+  EXPECT_EQ(10.5f, e2.error());
+  EXPECT_EQ("error", e3.error());
+  EXPECT_EQ(10, e4.error());
+}
+
+TEST(Expected, testMoveConstructibleFromUnexpected) {
+  exp_int e = unexpected(10);
+  exp_double e2 = unexpected(10.5f);
+  exp_string e3 = unexpected(std::string("error"));
+  exp_void e4 = unexpected(10);
+
+  EXPECT_FALSE(e.has_value());
+  EXPECT_FALSE(e2.has_value());
+  EXPECT_FALSE(e3.has_value());
+  EXPECT_FALSE(e4.has_value());
+  EXPECT_EQ(10, e.error());
+  EXPECT_EQ(10.5f, e2.error());
+  EXPECT_EQ("error", e3.error());
+  EXPECT_EQ(10, e4.error());
+}
+
+TEST(Expected, testConstructibleByForwarding) {
+  exp_string e(std::in_place, 5, 'a');
+  EXPECT_TRUE(e.has_value());
+  EXPECT_EQ("aaaaa", e.value());
+
+  exp_string e2({'a', 'b', 'c'});
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ("abc", e2.value());
+
+  exp_pair e3({"hello", 30});
+  EXPECT_TRUE(e3.has_value());
+  EXPECT_EQ("hello",e3->first);
+  EXPECT_EQ(30,e3->second);
+
+  exp_void e4({});
+  EXPECT_TRUE(e4.has_value());
+}
+
+TEST(Expected, testDestructible) {
+  bool destroyed = false;
+  struct T {
+    bool* flag_;
+    T(bool* flag) : flag_(flag) {}
+    ~T() { *flag_ = true; }
+  };
+  {
+    expected<T, int> exp = T(&destroyed);
+  }
+  EXPECT_TRUE(destroyed);
+}
+
+TEST(Expected, testAssignable) {
+  exp_int e = 10;
+  exp_int e2 = 20;
+  e = e2;
+
+  EXPECT_EQ(20, e.value());
+  EXPECT_EQ(20, e2.value());
+
+  exp_int e3 = 10;
+  exp_int e4 = 20;
+  e3 = std::move(e4);
+
+  EXPECT_EQ(20, e3.value());
+  EXPECT_EQ(20, e4.value());
+
+  exp_void e5 = unexpected(10);
+  ASSERT_FALSE(e5.has_value());
+  exp_void e6;
+  e5 = e6;
+
+  EXPECT_TRUE(e5.has_value());
+  EXPECT_TRUE(e6.has_value());
+}
+
+TEST(Expected, testAssignableFromValue) {
+  exp_int e = 10;
+  e = 20;
+  EXPECT_EQ(20, e.value());
+
+  exp_double e2 = 3.5f;
+  e2 = 10.5f;
+  EXPECT_EQ(10.5f, e2.value());
+
+  exp_string e3 = "hello";
+  e3 = "world";
+  EXPECT_EQ("world", e3.value());
+
+  exp_void e4 = unexpected(10);
+  ASSERT_FALSE(e4.has_value());
+  e4 = {};
+  EXPECT_TRUE(e4.has_value());
+}
+
+TEST(Expected, testAssignableFromUnexpected) {
+  exp_int e = 10;
+  e = unexpected(30);
+  EXPECT_FALSE(e.has_value());
+  EXPECT_EQ(30, e.error());
+
+  exp_double e2 = 3.5f;
+  e2 = unexpected(10.5f);
+  EXPECT_FALSE(e2.has_value());
+  EXPECT_EQ(10.5f, e2.error());
+
+  exp_string e3 = "hello";
+  e3 = unexpected("world");
+  EXPECT_FALSE(e3.has_value());
+  EXPECT_EQ("world", e3.error());
+
+  exp_void e4 = {};
+  e4 = unexpected(10);
+  EXPECT_FALSE(e4.has_value());
+  EXPECT_EQ(10, e4.error());
+}
+
+TEST(Expected, testAssignableFromMovedValue) {
+  std::string world = "world";
+  exp_string e = "hello";
+  e = std::move(world);
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_EQ("world", e.value());
+  EXPECT_EQ("", world);
+}
+
+TEST(Expected, testAssignableFromMovedUnexpected) {
+  std::string world = "world";
+  exp_string e = "hello";
+  e = unexpected(std::move(world));
+
+  EXPECT_FALSE(e.has_value());
+  EXPECT_EQ("world", e.error());
+  EXPECT_EQ("", world);
+}
+
+TEST(Expected, testEmplace) {
+  struct T {
+    int a;
+    double b;
+    T() {}
+    T(int a, double b) noexcept : a(a), b(b) {}
+  };
+  expected<T, int> exp;
+  T& t = exp.emplace(3, 10.5f);
+
+  EXPECT_TRUE(exp.has_value());
+  EXPECT_EQ(3, t.a);
+  EXPECT_EQ(10.5f, t.b);
+  EXPECT_EQ(3, exp.value().a);
+  EXPECT_EQ(10.5, exp.value().b);
+
+  exp_void e = unexpected(10);
+  ASSERT_FALSE(e.has_value());
+  e.emplace();
+  EXPECT_TRUE(e.has_value());
+}
+
+TEST(Expected, testSwapExpectedExpected) {
+  exp_int e = 10;
+  exp_int e2 = 20;
+  e.swap(e2);
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ(20, e.value());
+  EXPECT_EQ(10, e2.value());
+
+  exp_void e3;
+  exp_void e4;
+  e3.swap(e4);
+
+  EXPECT_TRUE(e3.has_value());
+  EXPECT_TRUE(e4.has_value());
+}
+
+TEST(Expected, testSwapUnexpectedUnexpected) {
+  exp_int e = unexpected(10);
+  exp_int e2 = unexpected(20);
+  e.swap(e2);
+  EXPECT_FALSE(e.has_value());
+  EXPECT_FALSE(e2.has_value());
+  EXPECT_EQ(20, e.error());
+  EXPECT_EQ(10, e2.error());
+
+  exp_void e3 = unexpected(10);
+  exp_void e4 = unexpected(20);
+  e3.swap(e4);
+  EXPECT_FALSE(e3.has_value());
+  EXPECT_FALSE(e4.has_value());
+  EXPECT_EQ(20, e3.error());
+  EXPECT_EQ(10, e4.error());
+}
+
+TEST(Expected, testSwapExpectedUnepected) {
+  exp_int e = 10;
+  exp_int e2 = unexpected(30);
+  e.swap(e2);
+  EXPECT_FALSE(e.has_value());
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ(30, e.error());
+  EXPECT_EQ(10, e2.value());
+
+  exp_void e3;
+  exp_void e4 = unexpected(10);
+  e3.swap(e4);
+  EXPECT_FALSE(e3.has_value());
+  EXPECT_TRUE(e4.has_value());
+  EXPECT_EQ(10, e3.error());
+}
+
+TEST(Expected, testDereference) {
+  struct T {
+    int a;
+    double b;
+    T() {}
+    T(int a, double b) : a(a), b(b) {}
+  };
+  expected<T, int> exp = T(3, 10.5f);
+
+  EXPECT_EQ(3, exp->a);
+  EXPECT_EQ(10.5f, exp->b);
+
+  EXPECT_EQ(3, (*exp).a);
+  EXPECT_EQ(10.5f, (*exp).b);
+}
+
+TEST(Expected, testTest) {
+  exp_int e = 10;
+  EXPECT_TRUE(e);
+  EXPECT_TRUE(e.has_value());
+
+  exp_int e2 = unexpected(10);
+  EXPECT_FALSE(e2);
+  EXPECT_FALSE(e2.has_value());
+}
+
+TEST(Expected, testGetValue) {
+  exp_int e = 10;
+  EXPECT_EQ(10, e.value());
+  EXPECT_EQ(10, e.value_or(20));
+
+  exp_int e2 = unexpected(10);
+  EXPECT_EQ(10, e2.error());
+  EXPECT_EQ(20, e2.value_or(20));
+}
+
+TEST(Expected, testSameValues) {
+  exp_int e = 10;
+  exp_int e2 = 10;
+  EXPECT_TRUE(e == e2);
+  EXPECT_TRUE(e2 == e);
+  EXPECT_FALSE(e != e2);
+  EXPECT_FALSE(e2 != e);
+
+  exp_void e3;
+  exp_void e4;
+  EXPECT_TRUE(e3 == e4);
+  EXPECT_TRUE(e4 == e3);
+  EXPECT_FALSE(e3 != e4);
+  EXPECT_FALSE(e4 != e3);
+}
+
+TEST(Expected, testDifferentValues) {
+  exp_int e = 10;
+  exp_int e2 = 20;
+  EXPECT_FALSE(e == e2);
+  EXPECT_FALSE(e2 == e);
+  EXPECT_TRUE(e != e2);
+  EXPECT_TRUE(e2 != e);
+}
+
+TEST(Expected, testValueWithError) {
+  exp_int e = 10;
+  exp_int e2 = unexpected(10);
+  EXPECT_FALSE(e == e2);
+  EXPECT_FALSE(e2 == e);
+  EXPECT_TRUE(e != e2);
+  EXPECT_TRUE(e2 != e);
+
+  exp_void e3;
+  exp_void e4 = unexpected(10);
+  EXPECT_FALSE(e3 == e4);
+  EXPECT_FALSE(e4 == e3);
+  EXPECT_TRUE(e3 != e4);
+  EXPECT_TRUE(e4 != e3);
+}
+
+TEST(Expected, testSameErrors) {
+  exp_int e = unexpected(10);
+  exp_int e2 = unexpected(10);
+  EXPECT_TRUE(e == e2);
+  EXPECT_TRUE(e2 == e);
+  EXPECT_FALSE(e != e2);
+  EXPECT_FALSE(e2 != e);
+
+  exp_void e3 = unexpected(10);
+  exp_void e4 = unexpected(10);
+  EXPECT_TRUE(e3 == e4);
+  EXPECT_TRUE(e4 == e3);
+  EXPECT_FALSE(e3 != e4);
+  EXPECT_FALSE(e4 != e3);
+}
+
+TEST(Expected, testDifferentErrors) {
+  exp_int e = unexpected(10);
+  exp_int e2 = unexpected(20);
+  EXPECT_FALSE(e == e2);
+  EXPECT_FALSE(e2 == e);
+  EXPECT_TRUE(e != e2);
+  EXPECT_TRUE(e2 != e);
+
+  exp_void e3 = unexpected(10);
+  exp_void e4 = unexpected(20);
+  EXPECT_FALSE(e3 == e4);
+  EXPECT_FALSE(e4 == e3);
+  EXPECT_TRUE(e3 != e4);
+  EXPECT_TRUE(e4 != e3);
+}
+
+TEST(Expected, testCompareWithSameValue) {
+  exp_int e = 10;
+  int value = 10;
+  EXPECT_TRUE(e == value);
+  EXPECT_TRUE(value == e);
+  EXPECT_FALSE(e != value);
+  EXPECT_FALSE(value != e);
+}
+
+TEST(Expected, testCompareWithDifferentValue) {
+  exp_int e = 10;
+  int value = 20;
+  EXPECT_FALSE(e == value);
+  EXPECT_FALSE(value == e);
+  EXPECT_TRUE(e != value);
+  EXPECT_TRUE(value != e);
+}
+
+TEST(Expected, testCompareWithSameError) {
+  exp_int e = unexpected(10);
+  exp_int::unexpected_type error = 10;
+  EXPECT_TRUE(e == error);
+  EXPECT_TRUE(error == e);
+  EXPECT_FALSE(e != error);
+  EXPECT_FALSE(error != e);
+
+  exp_void e2 = unexpected(10);
+  exp_void::unexpected_type error2 = 10;
+  EXPECT_TRUE(e2 == error2);
+  EXPECT_TRUE(error2 == e2);
+  EXPECT_FALSE(e2 != error2);
+  EXPECT_FALSE(error2 != e2);
+}
+
+TEST(Expected, testCompareWithDifferentError) {
+  exp_int e = unexpected(10);
+  exp_int::unexpected_type error = 20;
+  EXPECT_FALSE(e == error);
+  EXPECT_FALSE(error == e);
+  EXPECT_TRUE(e != error);
+  EXPECT_TRUE(error != e);
+
+  exp_void e2 = unexpected(10);
+  exp_void::unexpected_type error2 = 20;
+  EXPECT_FALSE(e2 == error2);
+  EXPECT_FALSE(error2 == e2);
+  EXPECT_TRUE(e2 != error2);
+  EXPECT_TRUE(error2 != e2);
+}
+
+TEST(Expected, testCompareDifferentType) {
+  expected<int,int> e = 10;
+  expected<int32_t, int> e2 = 10;
+  EXPECT_TRUE(e == e2);
+  e2 = 20;
+  EXPECT_FALSE(e == e2);
+
+  expected<std::string_view,int> e3 = "hello";
+  expected<std::string,int> e4 = "hello";
+  EXPECT_TRUE(e3 == e4);
+  e4 = "world";
+  EXPECT_FALSE(e3 == e4);
+
+  expected<void,int> e5;
+  expected<int,int> e6 = 10;
+  EXPECT_FALSE(e5 == e6);
+  EXPECT_FALSE(e6 == e5);
+}
+
+TEST(Expected, testDivideExample) {
+  struct QR {
+    int quotient;
+    int remainder;
+    QR(int q, int r) noexcept : quotient(q), remainder(r) {}
+    bool operator==(const QR& rhs) const {
+      return quotient == rhs.quotient && remainder == rhs.remainder;
+    }
+    bool operator!=(const QR& rhs) const {
+      return quotient != rhs.quotient || remainder == rhs.remainder;
+    }
+  };
+
+  auto divide = [](int x, int y) -> expected<QR,E> {
+    if (y == 0) {
+      return unexpected(E("divide by zero", -1));
+    } else {
+      return QR(x / y, x % y);
+    }
+  };
+
+  EXPECT_FALSE(divide(10, 0));
+  EXPECT_EQ("divide by zero", divide(10, 0).error().message);
+  EXPECT_EQ(-1, divide(10, 0).error().cause);
+
+  EXPECT_TRUE(divide(10, 3));
+  EXPECT_EQ(QR(3, 1), divide(10, 3));
+}
+
+TEST(Expected, testPair) {
+  auto test = [](bool yes) -> exp_pair {
+    if (yes) {
+      return exp_pair({"yes", 42});
+    } else {
+      return unexpected(42);
+    }
+  };
+
+  auto r = test(true);
+  EXPECT_TRUE(r);
+  EXPECT_EQ("yes", r->first);
+}
+
+TEST(Expected, testVoid) {
+  auto test = [](bool ok) -> exp_void {
+    if (ok) {
+      return {};
+    } else {
+      return unexpected(10);
+    }
+  };
+
+  auto r = test(true);
+  EXPECT_TRUE(r);
+  r = test(false);
+  EXPECT_FALSE(r);
+  EXPECT_EQ(10, r.error());
+}
+
+// copied from result_test.cpp
+struct ConstructorTracker {
+  static size_t constructor_called;
+  static size_t copy_constructor_called;
+  static size_t move_constructor_called;
+  static size_t copy_assignment_called;
+  static size_t move_assignment_called;
+
+  template <typename T,
+    typename std::enable_if_t<std::is_convertible_v<T, std::string>>* = nullptr>
+  ConstructorTracker(T&& string) : string(string) {
+    ++constructor_called;
+  }
+  ConstructorTracker(const ConstructorTracker& ct) {
+    ++copy_constructor_called;
+    string = ct.string;
+  }
+  ConstructorTracker(ConstructorTracker&& ct) noexcept {
+    ++move_constructor_called;
+    string = std::move(ct.string);
+  }
+  ConstructorTracker& operator=(const ConstructorTracker& ct) {
+    ++copy_assignment_called;
+    string = ct.string;
+    return *this;
+  }
+  ConstructorTracker& operator=(ConstructorTracker&& ct) noexcept {
+    ++move_assignment_called;
+    string = std::move(ct.string);
+    return *this;
+  }
+  static void Reset() {
+    constructor_called = 0;
+    copy_constructor_called = 0;
+    move_constructor_called = 0;
+    copy_assignment_called = 0;
+    move_assignment_called = 0;
+  }
+  std::string string;
+};
+
+size_t ConstructorTracker::constructor_called = 0;
+size_t ConstructorTracker::copy_constructor_called = 0;
+size_t ConstructorTracker::move_constructor_called = 0;
+size_t ConstructorTracker::copy_assignment_called = 0;
+size_t ConstructorTracker::move_assignment_called = 0;
+
+typedef expected<ConstructorTracker, int> exp_track;
+
+TEST(Expected, testNumberOfCopies) {
+  // default constructor
+  ConstructorTracker::Reset();
+  exp_track e("hello");
+  EXPECT_EQ(1U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  // copy constructor
+  ConstructorTracker::Reset();
+  exp_track e2 = e;
+  EXPECT_EQ(0U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(1U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  // move constructor
+  ConstructorTracker::Reset();
+  exp_track e3 = std::move(e);
+  EXPECT_EQ(0U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(1U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  // construct from lvalue
+  ConstructorTracker::Reset();
+  ConstructorTracker ct = "hello";
+  exp_track e4(ct);
+  EXPECT_EQ(1U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(1U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  // construct from rvalue
+  ConstructorTracker::Reset();
+  ConstructorTracker ct2 = "hello";
+  exp_track e5(std::move(ct2));
+  EXPECT_EQ(1U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(1U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  // copy assignment
+  ConstructorTracker::Reset();
+  exp_track e6 = "hello";
+  exp_track e7 = "world";
+  e7 = e6;
+  EXPECT_EQ(2U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(1U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  // move assignment
+  ConstructorTracker::Reset();
+  exp_track e8 = "hello";
+  exp_track e9 = "world";
+  e9 = std::move(e8);
+  EXPECT_EQ(2U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(1U, ConstructorTracker::move_assignment_called);
+
+  // swap
+  ConstructorTracker::Reset();
+  exp_track e10 = "hello";
+  exp_track e11 = "world";
+  std::swap(e10, e11);
+  EXPECT_EQ(2U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(1U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(2U, ConstructorTracker::move_assignment_called);
+}
+
+TEST(Expected, testNoCopyOnReturn) {
+  auto test = [](const std::string& in) -> exp_track {
+    if (in.empty()) {
+      return "literal string";
+    }
+    if (in == "test2") {
+      return ConstructorTracker(in + in + "2");
+    }
+    ConstructorTracker result(in + " " + in);
+    return result;
+  };
+
+  ConstructorTracker::Reset();
+  auto result1 = test("");
+  ASSERT_TRUE(result1);
+  EXPECT_EQ("literal string", result1->string);
+  EXPECT_EQ(1U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  ConstructorTracker::Reset();
+  auto result2 = test("test2");
+  ASSERT_TRUE(result2);
+  EXPECT_EQ("test2test22", result2->string);
+  EXPECT_EQ(1U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(1U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  ConstructorTracker::Reset();
+  auto result3 = test("test3");
+  ASSERT_TRUE(result3);
+  EXPECT_EQ("test3 test3", result3->string);
+  EXPECT_EQ(1U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(1U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+}
+
+TEST(Expected, testNested) {
+  expected<exp_string, std::string> e = "hello";
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_TRUE(e.value().has_value());
+  EXPECT_TRUE(e);
+  EXPECT_TRUE(*e);
+  EXPECT_EQ("hello", e.value().value());
+
+  expected<exp_string, std::string> e2 = unexpected("world");
+  EXPECT_FALSE(e2.has_value());
+  EXPECT_FALSE(e2);
+  EXPECT_EQ("world", e2.error());
+
+  expected<exp_string, std::string> e3 = exp_string(unexpected("world"));
+  EXPECT_TRUE(e3.has_value());
+  EXPECT_FALSE(e3.value().has_value());
+  EXPECT_TRUE(e3);
+  EXPECT_FALSE(*e3);
+  EXPECT_EQ("world", e3.value().error());
+}
+
+constexpr bool equals(const char* a, const char* b) {
+  return (a == nullptr && b == nullptr) ||
+      (a != nullptr && b != nullptr && *a == *b &&
+       (*a == '\0' || equals(a + 1, b + 1)));
+}
+
+TEST(Expected, testConstexpr) {
+  // Compliation error will occur if these expressions can't be
+  // evaluated at compile time
+  constexpr exp_int e(3);
+  constexpr exp_int::unexpected_type err(3);
+  constexpr int i = 4;
+
+  // default constructor
+  static_assert(exp_int().value() == 0);
+  // copy constructor
+  static_assert(exp_int(e).value() == 3);
+  // move constructor
+  static_assert(exp_int(exp_int(4)).value() == 4);
+  // copy construct from value
+  static_assert(exp_int(i).value() == 4);
+  // copy construct from unexpected
+  static_assert(exp_int(err).error() == 3);
+  // move costruct from unexpected
+  static_assert(exp_int(unexpected(3)).error() == 3);
+  // observers
+  static_assert(*exp_int(3) == 3);
+  static_assert(exp_int(3).has_value() == true);
+  static_assert(exp_int(3).value_or(4) == 3);
+
+  typedef expected<const char*, int> exp_s;
+  constexpr exp_s s("hello");
+  constexpr const char* c = "hello";
+  static_assert(equals(exp_s().value(), nullptr));
+  static_assert(equals(exp_s(s).value(), "hello"));
+  static_assert(equals(exp_s(exp_s("hello")).value(), "hello"));
+  static_assert(equals(exp_s("hello").value(), "hello"));
+  static_assert(equals(exp_s(c).value(), "hello"));
+}
+
+TEST(Expected, testWithNonConstructible) {
+   struct AssertNotConstructed {
+     AssertNotConstructed() = delete;
+   };
+
+   expected<int, AssertNotConstructed> v(42);
+   EXPECT_TRUE(v.has_value());
+   EXPECT_EQ(42, v.value());
+
+   expected<AssertNotConstructed, int> e(unexpected(42));
+   EXPECT_FALSE(e.has_value());
+   EXPECT_EQ(42, e.error());
+}
+
+TEST(Expected, testWithMoveOnlyType) {
+  typedef expected<std::unique_ptr<int>,std::unique_ptr<int>> exp_ptr;
+  exp_ptr e(std::make_unique<int>(3));
+  exp_ptr e2(unexpected(std::make_unique<int>(4)));
+
+  EXPECT_TRUE(e.has_value());
+  EXPECT_FALSE(e2.has_value());
+  EXPECT_EQ(3, *(e.value()));
+  EXPECT_EQ(4, *(e2.error()));
+
+  e2 = std::move(e);
+  EXPECT_TRUE(e.has_value());
+  EXPECT_TRUE(e2.has_value());
+  EXPECT_EQ(3, *(e2.value()));
+}
diff --git a/base/include/android-base/expected.h b/base/include/android-base/expected.h
new file mode 100644
index 0000000..08c9fb5
--- /dev/null
+++ b/base/include/android-base/expected.h
@@ -0,0 +1,784 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <algorithm>
+#include <initializer_list>
+#include <type_traits>
+#include <utility>
+#include <variant>
+
+// android::base::expected is an Android implementation of the std::expected
+// proposal.
+// http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p0323r7.html
+//
+// Usage:
+// using android::base::expected;
+// using android::base::unexpected;
+//
+// expected<double,std::string> safe_divide(double i, double j) {
+//   if (j == 0) return unexpected("divide by zero");
+//   else return i / j;
+// }
+//
+// void test() {
+//   auto q = safe_divide(10, 0);
+//   if (q) { printf("%f\n", q.value()); }
+//   else { printf("%s\n", q.error().c_str()); }
+// }
+//
+// When the proposal becomes part of the standard and is implemented by
+// libcxx, this will be removed and android::base::expected will be
+// type alias to std::expected.
+//
+
+namespace android {
+namespace base {
+
+// Synopsis
+template<class T, class E>
+    class expected;
+
+template<class E>
+    class unexpected;
+template<class E>
+  unexpected(E) -> unexpected<E>;
+
+template<class E>
+   class bad_expected_access;
+
+template<>
+   class bad_expected_access<void>;
+
+struct unexpect_t {
+   explicit unexpect_t() = default;
+};
+inline constexpr unexpect_t unexpect{};
+
+// macros for SFINAE
+#define _ENABLE_IF(...) \
+  , std::enable_if_t<(__VA_ARGS__)>* = nullptr
+
+// Define NODISCARD_EXPECTED to prevent expected<T,E> from being
+// ignored when used as a return value. This is off by default.
+#ifdef NODISCARD_EXPECTED
+#define _NODISCARD_ [[nodiscard]]
+#else
+#define _NODISCARD_
+#endif
+
+namespace {
+template< class T >
+struct remove_cvref {
+  typedef std::remove_cv_t<std::remove_reference_t<T>> type;
+};
+template< class T >
+using remove_cvref_t = typename remove_cvref<T>::type;
+} // namespace
+
+// Class expected
+template<class T, class E>
+class _NODISCARD_ expected {
+ public:
+  using value_type = T;
+  using error_type = E;
+  using unexpected_type = unexpected<E>;
+
+  template<class U>
+  using rebind = expected<U, error_type>;
+
+  // constructors
+  constexpr expected() = default;
+  constexpr expected(const expected& rhs) = default;
+  constexpr expected(expected&& rhs) noexcept = default;
+
+  template<class U, class G _ENABLE_IF(
+    std::is_constructible_v<T, const U&> &&
+    std::is_constructible_v<E, const G&> &&
+    !std::is_constructible_v<T, expected<U, G>&> &&
+    !std::is_constructible_v<T, expected<U, G>&&> &&
+    !std::is_constructible_v<T, const expected<U, G>&> &&
+    !std::is_constructible_v<T, const expected<U, G>&&> &&
+    !std::is_convertible_v<expected<U, G>&, T> &&
+    !std::is_convertible_v<expected<U, G>&&, T> &&
+    !std::is_convertible_v<const expected<U, G>&, T> &&
+    !std::is_convertible_v<const expected<U, G>&&, T> &&
+    !(!std::is_convertible_v<const U&, T> ||
+     !std::is_convertible_v<const G&, E>) /* non-explicit */
+  )>
+  constexpr expected(const expected<U, G>& rhs) {
+    if (rhs.has_value()) var_ = rhs.value();
+    else var_ = unexpected(rhs.error());
+  }
+
+  template<class U, class G _ENABLE_IF(
+    std::is_constructible_v<T, const U&> &&
+    std::is_constructible_v<E, const G&> &&
+    !std::is_constructible_v<T, expected<U, G>&> &&
+    !std::is_constructible_v<T, expected<U, G>&&> &&
+    !std::is_constructible_v<T, const expected<U, G>&> &&
+    !std::is_constructible_v<T, const expected<U, G>&&> &&
+    !std::is_convertible_v<expected<U, G>&, T> &&
+    !std::is_convertible_v<expected<U, G>&&, T> &&
+    !std::is_convertible_v<const expected<U, G>&, T> &&
+    !std::is_convertible_v<const expected<U, G>&&, T> &&
+    (!std::is_convertible_v<const U&, T> ||
+     !std::is_convertible_v<const G&, E>) /* explicit */
+  )>
+  constexpr explicit expected(const expected<U, G>& rhs) {
+    if (rhs.has_value()) var_ = rhs.value();
+    else var_ = unexpected(rhs.error());
+  }
+
+  template<class U, class G _ENABLE_IF(
+    std::is_constructible_v<T, const U&> &&
+    std::is_constructible_v<E, const G&> &&
+    !std::is_constructible_v<T, expected<U, G>&> &&
+    !std::is_constructible_v<T, expected<U, G>&&> &&
+    !std::is_constructible_v<T, const expected<U, G>&> &&
+    !std::is_constructible_v<T, const expected<U, G>&&> &&
+    !std::is_convertible_v<expected<U, G>&, T> &&
+    !std::is_convertible_v<expected<U, G>&&, T> &&
+    !std::is_convertible_v<const expected<U, G>&, T> &&
+    !std::is_convertible_v<const expected<U, G>&&, T> &&
+    !(!std::is_convertible_v<const U&, T> ||
+     !std::is_convertible_v<const G&, E>) /* non-explicit */
+  )>
+  constexpr expected(expected<U, G>&& rhs) {
+    if (rhs.has_value()) var_ = std::move(rhs.value());
+    else var_ = unexpected(std::move(rhs.error()));
+  }
+
+  template<class U, class G _ENABLE_IF(
+    std::is_constructible_v<T, const U&> &&
+    std::is_constructible_v<E, const G&> &&
+    !std::is_constructible_v<T, expected<U, G>&> &&
+    !std::is_constructible_v<T, expected<U, G>&&> &&
+    !std::is_constructible_v<T, const expected<U, G>&> &&
+    !std::is_constructible_v<T, const expected<U, G>&&> &&
+    !std::is_convertible_v<expected<U, G>&, T> &&
+    !std::is_convertible_v<expected<U, G>&&, T> &&
+    !std::is_convertible_v<const expected<U, G>&, T> &&
+    !std::is_convertible_v<const expected<U, G>&&, T> &&
+    (!std::is_convertible_v<const U&, T> ||
+     !std::is_convertible_v<const G&, E>) /* explicit */
+  )>
+  constexpr explicit expected(expected<U, G>&& rhs) {
+    if (rhs.has_value()) var_ = std::move(rhs.value());
+    else var_ = unexpected(std::move(rhs.error()));
+  }
+
+  template<class U = T _ENABLE_IF(
+    std::is_constructible_v<T, U&&> &&
+    !std::is_same_v<remove_cvref_t<U>, std::in_place_t> &&
+    !std::is_same_v<expected<T, E>, remove_cvref_t<U>> &&
+    !std::is_same_v<unexpected<E>, remove_cvref_t<U>> &&
+    std::is_convertible_v<U&&,T> /* non-explicit */
+  )>
+  constexpr expected(U&& v)
+  : var_(std::in_place_index<0>, std::forward<U>(v)) {}
+
+  template<class U = T _ENABLE_IF(
+    std::is_constructible_v<T, U&&> &&
+    !std::is_same_v<remove_cvref_t<U>, std::in_place_t> &&
+    !std::is_same_v<expected<T, E>, remove_cvref_t<U>> &&
+    !std::is_same_v<unexpected<E>, remove_cvref_t<U>> &&
+    !std::is_convertible_v<U&&,T> /* explicit */
+  )>
+  constexpr explicit expected(U&& v)
+  : var_(std::in_place_index<0>, T(std::forward<U>(v))) {}
+
+  template<class G = E _ENABLE_IF(
+    std::is_constructible_v<E, const G&> &&
+    std::is_convertible_v<const G&, E> /* non-explicit */
+  )>
+  constexpr expected(const unexpected<G>& e)
+  : var_(std::in_place_index<1>, e.value()) {}
+
+  template<class G = E _ENABLE_IF(
+    std::is_constructible_v<E, const G&> &&
+    !std::is_convertible_v<const G&, E> /* explicit */
+  )>
+  constexpr explicit expected(const unexpected<G>& e)
+  : var_(std::in_place_index<1>, E(e.value())) {}
+
+  template<class G = E _ENABLE_IF(
+    std::is_constructible_v<E, G&&> &&
+    std::is_convertible_v<G&&, E> /* non-explicit */
+  )>
+  constexpr expected(unexpected<G>&& e)
+  : var_(std::in_place_index<1>, std::move(e.value())) {}
+
+  template<class G = E _ENABLE_IF(
+    std::is_constructible_v<E, G&&> &&
+    !std::is_convertible_v<G&&, E> /* explicit */
+  )>
+  constexpr explicit expected(unexpected<G>&& e)
+  : var_(std::in_place_index<1>, E(std::move(e.value()))) {}
+
+  template<class... Args _ENABLE_IF(
+    std::is_constructible_v<T, Args&&...>
+  )>
+  constexpr explicit expected(std::in_place_t, Args&&... args)
+  : var_(std::in_place_index<0>, std::forward<Args>(args)...) {}
+
+  template<class U, class... Args _ENABLE_IF(
+    std::is_constructible_v<T, std::initializer_list<U>&, Args...>
+  )>
+  constexpr explicit expected(std::in_place_t, std::initializer_list<U> il, Args&&... args)
+  : var_(std::in_place_index<0>, il, std::forward<Args>(args)...) {}
+
+  template<class... Args _ENABLE_IF(
+    std::is_constructible_v<E, Args...>
+  )>
+  constexpr explicit expected(unexpect_t, Args&&... args)
+  : var_(unexpected_type(std::forward<Args>(args)...)) {}
+
+  template<class U, class... Args _ENABLE_IF(
+    std::is_constructible_v<E, std::initializer_list<U>&, Args...>
+  )>
+  constexpr explicit expected(unexpect_t, std::initializer_list<U> il, Args&&... args)
+  : var_(unexpected_type(il, std::forward<Args>(args)...)) {}
+
+  // destructor
+  ~expected() = default;
+
+  // assignment
+  // Note: SFNAIE doesn't work here because assignment operator should be
+  // non-template. We could workaround this by defining a templated parent class
+  // having the assignment operator. This incomplete implementation however
+  // doesn't allow us to copy assign expected<T,E> even when T is non-copy
+  // assignable. The copy assignment will fail by the underlying std::variant
+  // anyway though the error message won't be clear.
+  expected& operator=(const expected& rhs) = default;
+
+  // Note for SFNAIE above applies to here as well
+  expected& operator=(expected&& rhs) = default;
+
+  template<class U = T _ENABLE_IF(
+    !std::is_void_v<T> &&
+    !std::is_same_v<expected<T,E>, remove_cvref_t<U>> &&
+    !std::conjunction_v<std::is_scalar<T>, std::is_same<T, std::decay_t<U>>> &&
+    std::is_constructible_v<T,U> &&
+    std::is_assignable_v<T&,U> &&
+    std::is_nothrow_move_constructible_v<E>
+  )>
+  expected& operator=(U&& rhs) {
+    var_ = T(std::forward<U>(rhs));
+    return *this;
+  }
+
+  template<class G = E>
+  expected& operator=(const unexpected<G>& rhs) {
+    var_ = rhs;
+    return *this;
+  }
+
+  template<class G = E _ENABLE_IF(
+    std::is_nothrow_move_constructible_v<G> &&
+    std::is_move_assignable_v<G>
+  )>
+  expected& operator=(unexpected<G>&& rhs) {
+    var_ = std::move(rhs);
+    return *this;
+  }
+
+  // modifiers
+  template<class... Args _ENABLE_IF(
+    std::is_nothrow_constructible_v<T, Args...>
+  )>
+  T& emplace(Args&&... args) {
+    expected(std::in_place, std::forward<Args>(args)...).swap(*this);
+    return value();
+  }
+
+  template<class U, class... Args _ENABLE_IF(
+    std::is_nothrow_constructible_v<T, std::initializer_list<U>&, Args...>
+  )>
+  T& emplace(std::initializer_list<U> il, Args&&... args) {
+    expected(std::in_place, il, std::forward<Args>(args)...).swap(*this);
+    return value();
+  }
+
+  // swap
+  template<typename U = T, typename = std::enable_if_t<(
+    std::is_swappable_v<U> &&
+    std::is_swappable_v<E> &&
+    (std::is_move_constructible_v<U> ||
+     std::is_move_constructible_v<E>))>>
+  void swap(expected& rhs) noexcept(
+    std::is_nothrow_move_constructible_v<T> &&
+    std::is_nothrow_swappable_v<T> &&
+    std::is_nothrow_move_constructible_v<E> &&
+    std::is_nothrow_swappable_v<E>) {
+    var_.swap(rhs.var_);
+  }
+
+  // observers
+  constexpr const T* operator->() const { return std::addressof(value()); }
+  constexpr T* operator->() { return std::addressof(value()); }
+  constexpr const T& operator*() const& { return value(); }
+  constexpr T& operator*() & { return value(); }
+  constexpr const T&& operator*() const&& { return std::move(std::get<T>(var_)); }
+  constexpr T&& operator*() && { return std::move(std::get<T>(var_)); }
+
+  constexpr explicit operator bool() const noexcept { return has_value(); }
+  constexpr bool has_value() const noexcept { return var_.index() == 0; }
+
+  constexpr const T& value() const& { return std::get<T>(var_); }
+  constexpr T& value() & { return std::get<T>(var_); }
+  constexpr const T&& value() const&& { return std::move(std::get<T>(var_)); }
+  constexpr T&& value() && { return std::move(std::get<T>(var_)); }
+
+  constexpr const E& error() const& { return std::get<unexpected_type>(var_).value(); }
+  constexpr E& error() & { return std::get<unexpected_type>(var_).value(); }
+  constexpr const E&& error() const&& { return std::move(std::get<unexpected_type>(var_)).value(); }
+  constexpr E&& error() && { return std::move(std::get<unexpected_type>(var_)).value(); }
+
+  template<class U _ENABLE_IF(
+    std::is_copy_constructible_v<T> &&
+    std::is_convertible_v<U, T>
+  )>
+  constexpr T value_or(U&& v) const& {
+    if (has_value()) return value();
+    else return static_cast<T>(std::forward<U>(v));
+  }
+
+  template<class U _ENABLE_IF(
+    std::is_move_constructible_v<T> &&
+    std::is_convertible_v<U, T>
+  )>
+  constexpr T value_or(U&& v) && {
+    if (has_value()) return std::move(value());
+    else return static_cast<T>(std::forward<U>(v));
+  }
+
+  // expected equality operators
+  template<class T1, class E1, class T2, class E2>
+  friend constexpr bool operator==(const expected<T1, E1>& x, const expected<T2, E2>& y);
+  template<class T1, class E1, class T2, class E2>
+  friend constexpr bool operator!=(const expected<T1, E1>& x, const expected<T2, E2>& y);
+
+  // comparison with T
+  template<class T1, class E1, class T2>
+  friend constexpr bool operator==(const expected<T1, E1>&, const T2&);
+  template<class T1, class E1, class T2>
+  friend constexpr bool operator==(const T2&, const expected<T1, E1>&);
+  template<class T1, class E1, class T2>
+  friend constexpr bool operator!=(const expected<T1, E1>&, const T2&);
+  template<class T1, class E1, class T2>
+  friend constexpr bool operator!=(const T2&, const expected<T1, E1>&);
+
+  // Comparison with unexpected<E>
+  template<class T1, class E1, class E2>
+  friend constexpr bool operator==(const expected<T1, E1>&, const unexpected<E2>&);
+  template<class T1, class E1, class E2>
+  friend constexpr bool operator==(const unexpected<E2>&, const expected<T1, E1>&);
+  template<class T1, class E1, class E2>
+  friend constexpr bool operator!=(const expected<T1, E1>&, const unexpected<E2>&);
+  template<class T1, class E1, class E2>
+  friend constexpr bool operator!=(const unexpected<E2>&, const expected<T1, E1>&);
+
+  // Specialized algorithms
+  template<class T1, class E1>
+  friend void swap(expected<T1, E1>&, expected<T1, E1>&) noexcept;
+
+ private:
+  std::variant<value_type, unexpected_type> var_;
+};
+
+template<class T1, class E1, class T2, class E2>
+constexpr bool operator==(const expected<T1, E1>& x, const expected<T2, E2>& y) {
+  if (x.has_value() != y.has_value()) {
+    return false;
+  } else if (!x.has_value()) {
+    return x.error() == y.error();
+  } else {
+    return *x == *y;
+  }
+}
+
+template<class T1, class E1, class T2, class E2>
+constexpr bool operator!=(const expected<T1, E1>& x, const expected<T2, E2>& y) {
+  return !(x == y);
+}
+
+// comparison with T
+template<class T1, class E1, class T2>
+constexpr bool operator==(const expected<T1, E1>& x, const T2& y) {
+  return x.has_value() && (*x == y);
+}
+template<class T1, class E1, class T2>
+constexpr bool operator==(const T2& x, const expected<T1, E1>& y) {
+  return y.has_value() && (x == *y);
+}
+template<class T1, class E1, class T2>
+constexpr bool operator!=(const expected<T1, E1>& x, const T2& y) {
+  return !x.has_value() || (*x != y);
+}
+template<class T1, class E1, class T2>
+constexpr bool operator!=(const T2& x, const expected<T1, E1>& y) {
+  return !y.has_value() || (x != *y);
+}
+
+// Comparison with unexpected<E>
+template<class T1, class E1, class E2>
+constexpr bool operator==(const expected<T1, E1>& x, const unexpected<E2>& y) {
+  return !x.has_value() && (x.error() == y.value());
+}
+template<class T1, class E1, class E2>
+constexpr bool operator==(const unexpected<E2>& x, const expected<T1, E1>& y) {
+  return !y.has_value() && (x.value() == y.error());
+}
+template<class T1, class E1, class E2>
+constexpr bool operator!=(const expected<T1, E1>& x, const unexpected<E2>& y) {
+  return x.has_value() || (x.error() != y.value());
+}
+template<class T1, class E1, class E2>
+constexpr bool operator!=(const unexpected<E2>& x, const expected<T1, E1>& y) {
+  return y.has_value() || (x.value() != y.error());
+}
+
+template<class E>
+class _NODISCARD_ expected<void, E> {
+ public:
+  using value_type = void;
+  using error_type = E;
+  using unexpected_type = unexpected<E>;
+
+  // constructors
+  constexpr expected() = default;
+  constexpr expected(const expected& rhs) = default;
+  constexpr expected(expected&& rhs) noexcept = default;
+
+  template<class U, class G _ENABLE_IF(
+    std::is_void_v<U> &&
+    std::is_convertible_v<const G&, E> /* non-explicit */
+  )>
+  constexpr expected(const expected<U, G>& rhs) {
+    if (!rhs.has_value()) var_ = unexpected(rhs.error());
+  }
+
+  template<class U, class G _ENABLE_IF(
+    std::is_void_v<U> &&
+    !std::is_convertible_v<const G&, E> /* explicit */
+  )>
+  constexpr explicit expected(const expected<U, G>& rhs) {
+    if (!rhs.has_value()) var_ = unexpected(rhs.error());
+  }
+
+  template<class U, class G _ENABLE_IF(
+    std::is_void_v<U> &&
+    std::is_convertible_v<const G&&, E> /* non-explicit */
+  )>
+  constexpr expected(expected<U, G>&& rhs) {
+    if (!rhs.has_value()) var_ = unexpected(std::move(rhs.error()));
+  }
+
+  template<class U, class G _ENABLE_IF(
+    std::is_void_v<U> &&
+    !std::is_convertible_v<const G&&, E> /* explicit */
+  )>
+  constexpr explicit expected(expected<U, G>&& rhs) {
+    if (!rhs.has_value()) var_ = unexpected(std::move(rhs.error()));
+  }
+
+  template<class G = E _ENABLE_IF(
+    std::is_constructible_v<E, const G&> &&
+    std::is_convertible_v<const G&, E> /* non-explicit */
+  )>
+  constexpr expected(const unexpected<G>& e)
+  : var_(std::in_place_index<1>, e.value()) {}
+
+  template<class G = E _ENABLE_IF(
+    std::is_constructible_v<E, const G&> &&
+    !std::is_convertible_v<const G&, E> /* explicit */
+  )>
+  constexpr explicit expected(const unexpected<G>& e)
+  : var_(std::in_place_index<1>, E(e.value())) {}
+
+  template<class G = E _ENABLE_IF(
+    std::is_constructible_v<E, G&&> &&
+    std::is_convertible_v<G&&, E> /* non-explicit */
+  )>
+  constexpr expected(unexpected<G>&& e)
+  : var_(std::in_place_index<1>, std::move(e.value())) {}
+
+  template<class G = E _ENABLE_IF(
+    std::is_constructible_v<E, G&&> &&
+    !std::is_convertible_v<G&&, E> /* explicit */
+  )>
+  constexpr explicit expected(unexpected<G>&& e)
+  : var_(std::in_place_index<1>, E(std::move(e.value()))) {}
+
+  template<class... Args _ENABLE_IF(
+    sizeof...(Args) == 0
+  )>
+  constexpr explicit expected(std::in_place_t, Args&&...) {}
+
+  template<class... Args _ENABLE_IF(
+    std::is_constructible_v<E, Args...>
+  )>
+  constexpr explicit expected(unexpect_t, Args&&... args)
+  : var_(unexpected_type(std::forward<Args>(args)...)) {}
+
+  template<class U, class... Args _ENABLE_IF(
+    std::is_constructible_v<E, std::initializer_list<U>&, Args...>
+  )>
+  constexpr explicit expected(unexpect_t, std::initializer_list<U> il, Args&&... args)
+  : var_(unexpected_type(il, std::forward<Args>(args)...)) {}
+
+  // destructor
+  ~expected() = default;
+
+  // assignment
+  // Note: SFNAIE doesn't work here because assignment operator should be
+  // non-template. We could workaround this by defining a templated parent class
+  // having the assignment operator. This incomplete implementation however
+  // doesn't allow us to copy assign expected<T,E> even when T is non-copy
+  // assignable. The copy assignment will fail by the underlying std::variant
+  // anyway though the error message won't be clear.
+  expected& operator=(const expected& rhs) = default;
+
+  // Note for SFNAIE above applies to here as well
+  expected& operator=(expected&& rhs) = default;
+
+  template<class G = E>
+  expected& operator=(const unexpected<G>& rhs) {
+    var_ = rhs;
+    return *this;
+  }
+
+  template<class G = E _ENABLE_IF(
+    std::is_nothrow_move_constructible_v<G> &&
+    std::is_move_assignable_v<G>
+  )>
+  expected& operator=(unexpected<G>&& rhs) {
+    var_ = std::move(rhs);
+    return *this;
+  }
+
+  // modifiers
+  void emplace() {
+    var_ = std::monostate();
+  }
+
+  // swap
+  template<typename = std::enable_if_t<
+    std::is_swappable_v<E>>
+  >
+  void swap(expected& rhs) noexcept(std::is_nothrow_move_constructible_v<E>) {
+    var_.swap(rhs.var_);
+  }
+
+  // observers
+  constexpr explicit operator bool() const noexcept { return has_value(); }
+  constexpr bool has_value() const noexcept { return var_.index() == 0; }
+
+  constexpr void value() const& { if (!has_value()) std::get<0>(var_); }
+
+  constexpr const E& error() const& { return std::get<unexpected_type>(var_).value(); }
+  constexpr E& error() & { return std::get<unexpected_type>(var_).value(); }
+  constexpr const E&& error() const&& { return std::move(std::get<unexpected_type>(var_)).value(); }
+  constexpr E&& error() && { return std::move(std::get<unexpected_type>(var_)).value(); }
+
+  // expected equality operators
+  template<class E1, class E2>
+  friend constexpr bool operator==(const expected<void, E1>& x, const expected<void, E2>& y);
+
+  // Specialized algorithms
+  template<class T1, class E1>
+  friend void swap(expected<T1, E1>&, expected<T1, E1>&) noexcept;
+
+ private:
+  std::variant<std::monostate, unexpected_type> var_;
+};
+
+template<class E1, class E2>
+constexpr bool operator==(const expected<void, E1>& x, const expected<void, E2>& y) {
+  if (x.has_value() != y.has_value()) {
+    return false;
+  } else if (!x.has_value()) {
+    return x.error() == y.error();
+  } else {
+    return true;
+  }
+}
+
+template<class T1, class E1, class E2>
+constexpr bool operator==(const expected<T1, E1>& x, const expected<void, E2>& y) {
+  if (x.has_value() != y.has_value()) {
+    return false;
+  } else if (!x.has_value()) {
+    return x.error() == y.error();
+  } else {
+    return false;
+  }
+}
+
+template<class E1, class T2, class E2>
+constexpr bool operator==(const expected<void, E1>& x, const expected<T2, E2>& y) {
+  if (x.has_value() != y.has_value()) {
+    return false;
+  } else if (!x.has_value()) {
+    return x.error() == y.error();
+  } else {
+    return false;
+  }
+}
+
+template<class E>
+class unexpected {
+ public:
+  // constructors
+  constexpr unexpected(const unexpected&) = default;
+  constexpr unexpected(unexpected&&) = default;
+
+  template<class Err = E _ENABLE_IF(
+    std::is_constructible_v<E, Err> &&
+    !std::is_same_v<remove_cvref_t<E>, std::in_place_t> &&
+    !std::is_same_v<remove_cvref_t<E>, unexpected>
+  )>
+  constexpr unexpected(Err&& e)
+  : val_(std::forward<Err>(e)) {}
+
+  template<class U, class... Args _ENABLE_IF(
+    std::is_constructible_v<E, std::initializer_list<U>&, Args...>
+  )>
+  constexpr explicit unexpected(std::in_place_t, std::initializer_list<U> il, Args&&... args)
+  : val_(il, std::forward<Args>(args)...) {}
+
+  template<class Err _ENABLE_IF(
+    std::is_constructible_v<E, Err> &&
+    !std::is_constructible_v<E, unexpected<Err>&> &&
+    !std::is_constructible_v<E, unexpected<Err>> &&
+    !std::is_constructible_v<E, const unexpected<Err>&> &&
+    !std::is_constructible_v<E, const unexpected<Err>> &&
+    !std::is_convertible_v<unexpected<Err>&, E> &&
+    !std::is_convertible_v<unexpected<Err>, E> &&
+    !std::is_convertible_v<const unexpected<Err>&, E> &&
+    !std::is_convertible_v<const unexpected<Err>, E> &&
+    std::is_convertible_v<Err, E> /* non-explicit */
+  )>
+  constexpr unexpected(const unexpected<Err>& rhs)
+  : val_(rhs.value()) {}
+
+  template<class Err _ENABLE_IF(
+    std::is_constructible_v<E, Err> &&
+    !std::is_constructible_v<E, unexpected<Err>&> &&
+    !std::is_constructible_v<E, unexpected<Err>> &&
+    !std::is_constructible_v<E, const unexpected<Err>&> &&
+    !std::is_constructible_v<E, const unexpected<Err>> &&
+    !std::is_convertible_v<unexpected<Err>&, E> &&
+    !std::is_convertible_v<unexpected<Err>, E> &&
+    !std::is_convertible_v<const unexpected<Err>&, E> &&
+    !std::is_convertible_v<const unexpected<Err>, E> &&
+    !std::is_convertible_v<Err, E> /* explicit */
+  )>
+  constexpr explicit unexpected(const unexpected<Err>& rhs)
+  : val_(E(rhs.value())) {}
+
+  template<class Err _ENABLE_IF(
+    std::is_constructible_v<E, Err> &&
+    !std::is_constructible_v<E, unexpected<Err>&> &&
+    !std::is_constructible_v<E, unexpected<Err>> &&
+    !std::is_constructible_v<E, const unexpected<Err>&> &&
+    !std::is_constructible_v<E, const unexpected<Err>> &&
+    !std::is_convertible_v<unexpected<Err>&, E> &&
+    !std::is_convertible_v<unexpected<Err>, E> &&
+    !std::is_convertible_v<const unexpected<Err>&, E> &&
+    !std::is_convertible_v<const unexpected<Err>, E> &&
+    std::is_convertible_v<Err, E> /* non-explicit */
+  )>
+  constexpr unexpected(unexpected<Err>&& rhs)
+  : val_(std::move(rhs.value())) {}
+
+  template<class Err _ENABLE_IF(
+    std::is_constructible_v<E, Err> &&
+    !std::is_constructible_v<E, unexpected<Err>&> &&
+    !std::is_constructible_v<E, unexpected<Err>> &&
+    !std::is_constructible_v<E, const unexpected<Err>&> &&
+    !std::is_constructible_v<E, const unexpected<Err>> &&
+    !std::is_convertible_v<unexpected<Err>&, E> &&
+    !std::is_convertible_v<unexpected<Err>, E> &&
+    !std::is_convertible_v<const unexpected<Err>&, E> &&
+    !std::is_convertible_v<const unexpected<Err>, E> &&
+    !std::is_convertible_v<Err, E> /* explicit */
+  )>
+  constexpr explicit unexpected(unexpected<Err>&& rhs)
+  : val_(E(std::move(rhs.value()))) {}
+
+  // assignment
+  constexpr unexpected& operator=(const unexpected&) = default;
+  constexpr unexpected& operator=(unexpected&&) = default;
+  template<class Err = E>
+  constexpr unexpected& operator=(const unexpected<Err>& rhs) {
+    val_ = rhs.value();
+    return *this;
+  }
+  template<class Err = E>
+  constexpr unexpected& operator=(unexpected<Err>&& rhs) {
+    val_ = std::forward<E>(rhs.value());
+    return *this;
+  }
+
+  // observer
+  constexpr const E& value() const& noexcept { return val_; }
+  constexpr E& value() & noexcept { return val_; }
+  constexpr const E&& value() const&& noexcept { return std::move(val_); }
+  constexpr E&& value() && noexcept { return std::move(val_); }
+
+  void swap(unexpected& other) noexcept(std::is_nothrow_swappable_v<E>) {
+    std::swap(val_, other.val_);
+  }
+
+  template<class E1, class E2>
+  friend constexpr bool
+  operator==(const unexpected<E1>& e1, const unexpected<E2>& e2);
+  template<class E1, class E2>
+  friend constexpr bool
+  operator!=(const unexpected<E1>& e1, const unexpected<E2>& e2);
+
+  template<class E1>
+  friend void swap(unexpected<E1>& x, unexpected<E1>& y) noexcept(noexcept(x.swap(y)));
+
+ private:
+  E val_;
+};
+
+template<class E1, class E2>
+constexpr bool
+operator==(const unexpected<E1>& e1, const unexpected<E2>& e2) {
+  return e1.value() == e2.value();
+}
+
+template<class E1, class E2>
+constexpr bool
+operator!=(const unexpected<E1>& e1, const unexpected<E2>& e2) {
+  return e1.value() != e2.value();
+}
+
+template<class E1>
+void swap(unexpected<E1>& x, unexpected<E1>& y) noexcept(noexcept(x.swap(y))) {
+  x.swap(y);
+}
+
+// TODO: bad_expected_access class
+
+#undef _ENABLE_IF
+#undef _NODISCARD_
+
+}  // namespace base
+}  // namespace android
diff --git a/base/include/android-base/mapped_file.h b/base/include/android-base/mapped_file.h
index b719646..2ab49ab 100644
--- a/base/include/android-base/mapped_file.h
+++ b/base/include/android-base/mapped_file.h
@@ -36,7 +36,7 @@
 namespace base {
 
 /**
- * A region of a file mapped into memory.
+ * A region of a file mapped into memory, also known as MmapFile.
  */
 class MappedFile {
  public:
diff --git a/base/include/android-base/properties.h b/base/include/android-base/properties.h
index 31e5273..31823df 100644
--- a/base/include/android-base/properties.h
+++ b/base/include/android-base/properties.h
@@ -49,9 +49,6 @@
                                         T max = std::numeric_limits<T>::max());
 
 // Sets the system property `key` to `value`.
-// Note that system property setting is inherently asynchronous so a return value of `true`
-// isn't particularly meaningful, and immediately reading back the value won't necessarily
-// tell you whether or not your call succeeded. A `false` return value definitely means failure.
 bool SetProperty(const std::string& key, const std::string& value);
 
 // Waits for the system property `key` to have the value `expected_value`.
diff --git a/base/include/android-base/result.h b/base/include/android-base/result.h
new file mode 100644
index 0000000..4a8e1ef
--- /dev/null
+++ b/base/include/android-base/result.h
@@ -0,0 +1,164 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// This file contains classes for returning a successful result along with an optional
+// arbitrarily typed return value or for returning a failure result along with an optional string
+// indicating why the function failed.
+
+// There are 3 classes that implement this functionality and one additional helper type.
+//
+// Result<T> either contains a member of type T that can be accessed using similar semantics as
+// std::optional<T> or it contains a ResultError describing an error, which can be accessed via
+// Result<T>::error().
+//
+// ResultError is a type that contains both a std::string describing the error and a copy of errno
+// from when the error occurred.  ResultError can be used in an ostream directly to print its
+// string value.
+//
+// Result<void> is the correct return type for a function that either returns successfully or
+// returns an error value.  Returning {} from a function that returns Result<void> is the
+// correct way to indicate that a function without a return type has completed successfully.
+//
+// A successful Result<T> is constructed implicitly from any type that can be implicitly converted
+// to T or from the constructor arguments for T.  This allows you to return a type T directly from
+// a function that returns Result<T>.
+//
+// Error and ErrnoError are used to construct a Result<T> that has failed.  The Error class takes
+// an ostream as an input and are implicitly cast to a Result<T> containing that failure.
+// ErrnoError() is a helper function to create an Error class that appends ": " + strerror(errno)
+// to the end of the failure string to aid in interacting with C APIs.  Alternatively, an errno
+// value can be directly specified via the Error() constructor.
+//
+// ResultError can be used in the ostream when using Error to construct a Result<T>.  In this case,
+// the string that the ResultError takes is passed through the stream normally, but the errno is
+// passed to the Result<T>.  This can be used to pass errno from a failing C function up multiple
+// callers.
+//
+// ResultError can also directly construct a Result<T>.  This is particularly useful if you have a
+// function that return Result<T> but you have a Result<U> and want to return its error.  In this
+// case, you can return the .error() from the Result<U> to construct the Result<T>.
+
+// An example of how to use these is below:
+// Result<U> CalculateResult(const T& input) {
+//   U output;
+//   if (!SomeOtherCppFunction(input, &output)) {
+//     return Error() << "SomeOtherCppFunction(" << input << ") failed";
+//   }
+//   if (!c_api_function(output)) {
+//     return ErrnoError() << "c_api_function(" << output << ") failed";
+//   }
+//   return output;
+// }
+//
+// auto output = CalculateResult(input);
+// if (!output) return Error() << "CalculateResult failed: " << output.error();
+// UseOutput(*output);
+
+#pragma once
+
+#include <errno.h>
+
+#include <sstream>
+#include <string>
+
+#include "android-base/expected.h"
+
+namespace android {
+namespace base {
+
+struct ResultError {
+  template <typename T>
+  ResultError(T&& message, int code) : message_(std::forward<T>(message)), code_(code) {}
+
+  template <typename T>
+  operator android::base::expected<T, ResultError>() {
+    return android::base::unexpected(ResultError(message_, code_));
+  }
+
+  std::string message() const { return message_; }
+  int code() const { return code_; }
+
+ private:
+  std::string message_;
+  int code_;
+};
+
+inline bool operator==(const ResultError& lhs, const ResultError& rhs) {
+  return lhs.message() == rhs.message() && lhs.code() == rhs.code();
+}
+
+inline bool operator!=(const ResultError& lhs, const ResultError& rhs) {
+  return !(lhs == rhs);
+}
+
+inline std::ostream& operator<<(std::ostream& os, const ResultError& t) {
+  os << t.message();
+  return os;
+}
+
+class Error {
+ public:
+  Error() : errno_(0), append_errno_(false) {}
+  Error(int errno_to_append) : errno_(errno_to_append), append_errno_(true) {}
+
+  template <typename T>
+  operator android::base::expected<T, ResultError>() {
+    return android::base::unexpected(ResultError(str(), errno_));
+  }
+
+  template <typename T>
+  Error& operator<<(T&& t) {
+    if constexpr (std::is_same_v<std::remove_cv_t<std::remove_reference_t<T>>, ResultError>) {
+      errno_ = t.code();
+      return (*this) << t.message();
+    }
+    int saved = errno;
+    ss_ << t;
+    errno = saved;
+    return *this;
+  }
+
+  const std::string str() const {
+    std::string str = ss_.str();
+    if (append_errno_) {
+      if (str.empty()) {
+        return strerror(errno_);
+      }
+      return std::move(str) + ": " + strerror(errno_);
+    }
+    return str;
+  }
+
+  Error(const Error&) = delete;
+  Error(Error&&) = delete;
+  Error& operator=(const Error&) = delete;
+  Error& operator=(Error&&) = delete;
+
+ private:
+  std::stringstream ss_;
+  int errno_;
+  bool append_errno_;
+};
+
+inline Error ErrnoError() {
+  return Error(errno);
+}
+
+template <typename T>
+using Result = android::base::expected<T, ResultError>;
+
+}  // namespace base
+}  // namespace android
diff --git a/base/mapped_file.cpp b/base/mapped_file.cpp
index f689bfa..f60de56 100644
--- a/base/mapped_file.cpp
+++ b/base/mapped_file.cpp
@@ -79,7 +79,7 @@
   if (base_ != nullptr) UnmapViewOfFile(base_);
   if (handle_ != nullptr) CloseHandle(handle_);
 #else
-  if (base_ != nullptr) munmap(base_, size_);
+  if (base_ != nullptr) munmap(base_, size_ + offset_);
 #endif
 
   base_ = nullptr;
diff --git a/base/result_test.cpp b/base/result_test.cpp
new file mode 100644
index 0000000..e864b97
--- /dev/null
+++ b/base/result_test.cpp
@@ -0,0 +1,359 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "android-base/result.h"
+
+#include "errno.h"
+
+#include <istream>
+#include <string>
+
+#include <gtest/gtest.h>
+
+using namespace std::string_literals;
+
+namespace android {
+namespace base {
+
+TEST(result, result_accessors) {
+  Result<std::string> result = "success";
+  ASSERT_TRUE(result);
+  ASSERT_TRUE(result.has_value());
+
+  EXPECT_EQ("success", *result);
+  EXPECT_EQ("success", result.value());
+
+  EXPECT_EQ('s', result->data()[0]);
+}
+
+TEST(result, result_accessors_rvalue) {
+  ASSERT_TRUE(Result<std::string>("success"));
+  ASSERT_TRUE(Result<std::string>("success").has_value());
+
+  EXPECT_EQ("success", *Result<std::string>("success"));
+  EXPECT_EQ("success", Result<std::string>("success").value());
+
+  EXPECT_EQ('s', Result<std::string>("success")->data()[0]);
+}
+
+TEST(result, result_void) {
+  Result<void> ok = {};
+  EXPECT_TRUE(ok);
+  ok.value();  // should not crash
+  ASSERT_DEATH(ok.error(), "");
+
+  Result<void> fail = Error() << "failure" << 1;
+  EXPECT_FALSE(fail);
+  EXPECT_EQ("failure1", fail.error().message());
+  EXPECT_EQ(0, fail.error().code());
+  EXPECT_TRUE(ok != fail);
+  ASSERT_DEATH(fail.value(), "");
+
+  auto test = [](bool ok) -> Result<void> {
+    if (ok) return {};
+    else return Error() << "failure" << 1;
+  };
+  EXPECT_TRUE(test(true));
+  EXPECT_FALSE(test(false));
+  test(true).value();  // should not crash
+  ASSERT_DEATH(test(true).error(), "");
+  ASSERT_DEATH(test(false).value(), "");
+  EXPECT_EQ("failure1", test(false).error().message());
+}
+
+TEST(result, result_error) {
+  Result<void> result = Error() << "failure" << 1;
+  ASSERT_FALSE(result);
+  ASSERT_FALSE(result.has_value());
+
+  EXPECT_EQ(0, result.error().code());
+  EXPECT_EQ("failure1", result.error().message());
+}
+
+TEST(result, result_error_empty) {
+  Result<void> result = Error();
+  ASSERT_FALSE(result);
+  ASSERT_FALSE(result.has_value());
+
+  EXPECT_EQ(0, result.error().code());
+  EXPECT_EQ("", result.error().message());
+}
+
+TEST(result, result_error_rvalue) {
+  // Error() and ErrnoError() aren't actually used to create a Result<T> object.
+  // Under the hood, they are an intermediate class that can be implicitly constructed into a
+  // Result<T>.  This is needed both to create the ostream and because Error() itself, by
+  // definition will not know what the type, T, of the underlying Result<T> object that it would
+  // create is.
+
+  auto MakeRvalueErrorResult = []() -> Result<void> { return Error() << "failure" << 1; };
+  ASSERT_FALSE(MakeRvalueErrorResult());
+  ASSERT_FALSE(MakeRvalueErrorResult().has_value());
+
+  EXPECT_EQ(0, MakeRvalueErrorResult().error().code());
+  EXPECT_EQ("failure1", MakeRvalueErrorResult().error().message());
+}
+
+TEST(result, result_errno_error) {
+  constexpr int test_errno = 6;
+  errno = test_errno;
+  Result<void> result = ErrnoError() << "failure" << 1;
+
+  ASSERT_FALSE(result);
+  ASSERT_FALSE(result.has_value());
+
+  EXPECT_EQ(test_errno, result.error().code());
+  EXPECT_EQ("failure1: "s + strerror(test_errno), result.error().message());
+}
+
+TEST(result, result_errno_error_no_text) {
+  constexpr int test_errno = 6;
+  errno = test_errno;
+  Result<void> result = ErrnoError();
+
+  ASSERT_FALSE(result);
+  ASSERT_FALSE(result.has_value());
+
+  EXPECT_EQ(test_errno, result.error().code());
+  EXPECT_EQ(strerror(test_errno), result.error().message());
+}
+
+TEST(result, result_error_from_other_result) {
+  auto error_text = "test error"s;
+  Result<void> result = Error() << error_text;
+
+  ASSERT_FALSE(result);
+  ASSERT_FALSE(result.has_value());
+
+  Result<std::string> result2 = result.error();
+
+  ASSERT_FALSE(result2);
+  ASSERT_FALSE(result2.has_value());
+
+  EXPECT_EQ(0, result2.error().code());
+  EXPECT_EQ(error_text, result2.error().message());
+}
+
+TEST(result, result_error_through_ostream) {
+  auto error_text = "test error"s;
+  Result<void> result = Error() << error_text;
+
+  ASSERT_FALSE(result);
+  ASSERT_FALSE(result.has_value());
+
+  Result<std::string> result2 = Error() << result.error();
+
+  ASSERT_FALSE(result2);
+  ASSERT_FALSE(result2.has_value());
+
+  EXPECT_EQ(0, result2.error().code());
+  EXPECT_EQ(error_text, result2.error().message());
+}
+
+TEST(result, result_errno_error_through_ostream) {
+  auto error_text = "test error"s;
+  constexpr int test_errno = 6;
+  errno = 6;
+  Result<void> result = ErrnoError() << error_text;
+
+  errno = 0;
+
+  ASSERT_FALSE(result);
+  ASSERT_FALSE(result.has_value());
+
+  Result<std::string> result2 = Error() << result.error();
+
+  ASSERT_FALSE(result2);
+  ASSERT_FALSE(result2.has_value());
+
+  EXPECT_EQ(test_errno, result2.error().code());
+  EXPECT_EQ(error_text + ": " + strerror(test_errno), result2.error().message());
+}
+
+TEST(result, constructor_forwarding) {
+  auto result = Result<std::string>(std::in_place, 5, 'a');
+
+  ASSERT_TRUE(result);
+  ASSERT_TRUE(result.has_value());
+
+  EXPECT_EQ("aaaaa", *result);
+}
+
+struct ConstructorTracker {
+  static size_t constructor_called;
+  static size_t copy_constructor_called;
+  static size_t move_constructor_called;
+  static size_t copy_assignment_called;
+  static size_t move_assignment_called;
+
+  template <typename T>
+  ConstructorTracker(T&& string) : string(string) {
+    ++constructor_called;
+  }
+
+  ConstructorTracker(const ConstructorTracker& ct) {
+    ++copy_constructor_called;
+    string = ct.string;
+  }
+  ConstructorTracker(ConstructorTracker&& ct) noexcept {
+    ++move_constructor_called;
+    string = std::move(ct.string);
+  }
+  ConstructorTracker& operator=(const ConstructorTracker& ct) {
+    ++copy_assignment_called;
+    string = ct.string;
+    return *this;
+  }
+  ConstructorTracker& operator=(ConstructorTracker&& ct) noexcept {
+    ++move_assignment_called;
+    string = std::move(ct.string);
+    return *this;
+  }
+
+  std::string string;
+};
+
+size_t ConstructorTracker::constructor_called = 0;
+size_t ConstructorTracker::copy_constructor_called = 0;
+size_t ConstructorTracker::move_constructor_called = 0;
+size_t ConstructorTracker::copy_assignment_called = 0;
+size_t ConstructorTracker::move_assignment_called = 0;
+
+Result<ConstructorTracker> ReturnConstructorTracker(const std::string& in) {
+  if (in.empty()) {
+    return "literal string";
+  }
+  if (in == "test2") {
+    return ConstructorTracker(in + in + "2");
+  }
+  ConstructorTracker result(in + " " + in);
+  return result;
+};
+
+TEST(result, no_copy_on_return) {
+  // If returning parameters that may be used to implicitly construct the type T of Result<T>,
+  // then those parameters are forwarded to the construction of Result<T>.
+
+  // If returning an prvalue or xvalue, it will be move constructed during the construction of
+  // Result<T>.
+
+  // This check ensures that that is the case, and particularly that no copy constructors
+  // are called.
+
+  auto result1 = ReturnConstructorTracker("");
+  ASSERT_TRUE(result1);
+  EXPECT_EQ("literal string", result1->string);
+  EXPECT_EQ(1U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  auto result2 = ReturnConstructorTracker("test2");
+  ASSERT_TRUE(result2);
+  EXPECT_EQ("test2test22", result2->string);
+  EXPECT_EQ(2U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(1U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+
+  auto result3 = ReturnConstructorTracker("test3");
+  ASSERT_TRUE(result3);
+  EXPECT_EQ("test3 test3", result3->string);
+  EXPECT_EQ(3U, ConstructorTracker::constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
+  EXPECT_EQ(2U, ConstructorTracker::move_constructor_called);
+  EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
+  EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
+}
+
+// Below two tests require that we do not hide the move constructor with our forwarding reference
+// constructor.  This is done with by disabling the forwarding reference constructor if its first
+// and only type is Result<T>.
+TEST(result, result_result_with_success) {
+  auto return_result_result_with_success = []() -> Result<Result<void>> { return Result<void>(); };
+  auto result = return_result_result_with_success();
+  ASSERT_TRUE(result);
+  ASSERT_TRUE(*result);
+
+  auto inner_result = result.value();
+  ASSERT_TRUE(inner_result);
+}
+
+TEST(result, result_result_with_failure) {
+  auto return_result_result_with_error = []() -> Result<Result<void>> {
+    return Result<void>(ResultError("failure string", 6));
+  };
+  auto result = return_result_result_with_error();
+  ASSERT_TRUE(result);
+  ASSERT_FALSE(*result);
+  EXPECT_EQ("failure string", (*result).error().message());
+  EXPECT_EQ(6, (*result).error().code());
+}
+
+// This test requires that we disable the forwarding reference constructor if Result<T> is the
+// *only* type that we are forwarding.  In otherwords, if we are forwarding Result<T>, int to
+// construct a Result<T>, then we still need the constructor.
+TEST(result, result_two_parameter_constructor_same_type) {
+  struct TestStruct {
+    TestStruct(int value) : value_(value) {}
+    TestStruct(Result<TestStruct> result, int value) : value_(result->value_ * value) {}
+    int value_;
+  };
+
+  auto return_test_struct = []() -> Result<TestStruct> {
+    return Result<TestStruct>(std::in_place, Result<TestStruct>(std::in_place, 6), 6);
+  };
+
+  auto result = return_test_struct();
+  ASSERT_TRUE(result);
+  EXPECT_EQ(36, result->value_);
+}
+
+TEST(result, die_on_access_failed_result) {
+  Result<std::string> result = Error();
+  ASSERT_DEATH(*result, "");
+}
+
+TEST(result, die_on_get_error_succesful_result) {
+  Result<std::string> result = "success";
+  ASSERT_DEATH(result.error(), "");
+}
+
+template <class CharT>
+std::basic_ostream<CharT>& SetErrnoToTwo(std::basic_ostream<CharT>& ss) {
+  errno = 2;
+  return ss;
+}
+
+TEST(result, preserve_errno) {
+  errno = 1;
+  int old_errno = errno;
+  Result<int> result = Error() << "Failed" << SetErrnoToTwo<char>;
+  ASSERT_FALSE(result);
+  EXPECT_EQ(old_errno, errno);
+
+  errno = 1;
+  old_errno = errno;
+  Result<int> result2 = ErrnoError() << "Failed" << SetErrnoToTwo<char>;
+  ASSERT_FALSE(result2);
+  EXPECT_EQ(old_errno, errno);
+  EXPECT_EQ(old_errno, result2.error().code());
+}
+
+}  // namespace base
+}  // namespace android
diff --git a/bootstat/bootstat.cpp b/bootstat/bootstat.cpp
index c091ff7..a71e19e 100644
--- a/bootstat/bootstat.cpp
+++ b/bootstat/bootstat.cpp
@@ -140,7 +140,7 @@
     {"mba_err", 13},
     {"Watchdog", 14},
     {"Panic", 15},
-    {"power_key", 16},
+    {"power_key", 16},  // Mediatek
     {"power_on", 17},
     {"Reboot", 18},
     {"rtc", 19},
@@ -203,13 +203,13 @@
     {"shutdown,hibernate", 74},  // Suspend to DISK
     {"power_on_key", 75},
     {"reboot_by_key", 76},
-    {"wdt_by_pass_pwk", 77},
+    {"wdt_by_pass_pwk", 77},  // Mediatek
     {"reboot_longkey", 78},
     {"powerkey", 79},
-    {"usb", 80},
-    {"wdt", 81},
-    {"tool_by_pass_pwk", 82},
-    {"2sec_reboot", 83},
+    {"usb", 80},               // Mediatek
+    {"wdt", 81},               // Mediatek
+    {"tool_by_pass_pwk", 82},  // Mediatek
+    {"2sec_reboot", 83},       // Mediatek
     {"reboot,by_key", 84},
     {"reboot,longkey", 85},
     {"reboot,2sec", 86},  // Deprecate in two years, replaced with cold,rtc,2sec
@@ -276,10 +276,10 @@
     {"software_master", 147},
     {"cold,charger", 148},
     {"cold,rtc", 149},
-    {"cold,rtc,2sec", 150},
-    {"reboot,tool", 151},
-    {"reboot,wdt", 152},
-    {"reboot,unknown", 153},
+    {"cold,rtc,2sec", 150},   // Mediatek
+    {"reboot,tool", 151},     // Mediatek
+    {"reboot,wdt", 152},      // Mediatek
+    {"reboot,unknown", 153},  // Mediatek
     {"kernel_panic,audit", 154},
     {"kernel_panic,atomic", 155},
     {"kernel_panic,hung", 156},
@@ -304,6 +304,12 @@
     {"reboot,pmic_off_fault,.*", 175},
     {"reboot,pmic_off_s3rst,.*", 176},
     {"reboot,pmic_off_other,.*", 177},
+    {"reboot,userrequested,fastboot", 178},
+    {"reboot,userrequested,recovery", 179},
+    {"reboot,userrequested,recovery,ui", 180},
+    {"shutdown,userrequested,fastboot", 181},
+    {"shutdown,userrequested,recovery", 182},
+    {"reboot,unknown[0-9]*", 183},
 };
 
 // Converts a string value representing the reason the system booted to an
@@ -1086,17 +1092,8 @@
 void LogBootInfoToStatsd(std::chrono::milliseconds end_time,
                          std::chrono::milliseconds total_duration, int32_t bootloader_duration_ms,
                          double time_since_last_boot_sec) {
-  const auto reason = android::base::GetProperty(bootloader_reboot_reason_property, "");
-
-  if (reason.empty()) {
-    android::util::stats_write(android::util::BOOT_SEQUENCE_REPORTED, "<EMPTY>", "<EMPTY>",
-                               end_time.count(), total_duration.count(),
-                               (int64_t)bootloader_duration_ms,
-                               (int64_t)time_since_last_boot_sec * 1000);
-    return;
-  }
-
-  const auto system_reason = android::base::GetProperty(system_reboot_reason_property, "");
+  auto reason = android::base::GetProperty(bootloader_reboot_reason_property, "<EMPTY>");
+  auto system_reason = android::base::GetProperty(system_reboot_reason_property, "<EMPTY>");
   android::util::stats_write(android::util::BOOT_SEQUENCE_REPORTED, reason.c_str(),
                              system_reason.c_str(), end_time.count(), total_duration.count(),
                              (int64_t)bootloader_duration_ms,
diff --git a/demangle/Demangler.cpp b/demangle/Demangler.cpp
index 7a3aa81..7bae356 100644
--- a/demangle/Demangler.cpp
+++ b/demangle/Demangler.cpp
@@ -15,6 +15,7 @@
  */
 
 #include <assert.h>
+#include <string.h>
 
 #include <cctype>
 #include <stack>
diff --git a/fastboot/device/commands.cpp b/fastboot/device/commands.cpp
index 1b09f79..409ef70 100644
--- a/fastboot/device/commands.cpp
+++ b/fastboot/device/commands.cpp
@@ -39,6 +39,7 @@
 #include "flashing.h"
 #include "utility.h"
 
+using android::fs_mgr::MetadataBuilder;
 using ::android::hardware::hidl_string;
 using ::android::hardware::boot::V1_0::BoolResult;
 using ::android::hardware::boot::V1_0::CommandResult;
@@ -46,8 +47,6 @@
 using ::android::hardware::fastboot::V1_0::Result;
 using ::android::hardware::fastboot::V1_0::Status;
 
-using namespace android::fs_mgr;
-
 struct VariableHandlers {
     // Callback to retrieve the value of a single variable.
     std::function<bool(FastbootDevice*, const std::vector<std::string>&, std::string*)> get;
@@ -340,7 +339,7 @@
 PartitionBuilder::PartitionBuilder(FastbootDevice* device, const std::string& partition_name)
     : device_(device) {
     std::string slot_suffix = GetSuperSlotSuffix(device, partition_name);
-    slot_number_ = SlotNumberForSlotSuffix(slot_suffix);
+    slot_number_ = android::fs_mgr::SlotNumberForSlotSuffix(slot_suffix);
     auto super_device = FindPhysicalPartition(fs_mgr_get_super_partition_name(slot_number_));
     if (!super_device) {
         return;
@@ -350,7 +349,7 @@
 }
 
 bool PartitionBuilder::Write() {
-    std::unique_ptr<LpMetadata> metadata = builder_->Export();
+    auto metadata = builder_->Export();
     if (!metadata) {
         return false;
     }
@@ -381,7 +380,7 @@
         return device->WriteFail("Partition already exists");
     }
 
-    Partition* partition = builder->AddPartition(partition_name, 0);
+    auto partition = builder->AddPartition(partition_name, 0);
     if (!partition) {
         return device->WriteFail("Failed to add partition");
     }
@@ -437,7 +436,7 @@
         return device->WriteFail("Could not open super partition");
     }
 
-    Partition* partition = builder->FindPartition(partition_name);
+    auto partition = builder->FindPartition(partition_name);
     if (!partition) {
         return device->WriteFail("Partition does not exist");
     }
@@ -466,7 +465,7 @@
 class AutoMountMetadata {
   public:
     AutoMountMetadata() {
-        Fstab proc_mounts;
+        android::fs_mgr::Fstab proc_mounts;
         if (!ReadFstabFromFile("/proc/mounts", &proc_mounts)) {
             LOG(ERROR) << "Could not read /proc/mounts";
             return;
@@ -494,7 +493,7 @@
     explicit operator bool() const { return mounted_; }
 
   private:
-    Fstab fstab_;
+    android::fs_mgr::Fstab fstab_;
     bool mounted_ = false;
     bool should_unmount_ = false;
 };
diff --git a/fastboot/device/usb_client.cpp b/fastboot/device/usb_client.cpp
index 511bd5c..5066046 100644
--- a/fastboot/device/usb_client.cpp
+++ b/fastboot/device/usb_client.cpp
@@ -33,7 +33,7 @@
 constexpr int kMaxPacketsizeSs = 1024;
 
 constexpr size_t kFbFfsNumBufs = 16;
-constexpr size_t kFbFfsBufSize = 32768;
+constexpr size_t kFbFfsBufSize = 16384;
 
 constexpr const char* kUsbFfsFastbootEp0 = "/dev/usb-ffs/fastboot/ep0";
 constexpr const char* kUsbFfsFastbootOut = "/dev/usb-ffs/fastboot/ep1";
@@ -255,7 +255,8 @@
     size_t bytes_read_total = 0;
     while (bytes_read_total < len) {
         auto bytes_to_read = std::min(len - bytes_read_total, kFbFfsNumBufs * kFbFfsBufSize);
-        auto bytes_read_now = handle_->read(handle_.get(), char_data, bytes_to_read);
+        auto bytes_read_now =
+                handle_->read(handle_.get(), char_data, bytes_to_read, true /* allow_partial */);
         if (bytes_read_now < 0) {
             return bytes_read_total == 0 ? -1 : bytes_read_total;
         }
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 25df451..39abc4a 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -1175,6 +1175,10 @@
     if (!is_userspace_fastboot()) {
         die("Failed to boot into userspace fastboot; one or more components might be unbootable.");
     }
+
+    // Reset target_sparse_limit after reboot to userspace fastboot. Max
+    // download sizes may differ in bootloader and fastbootd.
+    target_sparse_limit = -1;
 }
 
 class ImageSource {
diff --git a/fastboot/usb_windows.cpp b/fastboot/usb_windows.cpp
index b00edb3..bf840f8 100644
--- a/fastboot/usb_windows.cpp
+++ b/fastboot/usb_windows.cpp
@@ -195,25 +195,28 @@
 ssize_t WindowsUsbTransport::Read(void* data, size_t len) {
     unsigned long time_out = 0;
     unsigned long read = 0;
+    size_t count = 0;
     int ret;
 
     DBG("usb_read %zu\n", len);
     if (nullptr != handle_) {
-        while (1) {
-            int xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len;
+        while (len > 0) {
+            size_t xfer = (len > MAX_USBFS_BULK_SIZE) ? MAX_USBFS_BULK_SIZE : len;
 
             ret = AdbReadEndpointSync(handle_->adb_read_pipe, data, xfer, &read, time_out);
             errno = GetLastError();
-            DBG("usb_read got: %ld, expected: %d, errno: %d\n", read, xfer, errno);
-            if (ret) {
-                return read;
-            } else {
+            DBG("usb_read got: %lu, expected: %zu, errno: %d\n", read, xfer, errno);
+            if (ret == 0) {
                 // assume ERROR_INVALID_HANDLE indicates we are disconnected
                 if (errno == ERROR_INVALID_HANDLE)
                     usb_kick(handle_.get());
                 break;
             }
-            // else we timed out - try again
+            count += read;
+            len -= read;
+            data = (char*)data + read;
+
+            if (xfer != read || len == 0) return count;
         }
     } else {
         DBG("usb_read NULL handle\n");
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index 56ea92c..410209b 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -245,11 +245,11 @@
             if (should_force_check(*fs_stat)) {
                 ret = android_fork_execvp_ext(
                     ARRAY_SIZE(e2fsck_forced_argv), const_cast<char**>(e2fsck_forced_argv), &status,
-                    true, LOG_KLOG | LOG_FILE, true, const_cast<char*>(FSCK_LOG_FILE), NULL, 0);
+                    true, LOG_KLOG | LOG_FILE, true, const_cast<char*>(FSCK_LOG_FILE), nullptr, 0);
             } else {
                 ret = android_fork_execvp_ext(
                     ARRAY_SIZE(e2fsck_argv), const_cast<char**>(e2fsck_argv), &status, true,
-                    LOG_KLOG | LOG_FILE, true, const_cast<char*>(FSCK_LOG_FILE), NULL, 0);
+                    LOG_KLOG | LOG_FILE, true, const_cast<char*>(FSCK_LOG_FILE), nullptr, 0);
             }
 
             if (ret < 0) {
@@ -263,13 +263,19 @@
         }
     } else if (is_f2fs(fs_type)) {
         const char* f2fs_fsck_argv[] = {F2FS_FSCK_BIN, "-a", blk_device.c_str()};
-        LINFO << "Running " << F2FS_FSCK_BIN << " -a " << realpath(blk_device);
+        const char* f2fs_fsck_forced_argv[] = {F2FS_FSCK_BIN, "-f", blk_device.c_str()};
 
-        ret = android_fork_execvp_ext(ARRAY_SIZE(f2fs_fsck_argv),
-                                      const_cast<char **>(f2fs_fsck_argv),
-                                      &status, true, LOG_KLOG | LOG_FILE,
-                                      true, const_cast<char *>(FSCK_LOG_FILE),
-                                      NULL, 0);
+        if (should_force_check(*fs_stat)) {
+            LINFO << "Running " << F2FS_FSCK_BIN << " -f " << realpath(blk_device);
+            ret = android_fork_execvp_ext(
+                ARRAY_SIZE(f2fs_fsck_forced_argv), const_cast<char**>(f2fs_fsck_forced_argv), &status,
+                true, LOG_KLOG | LOG_FILE, true, const_cast<char*>(FSCK_LOG_FILE), nullptr, 0);
+        } else {
+            LINFO << "Running " << F2FS_FSCK_BIN << " -a " << realpath(blk_device);
+            ret = android_fork_execvp_ext(
+                ARRAY_SIZE(f2fs_fsck_argv), const_cast<char**>(f2fs_fsck_argv), &status, true,
+                LOG_KLOG | LOG_FILE, true, const_cast<char*>(FSCK_LOG_FILE), nullptr, 0);
+        }
         if (ret < 0) {
             /* No need to check for error in fork, we can't really handle it now */
             LERROR << "Failed trying to run " << F2FS_FSCK_BIN;
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 0cbdcce..403f9be 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -61,6 +61,7 @@
         {"nodiratime", MS_NODIRATIME},
         {"ro", MS_RDONLY},
         {"rw", 0},
+        {"sync", MS_SYNCHRONOUS},
         {"remount", MS_REMOUNT},
         {"bind", MS_BIND},
         {"rec", MS_REC},
@@ -714,6 +715,7 @@
                                  [&skip_mount_point](const auto& entry) {
                                      return entry.mount_point == skip_mount_point;
                                  });
+        if (it == fstab->end()) continue;
         fstab->erase(it, fstab->end());
         LOG(INFO) << "Skip mounting partition: " << skip_mount_point;
     }
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index a649975..ed8cce6 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -90,7 +90,7 @@
     return {};
 }
 
-bool fs_mgr_overlayfs_setup(const char*, const char*, bool* change) {
+bool fs_mgr_overlayfs_setup(const char*, const char*, bool* change, bool) {
     if (change) *change = false;
     return false;
 }
@@ -903,7 +903,8 @@
 
 // Returns false if setup not permitted, errno set to last error.
 // If something is altered, set *change.
-bool fs_mgr_overlayfs_setup(const char* backing, const char* mount_point, bool* change) {
+bool fs_mgr_overlayfs_setup(const char* backing, const char* mount_point, bool* change,
+                            bool force) {
     if (change) *change = false;
     auto ret = false;
     if (fs_mgr_overlayfs_valid() == OverlayfsValidResult::kNotSupported) return ret;
@@ -927,7 +928,7 @@
             continue;
         }
         save_errno = errno;
-        auto verity_enabled = fs_mgr_is_verity_enabled(*it);
+        auto verity_enabled = !force && fs_mgr_is_verity_enabled(*it);
         if (errno == ENOENT || errno == ENXIO) errno = save_errno;
         if (verity_enabled) {
             it = candidates.erase(it);
diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp
index 6482ed3..149bee3 100644
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@@ -93,14 +93,14 @@
     logd(id, severity, tag, file, line, message);
 }
 
-[[noreturn]] void reboot(bool dedupe) {
-    if (dedupe) {
-        LOG(INFO) << "The device will now reboot to recovery and attempt un-deduplication.";
+[[noreturn]] void reboot(bool overlayfs = false) {
+    if (overlayfs) {
+        LOG(INFO) << "Successfully setup overlayfs\nrebooting device";
     } else {
         LOG(INFO) << "Successfully disabled verity\nrebooting device";
     }
     ::sync();
-    android::base::SetProperty(ANDROID_RB_PROPERTY, dedupe ? "reboot,recovery" : "reboot,remount");
+    android::base::SetProperty(ANDROID_RB_PROPERTY, "reboot,remount");
     ::sleep(60);
     ::exit(0);  // SUCCESS
 }
@@ -250,54 +250,47 @@
     // Check verity and optionally setup overlayfs backing.
     auto reboot_later = false;
     auto user_please_reboot_later = false;
-    auto uses_overlayfs = fs_mgr_overlayfs_valid() != OverlayfsValidResult::kNotSupported;
+    auto setup_overlayfs = false;
+    auto just_disabled_verity = false;
     for (auto it = partitions.begin(); it != partitions.end();) {
         auto& entry = *it;
         auto& mount_point = entry.mount_point;
         if (fs_mgr_is_verity_enabled(entry)) {
             retval = VERITY_PARTITION;
+            auto ret = false;
             if (android::base::GetProperty("ro.boot.vbmeta.device_state", "") != "locked") {
                 if (AvbOps* ops = avb_ops_user_new()) {
-                    auto ret = avb_user_verity_set(
+                    ret = avb_user_verity_set(
                             ops, android::base::GetProperty("ro.boot.slot_suffix", "").c_str(),
                             false);
                     avb_ops_user_free(ops);
-                    if (ret) {
-                        LOG(WARNING) << "Disabling verity for " << mount_point;
-                        reboot_later = can_reboot;
-                        if (reboot_later) {
-                            // w/o overlayfs available, also check for dedupe
-                            if (!uses_overlayfs) {
-                                ++it;
-                                continue;
-                            }
-                            reboot(false);
-                        }
-                        user_please_reboot_later = true;
-                    } else if (fs_mgr_set_blk_ro(entry.blk_device, false)) {
-                        fec::io fh(entry.blk_device.c_str(), O_RDWR);
-                        if (fh && fh.set_verity_status(false)) {
-                            LOG(WARNING) << "Disabling verity for " << mount_point;
-                            reboot_later = can_reboot;
-                            if (reboot_later && !uses_overlayfs) {
-                                ++it;
-                                continue;
-                            }
-                            user_please_reboot_later = true;
-                        }
-                    }
+                }
+                if (!ret && fs_mgr_set_blk_ro(entry.blk_device, false)) {
+                    fec::io fh(entry.blk_device.c_str(), O_RDWR);
+                    ret = fh && fh.set_verity_status(false);
+                }
+                if (ret) {
+                    LOG(WARNING) << "Disabling verity for " << mount_point;
+                    just_disabled_verity = true;
+                    reboot_later = can_reboot;
+                    user_please_reboot_later = true;
                 }
             }
-            LOG(ERROR) << "Skipping " << mount_point << " for remount";
-            it = partitions.erase(it);
-            continue;
+            if (!ret) {
+                LOG(ERROR) << "Skipping " << mount_point << " for remount";
+                it = partitions.erase(it);
+                continue;
+            }
         }
 
         auto change = false;
         errno = 0;
-        if (fs_mgr_overlayfs_setup(nullptr, mount_point.c_str(), &change)) {
+        if (fs_mgr_overlayfs_setup(nullptr, mount_point.c_str(), &change, just_disabled_verity)) {
             if (change) {
                 LOG(INFO) << "Using overlayfs for " << mount_point;
+                reboot_later = can_reboot;
+                user_please_reboot_later = true;
+                setup_overlayfs = true;
             }
         } else if (errno) {
             PLOG(ERROR) << "Overlayfs setup for " << mount_point << " failed, skipping";
@@ -308,8 +301,8 @@
         ++it;
     }
 
-    if (partitions.empty()) {
-        if (reboot_later) reboot(false);
+    if (partitions.empty() || just_disabled_verity) {
+        if (reboot_later) reboot(setup_overlayfs);
         if (user_please_reboot_later) {
             LOG(INFO) << "Now reboot your device for settings to take effect";
             return 0;
@@ -389,7 +382,7 @@
         retval = REMOUNT_FAILED;
     }
 
-    if (reboot_later) reboot(false);
+    if (reboot_later) reboot(setup_overlayfs);
     if (user_please_reboot_later) {
         LOG(INFO) << "Now reboot your device for settings to take effect";
         return 0;
diff --git a/fs_mgr/include/fs_mgr_overlayfs.h b/fs_mgr/include/fs_mgr_overlayfs.h
index 6aaf1f3..9a7381f 100644
--- a/fs_mgr/include/fs_mgr_overlayfs.h
+++ b/fs_mgr/include/fs_mgr_overlayfs.h
@@ -26,7 +26,7 @@
 bool fs_mgr_overlayfs_mount_all(android::fs_mgr::Fstab* fstab);
 std::vector<std::string> fs_mgr_overlayfs_required_devices(android::fs_mgr::Fstab* fstab);
 bool fs_mgr_overlayfs_setup(const char* backing = nullptr, const char* mount_point = nullptr,
-                            bool* change = nullptr);
+                            bool* change = nullptr, bool force = true);
 bool fs_mgr_overlayfs_teardown(const char* mount_point = nullptr, bool* change = nullptr);
 bool fs_mgr_overlayfs_is_setup();
 bool fs_mgr_has_shared_blocks(const std::string& mount_point, const std::string& dev);
diff --git a/fs_mgr/libfiemap_writer/Android.bp b/fs_mgr/libfiemap_writer/Android.bp
index 32fc3d2..ed209aa 100644
--- a/fs_mgr/libfiemap_writer/Android.bp
+++ b/fs_mgr/libfiemap_writer/Android.bp
@@ -30,6 +30,7 @@
     ],
 
     static_libs: [
+        "libdm",
         "libext4_utils",
     ],
 
diff --git a/fs_mgr/libfiemap_writer/fiemap_writer.cpp b/fs_mgr/libfiemap_writer/fiemap_writer.cpp
index e3803d5..f064436 100644
--- a/fs_mgr/libfiemap_writer/fiemap_writer.cpp
+++ b/fs_mgr/libfiemap_writer/fiemap_writer.cpp
@@ -37,10 +37,13 @@
 #include <android-base/stringprintf.h>
 #include <android-base/strings.h>
 #include <android-base/unique_fd.h>
+#include <libdm/dm.h>
 
 namespace android {
 namespace fiemap_writer {
 
+using namespace android::dm;
+
 // We are expecting no more than 512 extents in a fiemap of the file we create.
 // If we find more, then it is treated as error for now.
 static constexpr const uint32_t kMaxExtents = 512;
@@ -87,14 +90,57 @@
 }
 
 static bool DeviceMapperStackPop(const std::string& bdev, std::string* bdev_raw) {
-    // TODO: Stop popping the device mapper stack if dm-linear target is found
+    *bdev_raw = bdev;
+
     if (!::android::base::StartsWith(bdev, "dm-")) {
         // We are at the bottom of the device mapper stack.
-        *bdev_raw = bdev;
         return true;
     }
 
-    std::string dm_leaf_dir = ::android::base::StringPrintf("/sys/block/%s/slaves", bdev.c_str());
+    // Get the device name.
+    auto dm_name_file = "/sys/block/" + bdev + "/dm/name";
+    std::string dm_name;
+    if (!android::base::ReadFileToString(dm_name_file, &dm_name)) {
+        PLOG(ERROR) << "Could not read file: " << dm_name_file;
+        return false;
+    }
+    dm_name = android::base::Trim(dm_name);
+
+    auto& dm = DeviceMapper::Instance();
+    std::vector<DeviceMapper::TargetInfo> table;
+    if (!dm.GetTableInfo(dm_name, &table)) {
+        LOG(ERROR) << "Could not read device-mapper table for " << dm_name << " at " << bdev;
+        return false;
+    }
+
+    // The purpose of libfiemap_writer is to provide an extent-based view into
+    // a file. This is difficult if devices are not layered in a 1:1 manner;
+    // we would have to translate and break up extents based on the actual
+    // block mapping. Since this is too complex, we simply stop processing
+    // the device-mapper stack if we encounter a complex case.
+    //
+    // It is up to the caller to decide whether stopping at a virtual block
+    // device is allowable. In most cases it is not, because we want either
+    // "userdata" or an external volume. It is useful for tests however.
+    // Callers can check by comparing the device number to that of userdata,
+    // or by checking whether is a device-mapper node.
+    if (table.size() > 1) {
+        LOG(INFO) << "Stopping at complex table for " << dm_name << " at " << bdev;
+        return true;
+    }
+    const auto& entry = table[0].spec;
+    std::string target_type(std::string(entry.target_type, sizeof(entry.target_type)).c_str());
+    if (target_type != "bow" && target_type != "default-key" && target_type != "crypt") {
+        LOG(INFO) << "Stopping at complex target-type " << target_type << " for " << dm_name
+                  << " at " << bdev;
+        return true;
+    }
+    if (entry.sector_start != 0) {
+        LOG(INFO) << "Stopping at target-type with non-zero starting sector";
+        return true;
+    }
+
+    auto dm_leaf_dir = "/sys/block/" + bdev + "/slaves";
     auto d = std::unique_ptr<DIR, decltype(&closedir)>(opendir(dm_leaf_dir.c_str()), closedir);
     if (d == nullptr) {
         PLOG(ERROR) << "Failed to open: " << dm_leaf_dir;
diff --git a/fs_mgr/libfiemap_writer/include/libfiemap_writer/fiemap_writer.h b/fs_mgr/libfiemap_writer/include/libfiemap_writer/fiemap_writer.h
index 9486122..ee79262 100644
--- a/fs_mgr/libfiemap_writer/include/libfiemap_writer/fiemap_writer.h
+++ b/fs_mgr/libfiemap_writer/include/libfiemap_writer/fiemap_writer.h
@@ -60,10 +60,17 @@
     // FiemapWriter::Open).
     static bool HasPinnedExtents(const std::string& file_path);
 
-    // Returns the underlying block device of a file. This will look past device-mapper layers.
-    // If an intermediate device-mapper layer would not maintain a 1:1 mapping (i.e. is a non-
-    // trivial dm-linear), then this will fail. If device-mapper nodes are encountered, then
-    // |uses_dm| will be set to true.
+    // Returns the underlying block device of a file. This will look past device-mapper layers
+    // as long as each layer would not change block mappings (i.e., dm-crypt, dm-bow, and dm-
+    // default-key tables are okay; dm-linear is not). If a mapping such as dm-linear is found,
+    // it will be returned in place of any physical block device.
+    //
+    // It is the caller's responsibility to check whether the returned block device is acceptable.
+    // Gsid, for example, will only accept /dev/block/by-name/userdata as the bottom device.
+    // Callers can check the device name (dm- or loop prefix), inspect sysfs, or compare the major
+    // number against a boot device.
+    //
+    // If device-mapper nodes were encountered, then |uses_dm| will be set to true.
     static bool GetBlockDeviceForFile(const std::string& file_path, std::string* bdev_path,
                                       bool* uses_dm = nullptr);
 
diff --git a/fs_mgr/liblp/builder_test.cpp b/fs_mgr/liblp/builder_test.cpp
index 46bfe92..45c3ede 100644
--- a/fs_mgr/liblp/builder_test.cpp
+++ b/fs_mgr/liblp/builder_test.cpp
@@ -106,6 +106,13 @@
     EXPECT_EQ(extent->num_sectors(), 32768 / LP_SECTOR_SIZE);
     EXPECT_EQ(extent->physical_sector(), 32);
 
+    auto exported = builder->Export();
+    ASSERT_NE(exported, nullptr);
+    ASSERT_EQ(FindPartition(*exported.get(), "not found"), nullptr);
+    auto entry = FindPartition(*exported.get(), "system");
+    ASSERT_NE(entry, nullptr);
+    ASSERT_EQ(GetPartitionSize(*exported.get(), *entry), 32768);
+
     // Test shrinking to 0.
     builder->ResizePartition(system, 0);
     EXPECT_EQ(system->size(), 0);
diff --git a/fs_mgr/liblp/images.cpp b/fs_mgr/liblp/images.cpp
index db27022..58a88b5 100644
--- a/fs_mgr/liblp/images.cpp
+++ b/fs_mgr/liblp/images.cpp
@@ -89,8 +89,8 @@
     return true;
 }
 
-bool WriteToImageFile(const char* file, const LpMetadata& input) {
-    unique_fd fd(open(file, O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC, 0644));
+bool WriteToImageFile(const std::string& file, const LpMetadata& input) {
+    unique_fd fd(open(file.c_str(), O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC, 0644));
     if (fd < 0) {
         PERROR << __PRETTY_FUNCTION__ << " open failed: " << file;
         return false;
@@ -149,8 +149,8 @@
     return device_images_.size() == metadata_.block_devices.size();
 }
 
-bool ImageBuilder::Export(const char* file) {
-    unique_fd fd(open(file, O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC, 0644));
+bool ImageBuilder::Export(const std::string& file) {
+    unique_fd fd(open(file.c_str(), O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC, 0644));
     if (fd < 0) {
         PERROR << "open failed: " << file;
         return false;
@@ -438,7 +438,7 @@
     return temp_fds_.back().get();
 }
 
-bool WriteToImageFile(const char* file, const LpMetadata& metadata, uint32_t block_size,
+bool WriteToImageFile(const std::string& file, const LpMetadata& metadata, uint32_t block_size,
                       const std::map<std::string, std::string>& images, bool sparsify) {
     ImageBuilder builder(metadata, block_size, images, sparsify);
     return builder.IsValid() && builder.Build() && builder.Export(file);
diff --git a/fs_mgr/liblp/images.h b/fs_mgr/liblp/images.h
index 75060f9..a284d2e 100644
--- a/fs_mgr/liblp/images.h
+++ b/fs_mgr/liblp/images.h
@@ -41,7 +41,7 @@
                  const std::map<std::string, std::string>& images, bool sparsify);
 
     bool Build();
-    bool Export(const char* file);
+    bool Export(const std::string& file);
     bool ExportFiles(const std::string& dir);
     bool IsValid() const;
 
diff --git a/fs_mgr/liblp/include/liblp/liblp.h b/fs_mgr/liblp/include/liblp/liblp.h
index 5f782b0..135a1b3 100644
--- a/fs_mgr/liblp/include/liblp/liblp.h
+++ b/fs_mgr/liblp/include/liblp/liblp.h
@@ -72,9 +72,9 @@
 
 // Read/Write logical partition metadata to an image file, for diagnostics or
 // flashing.
-bool WriteToImageFile(const char* file, const LpMetadata& metadata, uint32_t block_size,
+bool WriteToImageFile(const std::string& file, const LpMetadata& metadata, uint32_t block_size,
                       const std::map<std::string, std::string>& images, bool sparsify);
-bool WriteToImageFile(const char* file, const LpMetadata& metadata);
+bool WriteToImageFile(const std::string& file, const LpMetadata& metadata);
 std::unique_ptr<LpMetadata> ReadFromImageFile(const std::string& image_file);
 std::unique_ptr<LpMetadata> ReadFromImageBlob(const void* data, size_t bytes);
 
@@ -107,6 +107,10 @@
 std::string SlotSuffixForSlotNumber(uint32_t slot_number);
 std::string GetPartitionSlotSuffix(const std::string& partition_name);
 
+// Helpers for common functions.
+const LpMetadataPartition* FindPartition(const LpMetadata& metadata, const std::string& name);
+uint64_t GetPartitionSize(const LpMetadata& metadata, const LpMetadataPartition& partition);
+
 }  // namespace fs_mgr
 }  // namespace android
 
diff --git a/fs_mgr/liblp/utility.cpp b/fs_mgr/liblp/utility.cpp
index 72a3c57..338b525 100644
--- a/fs_mgr/liblp/utility.cpp
+++ b/fs_mgr/liblp/utility.cpp
@@ -135,6 +135,24 @@
     return list;
 }
 
+const LpMetadataPartition* FindPartition(const LpMetadata& metadata, const std::string& name) {
+    for (const auto& partition : metadata.partitions) {
+        if (GetPartitionName(partition) == name) {
+            return &partition;
+        }
+    }
+    return nullptr;
+}
+
+uint64_t GetPartitionSize(const LpMetadata& metadata, const LpMetadataPartition& partition) {
+    uint64_t total_size = 0;
+    for (uint32_t i = 0; i < partition.num_extents; i++) {
+        const auto& extent = metadata.extents[partition.first_extent_index + i];
+        total_size += extent.num_sectors * LP_SECTOR_SIZE;
+    }
+    return total_size;
+}
+
 std::string GetPartitionSlotSuffix(const std::string& partition_name) {
     if (partition_name.size() <= 2) {
         return "";
diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh
index c22176b..c2a0f33 100755
--- a/fs_mgr/tests/adb-remount-test.sh
+++ b/fs_mgr/tests/adb-remount-test.sh
@@ -33,6 +33,7 @@
 ##  Helper Variables
 ##
 
+EMPTY=""
 SPACE=" "
 # A _real_ embedded tab character
 TAB="`echo | tr '\n' '\t'`"
@@ -50,6 +51,9 @@
 start_time=`date +%s`
 ACTIVE_SLOT=
 
+ADB_WAIT=4m
+FASTBOOT_WAIT=2m
+
 ##
 ##  Helper Functions
 ##
@@ -131,10 +135,30 @@
 adb_logcat() {
   echo "${RED}[     INFO ]${NORMAL} logcat ${@}" >&2 &&
   adb logcat "${@}" </dev/null |
+    tr -d '\r' |
     grep -v 'logd    : logdr: UID=' |
     sed -e '${/------- beginning of kernel/d}' -e 's/^[0-1][0-9]-[0-3][0-9] //'
 }
 
+[ "USAGE: avc_check >/dev/stderr
+
+Returns: worrisome avc violations" ]
+avc_check() {
+  if ! ${overlayfs_supported:-false}; then
+    return
+  fi
+  local L=`adb_logcat -b all -v brief -d \
+                      -e 'context=u:object_r:unlabeled:s0' 2>/dev/null |
+             sed -n 's/.*avc: //p' |
+             sort -u`
+  if [ -z "${L}" ]; then
+    return
+  fi
+  echo "${ORANGE}[  WARNING ]${NORMAL} unlabeled sepolicy violations:" >&2
+  echo "${L}" |
+    sed 's/^/             /' >&2
+}
+
 [ "USAGE: get_property <prop>
 
 Returns the property value" ]
@@ -173,7 +197,8 @@
 
 Returns: true if the reboot command succeeded" ]
 adb_reboot() {
-  adb reboot remount-test || true
+  avc_check
+  adb reboot remount-test </dev/null || true
   sleep 2
 }
 
@@ -219,13 +244,34 @@
   echo ${hours}:`expr ${minutes} / 10``expr ${minutes} % 10`:`expr ${seconds} / 10``expr ${seconds} % 10`
 }
 
+[ "USAGE: USB_DEVICE=\`usb_devnum [--next]\`
+
+USB_DEVICE contains cache. Update if system changes.
+
+Returns: the devnum for the USB_SERIAL device" ]
+usb_devnum() {
+  if [ -n "${USB_SERIAL}" ]; then
+    local usb_device=`cat ${USB_SERIAL%/serial}/devnum 2>/dev/null | tr -d ' \t\r\n'`
+    if [ -n "${usb_device}" ]; then
+      USB_DEVICE=dev${usb_device}
+    elif [ -n "${USB_DEVICE}" -a "${1}" ]; then
+      USB_DEVICE=dev`expr ${USB_DEVICE#dev} + 1`
+    fi
+    echo "${USB_DEVICE}"
+  fi
+}
+
 [ "USAGE: adb_wait [timeout]
 
 Returns: waits until the device has returned for adb or optional timeout" ]
 adb_wait() {
+  local start=`date +%s`
+  local duration=
   local ret
   if [ -n "${1}" ]; then
-    echo -n ". . . waiting `format_duration ${1}`" ${ANDROID_SERIAL} ${USB_ADDRESS} "${CR}"
+    USB_DEVICE=`usb_devnum --next`
+    duration=`format_duration ${1}`
+    echo -n ". . . waiting ${duration}" ${ANDROID_SERIAL} ${USB_ADDRESS} ${USB_DEVICE} "${CR}"
     timeout --preserve-status --signal=KILL ${1} adb wait-for-device 2>/dev/null
     ret=${?}
     echo -n "                                                                             ${CR}"
@@ -233,30 +279,83 @@
     adb wait-for-device
     ret=${?}
   fi
+  USB_DEVICE=`usb_devnum`
   if [ 0 = ${ret} -a -n "${ACTIVE_SLOT}" ]; then
     local active_slot=`get_active_slot`
     if [ X"${ACTIVE_SLOT}" != X"${active_slot}" ]; then
       echo "${ORANGE}[  WARNING ]${NORMAL} Active slot changed from ${ACTIVE_SLOT} to ${active_slot}" >&2
     fi
   fi
+  local end=`date +%s`
+  local diff_time=`expr ${end} - ${start}`
+  local _print_time=${print_time}
+  if [ ${diff_time} -lt 15 ]; then
+    _print_time=false
+  fi
+  diff_time=`format_duration ${diff_time}`
+  if [ "${diff_time}" = "${duration}" ]; then
+    _print_time=false
+  fi
+
+  local reason=
+  if inAdb; then
+    reason=`get_property ro.boot.bootreason`
+  fi
+  case ${reason} in
+    reboot*)
+      reason=
+      ;;
+    ${EMPTY})
+      ;;
+    *)
+      reason=" for boot reason ${reason}"
+      ;;
+  esac
+  if ${_print_time} || [ -n "${reason}" ]; then
+    echo "${BLUE}[     INFO ]${NORMAL} adb wait duration ${diff_time}${reason}"
+  fi >&2
+
   return ${ret}
 }
 
-[ "USAGE: usb_status > stdout
+[ "USAGE: adb_user > /dev/stdout
 
-If adb_wait failed, check if device is in adb, recovery or fastboot mode
-and report status string.
+Returns: the adb daemon user" ]
+adb_user() {
+  adb_sh echo '${USER}' </dev/null
+}
 
-Returns: \"(USB stack borken?)\", \"(In fastboot mode)\" or \"(in adb mode)\"" ]
+[ "USAGE: usb_status > stdout 2> stderr
+
+Assumes referenced right after adb_wait or fastboot_wait failued.
+If wait failed, check if device is in adb, recovery or fastboot mode
+and report status strings like  \"(USB stack borken?)\",
+\"(In fastboot mode)\", \"(In recovery mode)\" or \"(in adb mode)\".
+Additional diagnostics may be provided to the stderr output.
+
+Returns: USB status string" ]
 usb_status() {
   if inFastboot; then
     echo "(In fastboot mode)"
   elif inRecovery; then
     echo "(In recovery mode)"
   elif inAdb; then
-    echo "(In adb mode)"
+    echo "(In adb mode `adb_user`)"
   else
-    echo "(USB stack borken?)"
+    echo "(USB stack borken for ${USB_ADDRESS})"
+    USB_DEVICE=`usb_devnum`
+    if [ -n "${USB_DEVICE}" ]; then
+      echo "# lsusb -v -s ${USB_DEVICE#dev}"
+      local D=`lsusb -v -s ${USB_DEVICE#dev} 2>&1`
+      if [ -n "${D}" ]; then
+        echo "${D}"
+      else
+        lsusb -v
+      fi
+    else
+      echo "# lsusb -v (expected device missing)"
+      lsusb -v
+    fi >&2
   fi
 }
 
@@ -268,7 +367,8 @@
   # fastboot has no wait-for-device, but it does an automatic
   # wait and requires (even a nonsensical) command to do so.
   if [ -n "${1}" ]; then
-    echo -n ". . . waiting `format_duration ${1}`" ${ANDROID_SERIAL} ${USB_ADDRESS} "${CR}"
+    USB_DEVICE=`usb_devnum --next`
+    echo -n ". . . waiting `format_duration ${1}`" ${ANDROID_SERIAL} ${USB_ADDRESS} ${USB_DEVICE} "${CR}"
     timeout --preserve-status --signal=KILL ${1} fastboot wait-for-device >/dev/null 2>/dev/null
     ret=${?}
     echo -n "                                                                             ${CR}"
@@ -278,11 +378,12 @@
   fi ||
     inFastboot
   ret=${?}
+  USB_DEVICE=`usb_devnum`
   if [ 0 = ${ret} -a -n "${ACTIVE_SLOT}" ]; then
     local active_slot=`get_active_slot`
     if [ X"${ACTIVE_SLOT}" != X"${active_slot}" ]; then
-      echo "${ORANGE}[  WARNING ]${NORMAL} Active slot changed from ${ACTIVE_SLOT} to ${active_slot}" >&2
-    fi
+      echo "${ORANGE}[  WARNING ]${NORMAL} Active slot changed from ${ACTIVE_SLOT} to ${active_slot}"
+    fi >&2
   fi
   return ${ret}
 }
@@ -293,7 +394,8 @@
 recovery_wait() {
   local ret
   if [ -n "${1}" ]; then
-    echo -n ". . . waiting `format_duration ${1}`" ${ANDROID_SERIAL} ${USB_ADDRESS} "${CR}"
+    USB_DEVICE=`usb_devnum --next`
+    echo -n ". . . waiting `format_duration ${1}`" ${ANDROID_SERIAL} ${USB_ADDRESS} ${USB_DEVICE} "${CR}"
     timeout --preserve-status --signal=KILL ${1} adb wait-for-recovery 2>/dev/null
     ret=${?}
     echo -n "                                                                             ${CR}"
@@ -301,11 +403,12 @@
     adb wait-for-recovery
     ret=${?}
   fi
+  USB_DEVICE=`usb_devnum`
   if [ 0 = ${ret} -a -n "${ACTIVE_SLOT}" ]; then
     local active_slot=`get_active_slot`
     if [ X"${ACTIVE_SLOT}" != X"${active_slot}" ]; then
-      echo "${ORANGE}[  WARNING ]${NORMAL} Active slot changed from ${ACTIVE_SLOT} to ${active_slot}" >&2
-    fi
+      echo "${ORANGE}[  WARNING ]${NORMAL} Active slot changed from ${ACTIVE_SLOT} to ${active_slot}"
+    fi >&2
   fi
   return ${ret}
 }
@@ -327,17 +430,68 @@
   inFastboot || inAdb || inRecovery
 }
 
+wait_for_screen_timeout=900
+[ "USAGE: wait_for_screen [-n] [TIMEOUT]
+
+-n - echo newline at exit
+TIMEOUT - default `format_duration ${wait_for_screen_timeout}`" ]
+wait_for_screen() {
+  exit_function=true
+  if [ X"-n" = X"${1}" ]; then
+    exit_function=echo
+    shift
+  fi
+  timeout=${wait_for_screen_timeout}
+  if [ ${#} -gt 0 ]; then
+    timeout=${1}
+    shift
+  fi
+  counter=0
+  while true; do
+    if inFastboot; then
+      fastboot reboot
+    elif inAdb; then
+      if [ 0 != ${counter} ]; then
+        adb_wait
+      fi
+      if [ -n "`get_property sys.boot.reason`" ]
+      then
+        vals=`get_property |
+              sed -n 's/[[]sys[.]\(boot_completed\|logbootcomplete\)[]]: [[]\([01]\)[]]$/\1=\2/p'`
+        if [ "${vals}" = "`echo boot_completed=1 ; echo logbootcomplete=1`" ]
+        then
+          sleep 1
+          break
+        fi
+        if [ "${vals}" = "`echo logbootcomplete=1 ; echo boot_completed=1`" ]
+        then
+          sleep 1
+          break
+        fi
+      fi
+    fi
+    counter=`expr ${counter} + 1`
+    if [ ${counter} -gt ${timeout} ]; then
+      ${exit_function}
+      echo "ERROR: wait_for_screen() timed out (`format_duration ${timeout}`)" >&2
+      return 1
+    fi
+    sleep 1
+  done
+  ${exit_function}
+}
+
 [ "USAGE: adb_root
 
 NB: This can be flakey on devices due to USB state
 
 Returns: true if device in root state" ]
 adb_root() {
-  [ root != "`adb_sh echo '${USER}' </dev/null`" ] || return 0
+  [ root != "`adb_user`" ] || return 0
   adb root >/dev/null </dev/null 2>/dev/null
   sleep 2
-  adb_wait 2m &&
-    [ root = "`adb_sh echo '${USER}' </dev/null`" ]
+  adb_wait ${ADB_WAIT} &&
+    [ root = "`adb_user`" ]
 }
 
 [ "USAGE: adb_unroot
@@ -346,11 +500,11 @@
 
 Returns: true if device in un root state" ]
 adb_unroot() {
-  [ root = "`adb_sh echo '${USER}' </dev/null`" ] || return 0
+  [ root = "`adb_user`" ] || return 0
   adb unroot >/dev/null </dev/null 2>/dev/null
   sleep 2
-  adb_wait 2m &&
-    [ root != "`adb_sh echo '${USER}' </dev/null`" ]
+  adb_wait ${ADB_WAIT} &&
+    [ root != "`adb_user`" ]
 }
 
 [ "USAGE: fastboot_getvar var expected >/dev/stderr
@@ -370,10 +524,10 @@
     O="${1}: <empty>"
   fi
   if [ -n "${2}" -a "${1}: ${2}" != "${O}" ]; then
-    echo "${2} != ${O}" >&2
+    echo "${2} != ${O}"
     false
     return
-  fi
+  fi >&2
   echo ${O} >&2
 }
 
@@ -430,16 +584,16 @@
 Returns: exit failure, report status" ]
 die() {
   if [ X"-d" = X"${1}" ]; then
-    adb_logcat -b all -v nsec -d >&2
+    adb_logcat -b all -v nsec -d
     shift
   elif [ X"-t" = X"${1}" ]; then
     if [ -n "${2}" ]; then
-      adb_logcat -b all -v nsec -t ${2} >&2
+      adb_logcat -b all -v nsec -t ${2}
     else
-      adb_logcat -b all -v nsec -d >&2
+      adb_logcat -b all -v nsec -d
     fi
     shift 2
-  fi
+  fi >&2
   echo "${RED}[  FAILED  ]${NORMAL} ${@}" >&2
   cleanup
   restore
@@ -464,39 +618,63 @@
   if ! ( echo X"${rval}" | grep '^X'"${lval}"'$' >/dev/null 2>/dev/null ); then
     if [ `echo ${lval}${rval}${*} | wc -c` -gt 50 -o "${rval}" != "${rval%
 *}" ]; then
-      echo "${prefix} expected \"${lval}\"" >&2
+      echo "${prefix} expected \"${lval}\""
       echo "${prefix} got \"${rval}\"" |
         sed ': again
              N
              s/\(\n\)\([^ ]\)/\1             \2/
-             t again' >&2
+             t again'
       if [ -n "${*}" ] ; then
-        echo "${prefix} ${*}" >&2
+        echo "${prefix} ${*}"
       fi
     else
-      echo "${prefix} expected \"${lval}\" got \"${rval}\" ${*}" >&2
-    fi
+      echo "${prefix} expected \"${lval}\" got \"${rval}\" ${*}"
+    fi >&2
     return ${error}
   fi
   if [ -n "${*}" ] ; then
     prefix="${GREEN}[     INFO ]${NORMAL}"
     if [ X"${lval}" != X"${rval}" ]; then  # we were supplied a regex?
       if [ `echo ${lval}${rval}${*} | wc -c` -gt 60 -o "${rval}" != "${rval% *}" ]; then
-        echo "${prefix} ok \"${lval}\"" >&2
+        echo "${prefix} ok \"${lval}\""
         echo "       = \"${rval}\"" |
           sed ': again
                N
                s/\(\n\)\([^ ]\)/\1          \2/
-               t again' >&2
+               t again'
         if [ -n "${*}" ] ; then
-          echo "${prefix} ${*}" >&2
+          echo "${prefix} ${*}"
         fi
       else
-        echo "${prefix} ok \"${lval}\" = \"${rval}\" ${*}" >&2
+        echo "${prefix} ok \"${lval}\" = \"${rval}\" ${*}"
       fi
     else
-      echo "${prefix} ok \"${lval}\" ${*}" >&2
-    fi
+      echo "${prefix} ok \"${lval}\" ${*}"
+    fi >&2
+  fi
+  return 0
+}
+
+[ "USAGE: EXPECT_NE <lval> <rval> [--warning [message]]
+
+Returns true if lval matches rval" ]
+EXPECT_NE() {
+  local lval="${1}"
+  local rval="${2}"
+  shift 2
+  local error=1
+  local prefix="${RED}[    ERROR ]${NORMAL}"
+  if [ X"${1}" = X"--warning" ]; then
+      prefix="${RED}[  WARNING ]${NORMAL}"
+      error=0
+      shift 1
+  fi
+  if [ X"${rval}" = X"${lval}" ]; then
+    echo "${prefix} did not expect \"${lval}\" ${*}" >&2
+    return ${error}
+  fi
+  if [ -n "${*}" ] ; then
+    echo "${prefix} ok \"${lval}\" not \"${rval}\" ${*}" >&2
   fi
   return 0
 }
@@ -516,6 +694,21 @@
     die "${@}"
 }
 
+[ "USAGE: check_ne <lval> <rval> [--warning [message]]
+
+Exits if lval matches rval" ]
+check_ne() {
+  local lval="${1}"
+  local rval="${2}"
+  shift 2
+  if [ X"${1}" = X"--warning" ]; then
+      EXPECT_NE "${lval}" "${rval}" ${*}
+      return
+  fi
+  EXPECT_NE "${lval}" "${rval}" ||
+    die "${@}"
+}
+
 [ "USAGE: skip_administrative_mounts [data] < /proc/mounts
 
 Filters out all administrative (eg: sysfs) mounts uninteresting to the test" ]
@@ -606,7 +799,7 @@
 inRecovery && die "device in recovery mode"
 if ! inAdb; then
   echo "${ORANGE}[  WARNING ]${NORMAL} device not in adb mode" >&2
-  adb_wait 2m
+  adb_wait ${ADB_WAIT}
 fi
 inAdb || die "specified device not in adb mode"
 isDebuggable || die "device not a debug build"
@@ -631,7 +824,8 @@
   USB_ADDRESS=usb${USB_ADDRESS##*/}
 fi
 [ -z "${ANDROID_SERIAL}${USB_ADDRESS}" ] ||
-  echo "${BLUE}[     INFO ]${NORMAL}" ${ANDROID_SERIAL} ${USB_ADDRESS} >&2
+  USB_DEVICE=`usb_devnum`
+  echo "${BLUE}[     INFO ]${NORMAL}" ${ANDROID_SERIAL} ${USB_ADDRESS} ${USB_DEVICE} >&2
 BUILD_DESCRIPTION=`get_property ro.build.description`
 [ -z "${BUILD_DESCRIPTION}" ] ||
   echo "${BLUE}[     INFO ]${NORMAL} ${BUILD_DESCRIPTION}" >&2
@@ -657,6 +851,8 @@
     esac
   done
 
+# If reboot too soon after fresh flash, could trip device update failure logic
+wait_for_screen
 # Can we test remount -R command?
 overlayfs_supported=true
 if [ "orange" = "`get_property ro.boot.verifiedbootstate`" -a \
@@ -665,19 +861,20 @@
     ${overlayfs_supported} || return 0
     inFastboot &&
       fastboot reboot &&
-      adb_wait 2m
+      adb_wait ${ADB_WAIT}
     inAdb &&
       adb_root &&
       adb enable-verity >/dev/null 2>/dev/null &&
       adb_reboot &&
-      adb_wait 2m
+      adb_wait ${ADB_WAIT}
   }
 
   echo "${GREEN}[ RUN      ]${NORMAL} Testing adb shell su root remount -R command" >&2
 
+  avc_check
   adb_su remount -R system </dev/null || true
   sleep 2
-  adb_wait 2m ||
+  adb_wait ${ADB_WAIT} ||
     die "waiting for device after remount -R `usb_status`"
   if [ "orange" != "`get_property ro.boot.verifiedbootstate`" -o \
        "2" = "`get_property partition.system.verified`" ]; then
@@ -735,7 +932,7 @@
 if ${reboot}; then
   echo "${ORANGE}[  WARNING ]${NORMAL} rebooting before test" >&2
   adb_reboot &&
-    adb_wait 2m ||
+    adb_wait ${ADB_WAIT} ||
     die "lost device after reboot after wipe `usb_status`"
   adb_root ||
     die "lost device after elevation to root after wipe `usb_status`"
@@ -766,6 +963,15 @@
 echo "${D}"
 if [ X"${D}" = X"${D##* 100[%] }" ] && ${no_dedupe} ; then
   overlayfs_needed=false
+  # if device does not need overlays, then adb enable-verity will brick device
+  restore() {
+    ${overlayfs_supported} || return 0
+    inFastboot &&
+      fastboot reboot &&
+      adb_wait ${ADB_WAIT}
+    inAdb &&
+      adb_wait ${ADB_WAIT}
+  }
 elif ! ${overlayfs_supported}; then
   die "need overlayfs, but do not have it"
 fi
@@ -800,7 +1006,7 @@
   echo "${GREEN}[     INFO ]${NORMAL} rebooting as requested" >&2
   L=`adb_logcat -b all -v nsec -t ${T} 2>&1`
   adb_reboot &&
-    adb_wait 2m ||
+    adb_wait ${ADB_WAIT} ||
     die "lost device after reboot requested `usb_status`"
   adb_root ||
     die "lost device after elevation to root `usb_status`"
@@ -841,6 +1047,11 @@
 
 echo "${GREEN}[ RUN      ]${NORMAL} remount" >&2
 
+# Feed log with selinux denials as baseline before overlays
+adb_unroot
+adb_sh find /system /vendor </dev/null >/dev/null 2>/dev/null
+adb_root
+
 D=`adb remount 2>&1`
 ret=${?}
 echo "${D}"
@@ -941,6 +1152,26 @@
 B="`adb_cat /vendor/hello`" ||
   die "vendor hello"
 check_eq "${A}" "${B}" /vendor before reboot
+SYSTEM_DEVT=`adb_sh stat --format=%D /system/hello </dev/null`
+VENDOR_DEVT=`adb_sh stat --format=%D /vendor/hello </dev/null`
+SYSTEM_INO=`adb_sh stat --format=%i /system/hello </dev/null`
+VENDOR_INO=`adb_sh stat --format=%i /vendor/hello </dev/null`
+BASE_SYSTEM_DEVT=`adb_sh stat --format=%D /system/bin/stat </dev/null`
+BASE_VENDOR_DEVT=`adb_sh stat --format=%D /vendor/bin/stat </dev/null`
+check_eq "${SYSTEM_DEVT%[0-9a-fA-F][0-9a-fA-F]}" "${VENDOR_DEVT%[0-9a-fA-F][0-9a-fA-F]}" vendor and system devt
+check_ne "${SYSTEM_INO}" "${VENDOR_INO}" vendor and system inode
+if ${overlayfs_needed}; then
+  check_ne "${SYSTEM_DEVT}" "${BASE_SYSTEM_DEVT}" system devt
+  check_ne "${VENDOR_DEVT}" "${BASE_VENDOR_DEVT}" vendor devt
+else
+  check_eq "${SYSTEM_DEVT}" "${BASE_SYSTEM_DEVT}" system devt
+  check_eq "${VENDOR_DEVT}" "${BASE_VENDOR_DEVT}" vendor devt
+fi
+check_ne "${BASE_SYSTEM_DEVT}" "${BASE_VENDOR_DEVT}" --warning system/vendor devt
+[ -n "${SYSTEM_DEVT%[0-9a-fA-F][0-9a-fA-F]}" ] ||
+  die "system devt ${SYSTEM_DEVT} is major 0"
+[ -n "${VENDOR_DEVT%[0-9a-fA-F][0-9a-fA-F]}" ] ||
+  die "vendor devt ${SYSTEM_DEVT} is major 0"
 
 # Download libc.so, append some gargage, push back, and check if the file
 # is updated.
@@ -961,8 +1192,16 @@
 
 echo "${GREEN}[ RUN      ]${NORMAL} reboot to confirm content persistent" >&2
 
+fixup_from_recovery() {
+  inRecovery || return 1
+  echo "${ORANGE}[    ERROR ]${NORMAL} Device in recovery" >&2
+  adb reboot </dev/null
+  adb_wait ${ADB_WAIT}
+}
+
 adb_reboot &&
-  adb_wait 2m ||
+  adb_wait ${ADB_WAIT} ||
+  fixup_from_recovery ||
   die "reboot after override content added failed `usb_status`"
 
 if ${overlayfs_needed}; then
@@ -985,6 +1224,9 @@
   B="`adb_cat /vendor/hello 2>&1`"
   check_eq "cat: /vendor/hello: Permission denied" "${B}" vendor after reboot w/o root
   echo "${GREEN}[       OK ]${NORMAL} /vendor content correct MAC after reboot" >&2
+  # Feed unprivileged log with selinux denials as a result of overlays
+  wait_for_screen
+  adb_sh find /system /vendor </dev/null >/dev/null 2>/dev/null
 fi
 B="`adb_cat /system/hello`"
 check_eq "${A}" "${B}" /system after reboot
@@ -996,6 +1238,17 @@
 check_eq "${A}" "${B}" vendor after reboot
 echo "${GREEN}[       OK ]${NORMAL} /vendor content remains after reboot" >&2
 
+check_eq "${SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/hello </dev/null`" system devt after reboot
+check_eq "${VENDOR_DEVT}" "`adb_sh stat --format=%D /vendor/hello </dev/null`" vendor devt after reboot
+check_eq "${SYSTEM_INO}" "`adb_sh stat --format=%i /system/hello </dev/null`" system inode after reboot
+check_eq "${VENDOR_INO}" "`adb_sh stat --format=%i /vendor/hello </dev/null`" vendor inode after reboot
+check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/bin/stat </dev/null`" base system devt after reboot
+check_eq "${BASE_VENDOR_DEVT}" "`adb_sh stat --format=%D /vendor/bin/stat </dev/null`" base system devt after reboot
+check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/xbin/su </dev/null`" devt for su after reboot
+
+# Feed log with selinux denials as a result of overlays
+adb_sh find /system /vendor </dev/null >/dev/null 2>/dev/null
+
 # Check if the updated libc.so is persistent after reboot.
 adb_root &&
   adb pull /system/lib/bootstrap/libc.so ${tempdir}/libc.so.fromdevice >/dev/null ||
@@ -1025,10 +1278,17 @@
   echo "${ORANGE}[  WARNING ]${NORMAL} wrong vendor image, skipping"
 elif [ -z "${ANDROID_HOST_OUT}" ]; then
   echo "${ORANGE}[  WARNING ]${NORMAL} please run lunch, skipping"
+elif ! (
+          adb_cat /vendor/build.prop |
+          cmp -s ${ANDROID_PRODUCT_OUT}/vendor/build.prop
+       ) >/dev/null 2>/dev/null; then
+  echo "${ORANGE}[  WARNING ]${NORMAL} vendor image signature mismatch, skipping"
 else
-  adb reboot fastboot ||
+  wait_for_screen
+  avc_check
+  adb reboot fastboot </dev/null ||
     die "fastbootd not supported (wrong adb in path?)"
-  any_wait 2m &&
+  any_wait ${ADB_WAIT} &&
     inFastboot ||
     die "reboot into fastboot to flash vendor `usb_status` (bad bootloader?)"
   fastboot flash vendor ||
@@ -1069,8 +1329,9 @@
   fastboot reboot ||
     die "can not reboot out of fastboot"
   echo "${ORANGE}[  WARNING ]${NORMAL} adb after fastboot"
-  adb_wait 2m ||
-    die "did not reboot after flash `usb_status`"
+  adb_wait ${ADB_WAIT} ||
+    fixup_from_recovery ||
+    die "did not reboot after formatting ${scratch_partition} `usb_status`"
   if ${overlayfs_needed}; then
     adb_root &&
       D=`adb_sh df -k </dev/null` &&
@@ -1101,8 +1362,15 @@
     check_eq "cat: /vendor/hello: No such file or directory" "${B}" \
              --warning vendor content after flash vendor
   fi
+
+  check_eq "${SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/hello </dev/null`" system devt after reboot
+  check_eq "${SYSTEM_INO}" "`adb_sh stat --format=%i /system/hello </dev/null`" system inode after reboot
+  check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/bin/stat </dev/null`" base system devt after reboot
+  check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/xbin/su </dev/null`" devt for su after reboot
+
 fi
 
+wait_for_screen
 echo "${GREEN}[ RUN      ]${NORMAL} remove test content (cleanup)" >&2
 
 T=`adb_date`
@@ -1114,7 +1382,7 @@
   echo "${ORANGE}[  WARNING ]${NORMAL} adb remount requires a reboot after partial flash (legacy avb)"
   L=`adb_logcat -b all -v nsec -t ${T} 2>&1`
   adb_reboot &&
-    adb_wait 2m &&
+    adb_wait ${ADB_WAIT} &&
     adb_root ||
     die "failed to reboot"
   T=`adb_date`
@@ -1136,14 +1404,15 @@
 
   echo "${GREEN}[ RUN      ]${NORMAL} test fastboot flash to ${scratch_partition} recovery" >&2
 
-  adb reboot fastboot ||
+  avc_check
+  adb reboot fastboot </dev/null ||
     die "Reboot into fastbootd"
   img=${TMPDIR}/adb-remount-test-${$}.img
   cleanup() {
     rm ${img}
   }
   dd if=/dev/zero of=${img} bs=4096 count=16 2>/dev/null &&
-    fastboot_wait 2m ||
+    fastboot_wait ${FASTBOOT_WAIT} ||
     die "reboot into fastboot `usb_status`"
   fastboot flash --force ${scratch_partition} ${img}
   err=${?}
@@ -1155,9 +1424,9 @@
     die "can not reboot out of fastboot"
   [ 0 -eq ${err} ] ||
     die "fastboot flash ${scratch_partition}"
-  adb_wait 2m &&
+  adb_wait ${ADB_WAIT} &&
     adb_root ||
-    die "did not reboot after flash"
+    die "did not reboot after flashing empty ${scratch_partition} `usb_status`"
   T=`adb_date`
   D=`adb disable-verity 2>&1`
   err=${?}
@@ -1165,7 +1434,7 @@
   then
     echo "${ORANGE}[  WARNING ]${NORMAL} adb disable-verity requires a reboot after partial flash"
     adb_reboot &&
-      adb_wait 2m &&
+      adb_wait ${ADB_WAIT} &&
       adb_root ||
       die "failed to reboot"
     T=`adb_date`
@@ -1191,9 +1460,25 @@
 
 echo "${GREEN}[ RUN      ]${NORMAL} test raw remount commands" >&2
 
+fixup_from_fastboot() {
+  inFastboot || return 1
+  if [ -n "${ACTIVE_SLOT}" ]; then
+    local active_slot=`get_active_slot`
+    if [ X"${ACTIVE_SLOT}" != X"${active_slot}" ]; then
+      echo "${ORANGE}[    ERROR ]${NORMAL} Active slot changed from ${ACTIVE_SLOT} to ${active_slot}"
+    else
+      echo "${ORANGE}[    ERROR ]${NORMAL} Active slot to be set to ${ACTIVE_SLOT}"
+    fi >&2
+    fastboot --set-active=${ACTIVE_SLOT}
+  fi
+  fastboot reboot
+  adb_wait ${ADB_WAIT}
+}
+
 # Prerequisite is a prepped device from above.
 adb_reboot &&
-  adb_wait 2m ||
+  adb_wait ${ADB_WAIT} ||
+  fixup_from_fastboot ||
   die "lost device after reboot to ro state `usb_status`"
 adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null &&
   die "/vendor is not read-only"
@@ -1205,8 +1490,9 @@
 
 # Prerequisite is a prepped device from above.
 adb_reboot &&
-  adb_wait 2m ||
-  die "lost device after reboot to ro state (USB stack broken?)"
+  adb_wait ${ADB_WAIT} ||
+  fixup_from_fastboot ||
+  die "lost device after reboot to ro state `usb_status`"
 adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null &&
   die "/vendor is not read-only"
 adb_su remount vendor </dev/null ||
@@ -1225,26 +1511,35 @@
     die "/${d}/overlay wipe"
 done
 adb_reboot &&
-  adb_wait 2m ||
-  die "lost device after reboot after wipe (USB stack broken?)"
+  adb_wait ${ADB_WAIT} ||
+  fixup_from_fastboot ||
+  die "lost device after reboot after wipe `usb_status`"
 adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null &&
   die "/vendor is not read-only"
 adb_su remount vendor </dev/null ||
   die "remount command"
+adb_su df -k </dev/null | skip_unrelated_mounts
 adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null ||
   die "/vendor is not read-write"
-adb_sh grep " /system .* rw," /proc/mounts >/dev/null </dev/null &&
+adb_sh grep " \(/system\|/\) .* rw," /proc/mounts >/dev/null </dev/null &&
   die "/system is not read-only"
 echo "${GREEN}[       OK ]${NORMAL} remount command works from scratch" >&2
 
-restore
-err=${?}
+if ! restore; then
+  restore() {
+    true
+  }
+  die "failed to restore verity after remount from scratch test"
+fi
 
-if [ ${err} = 0 ] && ${overlayfs_supported}; then
+err=0
+
+if ${overlayfs_supported}; then
   echo "${GREEN}[ RUN      ]${NORMAL} test 'adb remount -R'" >&2
+  avc_check
   adb_root &&
     adb remount -R &&
-    adb_wait 2m ||
+    adb_wait ${ADB_WAIT} ||
     die "adb remount -R"
   if [ "orange" != "`get_property ro.boot.verifiedbootstate`" -o \
        "2" = "`get_property partition.system.verified`" ]; then
@@ -1262,7 +1557,7 @@
 }
 
 [ ${err} = 0 ] ||
-  die "failed to restore verity" >&2
+  die "failed to restore verity"
 
 echo "${GREEN}[  PASSED  ]${NORMAL} adb remount" >&2
 
diff --git a/init/Android.bp b/init/Android.bp
index 69498ac..fa0a35c 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -68,6 +68,7 @@
         "libpropertyinfoparser",
     ],
     shared_libs: [
+        "libbacktrace",
         "libbase",
         "libbinder",
         "libbootloader_message",
@@ -123,8 +124,10 @@
         "reboot.cpp",
         "reboot_utils.cpp",
         "security.cpp",
+        "selabel.cpp",
         "selinux.cpp",
         "service.cpp",
+        "service_utils.cpp",
         "sigchld_handler.cpp",
         "subcontext.cpp",
         "subcontext.proto",
@@ -171,7 +174,6 @@
             exclude_shared_libs: ["libbinder", "libutils"],
         },
     },
-    ldflags: ["-Wl,--rpath,/system/${LIB}/bootstrap"],
 }
 
 // Tests
@@ -188,7 +190,6 @@
         "persistent_properties_test.cpp",
         "property_service_test.cpp",
         "property_type_test.cpp",
-        "result_test.cpp",
         "rlimit_parser_test.cpp",
         "service_test.cpp",
         "subcontext_test.cpp",
@@ -258,6 +259,7 @@
         "rlimit_parser.cpp",
         "tokenizer.cpp",
         "service.cpp",
+        "service_utils.cpp",
         "subcontext.cpp",
         "subcontext.proto",
         "util.cpp",
diff --git a/init/Android.mk b/init/Android.mk
index b02c926..0a3e8c7 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -52,6 +52,7 @@
     first_stage_mount.cpp \
     mount_namespace.cpp \
     reboot_utils.cpp \
+    selabel.cpp \
     selinux.cpp \
     switch_root.cpp \
     uevent_listener.cpp \
@@ -105,6 +106,10 @@
     libcap \
     libgsi \
     libcom.android.sysprop.apex \
+    liblzma \
+    libdexfile_support \
+    libunwindstack \
+    libbacktrace \
 
 LOCAL_SANITIZE := signed-integer-overflow
 # First stage init is weird: it may start without stdout/stderr, and no /proc.
diff --git a/init/README.md b/init/README.md
index 806bfa7..6868378 100644
--- a/init/README.md
+++ b/init/README.md
@@ -35,24 +35,14 @@
 at the beginning of its execution.  It is responsible for the initial
 set up of the system.
 
-Devices that mount /system, /vendor through the first stage mount mechanism
-load all of the files contained within the
+Init loads all of the files contained within the
 /{system,vendor,odm}/etc/init/ directories immediately after loading
 the primary /init.rc.  This is explained in more details in the
 Imports section of this file.
 
-Legacy devices without the first stage mount mechanism do the following:
-1. /init.rc imports /init.${ro.hardware}.rc which is the primary
-   vendor supplied .rc file.
-2. During the mount\_all command, the init executable loads all of the
-   files contained within the /{system,vendor,odm}/etc/init/ directories.
-   These directories are intended for all Actions and Services used after
-   file system mounting.
-
-One may specify paths in the mount\_all command line to have it import
-.rc files at the specified paths instead of the default ones listed above.
-This is primarily for supporting factory mode and other non-standard boot
-modes.  The three default paths should be used for the normal boot process.
+Legacy devices without the first stage mount mechanism previously were
+able to import init scripts during mount_all, however that is deprecated
+and not allowed for devices launching after Q.
 
 The intention of these directories is:
 
@@ -88,14 +78,6 @@
 conflict resolution when multiple services are added to the system, as
 each one will go into a separate file.
 
-There are two options "early" and "late" in mount\_all command
-which can be set after optional paths. With "--early" set, the
-init executable will skip mounting entries with "latemount" flag
-and triggering fs encryption state event. With "--late" set,
-init executable will only mount entries with "latemount" flag but skip
-importing rc files. By default, no option is set, and mount\_all will
-process all entries in the given fstab.
-
 Actions
 -------
 Actions are named sequences of commands.  Actions have a trigger which
@@ -514,10 +496,12 @@
   will be updated if the directory exists already.
 
 `mount_all <fstab> [ <path> ]\* [--<option>]`
-> Calls fs\_mgr\_mount\_all on the given fs\_mgr-format fstab and imports .rc files
-  at the specified paths (e.g., on the partitions just mounted) with optional
+> Calls fs\_mgr\_mount\_all on the given fs\_mgr-format fstab with optional
   options "early" and "late".
-  Refer to the section of "Init .rc Files" for detail.
+  With "--early" set, the init executable will skip mounting entries with
+  "latemount" flag and triggering fs encryption state event. With "--late" set,
+  init executable will only mount entries with "latemount" flag. By default,
+  no option is set, and mount\_all will process all entries in the given fstab.
 
 `mount <type> <device> <dir> [ <flag>\* ] [<options>]`
 > Attempt to mount the named device at the directory _dir_
@@ -638,8 +622,9 @@
       `ro.boot.init_rc` during initial boot.
    2. When it imports /{system,vendor,odm}/etc/init/ for first stage mount
       devices immediately after importing /init.rc.
-   3. When it imports /{system,vendor,odm}/etc/init/ or .rc files at specified
-      paths during mount_all.
+   3. (Deprecated) When it imports /{system,vendor,odm}/etc/init/ or .rc files
+      at specified paths during mount_all, not allowed for devices launching
+      after Q.
 
 The order that files are imported is a bit complex for legacy reasons
 and to keep backwards compatibility.  It is not strictly guaranteed.
diff --git a/init/action.cpp b/init/action.cpp
index 94ccef2..a169591 100644
--- a/init/action.cpp
+++ b/init/action.cpp
@@ -28,9 +28,8 @@
 namespace android {
 namespace init {
 
-Result<Success> RunBuiltinFunction(const BuiltinFunction& function,
-                                   const std::vector<std::string>& args,
-                                   const std::string& context) {
+Result<void> RunBuiltinFunction(const BuiltinFunction& function,
+                                const std::vector<std::string>& args, const std::string& context) {
     auto builtin_arguments = BuiltinArguments(context);
 
     builtin_arguments.args.resize(args.size());
@@ -51,7 +50,7 @@
       args_(std::move(args)),
       line_(line) {}
 
-Result<Success> Command::InvokeFunc(Subcontext* subcontext) const {
+Result<void> Command::InvokeFunc(Subcontext* subcontext) const {
     if (subcontext) {
         if (execute_in_subcontext_) {
             return subcontext->Execute(args_);
@@ -83,7 +82,7 @@
 
 const KeywordFunctionMap* Action::function_map_ = nullptr;
 
-Result<Success> Action::AddCommand(std::vector<std::string>&& args, int line) {
+Result<void> Action::AddCommand(std::vector<std::string>&& args, int line) {
     if (!function_map_) {
         return Error() << "no function map available";
     }
@@ -92,7 +91,7 @@
     if (!function) return Error() << function.error();
 
     commands_.emplace_back(function->second, function->first, std::move(args), line);
-    return Success();
+    return {};
 }
 
 void Action::AddCommand(BuiltinFunction f, std::vector<std::string>&& args, int line) {
@@ -127,7 +126,7 @@
     // report such failures unless we're running at the DEBUG log level.
     bool report_failure = !result.has_value();
     if (report_failure && android::base::GetMinimumLogSeverity() > android::base::DEBUG &&
-        result.error_errno() == ENOENT) {
+        result.error().code() == ENOENT) {
         report_failure = false;
     }
 
@@ -139,7 +138,7 @@
 
         LOG(INFO) << "Command '" << cmd_str << "' action=" << trigger_name << " (" << filename_
                   << ":" << command.line() << ") took " << duration.count() << "ms and "
-                  << (result ? "succeeded" : "failed: " + result.error_string());
+                  << (result ? "succeeded" : "failed: " + result.error().message());
     }
 }
 
diff --git a/init/action.h b/init/action.h
index 967c682..13b250a 100644
--- a/init/action.h
+++ b/init/action.h
@@ -31,15 +31,15 @@
 namespace android {
 namespace init {
 
-Result<Success> RunBuiltinFunction(const BuiltinFunction& function,
-                                   const std::vector<std::string>& args, const std::string& context);
+Result<void> RunBuiltinFunction(const BuiltinFunction& function,
+                                const std::vector<std::string>& args, const std::string& context);
 
 class Command {
   public:
     Command(BuiltinFunction f, bool execute_in_subcontext, std::vector<std::string>&& args,
             int line);
 
-    Result<Success> InvokeFunc(Subcontext* subcontext) const;
+    Result<void> InvokeFunc(Subcontext* subcontext) const;
     std::string BuildCommandString() const;
 
     int line() const { return line_; }
@@ -61,7 +61,7 @@
            const std::string& event_trigger,
            const std::map<std::string, std::string>& property_triggers);
 
-    Result<Success> AddCommand(std::vector<std::string>&& args, int line);
+    Result<void> AddCommand(std::vector<std::string>&& args, int line);
     void AddCommand(BuiltinFunction f, std::vector<std::string>&& args, int line);
     std::size_t NumCommands() const;
     void ExecuteOneCommand(std::size_t command) const;
diff --git a/init/action_parser.cpp b/init/action_parser.cpp
index 4f8bd16..ff20e43 100644
--- a/init/action_parser.cpp
+++ b/init/action_parser.cpp
@@ -55,8 +55,8 @@
     return CanReadProperty(subcontext->context(), prop_name);
 }
 
-Result<Success> ParsePropertyTrigger(const std::string& trigger, Subcontext* subcontext,
-                                     std::map<std::string, std::string>* property_triggers) {
+Result<void> ParsePropertyTrigger(const std::string& trigger, Subcontext* subcontext,
+                                  std::map<std::string, std::string>* property_triggers) {
     const static std::string prop_str("property:");
     std::string prop_name(trigger.substr(prop_str.length()));
     size_t equal_pos = prop_name.find('=');
@@ -74,12 +74,12 @@
     if (auto [it, inserted] = property_triggers->emplace(prop_name, prop_value); !inserted) {
         return Error() << "multiple property triggers found for same property";
     }
-    return Success();
+    return {};
 }
 
-Result<Success> ParseTriggers(const std::vector<std::string>& args, Subcontext* subcontext,
-                              std::string* event_trigger,
-                              std::map<std::string, std::string>* property_triggers) {
+Result<void> ParseTriggers(const std::vector<std::string>& args, Subcontext* subcontext,
+                           std::string* event_trigger,
+                           std::map<std::string, std::string>* property_triggers) {
     const static std::string prop_str("property:");
     for (std::size_t i = 0; i < args.size(); ++i) {
         if (args[i].empty()) {
@@ -108,13 +108,13 @@
         }
     }
 
-    return Success();
+    return {};
 }
 
 }  // namespace
 
-Result<Success> ActionParser::ParseSection(std::vector<std::string>&& args,
-                                           const std::string& filename, int line) {
+Result<void> ActionParser::ParseSection(std::vector<std::string>&& args,
+                                        const std::string& filename, int line) {
     std::vector<std::string> triggers(args.begin() + 1, args.end());
     if (triggers.size() < 1) {
         return Error() << "Actions must have a trigger";
@@ -142,19 +142,19 @@
                                            property_triggers);
 
     action_ = std::move(action);
-    return Success();
+    return {};
 }
 
-Result<Success> ActionParser::ParseLineSection(std::vector<std::string>&& args, int line) {
-    return action_ ? action_->AddCommand(std::move(args), line) : Success();
+Result<void> ActionParser::ParseLineSection(std::vector<std::string>&& args, int line) {
+    return action_ ? action_->AddCommand(std::move(args), line) : Result<void>{};
 }
 
-Result<Success> ActionParser::EndSection() {
+Result<void> ActionParser::EndSection() {
     if (action_ && action_->NumCommands() > 0) {
         action_manager_->AddAction(std::move(action_));
     }
 
-    return Success();
+    return {};
 }
 
 }  // namespace init
diff --git a/init/action_parser.h b/init/action_parser.h
index b7f7074..2fe9983 100644
--- a/init/action_parser.h
+++ b/init/action_parser.h
@@ -32,10 +32,10 @@
   public:
     ActionParser(ActionManager* action_manager, std::vector<Subcontext>* subcontexts)
         : action_manager_(action_manager), subcontexts_(subcontexts), action_(nullptr) {}
-    Result<Success> ParseSection(std::vector<std::string>&& args, const std::string& filename,
-                                 int line) override;
-    Result<Success> ParseLineSection(std::vector<std::string>&& args, int line) override;
-    Result<Success> EndSection() override;
+    Result<void> ParseSection(std::vector<std::string>&& args, const std::string& filename,
+                              int line) override;
+    Result<void> ParseLineSection(std::vector<std::string>&& args, int line) override;
+    Result<void> EndSection() override;
 
   private:
     ActionManager* action_manager_;
diff --git a/init/bootchart.cpp b/init/bootchart.cpp
index c2cf573..b7db9b6 100644
--- a/init/bootchart.cpp
+++ b/init/bootchart.cpp
@@ -165,20 +165,20 @@
   LOG(INFO) << "Bootcharting finished";
 }
 
-static Result<Success> do_bootchart_start() {
+static Result<void> do_bootchart_start() {
     // We don't care about the content, but we do care that /data/bootchart/enabled actually exists.
     std::string start;
     if (!android::base::ReadFileToString("/data/bootchart/enabled", &start)) {
         LOG(VERBOSE) << "Not bootcharting";
-        return Success();
+        return {};
     }
 
     g_bootcharting_thread = new std::thread(bootchart_thread_main);
-    return Success();
+    return {};
 }
 
-static Result<Success> do_bootchart_stop() {
-    if (!g_bootcharting_thread) return Success();
+static Result<void> do_bootchart_stop() {
+    if (!g_bootcharting_thread) return {};
 
     // Tell the worker thread it's time to quit.
     {
@@ -190,10 +190,10 @@
     g_bootcharting_thread->join();
     delete g_bootcharting_thread;
     g_bootcharting_thread = nullptr;
-    return Success();
+    return {};
 }
 
-Result<Success> do_bootchart(const BuiltinArguments& args) {
+Result<void> do_bootchart(const BuiltinArguments& args) {
     if (args[1] == "start") return do_bootchart_start();
     return do_bootchart_stop();
 }
diff --git a/init/bootchart.h b/init/bootchart.h
index 05474ca..6f19aad 100644
--- a/init/bootchart.h
+++ b/init/bootchart.h
@@ -26,7 +26,7 @@
 namespace android {
 namespace init {
 
-Result<Success> do_bootchart(const BuiltinArguments& args);
+Result<void> do_bootchart(const BuiltinArguments& args);
 
 }  // namespace init
 }  // namespace android
diff --git a/init/boringssl_self_test.cpp b/init/boringssl_self_test.cpp
index 0408d30..759eb43 100644
--- a/init/boringssl_self_test.cpp
+++ b/init/boringssl_self_test.cpp
@@ -25,7 +25,7 @@
 namespace android {
 namespace init {
 
-Result<Success> StartBoringSslSelfTest(const BuiltinArguments&) {
+Result<void> StartBoringSslSelfTest(const BuiltinArguments&) {
     pid_t id = fork();
 
     if (id == 0) {
@@ -49,7 +49,7 @@
         PLOG(FATAL) << "Failed to fork for BoringSSL self test";
     }
 
-    return Success();
+    return {};
 }
 
 }  // namespace init
diff --git a/init/boringssl_self_test.h b/init/boringssl_self_test.h
index b21fc78..9e717d0 100644
--- a/init/boringssl_self_test.h
+++ b/init/boringssl_self_test.h
@@ -22,7 +22,7 @@
 namespace android {
 namespace init {
 
-Result<Success> StartBoringSslSelfTest(const BuiltinArguments&);
+Result<void> StartBoringSslSelfTest(const BuiltinArguments&);
 
 }  // namespace init
 }  // namespace android
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 6ce7736..44cac4b 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -16,6 +16,7 @@
 
 #include "builtins.h"
 
+#include <android/api-level.h>
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -62,12 +63,14 @@
 
 #include "action_manager.h"
 #include "bootchart.h"
+#include "host_init_stubs.h"
 #include "init.h"
 #include "mount_namespace.h"
 #include "parser.h"
 #include "property_service.h"
 #include "reboot.h"
 #include "rlimit_parser.h"
+#include "selabel.h"
 #include "selinux.h"
 #include "service.h"
 #include "subcontext.h"
@@ -87,14 +90,14 @@
 
 static constexpr std::chrono::nanoseconds kCommandRetryTimeout = 5s;
 
-static Result<Success> reboot_into_recovery(const std::vector<std::string>& options) {
+static Result<void> reboot_into_recovery(const std::vector<std::string>& options) {
     LOG(ERROR) << "Rebooting into recovery";
     std::string err;
     if (!write_bootloader_message(options, &err)) {
         return Error() << "Failed to set bootloader message: " << err;
     }
     property_set("sys.powerctl", "reboot,recovery");
-    return Success();
+    return {};
 }
 
 template <typename F>
@@ -104,10 +107,10 @@
     }
 }
 
-static Result<Success> do_class_start(const BuiltinArguments& args) {
+static Result<void> do_class_start(const BuiltinArguments& args) {
     // Do not start a class if it has a property persist.dont_start_class.CLASS set to 1.
     if (android::base::GetBoolProperty("persist.init.dont_start_class." + args[1], false))
-        return Success();
+        return {};
     // Starting a class does not start services which are explicitly disabled.
     // They must  be started individually.
     for (const auto& service : ServiceList::GetInstance()) {
@@ -118,10 +121,10 @@
             }
         }
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_class_start_post_data(const BuiltinArguments& args) {
+static Result<void> do_class_start_post_data(const BuiltinArguments& args) {
     if (args.context != kInitContext) {
         return Error() << "command 'class_start_post_data' only available in init context";
     }
@@ -133,43 +136,43 @@
             }
         }
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_class_stop(const BuiltinArguments& args) {
+static Result<void> do_class_stop(const BuiltinArguments& args) {
     ForEachServiceInClass(args[1], &Service::Stop);
-    return Success();
+    return {};
 }
 
-static Result<Success> do_class_reset(const BuiltinArguments& args) {
+static Result<void> do_class_reset(const BuiltinArguments& args) {
     ForEachServiceInClass(args[1], &Service::Reset);
-    return Success();
+    return {};
 }
 
-static Result<Success> do_class_reset_post_data(const BuiltinArguments& args) {
+static Result<void> do_class_reset_post_data(const BuiltinArguments& args) {
     if (args.context != kInitContext) {
         return Error() << "command 'class_reset_post_data' only available in init context";
     }
     ForEachServiceInClass(args[1], &Service::ResetIfPostData);
-    return Success();
+    return {};
 }
 
-static Result<Success> do_class_restart(const BuiltinArguments& args) {
+static Result<void> do_class_restart(const BuiltinArguments& args) {
     // Do not restart a class if it has a property persist.dont_start_class.CLASS set to 1.
     if (android::base::GetBoolProperty("persist.init.dont_start_class." + args[1], false))
-        return Success();
+        return {};
     ForEachServiceInClass(args[1], &Service::Restart);
-    return Success();
+    return {};
 }
 
-static Result<Success> do_domainname(const BuiltinArguments& args) {
+static Result<void> do_domainname(const BuiltinArguments& args) {
     if (auto result = WriteFile("/proc/sys/kernel/domainname", args[1]); !result) {
         return Error() << "Unable to write to /proc/sys/kernel/domainname: " << result.error();
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_enable(const BuiltinArguments& args) {
+static Result<void> do_enable(const BuiltinArguments& args) {
     Service* svc = ServiceList::GetInstance().FindService(args[1]);
     if (!svc) return Error() << "Could not find service";
 
@@ -177,10 +180,10 @@
         return Error() << "Could not enable service: " << result.error();
     }
 
-    return Success();
+    return {};
 }
 
-static Result<Success> do_exec(const BuiltinArguments& args) {
+static Result<void> do_exec(const BuiltinArguments& args) {
     auto service = Service::MakeTemporaryOneshotService(args.args);
     if (!service) {
         return Error() << "Could not create exec service";
@@ -190,10 +193,10 @@
     }
 
     ServiceList::GetInstance().AddService(std::move(service));
-    return Success();
+    return {};
 }
 
-static Result<Success> do_exec_background(const BuiltinArguments& args) {
+static Result<void> do_exec_background(const BuiltinArguments& args) {
     auto service = Service::MakeTemporaryOneshotService(args.args);
     if (!service) {
         return Error() << "Could not create exec background service";
@@ -203,10 +206,10 @@
     }
 
     ServiceList::GetInstance().AddService(std::move(service));
-    return Success();
+    return {};
 }
 
-static Result<Success> do_exec_start(const BuiltinArguments& args) {
+static Result<void> do_exec_start(const BuiltinArguments& args) {
     Service* service = ServiceList::GetInstance().FindService(args[1]);
     if (!service) {
         return Error() << "Service not found";
@@ -216,24 +219,24 @@
         return Error() << "Could not start exec service: " << result.error();
     }
 
-    return Success();
+    return {};
 }
 
-static Result<Success> do_export(const BuiltinArguments& args) {
+static Result<void> do_export(const BuiltinArguments& args) {
     if (setenv(args[1].c_str(), args[2].c_str(), 1) == -1) {
         return ErrnoError() << "setenv() failed";
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_hostname(const BuiltinArguments& args) {
+static Result<void> do_hostname(const BuiltinArguments& args) {
     if (auto result = WriteFile("/proc/sys/kernel/hostname", args[1]); !result) {
         return Error() << "Unable to write to /proc/sys/kernel/hostname: " << result.error();
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_ifup(const BuiltinArguments& args) {
+static Result<void> do_ifup(const BuiltinArguments& args) {
     struct ifreq ifr;
 
     strlcpy(ifr.ifr_name, args[1].c_str(), IFNAMSIZ);
@@ -251,10 +254,10 @@
         return ErrnoError() << "ioctl(..., SIOCSIFFLAGS, ...) failed";
     }
 
-    return Success();
+    return {};
 }
 
-static Result<Success> do_insmod(const BuiltinArguments& args) {
+static Result<void> do_insmod(const BuiltinArguments& args) {
     int flags = 0;
     auto it = args.begin() + 1;
 
@@ -272,34 +275,34 @@
     int rc = syscall(__NR_finit_module, fd.get(), options.c_str(), flags);
     if (rc == -1) return ErrnoError() << "finit_module for \"" << filename << "\" failed";
 
-    return Success();
+    return {};
 }
 
-static Result<Success> do_interface_restart(const BuiltinArguments& args) {
+static Result<void> do_interface_restart(const BuiltinArguments& args) {
     Service* svc = ServiceList::GetInstance().FindInterface(args[1]);
     if (!svc) return Error() << "interface " << args[1] << " not found";
     svc->Restart();
-    return Success();
+    return {};
 }
 
-static Result<Success> do_interface_start(const BuiltinArguments& args) {
+static Result<void> do_interface_start(const BuiltinArguments& args) {
     Service* svc = ServiceList::GetInstance().FindInterface(args[1]);
     if (!svc) return Error() << "interface " << args[1] << " not found";
     if (auto result = svc->Start(); !result) {
         return Error() << "Could not start interface: " << result.error();
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_interface_stop(const BuiltinArguments& args) {
+static Result<void> do_interface_stop(const BuiltinArguments& args) {
     Service* svc = ServiceList::GetInstance().FindInterface(args[1]);
     if (!svc) return Error() << "interface " << args[1] << " not found";
     svc->Stop();
-    return Success();
+    return {};
 }
 
 // mkdir <path> [mode] [owner] [group]
-static Result<Success> do_mkdir(const BuiltinArguments& args) {
+static Result<void> do_mkdir(const BuiltinArguments& args) {
     mode_t mode = 0755;
     if (args.size() >= 3) {
         mode = std::strtoul(args[2].c_str(), 0, 8);
@@ -348,15 +351,15 @@
                 {"--prompt_and_wipe_data", "--reason=set_policy_failed:"s + args[1]});
         }
     }
-    return Success();
+    return {};
 }
 
 /* umount <path> */
-static Result<Success> do_umount(const BuiltinArguments& args) {
+static Result<void> do_umount(const BuiltinArguments& args) {
     if (umount(args[1].c_str()) < 0) {
         return ErrnoError() << "umount() failed";
     }
-    return Success();
+    return {};
 }
 
 static struct {
@@ -384,7 +387,7 @@
 #define DATA_MNT_POINT "/data"
 
 /* mount <type> <device> <path> <flags ...> <options> */
-static Result<Success> do_mount(const BuiltinArguments& args) {
+static Result<void> do_mount(const BuiltinArguments& args) {
     const char* options = nullptr;
     unsigned flags = 0;
     bool wait = false;
@@ -431,7 +434,7 @@
                         ioctl(loop, LOOP_CLR_FD, 0);
                         return ErrnoError() << "mount() failed";
                     }
-                    return Success();
+                    return {};
                 }
             }
         }
@@ -446,7 +449,7 @@
 
     }
 
-    return Success();
+    return {};
 }
 
 /* Imports .rc files from the specified paths. Default ones are applied if none is given.
@@ -483,23 +486,23 @@
  *
  * return code is processed based on input code
  */
-static Result<Success> queue_fs_event(int code) {
+static Result<void> queue_fs_event(int code) {
     if (code == FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION) {
         ActionManager::GetInstance().QueueEventTrigger("encrypt");
-        return Success();
+        return {};
     } else if (code == FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED) {
         property_set("ro.crypto.state", "encrypted");
         property_set("ro.crypto.type", "block");
         ActionManager::GetInstance().QueueEventTrigger("defaultcrypto");
-        return Success();
+        return {};
     } else if (code == FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) {
         property_set("ro.crypto.state", "unencrypted");
         ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
-        return Success();
+        return {};
     } else if (code == FS_MGR_MNTALL_DEV_NOT_ENCRYPTABLE) {
         property_set("ro.crypto.state", "unsupported");
         ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
-        return Success();
+        return {};
     } else if (code == FS_MGR_MNTALL_DEV_NEEDS_RECOVERY) {
         /* Setup a wipe via recovery, and reboot into recovery */
         if (android::gsi::IsGsiRunning()) {
@@ -519,7 +522,7 @@
         // Although encrypted, we have device key, so we do not need to
         // do anything different from the nonencrypted case.
         ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
-        return Success();
+        return {};
     } else if (code == FS_MGR_MNTALL_DEV_IS_METADATA_ENCRYPTED) {
         if (fscrypt_install_keyring()) {
             return Error() << "fscrypt_install_keyring() failed";
@@ -530,7 +533,7 @@
         // Although encrypted, vold has already set the device up, so we do not need to
         // do anything different from the nonencrypted case.
         ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
-        return Success();
+        return {};
     } else if (code == FS_MGR_MNTALL_DEV_NEEDS_METADATA_ENCRYPTION) {
         if (fscrypt_install_keyring()) {
             return Error() << "fscrypt_install_keyring() failed";
@@ -541,7 +544,7 @@
         // Although encrypted, vold has already set the device up, so we do not need to
         // do anything different from the nonencrypted case.
         ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
-        return Success();
+        return {};
     } else if (code > 0) {
         Error() << "fs_mgr_mount_all() returned unexpected error " << code;
     }
@@ -555,7 +558,7 @@
  * This function might request a reboot, in which case it will
  * not return.
  */
-static Result<Success> do_mount_all(const BuiltinArguments& args) {
+static Result<void> do_mount_all(const BuiltinArguments& args) {
     std::size_t na = 0;
     bool import_rc = true;
     bool queue_event = true;
@@ -588,7 +591,7 @@
     auto mount_fstab_return_code = fs_mgr_mount_all(&fstab, mount_mode);
     property_set(prop_name, std::to_string(t.duration().count()));
 
-    if (import_rc) {
+    if (import_rc && SelinuxGetVendorAndroidVersion() <= __ANDROID_API_Q__) {
         /* Paths of .rc files are specified at the 2nd argument and beyond */
         import_late(args.args, 2, path_arg_end);
     }
@@ -602,11 +605,11 @@
         }
     }
 
-    return Success();
+    return {};
 }
 
 /* umount_all <fstab> */
-static Result<Success> do_umount_all(const BuiltinArguments& args) {
+static Result<void> do_umount_all(const BuiltinArguments& args) {
     Fstab fstab;
     if (!ReadFstabFromFile(args[1], &fstab)) {
         return Error() << "Could not read fstab";
@@ -615,10 +618,10 @@
     if (auto result = fs_mgr_umount_all(&fstab); result != 0) {
         return Error() << "umount_fstab() failed " << result;
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_swapon_all(const BuiltinArguments& args) {
+static Result<void> do_swapon_all(const BuiltinArguments& args) {
     Fstab fstab;
     if (!ReadFstabFromFile(args[1], &fstab)) {
         return Error() << "Could not read fstab '" << args[1] << "'";
@@ -628,50 +631,50 @@
         return Error() << "fs_mgr_swapon_all() failed";
     }
 
-    return Success();
+    return {};
 }
 
-static Result<Success> do_setprop(const BuiltinArguments& args) {
+static Result<void> do_setprop(const BuiltinArguments& args) {
     property_set(args[1], args[2]);
-    return Success();
+    return {};
 }
 
-static Result<Success> do_setrlimit(const BuiltinArguments& args) {
+static Result<void> do_setrlimit(const BuiltinArguments& args) {
     auto rlimit = ParseRlimit(args.args);
     if (!rlimit) return rlimit.error();
 
     if (setrlimit(rlimit->first, &rlimit->second) == -1) {
         return ErrnoError() << "setrlimit failed";
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_start(const BuiltinArguments& args) {
+static Result<void> do_start(const BuiltinArguments& args) {
     Service* svc = ServiceList::GetInstance().FindService(args[1]);
     if (!svc) return Error() << "service " << args[1] << " not found";
     if (auto result = svc->Start(); !result) {
         return Error() << "Could not start service: " << result.error();
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_stop(const BuiltinArguments& args) {
+static Result<void> do_stop(const BuiltinArguments& args) {
     Service* svc = ServiceList::GetInstance().FindService(args[1]);
     if (!svc) return Error() << "service " << args[1] << " not found";
     svc->Stop();
-    return Success();
+    return {};
 }
 
-static Result<Success> do_restart(const BuiltinArguments& args) {
+static Result<void> do_restart(const BuiltinArguments& args) {
     Service* svc = ServiceList::GetInstance().FindService(args[1]);
     if (!svc) return Error() << "service " << args[1] << " not found";
     svc->Restart();
-    return Success();
+    return {};
 }
 
-static Result<Success> do_trigger(const BuiltinArguments& args) {
+static Result<void> do_trigger(const BuiltinArguments& args) {
     ActionManager::GetInstance().QueueEventTrigger(args[1]);
-    return Success();
+    return {};
 }
 
 static int MakeSymlink(const std::string& target, const std::string& linkpath) {
@@ -692,33 +695,33 @@
     return rc;
 }
 
-static Result<Success> do_symlink(const BuiltinArguments& args) {
+static Result<void> do_symlink(const BuiltinArguments& args) {
     if (MakeSymlink(args[1], args[2]) < 0) {
         // The symlink builtin is often used to create symlinks for older devices to be backwards
         // compatible with new paths, therefore we skip reporting this error.
         if (errno == EEXIST && android::base::GetMinimumLogSeverity() > android::base::DEBUG) {
-            return Success();
+            return {};
         }
         return ErrnoError() << "symlink() failed";
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_rm(const BuiltinArguments& args) {
+static Result<void> do_rm(const BuiltinArguments& args) {
     if (unlink(args[1].c_str()) < 0) {
         return ErrnoError() << "unlink() failed";
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_rmdir(const BuiltinArguments& args) {
+static Result<void> do_rmdir(const BuiltinArguments& args) {
     if (rmdir(args[1].c_str()) < 0) {
         return ErrnoError() << "rmdir() failed";
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_sysclktz(const BuiltinArguments& args) {
+static Result<void> do_sysclktz(const BuiltinArguments& args) {
     struct timezone tz = {};
     if (!android::base::ParseInt(args[1], &tz.tz_minuteswest)) {
         return Error() << "Unable to parse mins_west_of_gmt";
@@ -727,10 +730,10 @@
     if (settimeofday(nullptr, &tz) == -1) {
         return ErrnoError() << "settimeofday() failed";
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_verity_update_state(const BuiltinArguments& args) {
+static Result<void> do_verity_update_state(const BuiltinArguments& args) {
     int mode;
     if (!fs_mgr_load_verity_state(&mode)) {
         return Error() << "fs_mgr_load_verity_state() failed";
@@ -752,18 +755,18 @@
         property_set("partition." + partition + ".verified", std::to_string(mode));
     }
 
-    return Success();
+    return {};
 }
 
-static Result<Success> do_write(const BuiltinArguments& args) {
+static Result<void> do_write(const BuiltinArguments& args) {
     if (auto result = WriteFile(args[1], args[2]); !result) {
         return Error() << "Unable to write to file '" << args[1] << "': " << result.error();
     }
 
-    return Success();
+    return {};
 }
 
-static Result<Success> readahead_file(const std::string& filename, bool fully) {
+static Result<void> readahead_file(const std::string& filename, bool fully) {
     android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(filename.c_str(), O_RDONLY)));
     if (fd == -1) {
         return ErrnoError() << "Error opening file";
@@ -783,10 +786,10 @@
             return ErrnoError() << "Error reading file";
         }
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_readahead(const BuiltinArguments& args) {
+static Result<void> do_readahead(const BuiltinArguments& args) {
     struct stat sb;
 
     if (stat(args[1].c_str(), &sb)) {
@@ -842,10 +845,10 @@
     } else if (pid < 0) {
         return ErrnoError() << "Fork failed";
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_copy(const BuiltinArguments& args) {
+static Result<void> do_copy(const BuiltinArguments& args) {
     auto file_contents = ReadFile(args[1]);
     if (!file_contents) {
         return Error() << "Could not read input file '" << args[1] << "': " << file_contents.error();
@@ -854,10 +857,10 @@
         return Error() << "Could not write to output file '" << args[2] << "': " << result.error();
     }
 
-    return Success();
+    return {};
 }
 
-static Result<Success> do_chown(const BuiltinArguments& args) {
+static Result<void> do_chown(const BuiltinArguments& args) {
     auto uid = DecodeUid(args[1]);
     if (!uid) {
         return Error() << "Unable to decode UID for '" << args[1] << "': " << uid.error();
@@ -878,7 +881,7 @@
         return ErrnoError() << "lchown() failed";
     }
 
-    return Success();
+    return {};
 }
 
 static mode_t get_mode(const char *s) {
@@ -894,15 +897,15 @@
     return mode;
 }
 
-static Result<Success> do_chmod(const BuiltinArguments& args) {
+static Result<void> do_chmod(const BuiltinArguments& args) {
     mode_t mode = get_mode(args[1].c_str());
     if (fchmodat(AT_FDCWD, args[2].c_str(), mode, AT_SYMLINK_NOFOLLOW) < 0) {
         return ErrnoError() << "fchmodat() failed";
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> do_restorecon(const BuiltinArguments& args) {
+static Result<void> do_restorecon(const BuiltinArguments& args) {
     int ret = 0;
 
     struct flag_type {const char* name; int value;};
@@ -941,16 +944,16 @@
     }
 
     if (ret) return ErrnoError() << "selinux_android_restorecon() failed";
-    return Success();
+    return {};
 }
 
-static Result<Success> do_restorecon_recursive(const BuiltinArguments& args) {
+static Result<void> do_restorecon_recursive(const BuiltinArguments& args) {
     std::vector<std::string> non_const_args(args.args);
     non_const_args.insert(std::next(non_const_args.begin()), "--recursive");
     return do_restorecon({std::move(non_const_args), args.context});
 }
 
-static Result<Success> do_loglevel(const BuiltinArguments& args) {
+static Result<void> do_loglevel(const BuiltinArguments& args) {
     // TODO: support names instead/as well?
     int log_level = -1;
     android::base::ParseInt(args[1], &log_level);
@@ -968,20 +971,20 @@
             return Error() << "invalid log level " << log_level;
     }
     android::base::SetMinimumLogSeverity(severity);
-    return Success();
+    return {};
 }
 
-static Result<Success> do_load_persist_props(const BuiltinArguments& args) {
+static Result<void> do_load_persist_props(const BuiltinArguments& args) {
     load_persist_props();
-    return Success();
+    return {};
 }
 
-static Result<Success> do_load_system_props(const BuiltinArguments& args) {
+static Result<void> do_load_system_props(const BuiltinArguments& args) {
     LOG(INFO) << "deprecated action `load_system_props` called.";
-    return Success();
+    return {};
 }
 
-static Result<Success> do_wait(const BuiltinArguments& args) {
+static Result<void> do_wait(const BuiltinArguments& args) {
     auto timeout = kCommandRetryTimeout;
     if (args.size() == 3) {
         int timeout_int;
@@ -995,10 +998,10 @@
         return Error() << "wait_for_file() failed";
     }
 
-    return Success();
+    return {};
 }
 
-static Result<Success> do_wait_for_prop(const BuiltinArguments& args) {
+static Result<void> do_wait_for_prop(const BuiltinArguments& args) {
     const char* name = args[1].c_str();
     const char* value = args[2].c_str();
     size_t value_len = strlen(value);
@@ -1012,15 +1015,15 @@
     if (!start_waiting_for_property(name, value)) {
         return Error() << "already waiting for a property";
     }
-    return Success();
+    return {};
 }
 
 static bool is_file_crypto() {
     return android::base::GetProperty("ro.crypto.type", "") == "file";
 }
 
-static Result<Success> ExecWithRebootOnFailure(const std::string& reboot_reason,
-                                               const BuiltinArguments& args) {
+static Result<void> ExecWithRebootOnFailure(const std::string& reboot_reason,
+                                            const BuiltinArguments& args) {
     auto service = Service::MakeTemporaryOneshotService(args.args);
     if (!service) {
         return Error() << "Could not create exec service";
@@ -1044,11 +1047,11 @@
         return Error() << "Could not start exec service: " << result.error();
     }
     ServiceList::GetInstance().AddService(std::move(service));
-    return Success();
+    return {};
 }
 
-static Result<Success> do_installkey(const BuiltinArguments& args) {
-    if (!is_file_crypto()) return Success();
+static Result<void> do_installkey(const BuiltinArguments& args) {
+    if (!is_file_crypto()) return {};
 
     auto unencrypted_dir = args[1] + fscrypt_unencrypted_folder;
     if (!make_dir(unencrypted_dir, 0700) && errno != EEXIST) {
@@ -1059,24 +1062,21 @@
         {{"exec", "/system/bin/vdc", "--wait", "cryptfs", "enablefilecrypto"}, args.context});
 }
 
-static Result<Success> do_init_user0(const BuiltinArguments& args) {
+static Result<void> do_init_user0(const BuiltinArguments& args) {
     return ExecWithRebootOnFailure(
         "init_user0_failed",
         {{"exec", "/system/bin/vdc", "--wait", "cryptfs", "init_user0"}, args.context});
 }
 
-static Result<Success> do_mark_post_data(const BuiltinArguments& args) {
+static Result<void> do_mark_post_data(const BuiltinArguments& args) {
     ServiceList::GetInstance().MarkPostData();
 
-    return Success();
+    return {};
 }
 
-static Result<Success> do_parse_apex_configs(const BuiltinArguments& args) {
+static Result<void> do_parse_apex_configs(const BuiltinArguments& args) {
     glob_t glob_result;
-    // @ is added to filter out the later paths, which are bind mounts of the places
-    // where the APEXes are really mounted at. Otherwise, we will parse the
-    // same file twice.
-    static constexpr char glob_pattern[] = "/apex/*@*/etc/*.rc";
+    static constexpr char glob_pattern[] = "/apex/*/etc/*.rc";
     const int ret = glob(glob_pattern, GLOB_MARK, nullptr, &glob_result);
     if (ret != 0 && ret != GLOB_NOMATCH) {
         globfree(&glob_result);
@@ -1085,7 +1085,15 @@
     std::vector<std::string> configs;
     Parser parser = CreateServiceOnlyParser(ServiceList::GetInstance());
     for (size_t i = 0; i < glob_result.gl_pathc; i++) {
-        configs.emplace_back(glob_result.gl_pathv[i]);
+        std::string path = glob_result.gl_pathv[i];
+        // Filter-out /apex/<name>@<ver> paths. The paths are bind-mounted to
+        // /apex/<name> paths, so unless we filter them out, we will parse the
+        // same file twice.
+        std::vector<std::string> paths = android::base::Split(path, "/");
+        if (paths.size() >= 2 && paths[1].find('@') != std::string::npos) {
+            continue;
+        }
+        configs.push_back(path);
     }
     globfree(&glob_result);
 
@@ -1099,15 +1107,15 @@
     }
     ServiceList::GetInstance().MarkServicesUpdate();
     if (success) {
-        return Success();
+        return {};
     } else {
         return Error() << "Could not parse apex configs";
     }
 }
 
-static Result<Success> do_enter_default_mount_ns(const BuiltinArguments& args) {
+static Result<void> do_enter_default_mount_ns(const BuiltinArguments& args) {
     if (SwitchToDefaultMountNamespace()) {
-        return Success();
+        return {};
     } else {
         return Error() << "Failed to enter into default mount namespace";
     }
diff --git a/init/builtins.h b/init/builtins.h
index 814b2d5..5db0d1c 100644
--- a/init/builtins.h
+++ b/init/builtins.h
@@ -29,7 +29,7 @@
 namespace android {
 namespace init {
 
-using BuiltinFunction = std::function<Result<Success>(const BuiltinArguments&)>;
+using BuiltinFunction = std::function<Result<void>(const BuiltinArguments&)>;
 
 using KeywordFunctionMap = KeywordMap<std::pair<bool, BuiltinFunction>>;
 class BuiltinFunctionMap : public KeywordFunctionMap {
diff --git a/init/devices.cpp b/init/devices.cpp
index 159c75e..5e760d0 100644
--- a/init/devices.cpp
+++ b/init/devices.cpp
@@ -36,7 +36,7 @@
 #include <selinux/android.h>
 #include <selinux/selinux.h>
 
-#include "selinux.h"
+#include "selabel.h"
 #include "util.h"
 
 #ifdef _INIT_INIT_H
diff --git a/init/epoll.cpp b/init/epoll.cpp
index 94dd553..01d8867 100644
--- a/init/epoll.cpp
+++ b/init/epoll.cpp
@@ -28,17 +28,17 @@
 
 Epoll::Epoll() {}
 
-Result<Success> Epoll::Open() {
-    if (epoll_fd_ >= 0) return Success();
+Result<void> Epoll::Open() {
+    if (epoll_fd_ >= 0) return {};
     epoll_fd_.reset(epoll_create1(EPOLL_CLOEXEC));
 
     if (epoll_fd_ == -1) {
         return ErrnoError() << "epoll_create1 failed";
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Epoll::RegisterHandler(int fd, std::function<void()> handler, uint32_t events) {
+Result<void> Epoll::RegisterHandler(int fd, std::function<void()> handler, uint32_t events) {
     if (!events) {
         return Error() << "Must specify events";
     }
@@ -52,24 +52,24 @@
     // pointer to the std::function in the map directly for epoll_ctl.
     ev.data.ptr = reinterpret_cast<void*>(&it->second);
     if (epoll_ctl(epoll_fd_, EPOLL_CTL_ADD, fd, &ev) == -1) {
-        Result<Success> result = ErrnoError() << "epoll_ctl failed to add fd";
+        Result<void> result = ErrnoError() << "epoll_ctl failed to add fd";
         epoll_handlers_.erase(fd);
         return result;
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Epoll::UnregisterHandler(int fd) {
+Result<void> Epoll::UnregisterHandler(int fd) {
     if (epoll_ctl(epoll_fd_, EPOLL_CTL_DEL, fd, nullptr) == -1) {
         return ErrnoError() << "epoll_ctl failed to remove fd";
     }
     if (epoll_handlers_.erase(fd) != 1) {
         return Error() << "Attempting to remove epoll handler for FD without an existing handler";
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Epoll::Wait(std::optional<std::chrono::milliseconds> timeout) {
+Result<void> Epoll::Wait(std::optional<std::chrono::milliseconds> timeout) {
     int timeout_ms = -1;
     if (timeout && timeout->count() < INT_MAX) {
         timeout_ms = timeout->count();
@@ -81,7 +81,7 @@
     } else if (nr == 1) {
         std::invoke(*reinterpret_cast<std::function<void()>*>(ev.data.ptr));
     }
-    return Success();
+    return {};
 }
 
 }  // namespace init
diff --git a/init/epoll.h b/init/epoll.h
index 9789bef..ca84266 100644
--- a/init/epoll.h
+++ b/init/epoll.h
@@ -36,11 +36,10 @@
   public:
     Epoll();
 
-    Result<Success> Open();
-    Result<Success> RegisterHandler(int fd, std::function<void()> handler,
-                                    uint32_t events = EPOLLIN);
-    Result<Success> UnregisterHandler(int fd);
-    Result<Success> Wait(std::optional<std::chrono::milliseconds> timeout);
+    Result<void> Open();
+    Result<void> RegisterHandler(int fd, std::function<void()> handler, uint32_t events = EPOLLIN);
+    Result<void> UnregisterHandler(int fd);
+    Result<void> Wait(std::optional<std::chrono::milliseconds> timeout);
 
   private:
     android::base::unique_fd epoll_fd_;
diff --git a/init/firmware_handler.cpp b/init/firmware_handler.cpp
index 740e82c..c067f6f 100644
--- a/init/firmware_handler.cpp
+++ b/init/firmware_handler.cpp
@@ -80,15 +80,26 @@
         return;
     }
 
+    std::vector<std::string> attempted_paths_and_errors;
+
 try_loading_again:
+    attempted_paths_and_errors.clear();
     for (const auto& firmware_directory : firmware_directories_) {
         std::string file = firmware_directory + uevent.firmware;
         unique_fd fw_fd(open(file.c_str(), O_RDONLY | O_CLOEXEC));
-        struct stat sb;
-        if (fw_fd != -1 && fstat(fw_fd, &sb) != -1) {
-            LoadFirmware(uevent, root, fw_fd, sb.st_size, loading_fd, data_fd);
-            return;
+        if (fw_fd == -1) {
+            attempted_paths_and_errors.emplace_back("firmware: attempted " + file +
+                                                    ", open failed: " + strerror(errno));
+            continue;
         }
+        struct stat sb;
+        if (fstat(fw_fd, &sb) == -1) {
+            attempted_paths_and_errors.emplace_back("firmware: attempted " + file +
+                                                    ", fstat failed: " + strerror(errno));
+            continue;
+        }
+        LoadFirmware(uevent, root, fw_fd, sb.st_size, loading_fd, data_fd);
+        return;
     }
 
     if (booting) {
@@ -100,6 +111,9 @@
     }
 
     LOG(ERROR) << "firmware: could not find firmware for " << uevent.firmware;
+    for (const auto& message : attempted_paths_and_errors) {
+        LOG(ERROR) << message;
+    }
 
     // Write "-1" as our response to the kernel's firmware request, since we have nothing for it.
     write(loading_fd, "-1", 2);
diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
index 7dd3ad4..5d64f41 100644
--- a/init/first_stage_init.cpp
+++ b/init/first_stage_init.cpp
@@ -33,7 +33,6 @@
 #include <android-base/chrono_utils.h>
 #include <android-base/file.h>
 #include <android-base/logging.h>
-#include <cutils/android_reboot.h>
 #include <private/android_filesystem_config.h>
 
 #include "debug_ramdisk.h"
@@ -168,13 +167,10 @@
                     "mode=0755,uid=0,gid=0"));
 #undef CHECKCALL
 
+    SetStdioToDevNull(argv);
     // Now that tmpfs is mounted on /dev and we have /dev/kmsg, we can actually
     // talk to the outside world...
-    // We need to set up stdin/stdout/stderr for child processes forked from first
-    // stage init as part of the mount process.  This closes /dev/console if the
-    // kernel had previously opened it.
-    auto reboot_bootloader = [](const char*) { RebootSystem(ANDROID_RB_RESTART2, "bootloader"); };
-    InitKernelLogging(argv, reboot_bootloader);
+    InitKernelLogging(argv);
 
     if (!errors.empty()) {
         for (const auto& [error_string, error_errno] : errors) {
diff --git a/init/host_import_parser.cpp b/init/host_import_parser.cpp
index 93e363f..aa80199 100644
--- a/init/host_import_parser.cpp
+++ b/init/host_import_parser.cpp
@@ -23,16 +23,16 @@
 namespace android {
 namespace init {
 
-Result<Success> HostImportParser::ParseSection(std::vector<std::string>&& args, const std::string&,
-                                               int) {
+Result<void> HostImportParser::ParseSection(std::vector<std::string>&& args, const std::string&,
+                                            int) {
     if (args.size() != 2) {
         return Error() << "single argument needed for import\n";
     }
 
-    return Success();
+    return {};
 }
 
-Result<Success> HostImportParser::ParseLineSection(std::vector<std::string>&&, int) {
+Result<void> HostImportParser::ParseLineSection(std::vector<std::string>&&, int) {
     return Error() << "Unexpected line found after import statement";
 }
 
diff --git a/init/host_import_parser.h b/init/host_import_parser.h
index 52b8891..d6f7286 100644
--- a/init/host_import_parser.h
+++ b/init/host_import_parser.h
@@ -27,8 +27,8 @@
 class HostImportParser : public SectionParser {
   public:
     HostImportParser() {}
-    Result<Success> ParseSection(std::vector<std::string>&& args, const std::string&, int) override;
-    Result<Success> ParseLineSection(std::vector<std::string>&&, int) override;
+    Result<void> ParseSection(std::vector<std::string>&& args, const std::string&, int) override;
+    Result<void> ParseLineSection(std::vector<std::string>&&, int) override;
 };
 
 }  // namespace init
diff --git a/init/host_init_stubs.h b/init/host_init_stubs.h
index 63ceead..f6e9676 100644
--- a/init/host_init_stubs.h
+++ b/init/host_init_stubs.h
@@ -44,6 +44,12 @@
 uint32_t HandlePropertySet(const std::string& name, const std::string& value,
                            const std::string& source_context, const ucred& cr, std::string* error);
 
+// reboot_utils.h
+inline void SetFatalRebootTarget() {}
+inline void __attribute__((noreturn)) InitFatalReboot() {
+    abort();
+}
+
 // selinux.h
 int SelinuxGetVendorAndroidVersion();
 void SelabelInitialize();
diff --git a/init/host_init_verifier.cpp b/init/host_init_verifier.cpp
index 8407729..cb861f3 100644
--- a/init/host_init_verifier.cpp
+++ b/init/host_init_verifier.cpp
@@ -118,8 +118,8 @@
 namespace android {
 namespace init {
 
-static Result<Success> do_stub(const BuiltinArguments& args) {
-    return Success();
+static Result<void> do_stub(const BuiltinArguments& args) {
+    return {};
 }
 
 #include "generated_stub_builtin_function_map.h"
diff --git a/init/import_parser.cpp b/init/import_parser.cpp
index fb3185e..c72b7d6 100644
--- a/init/import_parser.cpp
+++ b/init/import_parser.cpp
@@ -23,8 +23,8 @@
 namespace android {
 namespace init {
 
-Result<Success> ImportParser::ParseSection(std::vector<std::string>&& args,
-                                           const std::string& filename, int line) {
+Result<void> ImportParser::ParseSection(std::vector<std::string>&& args,
+                                        const std::string& filename, int line) {
     if (args.size() != 2) {
         return Error() << "single argument needed for import\n";
     }
@@ -38,10 +38,10 @@
     LOG(INFO) << "Added '" << conf_file << "' to import list";
     if (filename_.empty()) filename_ = filename;
     imports_.emplace_back(std::move(conf_file), line);
-    return Success();
+    return {};
 }
 
-Result<Success> ImportParser::ParseLineSection(std::vector<std::string>&&, int) {
+Result<void> ImportParser::ParseLineSection(std::vector<std::string>&&, int) {
     return Error() << "Unexpected line found after import statement";
 }
 
diff --git a/init/import_parser.h b/init/import_parser.h
index 7bc72e6..5bf9c6c 100644
--- a/init/import_parser.h
+++ b/init/import_parser.h
@@ -28,9 +28,9 @@
 class ImportParser : public SectionParser {
   public:
     ImportParser(Parser* parser) : parser_(parser) {}
-    Result<Success> ParseSection(std::vector<std::string>&& args, const std::string& filename,
-                                 int line) override;
-    Result<Success> ParseLineSection(std::vector<std::string>&&, int) override;
+    Result<void> ParseSection(std::vector<std::string>&& args, const std::string& filename,
+                              int line) override;
+    Result<void> ParseLineSection(std::vector<std::string>&&, int) override;
     void EndFile() override;
 
   private:
diff --git a/init/init.cpp b/init/init.cpp
index 1f3c2fc..1412e4a 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -39,7 +39,6 @@
 #include <android-base/properties.h>
 #include <android-base/stringprintf.h>
 #include <android-base/strings.h>
-#include <cutils/android_reboot.h>
 #include <fs_avb/fs_avb.h>
 #include <fs_mgr_vendor_overlay.h>
 #include <keyutils.h>
@@ -66,6 +65,7 @@
 #include "reboot.h"
 #include "reboot_utils.h"
 #include "security.h"
+#include "selabel.h"
 #include "selinux.h"
 #include "sigchld_handler.h"
 #include "util.h"
@@ -237,18 +237,18 @@
     return next_process_action_time;
 }
 
-static Result<Success> DoControlStart(Service* service) {
+static Result<void> DoControlStart(Service* service) {
     return service->Start();
 }
 
-static Result<Success> DoControlStop(Service* service) {
+static Result<void> DoControlStop(Service* service) {
     service->Stop();
-    return Success();
+    return {};
 }
 
-static Result<Success> DoControlRestart(Service* service) {
+static Result<void> DoControlRestart(Service* service) {
     service->Restart();
-    return Success();
+    return {};
 }
 
 enum class ControlTarget {
@@ -258,16 +258,16 @@
 
 struct ControlMessageFunction {
     ControlTarget target;
-    std::function<Result<Success>(Service*)> action;
+    std::function<Result<void>(Service*)> action;
 };
 
 static const std::map<std::string, ControlMessageFunction>& get_control_message_map() {
     // clang-format off
     static const std::map<std::string, ControlMessageFunction> control_message_functions = {
         {"sigstop_on",        {ControlTarget::SERVICE,
-                               [](auto* service) { service->set_sigstop(true); return Success(); }}},
+                               [](auto* service) { service->set_sigstop(true); return Result<void>{}; }}},
         {"sigstop_off",       {ControlTarget::SERVICE,
-                               [](auto* service) { service->set_sigstop(false); return Success(); }}},
+                               [](auto* service) { service->set_sigstop(false); return Result<void>{}; }}},
         {"start",             {ControlTarget::SERVICE,   DoControlStart}},
         {"stop",              {ControlTarget::SERVICE,   DoControlStop}},
         {"restart",           {ControlTarget::SERVICE,   DoControlRestart}},
@@ -280,13 +280,13 @@
     return control_message_functions;
 }
 
-void HandleControlMessage(const std::string& msg, const std::string& name, pid_t pid) {
+bool HandleControlMessage(const std::string& msg, const std::string& name, pid_t pid) {
     const auto& map = get_control_message_map();
     const auto it = map.find(msg);
 
     if (it == map.end()) {
         LOG(ERROR) << "Unknown control msg '" << msg << "'";
-        return;
+        return false;
     }
 
     std::string cmdline_path = StringPrintf("proc/%d/cmdline", pid);
@@ -315,20 +315,22 @@
         default:
             LOG(ERROR) << "Invalid function target from static map key '" << msg << "': "
                        << static_cast<std::underlying_type<ControlTarget>::type>(function.target);
-            return;
+            return false;
     }
 
     if (svc == nullptr) {
         LOG(ERROR) << "Could not find '" << name << "' for ctl." << msg;
-        return;
+        return false;
     }
 
     if (auto result = function.action(svc); !result) {
         LOG(ERROR) << "Could not ctl." << msg << " for '" << name << "': " << result.error();
+        return false;
     }
+    return true;
 }
 
-static Result<Success> wait_for_coldboot_done_action(const BuiltinArguments& args) {
+static Result<void> wait_for_coldboot_done_action(const BuiltinArguments& args) {
     Timer t;
 
     LOG(VERBOSE) << "Waiting for " COLDBOOT_DONE "...";
@@ -346,18 +348,18 @@
     }
 
     property_set("ro.boottime.init.cold_boot_wait", std::to_string(t.duration().count()));
-    return Success();
+    return {};
 }
 
-static Result<Success> console_init_action(const BuiltinArguments& args) {
+static Result<void> console_init_action(const BuiltinArguments& args) {
     std::string console = GetProperty("ro.boot.console", "");
     if (!console.empty()) {
         default_console = "/dev/" + console;
     }
-    return Success();
+    return {};
 }
 
-static Result<Success> SetupCgroupsAction(const BuiltinArguments&) {
+static Result<void> SetupCgroupsAction(const BuiltinArguments&) {
     // Have to create <CGROUPS_RC_DIR> using make_dir function
     // for appropriate sepolicy to be set for it
     make_dir(android::base::Dirname(CGROUPS_RC_PATH), 0711);
@@ -365,7 +367,7 @@
         return ErrnoError() << "Failed to setup cgroups";
     }
 
-    return Success();
+    return {};
 }
 
 static void import_kernel_nv(const std::string& key, const std::string& value, bool for_emulator) {
@@ -449,19 +451,19 @@
     if (qemu[0]) import_kernel_cmdline(true, import_kernel_nv);
 }
 
-static Result<Success> property_enable_triggers_action(const BuiltinArguments& args) {
+static Result<void> property_enable_triggers_action(const BuiltinArguments& args) {
     /* Enable property triggers. */
     property_triggers_enabled = 1;
-    return Success();
+    return {};
 }
 
-static Result<Success> queue_property_triggers_action(const BuiltinArguments& args) {
+static Result<void> queue_property_triggers_action(const BuiltinArguments& args) {
     ActionManager::GetInstance().QueueBuiltinAction(property_enable_triggers_action, "enable_property_trigger");
     ActionManager::GetInstance().QueueAllPropertyActions();
-    return Success();
+    return {};
 }
 
-static Result<Success> InitBinder(const BuiltinArguments& args) {
+static Result<void> InitBinder(const BuiltinArguments& args) {
     // init's use of binder is very limited. init cannot:
     //   - have any binder threads
     //   - receive incoming binder calls
@@ -476,7 +478,7 @@
     android::ProcessState::self()->setCallRestriction(
             ProcessState::CallRestriction::ERROR_IF_NOT_ONEWAY);
 #endif
-    return Success();
+    return {};
 }
 
 // Set the UDC controller for the ConfigFS USB Gadgets.
@@ -603,17 +605,6 @@
     }
 }
 
-static void InitAborter(const char* abort_message) {
-    // When init forks, it continues to use this aborter for LOG(FATAL), but we want children to
-    // simply abort instead of trying to reboot the system.
-    if (getpid() != 1) {
-        android::base::DefaultAborter(abort_message);
-        return;
-    }
-
-    RebootSystem(ANDROID_RB_RESTART2, "bootloader");
-}
-
 static void GlobalSeccomp() {
     import_kernel_cmdline(false, [](const std::string& key, const std::string& value,
                                     bool in_qemu) {
@@ -661,8 +652,8 @@
 
     boot_clock::time_point start_time = boot_clock::now();
 
-    // We need to set up stdin/stdout/stderr again now that we're running in init's context.
-    InitKernelLogging(argv, InitAborter);
+    SetStdioToDevNull(argv);
+    InitKernelLogging(argv);
     LOG(INFO) << "init second stage started!";
 
     // Set init and its forked children's oom_adj.
@@ -766,14 +757,14 @@
     am.QueueBuiltinAction(SetKptrRestrictAction, "SetKptrRestrict");
     Keychords keychords;
     am.QueueBuiltinAction(
-        [&epoll, &keychords](const BuiltinArguments& args) -> Result<Success> {
-            for (const auto& svc : ServiceList::GetInstance()) {
-                keychords.Register(svc->keycodes());
-            }
-            keychords.Start(&epoll, HandleKeychord);
-            return Success();
-        },
-        "KeychordInit");
+            [&epoll, &keychords](const BuiltinArguments& args) -> Result<void> {
+                for (const auto& svc : ServiceList::GetInstance()) {
+                    keychords.Register(svc->keycodes());
+                }
+                keychords.Start(&epoll, HandleKeychord);
+                return {};
+            },
+            "KeychordInit");
     am.QueueBuiltinAction(console_init_action, "console_init");
 
     // Trigger all the boot actions to get us started.
diff --git a/init/init.h b/init/init.h
index a76da20..90ead0e 100644
--- a/init/init.h
+++ b/init/init.h
@@ -40,7 +40,7 @@
 Parser CreateParser(ActionManager& action_manager, ServiceList& service_list);
 Parser CreateServiceOnlyParser(ServiceList& service_list);
 
-void HandleControlMessage(const std::string& msg, const std::string& arg, pid_t pid);
+bool HandleControlMessage(const std::string& msg, const std::string& arg, pid_t pid);
 
 void property_changed(const std::string& name, const std::string& value);
 
diff --git a/init/init_test.cpp b/init/init_test.cpp
index c2f0c41..18c2b38 100644
--- a/init/init_test.cpp
+++ b/init/init_test.cpp
@@ -180,7 +180,7 @@
     auto execute_command = [&num_executed](const BuiltinArguments& args) {
         EXPECT_EQ(2U, args.size());
         EXPECT_EQ(++num_executed, std::stoi(args[1]));
-        return Success();
+        return Result<void>{};
     };
 
     TestFunctionMap test_function_map;
diff --git a/init/keychords.cpp b/init/keychords.cpp
index f5ac44f..d0ca3e7 100644
--- a/init/keychords.cpp
+++ b/init/keychords.cpp
@@ -41,7 +41,7 @@
 
 Keychords::~Keychords() noexcept {
     if (inotify_fd_ >= 0) {
-        epoll_->UnregisterHandler(inotify_fd_).IgnoreError();
+        epoll_->UnregisterHandler(inotify_fd_);
         ::close(inotify_fd_);
     }
     while (!registration_.empty()) GeteventCloseDevice(registration_.begin()->first);
@@ -212,7 +212,7 @@
     auto it = registration_.find(device);
     if (it == registration_.end()) return;
     auto fd = (*it).second;
-    epoll_->UnregisterHandler(fd).IgnoreError();
+    epoll_->UnregisterHandler(fd);
     registration_.erase(it);
     ::close(fd);
 }
diff --git a/init/keychords_test.cpp b/init/keychords_test.cpp
index e5a6fd3..a3baeb1 100644
--- a/init/keychords_test.cpp
+++ b/init/keychords_test.cpp
@@ -213,7 +213,7 @@
 }
 
 void TestFrame::RelaxForMs(std::chrono::milliseconds wait) {
-    epoll_.Wait(wait).IgnoreError();
+    epoll_.Wait(wait);
 }
 
 void TestFrame::SetChord(int key, bool value) {
diff --git a/init/modalias_handler.cpp b/init/modalias_handler.cpp
index c61c210..a511156 100644
--- a/init/modalias_handler.cpp
+++ b/init/modalias_handler.cpp
@@ -33,7 +33,7 @@
 namespace android {
 namespace init {
 
-Result<Success> ModaliasHandler::ParseDepCallback(std::vector<std::string>&& args) {
+Result<void> ModaliasHandler::ParseDepCallback(std::vector<std::string>&& args) {
     std::vector<std::string> deps;
 
     // Set first item as our modules path
@@ -58,10 +58,10 @@
     std::replace(mod_name.begin(), mod_name.end(), '-', '_');
     this->module_deps_[mod_name] = deps;
 
-    return Success();
+    return {};
 }
 
-Result<Success> ModaliasHandler::ParseAliasCallback(std::vector<std::string>&& args) {
+Result<void> ModaliasHandler::ParseAliasCallback(std::vector<std::string>&& args) {
     auto it = args.begin();
     const std::string& type = *it++;
 
@@ -77,7 +77,7 @@
     std::string& module_name = *it++;
     this->module_aliases_.emplace_back(alias, module_name);
 
-    return Success();
+    return {};
 }
 
 ModaliasHandler::ModaliasHandler() {
@@ -100,7 +100,7 @@
     for (const auto& base_path : base_paths) dep_parser.ParseConfig(base_path + "modules.dep");
 }
 
-Result<Success> ModaliasHandler::Insmod(const std::string& path_name, const std::string& args) {
+Result<void> ModaliasHandler::Insmod(const std::string& path_name, const std::string& args) {
     base::unique_fd fd(
             TEMP_FAILURE_RETRY(open(path_name.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC)));
     if (fd == -1) return ErrnoError() << "Could not open module '" << path_name << "'";
@@ -109,17 +109,17 @@
     if (ret != 0) {
         if (errno == EEXIST) {
             // Module already loaded
-            return Success();
+            return {};
         }
         return ErrnoError() << "Failed to insmod '" << path_name << "' with args '" << args << "'";
     }
 
     LOG(INFO) << "Loaded kernel module " << path_name;
-    return Success();
+    return {};
 }
 
-Result<Success> ModaliasHandler::InsmodWithDeps(const std::string& module_name,
-                                                const std::string& args) {
+Result<void> ModaliasHandler::InsmodWithDeps(const std::string& module_name,
+                                             const std::string& args) {
     if (module_name.empty()) {
         return Error() << "Need valid module name";
     }
diff --git a/init/modalias_handler.h b/init/modalias_handler.h
index 3247c86..7d0afde 100644
--- a/init/modalias_handler.h
+++ b/init/modalias_handler.h
@@ -35,11 +35,11 @@
     void HandleUevent(const Uevent& uevent) override;
 
   private:
-    Result<Success> InsmodWithDeps(const std::string& module_name, const std::string& args);
-    Result<Success> Insmod(const std::string& path_name, const std::string& args);
+    Result<void> InsmodWithDeps(const std::string& module_name, const std::string& args);
+    Result<void> Insmod(const std::string& path_name, const std::string& args);
 
-    Result<Success> ParseDepCallback(std::vector<std::string>&& args);
-    Result<Success> ParseAliasCallback(std::vector<std::string>&& args);
+    Result<void> ParseDepCallback(std::vector<std::string>&& args);
+    Result<void> ParseAliasCallback(std::vector<std::string>&& args);
 
     std::vector<std::pair<std::string, std::string>> module_aliases_;
     std::unordered_map<std::string, std::vector<std::string>> module_deps_;
diff --git a/init/mount_handler.cpp b/init/mount_handler.cpp
index c8f0e76..b0b63c5 100644
--- a/init/mount_handler.cpp
+++ b/init/mount_handler.cpp
@@ -121,7 +121,7 @@
 }
 
 MountHandler::~MountHandler() {
-    if (fp_) epoll_->UnregisterHandler(fileno(fp_.get())).IgnoreError();
+    if (fp_) epoll_->UnregisterHandler(fileno(fp_.get()));
 }
 
 void MountHandler::MountHandlerFunction() {
diff --git a/init/mount_namespace.cpp b/init/mount_namespace.cpp
index 5305dc7..12144c1 100644
--- a/init/mount_namespace.cpp
+++ b/init/mount_namespace.cpp
@@ -79,6 +79,38 @@
     return updatable;
 }
 
+static bool ActivateFlattenedApexesIfPossible() {
+    if (IsRecoveryMode() || IsApexUpdatable()) {
+        return true;
+    }
+
+    constexpr const char kSystemApex[] = "/system/apex";
+    constexpr const char kApexTop[] = "/apex";
+    if (mount(kSystemApex, kApexTop, nullptr, MS_BIND, nullptr) != 0) {
+        PLOG(ERROR) << "Could not bind mount " << kSystemApex << " to " << kApexTop;
+        return false;
+    }
+
+    // Special casing for the runtime APEX
+    constexpr const char kRuntimeApexMountPath[] = "/system/apex/com.android.runtime";
+    static const std::vector<std::string> kRuntimeApexDirNames = {"com.android.runtime.release",
+                                                                  "com.android.runtime.debug"};
+    bool success = false;
+    for (const auto& name : kRuntimeApexDirNames) {
+        std::string path = std::string(kSystemApex) + "/" + name;
+        if (access(path.c_str(), F_OK) == 0) {
+            if (mount(path.c_str(), kRuntimeApexMountPath, nullptr, MS_BIND, nullptr) == 0) {
+                success = true;
+                break;
+            }
+        }
+    }
+    if (!success) {
+        PLOG(ERROR) << "Failed to bind mount the runtime APEX to " << kRuntimeApexMountPath;
+    }
+    return success;
+}
+
 static android::base::unique_fd bootstrap_ns_fd;
 static android::base::unique_fd default_ns_fd;
 
@@ -129,6 +161,8 @@
         default_ns_id = GetMountNamespaceId();
     }
 
+    success &= ActivateFlattenedApexesIfPossible();
+
     LOG(INFO) << "SetupMountNamespaces done";
     return success;
 }
diff --git a/init/parser.h b/init/parser.h
index f30bda7..95b0cd7 100644
--- a/init/parser.h
+++ b/init/parser.h
@@ -27,7 +27,7 @@
 //  SectionParser is an interface that can parse a given 'section' in init.
 //
 //  You can implement up to 4 functions below, with ParseSection being mandatory. The first two
-//  functions return Result<Success> indicating if they have an error. It will be reported along
+//  functions return Result<void> indicating if they have an error. It will be reported along
 //  with the filename and line number of where the error occurred.
 //
 //  1) ParseSection
@@ -51,10 +51,10 @@
 class SectionParser {
   public:
     virtual ~SectionParser() {}
-    virtual Result<Success> ParseSection(std::vector<std::string>&& args,
-                                         const std::string& filename, int line) = 0;
-    virtual Result<Success> ParseLineSection(std::vector<std::string>&&, int) { return Success(); };
-    virtual Result<Success> EndSection() { return Success(); };
+    virtual Result<void> ParseSection(std::vector<std::string>&& args, const std::string& filename,
+                                      int line) = 0;
+    virtual Result<void> ParseLineSection(std::vector<std::string>&&, int) { return {}; };
+    virtual Result<void> EndSection() { return {}; };
     virtual void EndFile(){};
 };
 
@@ -67,7 +67,7 @@
     //  Similar to ParseSection() and ParseLineSection(), this function returns bool with false
     //  indicating a failure and has an std::string* err parameter into which an error string can
     //  be written.
-    using LineCallback = std::function<Result<Success>(std::vector<std::string>&&)>;
+    using LineCallback = std::function<Result<void>(std::vector<std::string>&&)>;
 
     Parser();
 
diff --git a/init/persistent_properties.cpp b/init/persistent_properties.cpp
index 21adce9..73787b9 100644
--- a/init/persistent_properties.cpp
+++ b/init/persistent_properties.cpp
@@ -169,7 +169,7 @@
     return Error() << "Unable to parse persistent property file: Could not parse protobuf";
 }
 
-Result<Success> WritePersistentPropertyFile(const PersistentProperties& persistent_properties) {
+Result<void> WritePersistentPropertyFile(const PersistentProperties& persistent_properties) {
     const std::string temp_filename = persistent_property_filename + ".tmp";
     unique_fd fd(TEMP_FAILURE_RETRY(
         open(temp_filename.c_str(), O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC | O_CLOEXEC, 0600)));
@@ -191,7 +191,7 @@
         unlink(temp_filename.c_str());
         return Error(saved_errno) << "Unable to rename persistent property file";
     }
-    return Success();
+    return {};
 }
 
 // Persistent properties are not written often, so we rather not keep any data in memory and read
diff --git a/init/persistent_properties.h b/init/persistent_properties.h
index 5f4df85..3845a0d 100644
--- a/init/persistent_properties.h
+++ b/init/persistent_properties.h
@@ -30,7 +30,7 @@
 
 // Exposed only for testing
 Result<PersistentProperties> LoadPersistentPropertyFile();
-Result<Success> WritePersistentPropertyFile(const PersistentProperties& persistent_properties);
+Result<void> WritePersistentPropertyFile(const PersistentProperties& persistent_properties);
 extern std::string persistent_property_filename;
 
 }  // namespace init
diff --git a/init/property_service.cpp b/init/property_service.cpp
index a1e9551..ab5dd61 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -473,8 +473,9 @@
     }
 
     if (StartsWith(name, "ctl.")) {
-        HandleControlMessage(name.c_str() + 4, value, cr.pid);
-        return PROP_SUCCESS;
+        return HandleControlMessage(name.c_str() + 4, value, cr.pid)
+                       ? PROP_SUCCESS
+                       : PROP_ERROR_HANDLE_CONTROL_MESSAGE;
     }
 
     // sys.powerctl is a special property that is used to make the device reboot.  We want to log
@@ -885,8 +886,12 @@
     load_properties_from_file("/system/build.prop", nullptr, &properties);
     load_properties_from_file("/vendor/default.prop", nullptr, &properties);
     load_properties_from_file("/vendor/build.prop", nullptr, &properties);
-    load_properties_from_file("/odm/default.prop", nullptr, &properties);
-    load_properties_from_file("/odm/build.prop", nullptr, &properties);
+    if (SelinuxGetVendorAndroidVersion() >= __ANDROID_API_Q__) {
+        load_properties_from_file("/odm/etc/build.prop", nullptr, &properties);
+    } else {
+        load_properties_from_file("/odm/default.prop", nullptr, &properties);
+        load_properties_from_file("/odm/build.prop", nullptr, &properties);
+    }
     load_properties_from_file("/product/build.prop", nullptr, &properties);
     load_properties_from_file("/product_services/build.prop", nullptr, &properties);
     load_properties_from_file("/factory/factory.prop", "ro.*", &properties);
diff --git a/init/reboot.cpp b/init/reboot.cpp
index 0966b6c..fbc03c2 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -527,13 +527,13 @@
 
             // start all animation classes if stopped.
             if (do_shutdown_animation) {
-                service->Start().IgnoreError();
+                service->Start();
             }
             service->SetShutdownCritical();  // will not check animation class separately
         }
 
         if (do_shutdown_animation) {
-            bootAnim->Start().IgnoreError();
+            bootAnim->Start();
             surfaceFlinger->SetShutdownCritical();
             bootAnim->SetShutdownCritical();
         }
@@ -707,7 +707,7 @@
     // Queue built-in shutdown_done
     auto shutdown_handler = [cmd, command, reboot_target, run_fsck](const BuiltinArguments&) {
         DoReboot(cmd, command, reboot_target, run_fsck);
-        return Success();
+        return Result<void>{};
     };
     ActionManager::GetInstance().QueueBuiltinAction(shutdown_handler, "shutdown_done");
 
diff --git a/init/reboot_utils.cpp b/init/reboot_utils.cpp
index 9610304..d1a712f 100644
--- a/init/reboot_utils.cpp
+++ b/init/reboot_utils.cpp
@@ -19,14 +19,40 @@
 #include <sys/syscall.h>
 #include <unistd.h>
 
-#include <android-base/logging.h>
-#include <cutils/android_reboot.h>
+#include <string>
+
+#include "android-base/file.h"
+#include "android-base/logging.h"
+#include "android-base/strings.h"
+#include "backtrace/Backtrace.h"
+#include "cutils/android_reboot.h"
 
 #include "capabilities.h"
 
 namespace android {
 namespace init {
 
+static std::string init_fatal_reboot_target = "bootloader";
+
+void SetFatalRebootTarget() {
+    std::string cmdline;
+    android::base::ReadFileToString("/proc/cmdline", &cmdline);
+    cmdline = android::base::Trim(cmdline);
+
+    const char kRebootTargetString[] = "androidboot.init_fatal_reboot_target=";
+    auto start_pos = cmdline.find(kRebootTargetString);
+    if (start_pos == std::string::npos) {
+        return;  // We already default to bootloader if no setting is provided.
+    }
+    start_pos += sizeof(kRebootTargetString) - 1;
+
+    auto end_pos = cmdline.find(' ', start_pos);
+    // if end_pos isn't found, then we've run off the end, but this is okay as this is the last
+    // entry, and -1 is a valid size for string::substr();
+    auto size = end_pos == std::string::npos ? -1 : end_pos - start_pos;
+    init_fatal_reboot_target = cmdline.substr(start_pos, size);
+}
+
 bool IsRebootCapable() {
     if (!CAP_IS_SUPPORTED(CAP_SYS_BOOT)) {
         PLOG(WARNING) << "CAP_SYS_BOOT is not supported";
@@ -75,6 +101,32 @@
     abort();
 }
 
+void __attribute__((noreturn)) InitFatalReboot() {
+    auto pid = fork();
+
+    if (pid == -1) {
+        // Couldn't fork, don't even try to backtrace, just reboot.
+        RebootSystem(ANDROID_RB_RESTART2, init_fatal_reboot_target);
+    } else if (pid == 0) {
+        // Fork a child for safety, since we always want to shut down if something goes wrong, but
+        // its worth trying to get the backtrace, even in the signal handler, since typically it
+        // does work despite not being async-signal-safe.
+        sleep(5);
+        RebootSystem(ANDROID_RB_RESTART2, init_fatal_reboot_target);
+    }
+
+    // In the parent, let's try to get a backtrace then shutdown.
+    std::unique_ptr<Backtrace> backtrace(
+            Backtrace::Create(BACKTRACE_CURRENT_PROCESS, BACKTRACE_CURRENT_THREAD));
+    if (!backtrace->Unwind(0)) {
+        LOG(ERROR) << __FUNCTION__ << ": Failed to unwind callstack.";
+    }
+    for (size_t i = 0; i < backtrace->NumFrames(); i++) {
+        LOG(ERROR) << backtrace->FormatFrameData(i);
+    }
+    RebootSystem(ANDROID_RB_RESTART2, init_fatal_reboot_target);
+}
+
 void InstallRebootSignalHandlers() {
     // Instead of panic'ing the kernel as is the default behavior when init crashes,
     // we prefer to reboot to bootloader on development builds, as this will prevent
@@ -94,7 +146,7 @@
         // RebootSystem uses syscall() which isn't actually async-signal-safe, but our only option
         // and probably good enough given this is already an error case and only enabled for
         // development builds.
-        RebootSystem(ANDROID_RB_RESTART2, "bootloader");
+        InitFatalReboot();
     };
     action.sa_flags = SA_RESTART;
     sigaction(SIGABRT, &action, nullptr);
diff --git a/init/reboot_utils.h b/init/reboot_utils.h
index 073a16a..3fd969e 100644
--- a/init/reboot_utils.h
+++ b/init/reboot_utils.h
@@ -21,11 +21,13 @@
 namespace android {
 namespace init {
 
+void SetFatalRebootTarget();
 // Determines whether the system is capable of rebooting. This is conservative,
 // so if any of the attempts to determine this fail, it will still return true.
 bool IsRebootCapable();
 // This is a wrapper around the actual reboot calls.
 void __attribute__((noreturn)) RebootSystem(unsigned int cmd, const std::string& reboot_target);
+void __attribute__((noreturn)) InitFatalReboot();
 void InstallRebootSignalHandlers();
 
 }  // namespace init
diff --git a/init/result.h b/init/result.h
index 0e3fd3d..8c1f91e 100644
--- a/init/result.h
+++ b/init/result.h
@@ -14,200 +14,14 @@
  * limitations under the License.
  */
 
-// This file contains classes for returning a successful result along with an optional
-// arbitrarily typed return value or for returning a failure result along with an optional string
-// indicating why the function failed.
+#pragma once
 
-// There are 3 classes that implement this functionality and one additional helper type.
-//
-// Result<T> either contains a member of type T that can be accessed using similar semantics as
-// std::optional<T> or it contains a ResultError describing an error, which can be accessed via
-// Result<T>::error().
-//
-// ResultError is a type that contains both a std::string describing the error and a copy of errno
-// from when the error occurred.  ResultError can be used in an ostream directly to print its
-// string value.
-//
-// Success is a typedef that aids in creating Result<T> that do not contain a return value.
-// Result<Success> is the correct return type for a function that either returns successfully or
-// returns an error value.  Returning Success() from a function that returns Result<Success> is the
-// correct way to indicate that a function without a return type has completed successfully.
-//
-// A successful Result<T> is constructed implicitly from any type that can be implicitly converted
-// to T or from the constructor arguments for T.  This allows you to return a type T directly from
-// a function that returns Result<T>.
-//
-// Error and ErrnoError are used to construct a Result<T> that has failed.  The Error class takes
-// an ostream as an input and are implicitly cast to a Result<T> containing that failure.
-// ErrnoError() is a helper function to create an Error class that appends ": " + strerror(errno)
-// to the end of the failure string to aid in interacting with C APIs.  Alternatively, an errno
-// value can be directly specified via the Error() constructor.
-//
-// ResultError can be used in the ostream when using Error to construct a Result<T>.  In this case,
-// the string that the ResultError takes is passed through the stream normally, but the errno is
-// passed to the Result<T>.  This can be used to pass errno from a failing C function up multiple
-// callers.
-//
-// ResultError can also directly construct a Result<T>.  This is particularly useful if you have a
-// function that return Result<T> but you have a Result<U> and want to return its error.  In this
-// case, you can return the .error() from the Result<U> to construct the Result<T>.
+// The implementation of this file has moved to android-base.  This file remains since historically,
+// these classes were a part of init.
 
-// An example of how to use these is below:
-// Result<U> CalculateResult(const T& input) {
-//   U output;
-//   if (!SomeOtherCppFunction(input, &output)) {
-//     return Error() << "SomeOtherCppFunction(" << input << ") failed";
-//   }
-//   if (!c_api_function(output)) {
-//     return ErrnoError() << "c_api_function(" << output << ") failed";
-//   }
-//   return output;
-// }
-//
-// auto output = CalculateResult(input);
-// if (!output) return Error() << "CalculateResult failed: " << output.error();
-// UseOutput(*output);
+#include <android-base/result.h>
 
-#ifndef _INIT_RESULT_H
-#define _INIT_RESULT_H
-
-#include <errno.h>
-
-#include <sstream>
-#include <string>
-#include <variant>
-
-namespace android {
-namespace init {
-
-struct ResultError {
-    template <typename T>
-    ResultError(T&& error_string, int error_errno)
-        : error_string(std::forward<T>(error_string)), error_errno(error_errno) {}
-
-    std::string error_string;
-    int error_errno;
-};
-
-inline std::ostream& operator<<(std::ostream& os, const ResultError& t) {
-    os << t.error_string;
-    return os;
-}
-
-inline std::ostream& operator<<(std::ostream& os, ResultError&& t) {
-    os << std::move(t.error_string);
-    return os;
-}
-
-class Error {
-  public:
-    Error() : errno_(0), append_errno_(false) {}
-    Error(int errno_to_append) : errno_(errno_to_append), append_errno_(true) {}
-
-    template <typename T>
-    Error&& operator<<(T&& t) {
-        ss_ << std::forward<T>(t);
-        return std::move(*this);
-    }
-
-    Error&& operator<<(const ResultError& result_error) {
-        ss_ << result_error.error_string;
-        errno_ = result_error.error_errno;
-        return std::move(*this);
-    }
-
-    Error&& operator<<(ResultError&& result_error) {
-        ss_ << std::move(result_error.error_string);
-        errno_ = result_error.error_errno;
-        return std::move(*this);
-    }
-
-    const std::string str() const {
-        std::string str = ss_.str();
-        if (append_errno_) {
-            if (str.empty()) {
-                return strerror(errno_);
-            }
-            return str + ": " + strerror(errno_);
-        }
-        return str;
-    }
-
-    int get_errno() const { return errno_; }
-
-    Error(const Error&) = delete;
-    Error(Error&&) = delete;
-    Error& operator=(const Error&) = delete;
-    Error& operator=(Error&&) = delete;
-
-  private:
-    std::stringstream ss_;
-    int errno_;
-    bool append_errno_;
-};
-
-inline Error ErrnoError() {
-    return Error(errno);
-}
-
-template <typename T>
-class [[nodiscard]] Result {
-  public:
-    Result() {}
-
-    template <typename U, typename... V,
-              typename = std::enable_if_t<!(std::is_same_v<std::decay_t<U>, Result<T>> &&
-                                            sizeof...(V) == 0)>>
-    Result(U&& result, V&&... results)
-        : contents_(std::in_place_index_t<0>(), std::forward<U>(result),
-                    std::forward<V>(results)...) {}
-
-    Result(Error&& error) : contents_(std::in_place_index_t<1>(), error.str(), error.get_errno()) {}
-    Result(const ResultError& result_error)
-        : contents_(std::in_place_index_t<1>(), result_error.error_string,
-                    result_error.error_errno) {}
-    Result(ResultError&& result_error)
-        : contents_(std::in_place_index_t<1>(), std::move(result_error.error_string),
-                    result_error.error_errno) {}
-
-    void IgnoreError() const {}
-
-    bool has_value() const { return contents_.index() == 0; }
-
-    T& value() & { return std::get<0>(contents_); }
-    const T& value() const & { return std::get<0>(contents_); }
-    T&& value() && { return std::get<0>(std::move(contents_)); }
-    const T&& value() const && { return std::get<0>(std::move(contents_)); }
-
-    const ResultError& error() const & { return std::get<1>(contents_); }
-    ResultError&& error() && { return std::get<1>(std::move(contents_)); }
-    const ResultError&& error() const && { return std::get<1>(std::move(contents_)); }
-
-    const std::string& error_string() const & { return std::get<1>(contents_).error_string; }
-    std::string&& error_string() && { return std::get<1>(std::move(contents_)).error_string; }
-    const std::string&& error_string() const && {
-        return std::get<1>(std::move(contents_)).error_string;
-    }
-
-    int error_errno() const { return std::get<1>(contents_).error_errno; }
-
-    explicit operator bool() const { return has_value(); }
-
-    T& operator*() & { return value(); }
-    const T& operator*() const & { return value(); }
-    T&& operator*() && { return std::move(value()); }
-    const T&& operator*() const && { return std::move(value()); }
-
-    T* operator->() { return &value(); }
-    const T* operator->() const { return &value(); }
-
-  private:
-    std::variant<T, ResultError> contents_;
-};
-
-using Success = std::monostate;
-
-}  // namespace init
-}  // namespace android
-
-#endif
+using android::base::ErrnoError;
+using android::base::Error;
+using android::base::Result;
+using android::base::ResultError;
diff --git a/init/result_test.cpp b/init/result_test.cpp
deleted file mode 100644
index 327b444..0000000
--- a/init/result_test.cpp
+++ /dev/null
@@ -1,333 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "result.h"
-
-#include "errno.h"
-
-#include <string>
-
-#include <gtest/gtest.h>
-
-using namespace std::string_literals;
-
-namespace android {
-namespace init {
-
-TEST(result, result_accessors) {
-    Result<std::string> result = "success";
-    ASSERT_TRUE(result);
-    ASSERT_TRUE(result.has_value());
-
-    EXPECT_EQ("success", *result);
-    EXPECT_EQ("success", result.value());
-
-    EXPECT_EQ('s', result->data()[0]);
-}
-
-TEST(result, result_accessors_rvalue) {
-    ASSERT_TRUE(Result<std::string>("success"));
-    ASSERT_TRUE(Result<std::string>("success").has_value());
-
-    EXPECT_EQ("success", *Result<std::string>("success"));
-    EXPECT_EQ("success", Result<std::string>("success").value());
-
-    EXPECT_EQ('s', Result<std::string>("success")->data()[0]);
-}
-
-TEST(result, result_success) {
-    Result<Success> result = Success();
-    ASSERT_TRUE(result);
-    ASSERT_TRUE(result.has_value());
-
-    EXPECT_EQ(Success(), *result);
-    EXPECT_EQ(Success(), result.value());
-}
-
-TEST(result, result_success_rvalue) {
-    // Success() doesn't actually create a Result<Success> object, but rather an object that can be
-    // implicitly constructed into a Result<Success> object.
-
-    auto MakeRvalueSuccessResult = []() -> Result<Success> { return Success(); };
-    ASSERT_TRUE(MakeRvalueSuccessResult());
-    ASSERT_TRUE(MakeRvalueSuccessResult().has_value());
-
-    EXPECT_EQ(Success(), *MakeRvalueSuccessResult());
-    EXPECT_EQ(Success(), MakeRvalueSuccessResult().value());
-}
-
-TEST(result, result_error) {
-    Result<Success> result = Error() << "failure" << 1;
-    ASSERT_FALSE(result);
-    ASSERT_FALSE(result.has_value());
-
-    EXPECT_EQ(0, result.error_errno());
-    EXPECT_EQ("failure1", result.error_string());
-}
-
-TEST(result, result_error_empty) {
-    Result<Success> result = Error();
-    ASSERT_FALSE(result);
-    ASSERT_FALSE(result.has_value());
-
-    EXPECT_EQ(0, result.error_errno());
-    EXPECT_EQ("", result.error_string());
-}
-
-TEST(result, result_error_rvalue) {
-    // Error() and ErrnoError() aren't actually used to create a Result<T> object.
-    // Under the hood, they are an intermediate class that can be implicitly constructed into a
-    // Result<T>.  This is needed both to create the ostream and because Error() itself, by
-    // definition will not know what the type, T, of the underlying Result<T> object that it would
-    // create is.
-
-    auto MakeRvalueErrorResult = []() -> Result<Success> { return Error() << "failure" << 1; };
-    ASSERT_FALSE(MakeRvalueErrorResult());
-    ASSERT_FALSE(MakeRvalueErrorResult().has_value());
-
-    EXPECT_EQ(0, MakeRvalueErrorResult().error_errno());
-    EXPECT_EQ("failure1", MakeRvalueErrorResult().error_string());
-}
-
-TEST(result, result_errno_error) {
-    constexpr int test_errno = 6;
-    errno = test_errno;
-    Result<Success> result = ErrnoError() << "failure" << 1;
-
-    ASSERT_FALSE(result);
-    ASSERT_FALSE(result.has_value());
-
-    EXPECT_EQ(test_errno, result.error_errno());
-    EXPECT_EQ("failure1: "s + strerror(test_errno), result.error_string());
-}
-
-TEST(result, result_errno_error_no_text) {
-    constexpr int test_errno = 6;
-    errno = test_errno;
-    Result<Success> result = ErrnoError();
-
-    ASSERT_FALSE(result);
-    ASSERT_FALSE(result.has_value());
-
-    EXPECT_EQ(test_errno, result.error_errno());
-    EXPECT_EQ(strerror(test_errno), result.error_string());
-}
-
-TEST(result, result_error_from_other_result) {
-    auto error_text = "test error"s;
-    Result<Success> result = Error() << error_text;
-
-    ASSERT_FALSE(result);
-    ASSERT_FALSE(result.has_value());
-
-    Result<std::string> result2 = result.error();
-
-    ASSERT_FALSE(result2);
-    ASSERT_FALSE(result2.has_value());
-
-    EXPECT_EQ(0, result.error_errno());
-    EXPECT_EQ(error_text, result.error_string());
-}
-
-TEST(result, result_error_through_ostream) {
-    auto error_text = "test error"s;
-    Result<Success> result = Error() << error_text;
-
-    ASSERT_FALSE(result);
-    ASSERT_FALSE(result.has_value());
-
-    Result<std::string> result2 = Error() << result.error();
-
-    ASSERT_FALSE(result2);
-    ASSERT_FALSE(result2.has_value());
-
-    EXPECT_EQ(0, result.error_errno());
-    EXPECT_EQ(error_text, result.error_string());
-}
-
-TEST(result, result_errno_error_through_ostream) {
-    auto error_text = "test error"s;
-    constexpr int test_errno = 6;
-    errno = 6;
-    Result<Success> result = ErrnoError() << error_text;
-
-    errno = 0;
-
-    ASSERT_FALSE(result);
-    ASSERT_FALSE(result.has_value());
-
-    Result<std::string> result2 = Error() << result.error();
-
-    ASSERT_FALSE(result2);
-    ASSERT_FALSE(result2.has_value());
-
-    EXPECT_EQ(test_errno, result.error_errno());
-    EXPECT_EQ(error_text + ": " + strerror(test_errno), result.error_string());
-}
-
-TEST(result, constructor_forwarding) {
-    auto result = Result<std::string>(5, 'a');
-
-    ASSERT_TRUE(result);
-    ASSERT_TRUE(result.has_value());
-
-    EXPECT_EQ("aaaaa", *result);
-}
-
-struct ConstructorTracker {
-    static size_t constructor_called;
-    static size_t copy_constructor_called;
-    static size_t move_constructor_called;
-    static size_t copy_assignment_called;
-    static size_t move_assignment_called;
-
-    template <typename T>
-    ConstructorTracker(T&& string) : string(string) {
-        ++constructor_called;
-    }
-
-    ConstructorTracker(const ConstructorTracker& ct) {
-        ++copy_constructor_called;
-        string = ct.string;
-    }
-    ConstructorTracker(ConstructorTracker&& ct) noexcept {
-        ++move_constructor_called;
-        string = std::move(ct.string);
-    }
-    ConstructorTracker& operator=(const ConstructorTracker& ct) {
-        ++copy_assignment_called;
-        string = ct.string;
-        return *this;
-    }
-    ConstructorTracker& operator=(ConstructorTracker&& ct) noexcept {
-        ++move_assignment_called;
-        string = std::move(ct.string);
-        return *this;
-    }
-
-    std::string string;
-};
-
-size_t ConstructorTracker::constructor_called = 0;
-size_t ConstructorTracker::copy_constructor_called = 0;
-size_t ConstructorTracker::move_constructor_called = 0;
-size_t ConstructorTracker::copy_assignment_called = 0;
-size_t ConstructorTracker::move_assignment_called = 0;
-
-Result<ConstructorTracker> ReturnConstructorTracker(const std::string& in) {
-    if (in.empty()) {
-        return "literal string";
-    }
-    if (in == "test2") {
-        return ConstructorTracker(in + in + "2");
-    }
-    ConstructorTracker result(in + " " + in);
-    return result;
-};
-
-TEST(result, no_copy_on_return) {
-    // If returning parameters that may be used to implicitly construct the type T of Result<T>,
-    // then those parameters are forwarded to the construction of Result<T>.
-
-    // If returning an prvalue or xvalue, it will be move constructed during the construction of
-    // Result<T>.
-
-    // This check ensures that that is the case, and particularly that no copy constructors
-    // are called.
-
-    auto result1 = ReturnConstructorTracker("");
-    ASSERT_TRUE(result1);
-    EXPECT_EQ("literal string", result1->string);
-    EXPECT_EQ(1U, ConstructorTracker::constructor_called);
-    EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
-    EXPECT_EQ(0U, ConstructorTracker::move_constructor_called);
-    EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
-    EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
-
-    auto result2 = ReturnConstructorTracker("test2");
-    ASSERT_TRUE(result2);
-    EXPECT_EQ("test2test22", result2->string);
-    EXPECT_EQ(2U, ConstructorTracker::constructor_called);
-    EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
-    EXPECT_EQ(1U, ConstructorTracker::move_constructor_called);
-    EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
-    EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
-
-    auto result3 = ReturnConstructorTracker("test3");
-    ASSERT_TRUE(result3);
-    EXPECT_EQ("test3 test3", result3->string);
-    EXPECT_EQ(3U, ConstructorTracker::constructor_called);
-    EXPECT_EQ(0U, ConstructorTracker::copy_constructor_called);
-    EXPECT_EQ(2U, ConstructorTracker::move_constructor_called);
-    EXPECT_EQ(0U, ConstructorTracker::copy_assignment_called);
-    EXPECT_EQ(0U, ConstructorTracker::move_assignment_called);
-}
-
-// Below two tests require that we do not hide the move constructor with our forwarding reference
-// constructor.  This is done with by disabling the forwarding reference constructor if its first
-// and only type is Result<T>.
-TEST(result, result_result_with_success) {
-    auto return_result_result_with_success = []() -> Result<Result<Success>> {
-        return Result<Success>();
-    };
-    auto result = return_result_result_with_success();
-    ASSERT_TRUE(result);
-    ASSERT_TRUE(*result);
-
-    auto inner_result = result.value();
-    ASSERT_TRUE(inner_result);
-}
-
-TEST(result, result_result_with_failure) {
-    auto return_result_result_with_error = []() -> Result<Result<Success>> {
-        return Result<Success>(ResultError("failure string", 6));
-    };
-    auto result = return_result_result_with_error();
-    ASSERT_TRUE(result);
-    ASSERT_FALSE(*result);
-    EXPECT_EQ("failure string", result->error_string());
-    EXPECT_EQ(6, result->error_errno());
-}
-
-// This test requires that we disable the forwarding reference constructor if Result<T> is the
-// *only* type that we are forwarding.  In otherwords, if we are forwarding Result<T>, int to
-// construct a Result<T>, then we still need the constructor.
-TEST(result, result_two_parameter_constructor_same_type) {
-    struct TestStruct {
-        TestStruct(int value) : value_(value) {}
-        TestStruct(Result<TestStruct> result, int value) : value_(result->value_ * value) {}
-        int value_;
-    };
-
-    auto return_test_struct = []() -> Result<TestStruct> { return {Result<TestStruct>(6), 6}; };
-
-    auto result = return_test_struct();
-    ASSERT_TRUE(result);
-    EXPECT_EQ(36, result->value_);
-}
-
-TEST(result, die_on_access_failed_result) {
-    Result<std::string> result = Error();
-    ASSERT_DEATH(*result, "");
-}
-
-TEST(result, die_on_get_error_succesful_result) {
-    Result<std::string> result = "success";
-    ASSERT_DEATH(result.error_string(), "");
-}
-
-}  // namespace init
-}  // namespace android
diff --git a/init/rlimit_parser.cpp b/init/rlimit_parser.cpp
index 1e0754a..476a46a 100644
--- a/init/rlimit_parser.cpp
+++ b/init/rlimit_parser.cpp
@@ -77,7 +77,7 @@
         return Error() << "Could not parse hard limit '" << args[3] << "'";
     }
 
-    return {resource, limit};
+    return std::pair{resource, limit};
 }
 
 }  // namespace init
diff --git a/init/rlimit_parser_test.cpp b/init/rlimit_parser_test.cpp
index 659ba8a..6a16d3b 100644
--- a/init/rlimit_parser_test.cpp
+++ b/init/rlimit_parser_test.cpp
@@ -43,8 +43,8 @@
     auto result = ParseRlimit(input);
 
     ASSERT_FALSE(result) << "input: " << input[1];
-    EXPECT_EQ(expected_result, result.error_string());
-    EXPECT_EQ(0, result.error_errno());
+    EXPECT_EQ(expected_result, result.error().message());
+    EXPECT_EQ(0, result.error().code());
 }
 
 TEST(rlimit, RlimitSuccess) {
diff --git a/init/security.cpp b/init/security.cpp
index a3494a2..5d87f3c 100644
--- a/init/security.cpp
+++ b/init/security.cpp
@@ -43,14 +43,14 @@
 // devices/configurations where these I/O operations are blocking for a long
 // time. We do not reboot or halt on failures, as this is a best-effort
 // attempt.
-Result<Success> MixHwrngIntoLinuxRngAction(const BuiltinArguments&) {
+Result<void> MixHwrngIntoLinuxRngAction(const BuiltinArguments&) {
     unique_fd hwrandom_fd(
         TEMP_FAILURE_RETRY(open("/dev/hw_random", O_RDONLY | O_NOFOLLOW | O_CLOEXEC)));
     if (hwrandom_fd == -1) {
         if (errno == ENOENT) {
             LOG(INFO) << "/dev/hw_random not found";
             // It's not an error to not have a Hardware RNG.
-            return Success();
+            return {};
         }
         return ErrnoError() << "Failed to open /dev/hw_random";
     }
@@ -80,7 +80,7 @@
     }
 
     LOG(INFO) << "Mixed " << total_bytes_written << " bytes from /dev/hw_random into /dev/urandom";
-    return Success();
+    return {};
 }
 
 static bool SetHighestAvailableOptionValue(std::string path, int min, int max) {
@@ -147,31 +147,31 @@
 // 9e08f57d684a x86: mm: support ARCH_MMAP_RND_BITS
 // ec9ee4acd97c drivers: char: random: add get_random_long()
 // 5ef11c35ce86 mm: ASLR: use get_random_long()
-Result<Success> SetMmapRndBitsAction(const BuiltinArguments&) {
+Result<void> SetMmapRndBitsAction(const BuiltinArguments&) {
 // values are arch-dependent
 #if defined(USER_MODE_LINUX)
     // uml does not support mmap_rnd_bits
-    return Success();
+    return {};
 #elif defined(__aarch64__)
     // arm64 supports 18 - 33 bits depending on pagesize and VA_SIZE
     if (SetMmapRndBitsMin(33, 24, false) && SetMmapRndBitsMin(16, 16, true)) {
-        return Success();
+        return {};
     }
 #elif defined(__x86_64__)
     // x86_64 supports 28 - 32 bits
     if (SetMmapRndBitsMin(32, 32, false) && SetMmapRndBitsMin(16, 16, true)) {
-        return Success();
+        return {};
     }
 #elif defined(__arm__) || defined(__i386__)
     // check to see if we're running on 64-bit kernel
     bool h64 = !access(MMAP_RND_COMPAT_PATH, F_OK);
     // supported 32-bit architecture must have 16 bits set
     if (SetMmapRndBitsMin(16, 16, h64)) {
-        return Success();
+        return {};
     }
 #elif defined(__mips__) || defined(__mips64__)
     // TODO: add mips support b/27788820
-    return Success();
+    return {};
 #else
     LOG(ERROR) << "Unknown architecture";
 #endif
@@ -187,14 +187,14 @@
 // Set kptr_restrict to the highest available level.
 //
 // Aborts if unable to set this to an acceptable value.
-Result<Success> SetKptrRestrictAction(const BuiltinArguments&) {
+Result<void> SetKptrRestrictAction(const BuiltinArguments&) {
     std::string path = KPTR_RESTRICT_PATH;
 
     if (!SetHighestAvailableOptionValue(path, KPTR_RESTRICT_MINVALUE, KPTR_RESTRICT_MAXVALUE)) {
         LOG(FATAL) << "Unable to set adequate kptr_restrict value!";
         return Error();
     }
-    return Success();
+    return {};
 }
 
 }  // namespace init
diff --git a/init/security.h b/init/security.h
index 6f6b944..b081a05 100644
--- a/init/security.h
+++ b/init/security.h
@@ -26,9 +26,9 @@
 namespace android {
 namespace init {
 
-Result<Success> MixHwrngIntoLinuxRngAction(const BuiltinArguments&);
-Result<Success> SetMmapRndBitsAction(const BuiltinArguments&);
-Result<Success> SetKptrRestrictAction(const BuiltinArguments&);
+Result<void> MixHwrngIntoLinuxRngAction(const BuiltinArguments&);
+Result<void> SetMmapRndBitsAction(const BuiltinArguments&);
+Result<void> SetKptrRestrictAction(const BuiltinArguments&);
 
 }  // namespace init
 }  // namespace android
diff --git a/init/selabel.cpp b/init/selabel.cpp
new file mode 100644
index 0000000..daeb832
--- /dev/null
+++ b/init/selabel.cpp
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "selabel.h"
+
+#include <selinux/android.h>
+
+namespace android {
+namespace init {
+
+namespace {
+
+selabel_handle* sehandle = nullptr;
+}
+
+// selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
+// its value.  selinux_android_restorecon() also needs an sehandle for file context look up.  It
+// will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
+// one, thus eliminating an extra call to selinux_android_file_context_handle().
+void SelabelInitialize() {
+    sehandle = selinux_android_file_context_handle();
+    selinux_android_set_sehandle(sehandle);
+}
+
+// A C++ wrapper around selabel_lookup() using the cached sehandle.
+// If sehandle is null, this returns success with an empty context.
+bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
+    result->clear();
+
+    if (!sehandle) return true;
+
+    char* context;
+    if (selabel_lookup(sehandle, &context, key.c_str(), type) != 0) {
+        return false;
+    }
+    *result = context;
+    free(context);
+    return true;
+}
+
+// A C++ wrapper around selabel_lookup_best_match() using the cached sehandle.
+// If sehandle is null, this returns success with an empty context.
+bool SelabelLookupFileContextBestMatch(const std::string& key,
+                                       const std::vector<std::string>& aliases, int type,
+                                       std::string* result) {
+    result->clear();
+
+    if (!sehandle) return true;
+
+    std::vector<const char*> c_aliases;
+    for (const auto& alias : aliases) {
+        c_aliases.emplace_back(alias.c_str());
+    }
+    c_aliases.emplace_back(nullptr);
+
+    char* context;
+    if (selabel_lookup_best_match(sehandle, &context, key.c_str(), &c_aliases[0], type) != 0) {
+        return false;
+    }
+    *result = context;
+    free(context);
+    return true;
+}
+
+}  // namespace init
+}  // namespace android
diff --git a/init/selabel.h b/init/selabel.h
new file mode 100644
index 0000000..5d590b2
--- /dev/null
+++ b/init/selabel.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <vector>
+
+namespace android {
+namespace init {
+
+void SelabelInitialize();
+bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
+bool SelabelLookupFileContextBestMatch(const std::string& key,
+                                       const std::vector<std::string>& aliases, int type,
+                                       std::string* result);
+
+}  // namespace init
+}  // namespace android
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 8a63363..54be086 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -60,7 +60,6 @@
 #include <android-base/logging.h>
 #include <android-base/parseint.h>
 #include <android-base/unique_fd.h>
-#include <cutils/android_reboot.h>
 #include <fs_avb/fs_avb.h>
 #include <selinux/android.h>
 
@@ -80,8 +79,6 @@
 
 namespace {
 
-selabel_handle* sehandle = nullptr;
-
 enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING };
 
 EnforcingStatus StatusFromCmdline() {
@@ -522,9 +519,7 @@
 
 // This function initializes SELinux then execs init to run in the init SELinux context.
 int SetupSelinux(char** argv) {
-    android::base::InitLogging(argv, &android::base::KernelLogger, [](const char*) {
-        RebootSystem(ANDROID_RB_RESTART2, "bootloader");
-    });
+    InitKernelLogging(argv);
 
     if (REBOOT_BOOTLOADER_ON_PANIC) {
         InstallRebootSignalHandlers();
@@ -557,54 +552,5 @@
     return 1;
 }
 
-// selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
-// its value.  selinux_android_restorecon() also needs an sehandle for file context look up.  It
-// will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
-// one, thus eliminating an extra call to selinux_android_file_context_handle().
-void SelabelInitialize() {
-    sehandle = selinux_android_file_context_handle();
-    selinux_android_set_sehandle(sehandle);
-}
-
-// A C++ wrapper around selabel_lookup() using the cached sehandle.
-// If sehandle is null, this returns success with an empty context.
-bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
-    result->clear();
-
-    if (!sehandle) return true;
-
-    char* context;
-    if (selabel_lookup(sehandle, &context, key.c_str(), type) != 0) {
-        return false;
-    }
-    *result = context;
-    free(context);
-    return true;
-}
-
-// A C++ wrapper around selabel_lookup_best_match() using the cached sehandle.
-// If sehandle is null, this returns success with an empty context.
-bool SelabelLookupFileContextBestMatch(const std::string& key,
-                                       const std::vector<std::string>& aliases, int type,
-                                       std::string* result) {
-    result->clear();
-
-    if (!sehandle) return true;
-
-    std::vector<const char*> c_aliases;
-    for (const auto& alias : aliases) {
-        c_aliases.emplace_back(alias.c_str());
-    }
-    c_aliases.emplace_back(nullptr);
-
-    char* context;
-    if (selabel_lookup_best_match(sehandle, &context, key.c_str(), &c_aliases[0], type) != 0) {
-        return false;
-    }
-    *result = context;
-    free(context);
-    return true;
-}
-
 }  // namespace init
 }  // namespace android
diff --git a/init/selinux.h b/init/selinux.h
index c7d6647..63ad470 100644
--- a/init/selinux.h
+++ b/init/selinux.h
@@ -14,11 +14,7 @@
  * limitations under the License.
  */
 
-#ifndef _INIT_SELINUX_H
-#define _INIT_SELINUX_H
-
-#include <string>
-#include <vector>
+#pragma once
 
 namespace android {
 namespace init {
@@ -29,15 +25,7 @@
 void SelinuxSetupKernelLogging();
 int SelinuxGetVendorAndroidVersion();
 
-void SelabelInitialize();
-bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
-bool SelabelLookupFileContextBestMatch(const std::string& key,
-                                       const std::vector<std::string>& aliases, int type,
-                                       std::string* result);
-
 static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT";
 
 }  // namespace init
 }  // namespace android
-
-#endif
diff --git a/init/service.cpp b/init/service.cpp
index ccc37b7..b6a7c33 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -21,12 +21,10 @@
 #include <linux/input.h>
 #include <linux/securebits.h>
 #include <sched.h>
-#include <sys/mount.h>
 #include <sys/prctl.h>
 #include <sys/resource.h>
 #include <sys/stat.h>
 #include <sys/time.h>
-#include <sys/wait.h>
 #include <termios.h>
 #include <unistd.h>
 
@@ -36,7 +34,6 @@
 #include <android-base/properties.h>
 #include <android-base/stringprintf.h>
 #include <android-base/strings.h>
-#include <android-base/unique_fd.h>
 #include <hidl-util/FQName.h>
 #include <processgroup/processgroup.h>
 #include <selinux/selinux.h>
@@ -46,6 +43,7 @@
 #include "util.h"
 
 #if defined(__ANDROID__)
+#include <ApexProperties.sysprop.h>
 #include <android/api-level.h>
 #include <sys/system_properties.h>
 
@@ -64,7 +62,6 @@
 using android::base::Split;
 using android::base::StartsWith;
 using android::base::StringPrintf;
-using android::base::unique_fd;
 using android::base::WriteStringToFile;
 
 namespace android {
@@ -106,87 +103,6 @@
     return computed_context;
 }
 
-Result<Success> Service::SetUpMountNamespace() const {
-    constexpr unsigned int kSafeFlags = MS_NODEV | MS_NOEXEC | MS_NOSUID;
-
-    // Recursively remount / as slave like zygote does so unmounting and mounting /proc
-    // doesn't interfere with the parent namespace's /proc mount. This will also
-    // prevent any other mounts/unmounts initiated by the service from interfering
-    // with the parent namespace but will still allow mount events from the parent
-    // namespace to propagate to the child.
-    if (mount("rootfs", "/", nullptr, (MS_SLAVE | MS_REC), nullptr) == -1) {
-        return ErrnoError() << "Could not remount(/) recursively as slave";
-    }
-
-    // umount() then mount() /proc and/or /sys
-    // Note that it is not sufficient to mount with MS_REMOUNT.
-    if (namespace_flags_ & CLONE_NEWPID) {
-        if (umount("/proc") == -1) {
-            return ErrnoError() << "Could not umount(/proc)";
-        }
-        if (mount("", "/proc", "proc", kSafeFlags, "") == -1) {
-            return ErrnoError() << "Could not mount(/proc)";
-        }
-    }
-    bool remount_sys = std::any_of(namespaces_to_enter_.begin(), namespaces_to_enter_.end(),
-                                   [](const auto& entry) { return entry.first == CLONE_NEWNET; });
-    if (remount_sys) {
-        if (umount2("/sys", MNT_DETACH) == -1) {
-            return ErrnoError() << "Could not umount(/sys)";
-        }
-        if (mount("", "/sys", "sysfs", kSafeFlags, "") == -1) {
-            return ErrnoError() << "Could not mount(/sys)";
-        }
-    }
-    return Success();
-}
-
-Result<Success> Service::SetUpPidNamespace() const {
-    if (prctl(PR_SET_NAME, name_.c_str()) == -1) {
-        return ErrnoError() << "Could not set name";
-    }
-
-    pid_t child_pid = fork();
-    if (child_pid == -1) {
-        return ErrnoError() << "Could not fork init inside the PID namespace";
-    }
-
-    if (child_pid > 0) {
-        // So that we exit with the right status.
-        static int init_exitstatus = 0;
-        signal(SIGTERM, [](int) { _exit(init_exitstatus); });
-
-        pid_t waited_pid;
-        int status;
-        while ((waited_pid = wait(&status)) > 0) {
-             // This loop will end when there are no processes left inside the
-             // PID namespace or when the init process inside the PID namespace
-             // gets a signal.
-            if (waited_pid == child_pid) {
-                init_exitstatus = status;
-            }
-        }
-        if (!WIFEXITED(init_exitstatus)) {
-            _exit(EXIT_FAILURE);
-        }
-        _exit(WEXITSTATUS(init_exitstatus));
-    }
-    return Success();
-}
-
-Result<Success> Service::EnterNamespaces() const {
-    for (const auto& [nstype, path] : namespaces_to_enter_) {
-        auto fd = unique_fd{open(path.c_str(), O_RDONLY | O_CLOEXEC)};
-        if (fd == -1) {
-            return ErrnoError() << "Could not open namespace at " << path;
-        }
-        if (setns(fd, nstype) == -1) {
-            return ErrnoError() << "Could not setns() namespace at " << path;
-        }
-    }
-    return Success();
-}
-
 static bool ExpandArgsAndExecv(const std::vector<std::string>& args, bool sigstop) {
     std::vector<std::string> expanded_args;
     std::vector<char*> c_strings;
@@ -229,16 +145,16 @@
       flags_(flags),
       pid_(0),
       crash_count_(0),
-      uid_(uid),
-      gid_(gid),
-      supp_gids_(supp_gids),
-      namespace_flags_(namespace_flags),
+      proc_attr_{.ioprio_class = IoSchedClass_NONE,
+                 .ioprio_pri = 0,
+                 .uid = uid,
+                 .gid = gid,
+                 .supp_gids = supp_gids,
+                 .priority = 0},
+      namespaces_{.flags = namespace_flags},
       seclabel_(seclabel),
       onrestart_(false, subcontext_for_restart_commands, "<Service '" + name + "' onrestart>", 0,
                  "onrestart", {}),
-      ioprio_class_(IoSchedClass_NONE),
-      ioprio_pri_(0),
-      priority_(0),
       oom_score_adjust_(-1000),
       start_order_(0),
       args_(args) {}
@@ -271,24 +187,18 @@
                   << ") process group...";
         int r;
         if (signal == SIGTERM) {
-            r = killProcessGroupOnce(uid_, pid_, signal);
+            r = killProcessGroupOnce(proc_attr_.uid, pid_, signal);
         } else {
-            r = killProcessGroup(uid_, pid_, signal);
+            r = killProcessGroup(proc_attr_.uid, pid_, signal);
         }
 
         if (r == 0) process_cgroup_empty_ = true;
     }
 }
 
-void Service::SetProcessAttributes() {
-    for (const auto& rlimit : rlimits_) {
-        if (setrlimit(rlimit.first, &rlimit.second) == -1) {
-            LOG(FATAL) << StringPrintf("setrlimit(%d, {rlim_cur=%ld, rlim_max=%ld}) failed",
-                                       rlimit.first, rlimit.second.rlim_cur, rlimit.second.rlim_max);
-        }
-    }
+void Service::SetProcessAttributesAndCaps() {
     // Keep capabilites on uid change.
-    if (capabilities_ && uid_) {
+    if (capabilities_ && proc_attr_.uid) {
         // If Android is running in a container, some securebits might already
         // be locked, so don't change those.
         unsigned long securebits = prctl(PR_GET_SECUREBITS);
@@ -301,37 +211,21 @@
         }
     }
 
-    // TODO: work out why this fails for `console` then upgrade to FATAL.
-    if (setpgid(0, getpid()) == -1) PLOG(ERROR) << "setpgid failed for " << name_;
+    if (auto result = SetProcessAttributes(proc_attr_); !result) {
+        LOG(FATAL) << "cannot set attribute for " << name_ << ": " << result.error();
+    }
 
-    if (gid_) {
-        if (setgid(gid_) != 0) {
-            PLOG(FATAL) << "setgid failed for " << name_;
-        }
-    }
-    if (setgroups(supp_gids_.size(), &supp_gids_[0]) != 0) {
-        PLOG(FATAL) << "setgroups failed for " << name_;
-    }
-    if (uid_) {
-        if (setuid(uid_) != 0) {
-            PLOG(FATAL) << "setuid failed for " << name_;
-        }
-    }
     if (!seclabel_.empty()) {
         if (setexeccon(seclabel_.c_str()) < 0) {
             PLOG(FATAL) << "cannot setexeccon('" << seclabel_ << "') for " << name_;
         }
     }
-    if (priority_ != 0) {
-        if (setpriority(PRIO_PROCESS, 0, priority_) != 0) {
-            PLOG(FATAL) << "setpriority failed for " << name_;
-        }
-    }
+
     if (capabilities_) {
         if (!SetCapsForExec(*capabilities_)) {
             LOG(FATAL) << "cannot set capabilities for " << name_;
         }
-    } else if (uid_) {
+    } else if (proc_attr_.uid) {
         // Inheritable caps can be non-zero when running in a container.
         if (!DropInheritableCaps()) {
             LOG(FATAL) << "cannot drop inheritable caps for " << name_;
@@ -372,10 +266,17 @@
         return;
     }
 
+#if defined(__ANDROID__)
+    static bool is_apex_updatable = android::sysprop::ApexProperties::updatable().value_or(false);
+#else
+    static bool is_apex_updatable = false;
+#endif
+    const bool is_process_updatable = !pre_apexd_ && is_apex_updatable;
+
     // If we crash > 4 times in 4 minutes or before boot_completed,
     // reboot into bootloader or set crashing property
     boot_clock::time_point now = boot_clock::now();
-    if (((flags_ & SVC_CRITICAL) || !pre_apexd_) && !(flags_ & SVC_RESTART)) {
+    if (((flags_ & SVC_CRITICAL) || is_process_updatable) && !(flags_ & SVC_RESTART)) {
         bool boot_completed = android::base::GetBoolProperty("sys.boot_completed", false);
         if (now < time_crashed_ + 4min || !boot_completed) {
             if (++crash_count_ > 4) {
@@ -414,7 +315,7 @@
                   [] (const auto& info) { LOG(INFO) << *info; });
 }
 
-Result<Success> Service::ParseCapabilities(std::vector<std::string>&& args) {
+Result<void> Service::ParseCapabilities(std::vector<std::string>&& args) {
     capabilities_ = 0;
 
     if (!CapAmbientSupported()) {
@@ -440,74 +341,74 @@
         }
         (*capabilities_)[cap] = true;
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseClass(std::vector<std::string>&& args) {
+Result<void> Service::ParseClass(std::vector<std::string>&& args) {
     classnames_ = std::set<std::string>(args.begin() + 1, args.end());
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseConsole(std::vector<std::string>&& args) {
+Result<void> Service::ParseConsole(std::vector<std::string>&& args) {
     flags_ |= SVC_CONSOLE;
-    console_ = args.size() > 1 ? "/dev/" + args[1] : "";
-    return Success();
+    proc_attr_.console = args.size() > 1 ? "/dev/" + args[1] : "";
+    return {};
 }
 
-Result<Success> Service::ParseCritical(std::vector<std::string>&& args) {
+Result<void> Service::ParseCritical(std::vector<std::string>&& args) {
     flags_ |= SVC_CRITICAL;
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseDisabled(std::vector<std::string>&& args) {
+Result<void> Service::ParseDisabled(std::vector<std::string>&& args) {
     flags_ |= SVC_DISABLED;
     flags_ |= SVC_RC_DISABLED;
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseEnterNamespace(std::vector<std::string>&& args) {
+Result<void> Service::ParseEnterNamespace(std::vector<std::string>&& args) {
     if (args[1] != "net") {
         return Error() << "Init only supports entering network namespaces";
     }
-    if (!namespaces_to_enter_.empty()) {
+    if (!namespaces_.namespaces_to_enter.empty()) {
         return Error() << "Only one network namespace may be entered";
     }
     // Network namespaces require that /sys is remounted, otherwise the old adapters will still be
     // present. Therefore, they also require mount namespaces.
-    namespace_flags_ |= CLONE_NEWNS;
-    namespaces_to_enter_.emplace_back(CLONE_NEWNET, std::move(args[2]));
-    return Success();
+    namespaces_.flags |= CLONE_NEWNS;
+    namespaces_.namespaces_to_enter.emplace_back(CLONE_NEWNET, std::move(args[2]));
+    return {};
 }
 
-Result<Success> Service::ParseGroup(std::vector<std::string>&& args) {
+Result<void> Service::ParseGroup(std::vector<std::string>&& args) {
     auto gid = DecodeUid(args[1]);
     if (!gid) {
         return Error() << "Unable to decode GID for '" << args[1] << "': " << gid.error();
     }
-    gid_ = *gid;
+    proc_attr_.gid = *gid;
 
     for (std::size_t n = 2; n < args.size(); n++) {
         gid = DecodeUid(args[n]);
         if (!gid) {
             return Error() << "Unable to decode GID for '" << args[n] << "': " << gid.error();
         }
-        supp_gids_.emplace_back(*gid);
+        proc_attr_.supp_gids.emplace_back(*gid);
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParsePriority(std::vector<std::string>&& args) {
-    priority_ = 0;
-    if (!ParseInt(args[1], &priority_,
-                  static_cast<int>(ANDROID_PRIORITY_HIGHEST), // highest is negative
+Result<void> Service::ParsePriority(std::vector<std::string>&& args) {
+    proc_attr_.priority = 0;
+    if (!ParseInt(args[1], &proc_attr_.priority,
+                  static_cast<int>(ANDROID_PRIORITY_HIGHEST),  // highest is negative
                   static_cast<int>(ANDROID_PRIORITY_LOWEST))) {
         return Error() << StringPrintf("process priority value must be range %d - %d",
                                        ANDROID_PRIORITY_HIGHEST, ANDROID_PRIORITY_LOWEST);
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseInterface(std::vector<std::string>&& args) {
+Result<void> Service::ParseInterface(std::vector<std::string>&& args) {
     const std::string& interface_name = args[1];
     const std::string& instance_name = args[2];
 
@@ -535,28 +436,28 @@
 
     interfaces_.insert(fullname);
 
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseIoprio(std::vector<std::string>&& args) {
-    if (!ParseInt(args[2], &ioprio_pri_, 0, 7)) {
+Result<void> Service::ParseIoprio(std::vector<std::string>&& args) {
+    if (!ParseInt(args[2], &proc_attr_.ioprio_pri, 0, 7)) {
         return Error() << "priority value must be range 0 - 7";
     }
 
     if (args[1] == "rt") {
-        ioprio_class_ = IoSchedClass_RT;
+        proc_attr_.ioprio_class = IoSchedClass_RT;
     } else if (args[1] == "be") {
-        ioprio_class_ = IoSchedClass_BE;
+        proc_attr_.ioprio_class = IoSchedClass_BE;
     } else if (args[1] == "idle") {
-        ioprio_class_ = IoSchedClass_IDLE;
+        proc_attr_.ioprio_class = IoSchedClass_IDLE;
     } else {
         return Error() << "ioprio option usage: ioprio <rt|be|idle> <0-7>";
     }
 
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseKeycodes(std::vector<std::string>&& args) {
+Result<void> Service::ParseKeycodes(std::vector<std::string>&& args) {
     auto it = args.begin() + 1;
     if (args.size() == 2 && StartsWith(args[1], "$")) {
         std::string expanded;
@@ -567,7 +468,7 @@
         // If the property is not set, it defaults to none, in which case there are no keycodes
         // for this service.
         if (expanded == "none") {
-            return Success();
+            return {};
         }
 
         args = Split(expanded, ",");
@@ -585,134 +486,134 @@
             return Error() << "invalid keycode: " << *it;
         }
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseOneshot(std::vector<std::string>&& args) {
+Result<void> Service::ParseOneshot(std::vector<std::string>&& args) {
     flags_ |= SVC_ONESHOT;
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseOnrestart(std::vector<std::string>&& args) {
+Result<void> Service::ParseOnrestart(std::vector<std::string>&& args) {
     args.erase(args.begin());
     int line = onrestart_.NumCommands() + 1;
     if (auto result = onrestart_.AddCommand(std::move(args), line); !result) {
         return Error() << "cannot add Onrestart command: " << result.error();
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseNamespace(std::vector<std::string>&& args) {
+Result<void> Service::ParseNamespace(std::vector<std::string>&& args) {
     for (size_t i = 1; i < args.size(); i++) {
         if (args[i] == "pid") {
-            namespace_flags_ |= CLONE_NEWPID;
+            namespaces_.flags |= CLONE_NEWPID;
             // PID namespaces require mount namespaces.
-            namespace_flags_ |= CLONE_NEWNS;
+            namespaces_.flags |= CLONE_NEWNS;
         } else if (args[i] == "mnt") {
-            namespace_flags_ |= CLONE_NEWNS;
+            namespaces_.flags |= CLONE_NEWNS;
         } else {
             return Error() << "namespace must be 'pid' or 'mnt'";
         }
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseOomScoreAdjust(std::vector<std::string>&& args) {
+Result<void> Service::ParseOomScoreAdjust(std::vector<std::string>&& args) {
     if (!ParseInt(args[1], &oom_score_adjust_, -1000, 1000)) {
         return Error() << "oom_score_adjust value must be in range -1000 - +1000";
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseOverride(std::vector<std::string>&& args) {
+Result<void> Service::ParseOverride(std::vector<std::string>&& args) {
     override_ = true;
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseMemcgSwappiness(std::vector<std::string>&& args) {
+Result<void> Service::ParseMemcgSwappiness(std::vector<std::string>&& args) {
     if (!ParseInt(args[1], &swappiness_, 0)) {
         return Error() << "swappiness value must be equal or greater than 0";
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseMemcgLimitInBytes(std::vector<std::string>&& args) {
+Result<void> Service::ParseMemcgLimitInBytes(std::vector<std::string>&& args) {
     if (!ParseInt(args[1], &limit_in_bytes_, 0)) {
         return Error() << "limit_in_bytes value must be equal or greater than 0";
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseMemcgLimitPercent(std::vector<std::string>&& args) {
+Result<void> Service::ParseMemcgLimitPercent(std::vector<std::string>&& args) {
     if (!ParseInt(args[1], &limit_percent_, 0)) {
         return Error() << "limit_percent value must be equal or greater than 0";
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseMemcgLimitProperty(std::vector<std::string>&& args) {
+Result<void> Service::ParseMemcgLimitProperty(std::vector<std::string>&& args) {
     limit_property_ = std::move(args[1]);
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseMemcgSoftLimitInBytes(std::vector<std::string>&& args) {
+Result<void> Service::ParseMemcgSoftLimitInBytes(std::vector<std::string>&& args) {
     if (!ParseInt(args[1], &soft_limit_in_bytes_, 0)) {
         return Error() << "soft_limit_in_bytes value must be equal or greater than 0";
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseProcessRlimit(std::vector<std::string>&& args) {
+Result<void> Service::ParseProcessRlimit(std::vector<std::string>&& args) {
     auto rlimit = ParseRlimit(args);
     if (!rlimit) return rlimit.error();
 
-    rlimits_.emplace_back(*rlimit);
-    return Success();
+    proc_attr_.rlimits.emplace_back(*rlimit);
+    return {};
 }
 
-Result<Success> Service::ParseRestartPeriod(std::vector<std::string>&& args) {
+Result<void> Service::ParseRestartPeriod(std::vector<std::string>&& args) {
     int period;
     if (!ParseInt(args[1], &period, 5)) {
         return Error() << "restart_period value must be an integer >= 5";
     }
     restart_period_ = std::chrono::seconds(period);
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseSeclabel(std::vector<std::string>&& args) {
+Result<void> Service::ParseSeclabel(std::vector<std::string>&& args) {
     seclabel_ = std::move(args[1]);
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseSigstop(std::vector<std::string>&& args) {
+Result<void> Service::ParseSigstop(std::vector<std::string>&& args) {
     sigstop_ = true;
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseSetenv(std::vector<std::string>&& args) {
+Result<void> Service::ParseSetenv(std::vector<std::string>&& args) {
     environment_vars_.emplace_back(std::move(args[1]), std::move(args[2]));
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseShutdown(std::vector<std::string>&& args) {
+Result<void> Service::ParseShutdown(std::vector<std::string>&& args) {
     if (args[1] == "critical") {
         flags_ |= SVC_SHUTDOWN_CRITICAL;
-        return Success();
+        return {};
     }
     return Error() << "Invalid shutdown option";
 }
 
-Result<Success> Service::ParseTimeoutPeriod(std::vector<std::string>&& args) {
+Result<void> Service::ParseTimeoutPeriod(std::vector<std::string>&& args) {
     int period;
     if (!ParseInt(args[1], &period, 1)) {
         return Error() << "timeout_period value must be an integer >= 1";
     }
     timeout_period_ = std::chrono::seconds(period);
-    return Success();
+    return {};
 }
 
 template <typename T>
-Result<Success> Service::AddDescriptor(std::vector<std::string>&& args) {
+Result<void> Service::AddDescriptor(std::vector<std::string>&& args) {
     int perm = args.size() > 3 ? std::strtoul(args[3].c_str(), 0, 8) : -1;
     Result<uid_t> uid = 0;
     Result<gid_t> gid = 0;
@@ -743,11 +644,11 @@
     }
 
     descriptors_.emplace_back(std::move(descriptor));
-    return Success();
+    return {};
 }
 
 // name type perm [ uid gid context ]
-Result<Success> Service::ParseSocket(std::vector<std::string>&& args) {
+Result<void> Service::ParseSocket(std::vector<std::string>&& args) {
     if (!StartsWith(args[2], "dgram") && !StartsWith(args[2], "stream") &&
         !StartsWith(args[2], "seqpacket")) {
         return Error() << "socket type must be 'dgram', 'stream' or 'seqpacket'";
@@ -756,7 +657,7 @@
 }
 
 // name type perm [ uid gid context ]
-Result<Success> Service::ParseFile(std::vector<std::string>&& args) {
+Result<void> Service::ParseFile(std::vector<std::string>&& args) {
     if (args[2] != "r" && args[2] != "w" && args[2] != "rw") {
         return Error() << "file type must be 'r', 'w' or 'rw'";
     }
@@ -771,24 +672,24 @@
     return AddDescriptor<FileInfo>(std::move(args));
 }
 
-Result<Success> Service::ParseUser(std::vector<std::string>&& args) {
+Result<void> Service::ParseUser(std::vector<std::string>&& args) {
     auto uid = DecodeUid(args[1]);
     if (!uid) {
         return Error() << "Unable to find UID for '" << args[1] << "': " << uid.error();
     }
-    uid_ = *uid;
-    return Success();
+    proc_attr_.uid = *uid;
+    return {};
 }
 
-Result<Success> Service::ParseWritepid(std::vector<std::string>&& args) {
+Result<void> Service::ParseWritepid(std::vector<std::string>&& args) {
     args.erase(args.begin());
     writepid_files_ = std::move(args);
-    return Success();
+    return {};
 }
 
-Result<Success> Service::ParseUpdatable(std::vector<std::string>&& args) {
+Result<void> Service::ParseUpdatable(std::vector<std::string>&& args) {
     updatable_ = true;
-    return Success();
+    return {};
 }
 
 class Service::OptionParserMap : public KeywordMap<OptionParser> {
@@ -851,7 +752,7 @@
     return option_parsers;
 }
 
-Result<Success> Service::ParseLine(std::vector<std::string>&& args) {
+Result<void> Service::ParseLine(std::vector<std::string>&& args) {
     static const OptionParserMap parser_map;
     auto parser = parser_map.FindFunction(args);
 
@@ -860,7 +761,7 @@
     return std::invoke(*parser, this, std::move(args));
 }
 
-Result<Success> Service::ExecStart() {
+Result<void> Service::ExecStart() {
     if (is_updatable() && !ServiceList::GetInstance().IsServicesUpdated()) {
         // Don't delay the service for ExecStart() as the semantic is that
         // the caller might depend on the side effect of the execution.
@@ -877,14 +778,14 @@
     flags_ |= SVC_EXEC;
     is_exec_service_running_ = true;
 
-    LOG(INFO) << "SVC_EXEC service '" << name_ << "' pid " << pid_ << " (uid " << uid_ << " gid "
-              << gid_ << "+" << supp_gids_.size() << " context "
+    LOG(INFO) << "SVC_EXEC service '" << name_ << "' pid " << pid_ << " (uid " << proc_attr_.uid
+              << " gid " << proc_attr_.gid << "+" << proc_attr_.supp_gids.size() << " context "
               << (!seclabel_.empty() ? seclabel_ : "default") << ") started; waiting...";
 
-    return Success();
+    return {};
 }
 
-Result<Success> Service::Start() {
+Result<void> Service::Start() {
     if (is_updatable() && !ServiceList::GetInstance().IsServicesUpdated()) {
         ServiceList::GetInstance().DelayService(*this);
         return Error() << "Cannot start an updatable service '" << name_
@@ -907,21 +808,21 @@
             flags_ |= SVC_RESTART;
         }
         // It is not an error to try to start a service that is already running.
-        return Success();
+        return {};
     }
 
     bool needs_console = (flags_ & SVC_CONSOLE);
     if (needs_console) {
-        if (console_.empty()) {
-            console_ = default_console;
+        if (proc_attr_.console.empty()) {
+            proc_attr_.console = default_console;
         }
 
         // Make sure that open call succeeds to ensure a console driver is
         // properly registered for the device node
-        int console_fd = open(console_.c_str(), O_RDWR | O_CLOEXEC);
+        int console_fd = open(proc_attr_.console.c_str(), O_RDWR | O_CLOEXEC);
         if (console_fd < 0) {
             flags_ |= SVC_DISABLED;
-            return ErrnoError() << "Couldn't open console '" << console_ << "'";
+            return ErrnoError() << "Couldn't open console '" << proc_attr_.console << "'";
         }
         close(console_fd);
     }
@@ -956,8 +857,8 @@
     LOG(INFO) << "starting service '" << name_ << "'...";
 
     pid_t pid = -1;
-    if (namespace_flags_) {
-        pid = clone(nullptr, nullptr, namespace_flags_ | SIGCHLD, nullptr);
+    if (namespaces_.flags) {
+        pid = clone(nullptr, nullptr, namespaces_.flags | SIGCHLD, nullptr);
     } else {
         pid = fork();
     }
@@ -965,33 +866,9 @@
     if (pid == 0) {
         umask(077);
 
-        if (auto result = EnterNamespaces(); !result) {
-            LOG(FATAL) << "Service '" << name_ << "' could not enter namespaces: " << result.error();
-        }
-
-#if defined(__ANDROID__)
-        if (pre_apexd_) {
-            if (!SwitchToBootstrapMountNamespaceIfNeeded()) {
-                LOG(FATAL) << "Service '" << name_ << "' could not enter "
-                           << "into the bootstrap mount namespace";
-            }
-        }
-#endif
-
-        if (namespace_flags_ & CLONE_NEWNS) {
-            if (auto result = SetUpMountNamespace(); !result) {
-                LOG(FATAL) << "Service '" << name_
-                           << "' could not set up mount namespace: " << result.error();
-            }
-        }
-
-        if (namespace_flags_ & CLONE_NEWPID) {
-            // This will fork again to run an init process inside the PID
-            // namespace.
-            if (auto result = SetUpPidNamespace(); !result) {
-                LOG(FATAL) << "Service '" << name_
-                           << "' could not set up PID namespace: " << result.error();
-            }
+        if (auto result = EnterNamespaces(namespaces_, name_, pre_apexd_); !result) {
+            LOG(FATAL) << "Service '" << name_
+                       << "' failed to set up namespaces: " << result.error();
         }
 
         for (const auto& [key, value] : environment_vars_) {
@@ -1001,58 +878,13 @@
         std::for_each(descriptors_.begin(), descriptors_.end(),
                       std::bind(&DescriptorInfo::CreateAndPublish, std::placeholders::_1, scon));
 
-        // See if there were "writepid" instructions to write to files under cpuset path.
-        std::string cpuset_path;
-        if (CgroupGetControllerPath("cpuset", &cpuset_path)) {
-            auto cpuset_predicate = [&cpuset_path](const std::string& path) {
-                return StartsWith(path, cpuset_path + "/");
-            };
-            auto iter =
-                    std::find_if(writepid_files_.begin(), writepid_files_.end(), cpuset_predicate);
-            if (iter == writepid_files_.end()) {
-                // There were no "writepid" instructions for cpusets, check if the system default
-                // cpuset is specified to be used for the process.
-                std::string default_cpuset = GetProperty("ro.cpuset.default", "");
-                if (!default_cpuset.empty()) {
-                    // Make sure the cpuset name starts and ends with '/'.
-                    // A single '/' means the 'root' cpuset.
-                    if (default_cpuset.front() != '/') {
-                        default_cpuset.insert(0, 1, '/');
-                    }
-                    if (default_cpuset.back() != '/') {
-                        default_cpuset.push_back('/');
-                    }
-                    writepid_files_.push_back(
-                            StringPrintf("%s%stasks", cpuset_path.c_str(), default_cpuset.c_str()));
-                }
-            }
-        } else {
-            LOG(ERROR) << "cpuset cgroup controller is not mounted!";
-        }
-        std::string pid_str = std::to_string(getpid());
-        for (const auto& file : writepid_files_) {
-            if (!WriteStringToFile(pid_str, file)) {
-                PLOG(ERROR) << "couldn't write " << pid_str << " to " << file;
-            }
-        }
-
-        if (ioprio_class_ != IoSchedClass_NONE) {
-            if (android_set_ioprio(getpid(), ioprio_class_, ioprio_pri_)) {
-                PLOG(ERROR) << "failed to set pid " << getpid()
-                            << " ioprio=" << ioprio_class_ << "," << ioprio_pri_;
-            }
-        }
-
-        if (needs_console) {
-            setsid();
-            OpenConsole();
-        } else {
-            ZapStdio();
+        if (auto result = WritePidToFiles(&writepid_files_); !result) {
+            LOG(ERROR) << "failed to write pid to files: " << result.error();
         }
 
         // As requested, set our gid, supplemental gids, uid, context, and
         // priority. Aborts on failure.
-        SetProcessAttributes();
+        SetProcessAttributesAndCaps();
 
         if (!ExpandArgsAndExecv(args_, sigstop_)) {
             PLOG(ERROR) << "cannot execve('" << args_[0] << "')";
@@ -1082,19 +914,19 @@
 
     bool use_memcg = swappiness_ != -1 || soft_limit_in_bytes_ != -1 || limit_in_bytes_ != -1 ||
                       limit_percent_ != -1 || !limit_property_.empty();
-    errno = -createProcessGroup(uid_, pid_, use_memcg);
+    errno = -createProcessGroup(proc_attr_.uid, pid_, use_memcg);
     if (errno != 0) {
-        PLOG(ERROR) << "createProcessGroup(" << uid_ << ", " << pid_ << ") failed for service '"
-                    << name_ << "'";
+        PLOG(ERROR) << "createProcessGroup(" << proc_attr_.uid << ", " << pid_
+                    << ") failed for service '" << name_ << "'";
     } else if (use_memcg) {
         if (swappiness_ != -1) {
-            if (!setProcessGroupSwappiness(uid_, pid_, swappiness_)) {
+            if (!setProcessGroupSwappiness(proc_attr_.uid, pid_, swappiness_)) {
                 PLOG(ERROR) << "setProcessGroupSwappiness failed";
             }
         }
 
         if (soft_limit_in_bytes_ != -1) {
-            if (!setProcessGroupSoftLimit(uid_, pid_, soft_limit_in_bytes_)) {
+            if (!setProcessGroupSoftLimit(proc_attr_.uid, pid_, soft_limit_in_bytes_)) {
                 PLOG(ERROR) << "setProcessGroupSoftLimit failed";
             }
         }
@@ -1121,31 +953,31 @@
         }
 
         if (computed_limit_in_bytes != size_t(-1)) {
-            if (!setProcessGroupLimit(uid_, pid_, computed_limit_in_bytes)) {
+            if (!setProcessGroupLimit(proc_attr_.uid, pid_, computed_limit_in_bytes)) {
                 PLOG(ERROR) << "setProcessGroupLimit failed";
             }
         }
     }
 
     NotifyStateChange("running");
-    return Success();
+    return {};
 }
 
-Result<Success> Service::StartIfNotDisabled() {
+Result<void> Service::StartIfNotDisabled() {
     if (!(flags_ & SVC_DISABLED)) {
         return Start();
     } else {
         flags_ |= SVC_DISABLED_START;
     }
-    return Success();
+    return {};
 }
 
-Result<Success> Service::Enable() {
+Result<void> Service::Enable() {
     flags_ &= ~(SVC_DISABLED | SVC_RC_DISABLED);
     if (flags_ & SVC_DISABLED_START) {
         return Start();
     }
-    return Success();
+    return {};
 }
 
 void Service::Reset() {
@@ -1161,14 +993,14 @@
     }
 }
 
-Result<Success> Service::StartIfPostData() {
+Result<void> Service::StartIfPostData() {
     // Start the service, but only if it was started after /data was mounted,
     // and it was still running when we reset the post-data services.
     if (running_at_post_data_reset_) {
         return Start();
     }
 
-    return Success();
+    return {};
 }
 
 void Service::Stop() {
@@ -1241,25 +1073,6 @@
     }
 }
 
-void Service::ZapStdio() const {
-    int fd;
-    fd = open("/dev/null", O_RDWR);
-    dup2(fd, 0);
-    dup2(fd, 1);
-    dup2(fd, 2);
-    close(fd);
-}
-
-void Service::OpenConsole() const {
-    int fd = open(console_.c_str(), O_RDWR);
-    if (fd == -1) fd = open("/dev/null", O_RDWR);
-    ioctl(fd, TIOCSCTTY, 0);
-    dup2(fd, 0);
-    dup2(fd, 1);
-    dup2(fd, 2);
-    close(fd);
-}
-
 ServiceList::ServiceList() {}
 
 ServiceList& ServiceList::GetInstance() {
@@ -1383,7 +1196,7 @@
             continue;
         }
         if (auto result = service->Start(); !result) {
-            LOG(ERROR) << result.error_string();
+            LOG(ERROR) << result.error().message();
         }
     }
     delayed_service_names_.clear();
@@ -1398,8 +1211,8 @@
     delayed_service_names_.emplace_back(service.name());
 }
 
-Result<Success> ServiceParser::ParseSection(std::vector<std::string>&& args,
-                                            const std::string& filename, int line) {
+Result<void> ServiceParser::ParseSection(std::vector<std::string>&& args,
+                                         const std::string& filename, int line) {
     if (args.size() < 3) {
         return Error() << "services must have a name and a program";
     }
@@ -1430,14 +1243,14 @@
     }
 
     service_ = std::make_unique<Service>(name, restart_action_subcontext, str_args);
-    return Success();
+    return {};
 }
 
-Result<Success> ServiceParser::ParseLineSection(std::vector<std::string>&& args, int line) {
-    return service_ ? service_->ParseLine(std::move(args)) : Success();
+Result<void> ServiceParser::ParseLineSection(std::vector<std::string>&& args, int line) {
+    return service_ ? service_->ParseLine(std::move(args)) : Result<void>{};
 }
 
-Result<Success> ServiceParser::EndSection() {
+Result<void> ServiceParser::EndSection() {
     if (service_) {
         Service* old_service = service_list_->FindService(service_->name());
         if (old_service) {
@@ -1458,7 +1271,7 @@
         service_list_->AddService(std::move(service_));
     }
 
-    return Success();
+    return {};
 }
 
 bool ServiceParser::IsValidName(const std::string& name) const {
diff --git a/init/service.h b/init/service.h
index ae29f28..b4356c8 100644
--- a/init/service.h
+++ b/init/service.h
@@ -36,6 +36,7 @@
 #include "descriptors.h"
 #include "keyword_map.h"
 #include "parser.h"
+#include "service_utils.h"
 #include "subcontext.h"
 
 #define SVC_DISABLED 0x001        // do not autostart with class
@@ -75,12 +76,12 @@
     static std::unique_ptr<Service> MakeTemporaryOneshotService(const std::vector<std::string>& args);
 
     bool IsRunning() { return (flags_ & SVC_RUNNING) != 0; }
-    Result<Success> ParseLine(std::vector<std::string>&& args);
-    Result<Success> ExecStart();
-    Result<Success> Start();
-    Result<Success> StartIfNotDisabled();
-    Result<Success> StartIfPostData();
-    Result<Success> Enable();
+    Result<void> ParseLine(std::vector<std::string>&& args);
+    Result<void> ExecStart();
+    Result<void> Start();
+    Result<void> StartIfNotDisabled();
+    Result<void> StartIfPostData();
+    Result<void> Enable();
     void Reset();
     void ResetIfPostData();
     void Stop();
@@ -107,16 +108,16 @@
     pid_t pid() const { return pid_; }
     android::base::boot_clock::time_point time_started() const { return time_started_; }
     int crash_count() const { return crash_count_; }
-    uid_t uid() const { return uid_; }
-    gid_t gid() const { return gid_; }
-    unsigned namespace_flags() const { return namespace_flags_; }
-    const std::vector<gid_t>& supp_gids() const { return supp_gids_; }
+    uid_t uid() const { return proc_attr_.uid; }
+    gid_t gid() const { return proc_attr_.gid; }
+    unsigned namespace_flags() const { return namespaces_.flags; }
+    const std::vector<gid_t>& supp_gids() const { return proc_attr_.supp_gids; }
     const std::string& seclabel() const { return seclabel_; }
     const std::vector<int>& keycodes() const { return keycodes_; }
-    IoSchedClass ioprio_class() const { return ioprio_class_; }
-    int ioprio_pri() const { return ioprio_pri_; }
+    IoSchedClass ioprio_class() const { return proc_attr_.ioprio_class; }
+    int ioprio_pri() const { return proc_attr_.ioprio_pri; }
     const std::set<std::string>& interfaces() const { return interfaces_; }
-    int priority() const { return priority_; }
+    int priority() const { return proc_attr_.priority; }
     int oom_score_adjust() const { return oom_score_adjust_; }
     bool is_override() const { return override_; }
     bool process_cgroup_empty() const { return process_cgroup_empty_; }
@@ -129,62 +130,56 @@
     bool is_post_data() const { return post_data_; }
 
   private:
-    using OptionParser = Result<Success> (Service::*)(std::vector<std::string>&& args);
+    using OptionParser = Result<void> (Service::*)(std::vector<std::string>&& args);
     class OptionParserMap;
 
-    Result<Success> SetUpMountNamespace() const;
-    Result<Success> SetUpPidNamespace() const;
-    Result<Success> EnterNamespaces() const;
     void NotifyStateChange(const std::string& new_state) const;
     void StopOrReset(int how);
-    void ZapStdio() const;
-    void OpenConsole() const;
     void KillProcessGroup(int signal);
-    void SetProcessAttributes();
+    void SetProcessAttributesAndCaps();
 
-    Result<Success> ParseCapabilities(std::vector<std::string>&& args);
-    Result<Success> ParseClass(std::vector<std::string>&& args);
-    Result<Success> ParseConsole(std::vector<std::string>&& args);
-    Result<Success> ParseCritical(std::vector<std::string>&& args);
-    Result<Success> ParseDisabled(std::vector<std::string>&& args);
-    Result<Success> ParseEnterNamespace(std::vector<std::string>&& args);
-    Result<Success> ParseGroup(std::vector<std::string>&& args);
-    Result<Success> ParsePriority(std::vector<std::string>&& args);
-    Result<Success> ParseInterface(std::vector<std::string>&& args);
-    Result<Success> ParseIoprio(std::vector<std::string>&& args);
-    Result<Success> ParseKeycodes(std::vector<std::string>&& args);
-    Result<Success> ParseOneshot(std::vector<std::string>&& args);
-    Result<Success> ParseOnrestart(std::vector<std::string>&& args);
-    Result<Success> ParseOomScoreAdjust(std::vector<std::string>&& args);
-    Result<Success> ParseOverride(std::vector<std::string>&& args);
-    Result<Success> ParseMemcgLimitInBytes(std::vector<std::string>&& args);
-    Result<Success> ParseMemcgLimitPercent(std::vector<std::string>&& args);
-    Result<Success> ParseMemcgLimitProperty(std::vector<std::string>&& args);
-    Result<Success> ParseMemcgSoftLimitInBytes(std::vector<std::string>&& args);
-    Result<Success> ParseMemcgSwappiness(std::vector<std::string>&& args);
-    Result<Success> ParseNamespace(std::vector<std::string>&& args);
-    Result<Success> ParseProcessRlimit(std::vector<std::string>&& args);
-    Result<Success> ParseRestartPeriod(std::vector<std::string>&& args);
-    Result<Success> ParseSeclabel(std::vector<std::string>&& args);
-    Result<Success> ParseSetenv(std::vector<std::string>&& args);
-    Result<Success> ParseShutdown(std::vector<std::string>&& args);
-    Result<Success> ParseSigstop(std::vector<std::string>&& args);
-    Result<Success> ParseSocket(std::vector<std::string>&& args);
-    Result<Success> ParseTimeoutPeriod(std::vector<std::string>&& args);
-    Result<Success> ParseFile(std::vector<std::string>&& args);
-    Result<Success> ParseUser(std::vector<std::string>&& args);
-    Result<Success> ParseWritepid(std::vector<std::string>&& args);
-    Result<Success> ParseUpdatable(std::vector<std::string>&& args);
+    Result<void> ParseCapabilities(std::vector<std::string>&& args);
+    Result<void> ParseClass(std::vector<std::string>&& args);
+    Result<void> ParseConsole(std::vector<std::string>&& args);
+    Result<void> ParseCritical(std::vector<std::string>&& args);
+    Result<void> ParseDisabled(std::vector<std::string>&& args);
+    Result<void> ParseEnterNamespace(std::vector<std::string>&& args);
+    Result<void> ParseGroup(std::vector<std::string>&& args);
+    Result<void> ParsePriority(std::vector<std::string>&& args);
+    Result<void> ParseInterface(std::vector<std::string>&& args);
+    Result<void> ParseIoprio(std::vector<std::string>&& args);
+    Result<void> ParseKeycodes(std::vector<std::string>&& args);
+    Result<void> ParseOneshot(std::vector<std::string>&& args);
+    Result<void> ParseOnrestart(std::vector<std::string>&& args);
+    Result<void> ParseOomScoreAdjust(std::vector<std::string>&& args);
+    Result<void> ParseOverride(std::vector<std::string>&& args);
+    Result<void> ParseMemcgLimitInBytes(std::vector<std::string>&& args);
+    Result<void> ParseMemcgLimitPercent(std::vector<std::string>&& args);
+    Result<void> ParseMemcgLimitProperty(std::vector<std::string>&& args);
+    Result<void> ParseMemcgSoftLimitInBytes(std::vector<std::string>&& args);
+    Result<void> ParseMemcgSwappiness(std::vector<std::string>&& args);
+    Result<void> ParseNamespace(std::vector<std::string>&& args);
+    Result<void> ParseProcessRlimit(std::vector<std::string>&& args);
+    Result<void> ParseRestartPeriod(std::vector<std::string>&& args);
+    Result<void> ParseSeclabel(std::vector<std::string>&& args);
+    Result<void> ParseSetenv(std::vector<std::string>&& args);
+    Result<void> ParseShutdown(std::vector<std::string>&& args);
+    Result<void> ParseSigstop(std::vector<std::string>&& args);
+    Result<void> ParseSocket(std::vector<std::string>&& args);
+    Result<void> ParseTimeoutPeriod(std::vector<std::string>&& args);
+    Result<void> ParseFile(std::vector<std::string>&& args);
+    Result<void> ParseUser(std::vector<std::string>&& args);
+    Result<void> ParseWritepid(std::vector<std::string>&& args);
+    Result<void> ParseUpdatable(std::vector<std::string>&& args);
 
     template <typename T>
-    Result<Success> AddDescriptor(std::vector<std::string>&& args);
+    Result<void> AddDescriptor(std::vector<std::string>&& args);
 
     static unsigned long next_start_order_;
     static bool is_exec_service_running_;
 
     std::string name_;
     std::set<std::string> classnames_;
-    std::string console_;
 
     unsigned flags_;
     pid_t pid_;
@@ -192,13 +187,9 @@
     android::base::boot_clock::time_point time_crashed_;  // first crash within inspection window
     int crash_count_;                     // number of times crashed within window
 
-    uid_t uid_;
-    gid_t gid_;
-    std::vector<gid_t> supp_gids_;
     std::optional<CapSet> capabilities_;
-    unsigned namespace_flags_;
-    // Pair of namespace type, path to namespace.
-    std::vector<std::pair<int, std::string>> namespaces_to_enter_;
+    ProcessAttributes proc_attr_;
+    NamespaceInfo namespaces_;
 
     std::string seclabel_;
 
@@ -214,10 +205,6 @@
     // keycodes for triggering this service via /dev/input/input*
     std::vector<int> keycodes_;
 
-    IoSchedClass ioprio_class_;
-    int ioprio_pri_;
-    int priority_;
-
     int oom_score_adjust_;
 
     int swappiness_ = -1;
@@ -233,8 +220,6 @@
 
     unsigned long start_order_;
 
-    std::vector<std::pair<int, rlimit>> rlimits_;
-
     bool sigstop_ = false;
 
     std::chrono::seconds restart_period_ = 5s;
@@ -310,10 +295,10 @@
   public:
     ServiceParser(ServiceList* service_list, std::vector<Subcontext>* subcontexts)
         : service_list_(service_list), subcontexts_(subcontexts), service_(nullptr) {}
-    Result<Success> ParseSection(std::vector<std::string>&& args, const std::string& filename,
-                                 int line) override;
-    Result<Success> ParseLineSection(std::vector<std::string>&& args, int line) override;
-    Result<Success> EndSection() override;
+    Result<void> ParseSection(std::vector<std::string>&& args, const std::string& filename,
+                              int line) override;
+    Result<void> ParseLineSection(std::vector<std::string>&& args, int line) override;
+    Result<void> EndSection() override;
     void EndFile() override { filename_ = ""; }
 
   private:
diff --git a/init/service_utils.cpp b/init/service_utils.cpp
new file mode 100644
index 0000000..f88ea97
--- /dev/null
+++ b/init/service_utils.cpp
@@ -0,0 +1,264 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "service_utils.h"
+
+#include <grp.h>
+#include <sys/mount.h>
+#include <sys/prctl.h>
+#include <sys/wait.h>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/properties.h>
+#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
+#include <android-base/unique_fd.h>
+#include <processgroup/processgroup.h>
+
+#include "mount_namespace.h"
+
+using android::base::GetProperty;
+using android::base::StartsWith;
+using android::base::StringPrintf;
+using android::base::unique_fd;
+using android::base::WriteStringToFile;
+
+namespace android {
+namespace init {
+
+namespace {
+
+Result<void> EnterNamespace(int nstype, const char* path) {
+    auto fd = unique_fd{open(path, O_RDONLY | O_CLOEXEC)};
+    if (fd == -1) {
+        return ErrnoError() << "Could not open namespace at " << path;
+    }
+    if (setns(fd, nstype) == -1) {
+        return ErrnoError() << "Could not setns() namespace at " << path;
+    }
+    return {};
+}
+
+Result<void> SetUpMountNamespace(bool remount_proc, bool remount_sys) {
+    constexpr unsigned int kSafeFlags = MS_NODEV | MS_NOEXEC | MS_NOSUID;
+
+    // Recursively remount / as slave like zygote does so unmounting and mounting /proc
+    // doesn't interfere with the parent namespace's /proc mount. This will also
+    // prevent any other mounts/unmounts initiated by the service from interfering
+    // with the parent namespace but will still allow mount events from the parent
+    // namespace to propagate to the child.
+    if (mount("rootfs", "/", nullptr, (MS_SLAVE | MS_REC), nullptr) == -1) {
+        return ErrnoError() << "Could not remount(/) recursively as slave";
+    }
+
+    // umount() then mount() /proc and/or /sys
+    // Note that it is not sufficient to mount with MS_REMOUNT.
+    if (remount_proc) {
+        if (umount("/proc") == -1) {
+            return ErrnoError() << "Could not umount(/proc)";
+        }
+        if (mount("", "/proc", "proc", kSafeFlags, "") == -1) {
+            return ErrnoError() << "Could not mount(/proc)";
+        }
+    }
+    if (remount_sys) {
+        if (umount2("/sys", MNT_DETACH) == -1) {
+            return ErrnoError() << "Could not umount(/sys)";
+        }
+        if (mount("", "/sys", "sysfs", kSafeFlags, "") == -1) {
+            return ErrnoError() << "Could not mount(/sys)";
+        }
+    }
+    return {};
+}
+
+Result<void> SetUpPidNamespace(const char* name) {
+    if (prctl(PR_SET_NAME, name) == -1) {
+        return ErrnoError() << "Could not set name";
+    }
+
+    pid_t child_pid = fork();
+    if (child_pid == -1) {
+        return ErrnoError() << "Could not fork init inside the PID namespace";
+    }
+
+    if (child_pid > 0) {
+        // So that we exit with the right status.
+        static int init_exitstatus = 0;
+        signal(SIGTERM, [](int) { _exit(init_exitstatus); });
+
+        pid_t waited_pid;
+        int status;
+        while ((waited_pid = wait(&status)) > 0) {
+            // This loop will end when there are no processes left inside the
+            // PID namespace or when the init process inside the PID namespace
+            // gets a signal.
+            if (waited_pid == child_pid) {
+                init_exitstatus = status;
+            }
+        }
+        if (!WIFEXITED(init_exitstatus)) {
+            _exit(EXIT_FAILURE);
+        }
+        _exit(WEXITSTATUS(init_exitstatus));
+    }
+    return {};
+}
+
+void ZapStdio() {
+    int fd;
+    fd = open("/dev/null", O_RDWR);
+    dup2(fd, 0);
+    dup2(fd, 1);
+    dup2(fd, 2);
+    close(fd);
+}
+
+void OpenConsole(const std::string& console) {
+    int fd = open(console.c_str(), O_RDWR);
+    if (fd == -1) fd = open("/dev/null", O_RDWR);
+    ioctl(fd, TIOCSCTTY, 0);
+    dup2(fd, 0);
+    dup2(fd, 1);
+    dup2(fd, 2);
+    close(fd);
+}
+
+}  // namespace
+
+Result<void> EnterNamespaces(const NamespaceInfo& info, const std::string& name, bool pre_apexd) {
+    for (const auto& [nstype, path] : info.namespaces_to_enter) {
+        if (auto result = EnterNamespace(nstype, path.c_str()); !result) {
+            return result;
+        }
+    }
+
+#if defined(__ANDROID__)
+    if (pre_apexd) {
+        if (!SwitchToBootstrapMountNamespaceIfNeeded()) {
+            return Error() << "could not enter into the bootstrap mount namespace";
+        }
+    }
+#endif
+
+    if (info.flags & CLONE_NEWNS) {
+        bool remount_proc = info.flags & CLONE_NEWPID;
+        bool remount_sys =
+                std::any_of(info.namespaces_to_enter.begin(), info.namespaces_to_enter.end(),
+                            [](const auto& entry) { return entry.first == CLONE_NEWNET; });
+        if (auto result = SetUpMountNamespace(remount_proc, remount_sys); !result) {
+            return result;
+        }
+    }
+
+    if (info.flags & CLONE_NEWPID) {
+        // This will fork again to run an init process inside the PID namespace.
+        if (auto result = SetUpPidNamespace(name.c_str()); !result) {
+            return result;
+        }
+    }
+
+    return {};
+}
+
+Result<void> SetProcessAttributes(const ProcessAttributes& attr) {
+    if (attr.ioprio_class != IoSchedClass_NONE) {
+        if (android_set_ioprio(getpid(), attr.ioprio_class, attr.ioprio_pri)) {
+            PLOG(ERROR) << "failed to set pid " << getpid() << " ioprio=" << attr.ioprio_class
+                        << "," << attr.ioprio_pri;
+        }
+    }
+
+    if (!attr.console.empty()) {
+        setsid();
+        OpenConsole(attr.console);
+    } else {
+        if (setpgid(0, getpid()) == -1) {
+            return ErrnoError() << "setpgid failed";
+        }
+        ZapStdio();
+    }
+
+    for (const auto& rlimit : attr.rlimits) {
+        if (setrlimit(rlimit.first, &rlimit.second) == -1) {
+            return ErrnoError() << StringPrintf(
+                           "setrlimit(%d, {rlim_cur=%ld, rlim_max=%ld}) failed", rlimit.first,
+                           rlimit.second.rlim_cur, rlimit.second.rlim_max);
+        }
+    }
+
+    if (attr.gid) {
+        if (setgid(attr.gid) != 0) {
+            return ErrnoError() << "setgid failed";
+        }
+    }
+    if (setgroups(attr.supp_gids.size(), const_cast<gid_t*>(&attr.supp_gids[0])) != 0) {
+        return ErrnoError() << "setgroups failed";
+    }
+    if (attr.uid) {
+        if (setuid(attr.uid) != 0) {
+            return ErrnoError() << "setuid failed";
+        }
+    }
+
+    if (attr.priority != 0) {
+        if (setpriority(PRIO_PROCESS, 0, attr.priority) != 0) {
+            return ErrnoError() << "setpriority failed";
+        }
+    }
+    return {};
+}
+
+Result<void> WritePidToFiles(std::vector<std::string>* files) {
+    // See if there were "writepid" instructions to write to files under cpuset path.
+    std::string cpuset_path;
+    if (CgroupGetControllerPath("cpuset", &cpuset_path)) {
+        auto cpuset_predicate = [&cpuset_path](const std::string& path) {
+            return StartsWith(path, cpuset_path + "/");
+        };
+        auto iter = std::find_if(files->begin(), files->end(), cpuset_predicate);
+        if (iter == files->end()) {
+            // There were no "writepid" instructions for cpusets, check if the system default
+            // cpuset is specified to be used for the process.
+            std::string default_cpuset = GetProperty("ro.cpuset.default", "");
+            if (!default_cpuset.empty()) {
+                // Make sure the cpuset name starts and ends with '/'.
+                // A single '/' means the 'root' cpuset.
+                if (default_cpuset.front() != '/') {
+                    default_cpuset.insert(0, 1, '/');
+                }
+                if (default_cpuset.back() != '/') {
+                    default_cpuset.push_back('/');
+                }
+                files->push_back(
+                        StringPrintf("%s%stasks", cpuset_path.c_str(), default_cpuset.c_str()));
+            }
+        }
+    } else {
+        LOG(ERROR) << "cpuset cgroup controller is not mounted!";
+    }
+    std::string pid_str = std::to_string(getpid());
+    for (const auto& file : *files) {
+        if (!WriteStringToFile(pid_str, file)) {
+            return ErrnoError() << "couldn't write " << pid_str << " to " << file;
+        }
+    }
+    return {};
+}
+
+}  // namespace init
+}  // namespace android
diff --git a/init/service_utils.h b/init/service_utils.h
new file mode 100644
index 0000000..c26b123
--- /dev/null
+++ b/init/service_utils.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <sys/resource.h>
+#include <sys/types.h>
+
+#include <string>
+#include <vector>
+
+#include <cutils/iosched_policy.h>
+
+#include "result.h"
+
+namespace android {
+namespace init {
+
+struct NamespaceInfo {
+    unsigned flags;
+    // Pair of namespace type, path to name.
+    std::vector<std::pair<int, std::string>> namespaces_to_enter;
+};
+Result<void> EnterNamespaces(const NamespaceInfo& info, const std::string& name, bool pre_apexd);
+
+struct ProcessAttributes {
+    std::string console;
+    IoSchedClass ioprio_class;
+    int ioprio_pri;
+    std::vector<std::pair<int, rlimit>> rlimits;
+    uid_t uid;
+    gid_t gid;
+    std::vector<gid_t> supp_gids;
+    int priority;
+};
+Result<void> SetProcessAttributes(const ProcessAttributes& attr);
+
+Result<void> WritePidToFiles(std::vector<std::string>* files);
+
+}  // namespace init
+}  // namespace android
diff --git a/init/subcontext.cpp b/init/subcontext.cpp
index 092c51c..02ed507 100644
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@@ -32,6 +32,7 @@
 #if defined(__ANDROID__)
 #include <android/api-level.h>
 #include "property_service.h"
+#include "selabel.h"
 #include "selinux.h"
 #else
 #include "host_init_stubs.h"
@@ -71,7 +72,7 @@
 }
 
 template <typename T>
-Result<Success> SendMessage(int socket, const T& message) {
+Result<void> SendMessage(int socket, const T& message) {
     std::string message_string;
     if (!message.SerializeToString(&message_string)) {
         return Error() << "Unable to serialize message";
@@ -86,7 +87,7 @@
         result != static_cast<long>(message_string.size())) {
         return ErrnoError() << "send() failed to send message contents";
     }
-    return Success();
+    return {};
 }
 
 std::vector<std::pair<std::string, std::string>> properties_to_set;
@@ -122,7 +123,7 @@
     }
 
     auto map_result = function_map_->FindFunction(args);
-    Result<Success> result;
+    Result<void> result;
     if (!map_result) {
         result = Error() << "Cannot find command: " << map_result.error();
     } else {
@@ -141,8 +142,8 @@
         reply->set_success(true);
     } else {
         auto* failure = reply->mutable_failure();
-        failure->set_error_string(result.error_string());
-        failure->set_error_errno(result.error_errno());
+        failure->set_error_string(result.error().message());
+        failure->set_error_errno(result.error().code());
     }
 }
 
@@ -177,7 +178,7 @@
 
         auto init_message = ReadMessage(init_fd_);
         if (!init_message) {
-            if (init_message.error_errno() == 0) {
+            if (init_message.error().code() == 0) {
                 // If the init file descriptor was closed, let's exit quietly. If
                 // this was accidental, init will restart us. If init died, this
                 // avoids calling abort(3) unnecessarily.
@@ -298,7 +299,7 @@
     return subcontext_reply;
 }
 
-Result<Success> Subcontext::Execute(const std::vector<std::string>& args) {
+Result<void> Subcontext::Execute(const std::vector<std::string>& args) {
     auto subcontext_command = SubcontextCommand();
     std::copy(
         args.begin(), args.end(),
@@ -328,7 +329,7 @@
                        << subcontext_reply->reply_case();
     }
 
-    return Success();
+    return {};
 }
 
 Result<std::vector<std::string>> Subcontext::ExpandArgs(const std::vector<std::string>& args) {
diff --git a/init/subcontext.h b/init/subcontext.h
index 628fd50..16bd870 100644
--- a/init/subcontext.h
+++ b/init/subcontext.h
@@ -42,7 +42,7 @@
         Fork();
     }
 
-    Result<Success> Execute(const std::vector<std::string>& args);
+    Result<void> Execute(const std::vector<std::string>& args);
     Result<std::vector<std::string>> ExpandArgs(const std::vector<std::string>& args);
     void Restart();
 
diff --git a/init/subcontext_benchmark.cpp b/init/subcontext_benchmark.cpp
index eae03e3..fdbbc41 100644
--- a/init/subcontext_benchmark.cpp
+++ b/init/subcontext_benchmark.cpp
@@ -39,7 +39,7 @@
     free(context);
 
     while (state.KeepRunning()) {
-        subcontext.Execute(std::vector<std::string>{"return_success"}).IgnoreError();
+        subcontext.Execute(std::vector<std::string>{"return_success"});
     }
 
     if (subcontext.pid() > 0) {
@@ -53,7 +53,7 @@
 TestFunctionMap BuildTestFunctionMap() {
     TestFunctionMap test_function_map;
     test_function_map.Add("return_success", 0, 0, true,
-                          [](const BuiltinArguments& args) { return Success(); });
+                          [](const BuiltinArguments& args) { return Result<void>{}; });
 
     return test_function_map;
 }
diff --git a/init/subcontext_test.cpp b/init/subcontext_test.cpp
index 230203a..55912d6 100644
--- a/init/subcontext_test.cpp
+++ b/init/subcontext_test.cpp
@@ -69,7 +69,7 @@
         auto result = subcontext.Execute(std::vector<std::string>{"return_pids_as_error"});
         ASSERT_FALSE(result);
 
-        auto pids = Split(result.error_string(), " ");
+        auto pids = Split(result.error().message(), " ");
         ASSERT_EQ(2U, pids.size());
         auto our_pid = std::to_string(getpid());
         EXPECT_NE(our_pid, pids[0]);
@@ -116,7 +116,7 @@
 
         auto result = subcontext.Execute(std::vector<std::string>{"return_words_as_error"});
         ASSERT_FALSE(result);
-        EXPECT_EQ(Join(expected_words, " "), result.error_string());
+        EXPECT_EQ(Join(expected_words, " "), result.error().message());
         EXPECT_EQ(first_pid, subcontext.pid());
     });
 }
@@ -130,7 +130,7 @@
 
         auto result2 = subcontext.Execute(std::vector<std::string>{"generate_sane_error"});
         ASSERT_FALSE(result2);
-        EXPECT_EQ("Sane error!", result2.error_string());
+        EXPECT_EQ("Sane error!", result2.error().message());
         EXPECT_NE(subcontext.pid(), first_pid);
     });
 }
@@ -139,7 +139,7 @@
     RunTest([](auto& subcontext, auto& context_string) {
         auto result = subcontext.Execute(std::vector<std::string>{"return_context_as_error"});
         ASSERT_FALSE(result);
-        ASSERT_EQ(context_string, result.error_string());
+        ASSERT_EQ(context_string, result.error().message());
     });
 }
 
@@ -167,7 +167,7 @@
         };
         auto result = subcontext.ExpandArgs(args);
         ASSERT_FALSE(result);
-        EXPECT_EQ("Failed to expand '" + args[1] + "'", result.error_string());
+        EXPECT_EQ("Failed to expand '" + args[1] + "'", result.error().message());
     });
 }
 
@@ -175,14 +175,14 @@
     TestFunctionMap test_function_map;
     // For CheckDifferentPid
     test_function_map.Add("return_pids_as_error", 0, 0, true,
-                          [](const BuiltinArguments& args) -> Result<Success> {
+                          [](const BuiltinArguments& args) -> Result<void> {
                               return Error() << getpid() << " " << getppid();
                           });
 
     // For SetProp
     test_function_map.Add("setprop", 2, 2, true, [](const BuiltinArguments& args) {
         android::base::SetProperty(args[1], args[2]);
-        return Success();
+        return Result<void>{};
     });
 
     // For MultipleCommands
@@ -190,26 +190,26 @@
     auto words = std::make_shared<std::vector<std::string>>();
     test_function_map.Add("add_word", 1, 1, true, [words](const BuiltinArguments& args) {
         words->emplace_back(args[1]);
-        return Success();
+        return Result<void>{};
     });
     test_function_map.Add("return_words_as_error", 0, 0, true,
-                          [words](const BuiltinArguments& args) -> Result<Success> {
+                          [words](const BuiltinArguments& args) -> Result<void> {
                               return Error() << Join(*words, " ");
                           });
 
     // For RecoverAfterAbort
     test_function_map.Add("cause_log_fatal", 0, 0, true,
-                          [](const BuiltinArguments& args) -> Result<Success> {
+                          [](const BuiltinArguments& args) -> Result<void> {
                               return Error() << std::string(4097, 'f');
                           });
     test_function_map.Add(
-        "generate_sane_error", 0, 0, true,
-        [](const BuiltinArguments& args) -> Result<Success> { return Error() << "Sane error!"; });
+            "generate_sane_error", 0, 0, true,
+            [](const BuiltinArguments& args) -> Result<void> { return Error() << "Sane error!"; });
 
     // For ContextString
     test_function_map.Add(
-        "return_context_as_error", 0, 0, true,
-        [](const BuiltinArguments& args) -> Result<Success> { return Error() << args.context; });
+            "return_context_as_error", 0, 0, true,
+            [](const BuiltinArguments& args) -> Result<void> { return Error() << args.context; });
 
     return test_function_map;
 }
diff --git a/init/test_function_map.h b/init/test_function_map.h
index 583df1a..293f1f9 100644
--- a/init/test_function_map.h
+++ b/init/test_function_map.h
@@ -14,13 +14,13 @@
  * limitations under the License.
  */
 
-#ifndef _INIT_TEST_FUNCTION_MAP_H
-#define _INIT_TEST_FUNCTION_MAP_H
+#pragma once
 
 #include <string>
 #include <vector>
 
 #include "builtin_arguments.h"
+#include "builtins.h"
 #include "keyword_map.h"
 
 namespace android {
@@ -33,7 +33,7 @@
     void Add(const std::string& name, const BuiltinFunctionNoArgs function) {
         Add(name, 0, 0, false, [function](const BuiltinArguments&) {
             function();
-            return Success();
+            return Result<void>{};
         });
     }
 
@@ -51,5 +51,3 @@
 
 }  // namespace init
 }  // namespace android
-
-#endif
diff --git a/init/ueventd.cpp b/init/ueventd.cpp
index 399ea4c..d700c46 100644
--- a/init/ueventd.cpp
+++ b/init/ueventd.cpp
@@ -37,6 +37,7 @@
 #include "devices.h"
 #include "firmware_handler.h"
 #include "modalias_handler.h"
+#include "selabel.h"
 #include "selinux.h"
 #include "uevent_handler.h"
 #include "uevent_listener.h"
diff --git a/init/ueventd_parser.cpp b/init/ueventd_parser.cpp
index aac3fe5..25bab93 100644
--- a/init/ueventd_parser.cpp
+++ b/init/ueventd_parser.cpp
@@ -29,9 +29,9 @@
 namespace android {
 namespace init {
 
-Result<Success> ParsePermissionsLine(std::vector<std::string>&& args,
-                                     std::vector<SysfsPermissions>* out_sysfs_permissions,
-                                     std::vector<Permissions>* out_dev_permissions) {
+Result<void> ParsePermissionsLine(std::vector<std::string>&& args,
+                                  std::vector<SysfsPermissions>* out_sysfs_permissions,
+                                  std::vector<Permissions>* out_dev_permissions) {
     bool is_sysfs = out_sysfs_permissions != nullptr;
     if (is_sysfs && args.size() != 5) {
         return Error() << "/sys/ lines must have 5 entries";
@@ -74,22 +74,22 @@
     } else {
         out_dev_permissions->emplace_back(name, perm, uid, gid);
     }
-    return Success();
+    return {};
 }
 
-Result<Success> ParseFirmwareDirectoriesLine(std::vector<std::string>&& args,
-                                             std::vector<std::string>* firmware_directories) {
+Result<void> ParseFirmwareDirectoriesLine(std::vector<std::string>&& args,
+                                          std::vector<std::string>* firmware_directories) {
     if (args.size() < 2) {
         return Error() << "firmware_directories must have at least 1 entry";
     }
 
     std::move(std::next(args.begin()), args.end(), std::back_inserter(*firmware_directories));
 
-    return Success();
+    return {};
 }
 
-Result<Success> ParseModaliasHandlingLine(std::vector<std::string>&& args,
-                                          bool* enable_modalias_handling) {
+Result<void> ParseModaliasHandlingLine(std::vector<std::string>&& args,
+                                       bool* enable_modalias_handling) {
     if (args.size() != 2) {
         return Error() << "modalias_handling lines take exactly one parameter";
     }
@@ -102,11 +102,11 @@
         return Error() << "modalias_handling takes either 'enabled' or 'disabled' as a parameter";
     }
 
-    return Success();
+    return {};
 }
 
-Result<Success> ParseUeventSocketRcvbufSizeLine(std::vector<std::string>&& args,
-                                                size_t* uevent_socket_rcvbuf_size) {
+Result<void> ParseUeventSocketRcvbufSizeLine(std::vector<std::string>&& args,
+                                             size_t* uevent_socket_rcvbuf_size) {
     if (args.size() != 2) {
         return Error() << "uevent_socket_rcvbuf_size lines take exactly one parameter";
     }
@@ -118,27 +118,27 @@
 
     *uevent_socket_rcvbuf_size = parsed_size;
 
-    return Success();
+    return {};
 }
 
 class SubsystemParser : public SectionParser {
   public:
     SubsystemParser(std::vector<Subsystem>* subsystems) : subsystems_(subsystems) {}
-    Result<Success> ParseSection(std::vector<std::string>&& args, const std::string& filename,
-                                 int line) override;
-    Result<Success> ParseLineSection(std::vector<std::string>&& args, int line) override;
-    Result<Success> EndSection() override;
+    Result<void> ParseSection(std::vector<std::string>&& args, const std::string& filename,
+                              int line) override;
+    Result<void> ParseLineSection(std::vector<std::string>&& args, int line) override;
+    Result<void> EndSection() override;
 
   private:
-    Result<Success> ParseDevName(std::vector<std::string>&& args);
-    Result<Success> ParseDirName(std::vector<std::string>&& args);
+    Result<void> ParseDevName(std::vector<std::string>&& args);
+    Result<void> ParseDirName(std::vector<std::string>&& args);
 
     Subsystem subsystem_;
     std::vector<Subsystem>* subsystems_;
 };
 
-Result<Success> SubsystemParser::ParseSection(std::vector<std::string>&& args,
-                                              const std::string& filename, int line) {
+Result<void> SubsystemParser::ParseSection(std::vector<std::string>&& args,
+                                           const std::string& filename, int line) {
     if (args.size() != 2) {
         return Error() << "subsystems must have exactly one name";
     }
@@ -149,33 +149,33 @@
 
     subsystem_ = Subsystem(std::move(args[1]));
 
-    return Success();
+    return {};
 }
 
-Result<Success> SubsystemParser::ParseDevName(std::vector<std::string>&& args) {
+Result<void> SubsystemParser::ParseDevName(std::vector<std::string>&& args) {
     if (args[1] == "uevent_devname") {
         subsystem_.devname_source_ = Subsystem::DEVNAME_UEVENT_DEVNAME;
-        return Success();
+        return {};
     }
     if (args[1] == "uevent_devpath") {
         subsystem_.devname_source_ = Subsystem::DEVNAME_UEVENT_DEVPATH;
-        return Success();
+        return {};
     }
 
     return Error() << "invalid devname '" << args[1] << "'";
 }
 
-Result<Success> SubsystemParser::ParseDirName(std::vector<std::string>&& args) {
+Result<void> SubsystemParser::ParseDirName(std::vector<std::string>&& args) {
     if (args[1].front() != '/') {
         return Error() << "dirname '" << args[1] << " ' does not start with '/'";
     }
 
     subsystem_.dir_name_ = args[1];
-    return Success();
+    return {};
 }
 
-Result<Success> SubsystemParser::ParseLineSection(std::vector<std::string>&& args, int line) {
-    using OptionParser = Result<Success> (SubsystemParser::*)(std::vector<std::string> && args);
+Result<void> SubsystemParser::ParseLineSection(std::vector<std::string>&& args, int line) {
+    using OptionParser = Result<void> (SubsystemParser::*)(std::vector<std::string> && args);
 
     static class OptionParserMap : public KeywordMap<OptionParser> {
       private:
@@ -197,10 +197,10 @@
     return std::invoke(*parser, this, std::move(args));
 }
 
-Result<Success> SubsystemParser::EndSection() {
+Result<void> SubsystemParser::EndSection() {
     subsystems_->emplace_back(std::move(subsystem_));
 
-    return Success();
+    return {};
 }
 
 UeventdConfiguration ParseConfig(const std::vector<std::string>& configs) {
diff --git a/init/util.cpp b/init/util.cpp
index 29d7a76..14acaa2 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -40,7 +40,8 @@
 #include <selinux/android.h>
 
 #if defined(__ANDROID__)
-#include "selinux.h"
+#include "reboot_utils.h"
+#include "selabel.h"
 #else
 #include "host_init_stubs.h"
 #endif
@@ -196,7 +197,7 @@
     return rc;
 }
 
-Result<Success> WriteFile(const std::string& path, const std::string& content) {
+Result<void> WriteFile(const std::string& path, const std::string& content) {
     android::base::unique_fd fd(TEMP_FAILURE_RETRY(
         OpenFile(path, O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC | O_CLOEXEC, 0600)));
     if (fd == -1) {
@@ -205,7 +206,7 @@
     if (!android::base::WriteStringToFd(content, fd)) {
         return ErrnoError() << "Unable to write file contents";
     }
-    return Success();
+    return {};
 }
 
 bool mkdir_recursive(const std::string& path, mode_t mode) {
@@ -425,20 +426,50 @@
     return true;
 }
 
-void InitKernelLogging(char** argv, std::function<void(const char*)> abort_function) {
+static void InitAborter(const char* abort_message) {
+    // When init forks, it continues to use this aborter for LOG(FATAL), but we want children to
+    // simply abort instead of trying to reboot the system.
+    if (getpid() != 1) {
+        android::base::DefaultAborter(abort_message);
+        return;
+    }
+
+    InitFatalReboot();
+}
+
+// The kernel opens /dev/console and uses that fd for stdin/stdout/stderr if there is a serial
+// console enabled and no initramfs, otherwise it does not provide any fds for stdin/stdout/stderr.
+// SetStdioToDevNull() is used to close these existing fds if they exist and replace them with
+// /dev/null regardless.
+//
+// In the case that these fds are provided by the kernel, the exec of second stage init causes an
+// SELinux denial as it does not have access to /dev/console.  In the case that they are not
+// provided, exec of any further process is potentially dangerous as the first fd's opened by that
+// process will take the stdin/stdout/stderr fileno's, which can cause issues if printf(), etc is
+// then used by that process.
+//
+// Lastly, simply calling SetStdioToDevNull() in first stage init is not enough, since first
+// stage init still runs in kernel context, future child processes will not have permissions to
+// access any fds that it opens, including the one opened below for /dev/null.  Therefore,
+// SetStdioToDevNull() must be called again in second stage init.
+void SetStdioToDevNull(char** argv) {
     // Make stdin/stdout/stderr all point to /dev/null.
     int fd = open("/dev/null", O_RDWR);
     if (fd == -1) {
         int saved_errno = errno;
-        android::base::InitLogging(argv, &android::base::KernelLogger, std::move(abort_function));
+        android::base::InitLogging(argv, &android::base::KernelLogger, InitAborter);
         errno = saved_errno;
         PLOG(FATAL) << "Couldn't open /dev/null";
     }
-    dup2(fd, 0);
-    dup2(fd, 1);
-    dup2(fd, 2);
-    if (fd > 2) close(fd);
-    android::base::InitLogging(argv, &android::base::KernelLogger, std::move(abort_function));
+    dup2(fd, STDIN_FILENO);
+    dup2(fd, STDOUT_FILENO);
+    dup2(fd, STDERR_FILENO);
+    if (fd > STDERR_FILENO) close(fd);
+}
+
+void InitKernelLogging(char** argv) {
+    SetFatalRebootTarget();
+    android::base::InitLogging(argv, &android::base::KernelLogger, InitAborter);
 }
 
 bool IsRecoveryMode() {
diff --git a/init/util.h b/init/util.h
index 2232a0f..770084b 100644
--- a/init/util.h
+++ b/init/util.h
@@ -42,7 +42,7 @@
                  const char* socketcon);
 
 Result<std::string> ReadFile(const std::string& path);
-Result<Success> WriteFile(const std::string& path, const std::string& content);
+Result<void> WriteFile(const std::string& path, const std::string& content);
 
 Result<uid_t> DecodeUid(const std::string& name);
 
@@ -63,7 +63,8 @@
 
 bool IsLegalPropertyName(const std::string& name);
 
-void InitKernelLogging(char** argv, std::function<void(const char*)> abort_function);
+void SetStdioToDevNull(char** argv);
+void InitKernelLogging(char** argv);
 bool IsRecoveryMode();
 }  // namespace init
 }  // namespace android
diff --git a/init/util_test.cpp b/init/util_test.cpp
index 1b5afba..8947256 100644
--- a/init/util_test.cpp
+++ b/init/util_test.cpp
@@ -34,7 +34,7 @@
     auto file_contents = ReadFile("/proc/does-not-exist");
     EXPECT_EQ(ENOENT, errno);
     ASSERT_FALSE(file_contents);
-    EXPECT_EQ("open() failed: No such file or directory", file_contents.error_string());
+    EXPECT_EQ("open() failed: No such file or directory", file_contents.error().message());
 }
 
 TEST(util, ReadFileGroupWriteable) {
@@ -45,7 +45,7 @@
     EXPECT_NE(-1, fchmodat(AT_FDCWD, tf.path, 0620, AT_SYMLINK_NOFOLLOW)) << strerror(errno);
     auto file_contents = ReadFile(tf.path);
     ASSERT_FALSE(file_contents) << strerror(errno);
-    EXPECT_EQ("Skipping insecure file", file_contents.error_string());
+    EXPECT_EQ("Skipping insecure file", file_contents.error().message());
 }
 
 TEST(util, ReadFileWorldWiteable) {
@@ -56,7 +56,7 @@
     EXPECT_NE(-1, fchmodat(AT_FDCWD, tf.path, 0602, AT_SYMLINK_NOFOLLOW)) << strerror(errno);
     auto file_contents = ReadFile(tf.path);
     ASSERT_FALSE(file_contents) << strerror(errno);
-    EXPECT_EQ("Skipping insecure file", file_contents.error_string());
+    EXPECT_EQ("Skipping insecure file", file_contents.error().message());
 }
 
 TEST(util, ReadFileSymbolicLink) {
@@ -65,7 +65,8 @@
     auto file_contents = ReadFile("/charger");
     EXPECT_EQ(ELOOP, errno);
     ASSERT_FALSE(file_contents);
-    EXPECT_EQ("open() failed: Too many symbolic links encountered", file_contents.error_string());
+    EXPECT_EQ("open() failed: Too many symbolic links encountered",
+              file_contents.error().message());
 }
 
 TEST(util, ReadFileSuccess) {
@@ -130,7 +131,7 @@
 
     decoded_uid = DecodeUid("toot");
     EXPECT_FALSE(decoded_uid);
-    EXPECT_EQ("getpwnam failed: No such file or directory", decoded_uid.error_string());
+    EXPECT_EQ("getpwnam failed: No such file or directory", decoded_uid.error().message());
 
     decoded_uid = DecodeUid("123");
     EXPECT_TRUE(decoded_uid);
diff --git a/libappfuse/FuseBridgeLoop.cc b/libappfuse/FuseBridgeLoop.cc
index ac94e69..f71d0c3 100644
--- a/libappfuse/FuseBridgeLoop.cc
+++ b/libappfuse/FuseBridgeLoop.cc
@@ -86,6 +86,7 @@
         const bool proxy_read_ready = last_proxy_events_.events & EPOLLIN;
         const bool proxy_write_ready = last_proxy_events_.events & EPOLLOUT;
 
+        last_state_ = state_;
         last_device_events_.events = 0;
         last_proxy_events_.events = 0;
 
@@ -353,8 +354,8 @@
         }
         if (entry->IsClosing()) {
             const int mount_id = entry->mount_id();
-            callback->OnClosed(mount_id);
             bridges_.erase(mount_id);
+            callback->OnClosed(mount_id);
             if (bridges_.size() == 0) {
                 // All bridges are now closed.
                 return false;
diff --git a/libbacktrace/Android.bp b/libbacktrace/Android.bp
index 7f9a18a..9ece847 100644
--- a/libbacktrace/Android.bp
+++ b/libbacktrace/Android.bp
@@ -42,6 +42,7 @@
     name: "libbacktrace_headers",
     vendor_available: true,
     recovery_available: true,
+    native_bridge_supported: true,
     export_include_dirs: ["include"],
 }
 
@@ -134,7 +135,6 @@
     defaults: ["libbacktrace_common"],
     host_supported: true,
     srcs: [
-        "backtrace_offline_test.cpp",
         "backtrace_test.cpp",
     ],
 
diff --git a/libbacktrace/UnwindStack.cpp b/libbacktrace/UnwindStack.cpp
index 36640cd..a128623 100644
--- a/libbacktrace/UnwindStack.cpp
+++ b/libbacktrace/UnwindStack.cpp
@@ -129,22 +129,6 @@
   return true;
 }
 
-bool Backtrace::UnwindOffline(unwindstack::Regs* regs, BacktraceMap* back_map,
-                              const backtrace_stackinfo_t& stack,
-                              std::vector<backtrace_frame_data_t>* frames,
-                              BacktraceUnwindError* error) {
-  UnwindStackOfflineMap* offline_map = reinterpret_cast<UnwindStackOfflineMap*>(back_map);
-  // Create the process memory from the stack data since this will almost
-  // always be different each unwind.
-  if (!offline_map->CreateProcessMemory(stack)) {
-    if (error != nullptr) {
-      error->error_code = BACKTRACE_UNWIND_ERROR_SETUP_FAILED;
-    }
-    return false;
-  }
-  return Backtrace::Unwind(regs, back_map, frames, 0U, nullptr, error);
-}
-
 UnwindStackCurrent::UnwindStackCurrent(pid_t pid, pid_t tid, BacktraceMap* map)
     : BacktraceCurrent(pid, tid, map) {}
 
@@ -171,7 +155,7 @@
 }
 
 UnwindStackPtrace::UnwindStackPtrace(pid_t pid, pid_t tid, BacktraceMap* map)
-    : BacktracePtrace(pid, tid, map), memory_(pid) {}
+    : BacktracePtrace(pid, tid, map), memory_(unwindstack::Memory::CreateProcessMemory(pid)) {}
 
 std::string UnwindStackPtrace::GetFunctionNameRaw(uint64_t pc, uint64_t* offset) {
   return GetMap()->GetFunctionName(pc, offset);
@@ -189,73 +173,5 @@
 }
 
 size_t UnwindStackPtrace::Read(uint64_t addr, uint8_t* buffer, size_t bytes) {
-  return memory_.Read(addr, buffer, bytes);
-}
-
-UnwindStackOffline::UnwindStackOffline(ArchEnum arch, pid_t pid, pid_t tid, BacktraceMap* map,
-                                       bool map_shared)
-    : Backtrace(pid, tid, map), arch_(arch) {
-  map_shared_ = map_shared;
-}
-
-bool UnwindStackOffline::Unwind(size_t num_ignore_frames, void* ucontext) {
-  if (ucontext == nullptr) {
-    return false;
-  }
-
-  unwindstack::ArchEnum arch;
-  switch (arch_) {
-    case ARCH_ARM:
-      arch = unwindstack::ARCH_ARM;
-      break;
-    case ARCH_ARM64:
-      arch = unwindstack::ARCH_ARM64;
-      break;
-    case ARCH_X86:
-      arch = unwindstack::ARCH_X86;
-      break;
-    case ARCH_X86_64:
-      arch = unwindstack::ARCH_X86_64;
-      break;
-    default:
-      return false;
-  }
-
-  std::unique_ptr<unwindstack::Regs> regs(unwindstack::Regs::CreateFromUcontext(arch, ucontext));
-
-  return Backtrace::Unwind(regs.get(), GetMap(), &frames_, num_ignore_frames, nullptr, &error_);
-}
-
-std::string UnwindStackOffline::GetFunctionNameRaw(uint64_t, uint64_t*) {
-  return "";
-}
-
-size_t UnwindStackOffline::Read(uint64_t, uint8_t*, size_t) {
-  return 0;
-}
-
-bool UnwindStackOffline::ReadWord(uint64_t, word_t*) {
-  return false;
-}
-
-Backtrace* Backtrace::CreateOffline(ArchEnum arch, pid_t pid, pid_t tid,
-                                    const std::vector<backtrace_map_t>& maps,
-                                    const backtrace_stackinfo_t& stack) {
-  std::unique_ptr<UnwindStackOfflineMap> map(
-      reinterpret_cast<UnwindStackOfflineMap*>(BacktraceMap::CreateOffline(pid, maps)));
-  if (map.get() == nullptr || !map->CreateProcessMemory(stack)) {
-    return nullptr;
-  }
-  return new UnwindStackOffline(arch, pid, tid, map.release(), false);
-}
-
-Backtrace* Backtrace::CreateOffline(ArchEnum arch, pid_t pid, pid_t tid, BacktraceMap* map) {
-  if (map == nullptr) {
-    return nullptr;
-  }
-  return new UnwindStackOffline(arch, pid, tid, map, true);
-}
-
-void Backtrace::SetGlobalElfCache(bool enable) {
-  unwindstack::Elf::SetCachingEnabled(enable);
+  return memory_->Read(addr, buffer, bytes);
 }
diff --git a/libbacktrace/UnwindStack.h b/libbacktrace/UnwindStack.h
index 4ec591d..47f6757 100644
--- a/libbacktrace/UnwindStack.h
+++ b/libbacktrace/UnwindStack.h
@@ -19,6 +19,7 @@
 
 #include <stdint.h>
 
+#include <memory>
 #include <string>
 
 #include <backtrace/BacktraceMap.h>
@@ -49,23 +50,7 @@
   size_t Read(uint64_t addr, uint8_t* buffer, size_t bytes) override;
 
  private:
-  unwindstack::MemoryRemote memory_;
-};
-
-class UnwindStackOffline : public Backtrace {
- public:
-  UnwindStackOffline(ArchEnum arch, pid_t pid, pid_t tid, BacktraceMap* map, bool map_shared);
-
-  bool Unwind(size_t num_ignore_frames, void* context) override;
-
-  std::string GetFunctionNameRaw(uint64_t pc, uint64_t* offset) override;
-
-  size_t Read(uint64_t addr, uint8_t* buffer, size_t bytes) override;
-
-  bool ReadWord(uint64_t ptr, word_t* out_value) override;
-
- private:
-  ArchEnum arch_;
+  std::shared_ptr<unwindstack::Memory> memory_;
 };
 
 #endif  // _LIBBACKTRACE_UNWIND_STACK_H
diff --git a/libbacktrace/UnwindStackMap.cpp b/libbacktrace/UnwindStackMap.cpp
index 4518891..aa0b17c 100644
--- a/libbacktrace/UnwindStackMap.cpp
+++ b/libbacktrace/UnwindStackMap.cpp
@@ -132,43 +132,6 @@
   return process_memory_;
 }
 
-UnwindStackOfflineMap::UnwindStackOfflineMap(pid_t pid) : UnwindStackMap(pid) {}
-
-bool UnwindStackOfflineMap::Build() {
-  return false;
-}
-
-bool UnwindStackOfflineMap::Build(const std::vector<backtrace_map_t>& backtrace_maps) {
-  for (const backtrace_map_t& map : backtrace_maps) {
-    maps_.push_back(map);
-  }
-
-  std::sort(maps_.begin(), maps_.end(),
-            [](const backtrace_map_t& a, const backtrace_map_t& b) { return a.start < b.start; });
-
-  unwindstack::Maps* maps = new unwindstack::Maps;
-  stack_maps_.reset(maps);
-  for (const backtrace_map_t& map : maps_) {
-    maps->Add(map.start, map.end, map.offset, map.flags, map.name, map.load_bias);
-  }
-  return true;
-}
-
-bool UnwindStackOfflineMap::CreateProcessMemory(const backtrace_stackinfo_t& stack) {
-  if (stack.start >= stack.end) {
-    return false;
-  }
-
-  // Create the process memory from the stack data.
-  if (memory_ == nullptr) {
-    memory_ = new unwindstack::MemoryOfflineBuffer(stack.data, stack.start, stack.end);
-    process_memory_.reset(memory_);
-  } else {
-    memory_->Reset(stack.data, stack.start, stack.end);
-  }
-  return true;
-}
-
 //-------------------------------------------------------------------------
 // BacktraceMap create function.
 //-------------------------------------------------------------------------
@@ -189,15 +152,3 @@
   }
   return map;
 }
-
-//-------------------------------------------------------------------------
-// BacktraceMap create offline function.
-//-------------------------------------------------------------------------
-BacktraceMap* BacktraceMap::CreateOffline(pid_t pid, const std::vector<backtrace_map_t>& maps) {
-  UnwindStackOfflineMap* map = new UnwindStackOfflineMap(pid);
-  if (!map->Build(maps)) {
-    delete map;
-    return nullptr;
-  }
-  return map;
-}
diff --git a/libbacktrace/UnwindStackMap.h b/libbacktrace/UnwindStackMap.h
index e19b605..f0e7d8b 100644
--- a/libbacktrace/UnwindStackMap.h
+++ b/libbacktrace/UnwindStackMap.h
@@ -33,6 +33,7 @@
 #include <unwindstack/Elf.h>
 #include <unwindstack/JitDebug.h>
 #include <unwindstack/Maps.h>
+#include <unwindstack/Memory.h>
 
 // Forward declarations.
 class UnwindDexFile;
@@ -74,19 +75,4 @@
   unwindstack::ArchEnum arch_ = unwindstack::ARCH_UNKNOWN;
 };
 
-class UnwindStackOfflineMap : public UnwindStackMap {
- public:
-  UnwindStackOfflineMap(pid_t pid);
-  ~UnwindStackOfflineMap() = default;
-
-  bool Build() override;
-
-  bool Build(const std::vector<backtrace_map_t>& maps);
-
-  bool CreateProcessMemory(const backtrace_stackinfo_t& stack);
-
- private:
-  unwindstack::MemoryOfflineBuffer* memory_ = nullptr;
-};
-
 #endif  // _LIBBACKTRACE_UNWINDSTACK_MAP_H
diff --git a/libbacktrace/backtrace_offline_test.cpp b/libbacktrace/backtrace_offline_test.cpp
deleted file mode 100644
index 662fb99..0000000
--- a/libbacktrace/backtrace_offline_test.cpp
+++ /dev/null
@@ -1,397 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <inttypes.h>
-#include <pthread.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <functional>
-#include <memory>
-#include <string>
-#include <utility>
-#include <vector>
-
-#include <android-base/file.h>
-#include <android-base/logging.h>
-#include <android-base/macros.h>
-#include <android-base/stringprintf.h>
-#include <android-base/strings.h>
-#include <android-base/threads.h>
-#include <backtrace/Backtrace.h>
-#include <backtrace/BacktraceMap.h>
-
-#include <gtest/gtest.h>
-
-#include "BacktraceTest.h"
-
-struct FunctionSymbol {
-  std::string name;
-  uint64_t start;
-  uint64_t end;
-};
-
-static std::vector<FunctionSymbol> GetFunctionSymbols() {
-  std::vector<FunctionSymbol> symbols = {
-      {"unknown_start", 0, 0},
-      {"test_level_one", reinterpret_cast<uint64_t>(&BacktraceTest::test_level_one_), 0},
-      {"test_level_two", reinterpret_cast<uint64_t>(&BacktraceTest::test_level_two_), 0},
-      {"test_level_three", reinterpret_cast<uint64_t>(&BacktraceTest::test_level_three_), 0},
-      {"test_level_four", reinterpret_cast<uint64_t>(&BacktraceTest::test_level_four_), 0},
-      {"test_recursive_call", reinterpret_cast<uint64_t>(&BacktraceTest::test_recursive_call_), 0},
-      {"test_get_context_and_wait",
-       reinterpret_cast<uint64_t>(&BacktraceTest::test_get_context_and_wait_), 0},
-      {"unknown_end", static_cast<uint64_t>(-1), static_cast<uint64_t>(-1)},
-  };
-  std::sort(
-      symbols.begin(), symbols.end(),
-      [](const FunctionSymbol& s1, const FunctionSymbol& s2) { return s1.start < s2.start; });
-  for (size_t i = 0; i + 1 < symbols.size(); ++i) {
-    symbols[i].end = symbols[i + 1].start;
-  }
-  return symbols;
-}
-
-static std::string RawDataToHexString(const void* data, size_t size) {
-  const uint8_t* p = static_cast<const uint8_t*>(data);
-  std::string s;
-  for (size_t i = 0; i < size; ++i) {
-    s += android::base::StringPrintf("%02x", p[i]);
-  }
-  return s;
-}
-
-static void HexStringToRawData(const char* s, std::vector<uint8_t>* data, size_t size) {
-  for (size_t i = 0; i < size; ++i) {
-    int value;
-    sscanf(s, "%02x", &value);
-    data->push_back(value);
-    s += 2;
-  }
-}
-
-struct OfflineThreadArg {
-  std::vector<uint8_t> ucontext;
-  pid_t tid;
-  volatile int exit_flag;
-};
-
-static void* OfflineThreadFunc(void* arg) {
-  OfflineThreadArg* fn_arg = reinterpret_cast<OfflineThreadArg*>(arg);
-  fn_arg->tid = android::base::GetThreadId();
-  BacktraceTest::test_get_context_and_wait_(&fn_arg->ucontext, &fn_arg->exit_flag);
-  return nullptr;
-}
-
-std::string GetTestPath(const std::string& arch, const std::string& path) {
-  return android::base::GetExecutableDirectory() + "/testdata/" + arch + '/' + path;
-}
-
-// This test is disable because it is for generating test data.
-TEST_F(BacktraceTest, DISABLED_generate_offline_testdata) {
-  // Create a thread to generate the needed stack and registers information.
-  const size_t stack_size = 16 * 1024;
-  void* stack = mmap(NULL, stack_size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
-  ASSERT_NE(MAP_FAILED, stack);
-  uint64_t stack_addr = reinterpret_cast<uint64_t>(stack);
-  pthread_attr_t attr;
-  ASSERT_EQ(0, pthread_attr_init(&attr));
-  ASSERT_EQ(0, pthread_attr_setstack(&attr, reinterpret_cast<void*>(stack), stack_size));
-  pthread_t thread;
-  OfflineThreadArg arg;
-  arg.exit_flag = 0;
-  ASSERT_EQ(0, pthread_create(&thread, &attr, OfflineThreadFunc, &arg));
-  // Wait for the offline thread to generate the stack and context information.
-  sleep(1);
-  // Copy the stack information.
-  std::vector<uint8_t> stack_data(reinterpret_cast<uint8_t*>(stack),
-                                  reinterpret_cast<uint8_t*>(stack) + stack_size);
-  arg.exit_flag = 1;
-  ASSERT_EQ(0, pthread_join(thread, nullptr));
-  ASSERT_EQ(0, munmap(stack, stack_size));
-
-  std::unique_ptr<BacktraceMap> map(BacktraceMap::Create(getpid()));
-  ASSERT_TRUE(map != nullptr);
-
-  backtrace_stackinfo_t stack_info;
-  stack_info.start = stack_addr;
-  stack_info.end = stack_addr + stack_size;
-  stack_info.data = stack_data.data();
-
-  // Generate offline testdata.
-  std::string testdata;
-  // 1. Dump pid, tid
-  testdata += android::base::StringPrintf("pid: %d tid: %d\n", getpid(), arg.tid);
-  // 2. Dump maps
-  for (auto it = map->begin(); it != map->end(); ++it) {
-    const backtrace_map_t* entry = *it;
-    testdata +=
-        android::base::StringPrintf("map: start: %" PRIx64 " end: %" PRIx64 " offset: %" PRIx64
-                                    " load_bias: %" PRIx64 " flags: %d name: %s\n",
-                                    entry->start, entry->end, entry->offset, entry->load_bias,
-                                    entry->flags, entry->name.c_str());
-  }
-  // 3. Dump ucontext
-  testdata += android::base::StringPrintf("ucontext: %zu ", arg.ucontext.size());
-  testdata += RawDataToHexString(arg.ucontext.data(), arg.ucontext.size());
-  testdata.push_back('\n');
-
-  // 4. Dump stack
-  testdata += android::base::StringPrintf(
-      "stack: start: %" PRIx64 " end: %" PRIx64 " size: %zu ",
-      stack_info.start, stack_info.end, stack_data.size());
-  testdata += RawDataToHexString(stack_data.data(), stack_data.size());
-  testdata.push_back('\n');
-
-  // 5. Dump function symbols
-  std::vector<FunctionSymbol> function_symbols = GetFunctionSymbols();
-  for (const auto& symbol : function_symbols) {
-    testdata +=
-        android::base::StringPrintf("function: start: %" PRIx64 " end: %" PRIx64 " name: %s\n",
-                                    symbol.start, symbol.end, symbol.name.c_str());
-  }
-
-  ASSERT_TRUE(android::base::WriteStringToFile(testdata, "offline_testdata"));
-}
-
-// Return the name of the function which matches the address. Although we don't know the
-// exact end of each function, it is accurate enough for the tests.
-static std::string FunctionNameForAddress(uint64_t addr,
-                                          const std::vector<FunctionSymbol>& symbols) {
-  for (auto& symbol : symbols) {
-    if (addr >= symbol.start && addr < symbol.end) {
-      return symbol.name;
-    }
-  }
-  return "";
-}
-
-struct OfflineTestData {
-  int pid;
-  int tid;
-  std::vector<backtrace_map_t> maps;
-  std::vector<uint8_t> ucontext;
-  backtrace_stackinfo_t stack_info;
-  std::vector<uint8_t> stack;
-  std::vector<FunctionSymbol> symbols;
-};
-
-bool ReadOfflineTestData(const std::string offline_testdata_path, OfflineTestData* testdata) {
-  std::string s;
-  if (!android::base::ReadFileToString(offline_testdata_path, &s)) {
-    return false;
-  }
-  // Parse offline_testdata.
-  std::vector<std::string> lines = android::base::Split(s, "\n");
-  for (const auto& line : lines) {
-    if (android::base::StartsWith(line, "pid:")) {
-      sscanf(line.c_str(), "pid: %d tid: %d", &testdata->pid, &testdata->tid);
-    } else if (android::base::StartsWith(line, "map:")) {
-      testdata->maps.resize(testdata->maps.size() + 1);
-      backtrace_map_t& map = testdata->maps.back();
-      int pos;
-      sscanf(line.c_str(),
-             "map: start: %" SCNx64 " end: %" SCNx64 " offset: %" SCNx64 " load_bias: %" SCNx64
-             " flags: %d name: %n",
-             &map.start, &map.end, &map.offset, &map.load_bias, &map.flags, &pos);
-      map.name = android::base::Trim(line.substr(pos));
-    } else if (android::base::StartsWith(line, "ucontext:")) {
-      size_t size;
-      int pos;
-      testdata->ucontext.clear();
-      sscanf(line.c_str(), "ucontext: %zu %n", &size, &pos);
-      HexStringToRawData(&line[pos], &testdata->ucontext, size);
-    } else if (android::base::StartsWith(line, "stack:")) {
-      size_t size;
-      int pos;
-      sscanf(line.c_str(),
-             "stack: start: %" SCNx64 " end: %" SCNx64 " size: %zu %n",
-             &testdata->stack_info.start, &testdata->stack_info.end, &size, &pos);
-      CHECK_EQ(testdata->stack_info.end - testdata->stack_info.start, size);
-      testdata->stack.clear();
-      HexStringToRawData(&line[pos], &testdata->stack, size);
-      testdata->stack_info.data = testdata->stack.data();
-    } else if (android::base::StartsWith(line, "function:")) {
-      testdata->symbols.resize(testdata->symbols.size() + 1);
-      FunctionSymbol& symbol = testdata->symbols.back();
-      int pos;
-      sscanf(line.c_str(), "function: start: %" SCNx64 " end: %" SCNx64 " name: %n", &symbol.start,
-             &symbol.end, &pos);
-      symbol.name = line.substr(pos);
-    }
-  }
-  return true;
-}
-
-static void BacktraceOfflineTest(std::string arch_str, const std::string& testlib_name) {
-  const std::string testlib_path(GetTestPath(arch_str, testlib_name));
-  const std::string offline_testdata_path(GetTestPath(arch_str, "offline_testdata"));
-  OfflineTestData testdata;
-  ASSERT_TRUE(ReadOfflineTestData(offline_testdata_path, &testdata)) << "Failed " << arch_str;
-
-  // Fix path of libbacktrace_testlib.so.
-  for (auto& map : testdata.maps) {
-    if (map.name.find("libbacktrace_test.so") != std::string::npos) {
-      map.name = testlib_path;
-    }
-  }
-
-  Backtrace::ArchEnum arch;
-  if (arch_str == "arm") {
-    arch = Backtrace::ARCH_ARM;
-  } else if (arch_str == "arm64") {
-    arch = Backtrace::ARCH_ARM64;
-  } else if (arch_str == "x86") {
-    arch = Backtrace::ARCH_X86;
-  } else if (arch_str == "x86_64") {
-    arch = Backtrace::ARCH_X86_64;
-  } else {
-    abort();
-  }
-
-  std::unique_ptr<Backtrace> backtrace(Backtrace::CreateOffline(
-      arch, testdata.pid, testdata.tid, testdata.maps, testdata.stack_info));
-  ASSERT_TRUE(backtrace != nullptr) << "Failed " << arch_str;
-
-  ASSERT_TRUE(backtrace->Unwind(0, testdata.ucontext.data())) << "Failed " << arch_str;
-
-  // Collect pc values of the call stack frames.
-  std::vector<uint64_t> pc_values;
-  for (size_t i = 0; i < backtrace->NumFrames(); ++i) {
-    pc_values.push_back(backtrace->GetFrame(i)->pc);
-  }
-
-  size_t test_one_index = 0;
-  for (size_t i = 0; i < pc_values.size(); ++i) {
-    if (FunctionNameForAddress(pc_values[i], testdata.symbols) == "test_level_one") {
-      test_one_index = i;
-      break;
-    }
-  }
-
-  ASSERT_GE(test_one_index, 3u) << "Failed " << arch_str;
-  ASSERT_EQ("test_level_one", FunctionNameForAddress(pc_values[test_one_index], testdata.symbols))
-      << "Failed " << arch_str;
-  ASSERT_EQ("test_level_two", FunctionNameForAddress(pc_values[test_one_index - 1], testdata.symbols))
-      << "Failed " << arch_str;
-  ASSERT_EQ("test_level_three",
-            FunctionNameForAddress(pc_values[test_one_index - 2], testdata.symbols))
-      << "Failed " << arch_str;
-  ASSERT_EQ("test_level_four",
-            FunctionNameForAddress(pc_values[test_one_index - 3], testdata.symbols))
-      << "Failed " << arch_str;
-}
-
-// For now, these tests can only run on the given architectures.
-TEST_F(BacktraceTest, offline_eh_frame) {
-  BacktraceOfflineTest("arm64", "libbacktrace_test_eh_frame.so");
-  BacktraceOfflineTest("x86_64", "libbacktrace_test_eh_frame.so");
-}
-
-TEST_F(BacktraceTest, offline_debug_frame) {
-  BacktraceOfflineTest("arm", "libbacktrace_test_debug_frame.so");
-  BacktraceOfflineTest("x86", "libbacktrace_test_debug_frame.so");
-}
-
-TEST_F(BacktraceTest, offline_gnu_debugdata) {
-  BacktraceOfflineTest("arm", "libbacktrace_test_gnu_debugdata.so");
-  BacktraceOfflineTest("x86", "libbacktrace_test_gnu_debugdata.so");
-}
-
-TEST_F(BacktraceTest, offline_arm_exidx) {
-  BacktraceOfflineTest("arm", "libbacktrace_test_arm_exidx.so");
-}
-
-static void LibUnwindingTest(const std::string& arch_str, const std::string& testdata_name,
-                             const std::string& testlib_name) {
-  const std::string testlib_path(GetTestPath(arch_str, testlib_name));
-  struct stat st;
-  ASSERT_EQ(0, stat(testlib_path.c_str(), &st)) << "can't find testlib " << testlib_path;
-
-  const std::string offline_testdata_path(GetTestPath(arch_str, testdata_name));
-  OfflineTestData testdata;
-  ASSERT_TRUE(ReadOfflineTestData(offline_testdata_path, &testdata));
-
-  // Fix path of the testlib.
-  for (auto& map : testdata.maps) {
-    if (map.name.find(testlib_name) != std::string::npos) {
-      map.name = testlib_path;
-    }
-  }
-
-  Backtrace::ArchEnum arch;
-  if (arch_str == "arm") {
-    arch = Backtrace::ARCH_ARM;
-  } else if (arch_str == "arm64") {
-    arch = Backtrace::ARCH_ARM64;
-  } else if (arch_str == "x86") {
-    arch = Backtrace::ARCH_X86;
-  } else if (arch_str == "x86_64") {
-    arch = Backtrace::ARCH_X86_64;
-  } else {
-    ASSERT_TRUE(false) << "Unsupported arch " << arch_str;
-    abort();
-  }
-
-  // Do offline backtrace.
-  std::unique_ptr<Backtrace> backtrace(Backtrace::CreateOffline(
-      arch, testdata.pid, testdata.tid, testdata.maps, testdata.stack_info));
-  ASSERT_TRUE(backtrace != nullptr);
-
-  ASSERT_TRUE(backtrace->Unwind(0, testdata.ucontext.data()));
-
-  ASSERT_EQ(testdata.symbols.size(), backtrace->NumFrames());
-  for (size_t i = 0; i < backtrace->NumFrames(); ++i) {
-    std::string name = FunctionNameForAddress(backtrace->GetFrame(i)->rel_pc, testdata.symbols);
-    ASSERT_EQ(name, testdata.symbols[i].name);
-  }
-  ASSERT_TRUE(backtrace->GetError().error_code == BACKTRACE_UNWIND_ERROR_ACCESS_MEM_FAILED ||
-              backtrace->GetError().error_code == BACKTRACE_UNWIND_ERROR_MAP_MISSING ||
-              backtrace->GetError().error_code == BACKTRACE_UNWIND_ERROR_REPEATED_FRAME);
-}
-
-// This test tests the situation that ranges of functions covered by .eh_frame and .ARM.exidx
-// overlap with each other, which appears in /system/lib/libart.so.
-TEST_F(BacktraceTest, offline_unwind_mix_eh_frame_and_arm_exidx) {
-  LibUnwindingTest("arm", "offline_testdata_for_libart", "libart.so");
-}
-
-TEST_F(BacktraceTest, offline_debug_frame_with_load_bias) {
-  LibUnwindingTest("arm", "offline_testdata_for_libandroid_runtime", "libandroid_runtime.so");
-}
-
-TEST_F(BacktraceTest, offline_try_armexidx_after_debug_frame) {
-  LibUnwindingTest("arm", "offline_testdata_for_libGLESv2_adreno", "libGLESv2_adreno.so");
-}
-
-TEST_F(BacktraceTest, offline_cie_with_P_augmentation) {
-  // Make sure we can unwind through functions with CIE entry containing P augmentation, which
-  // makes unwinding library reading personality handler from memory. One example is
-  // /system/lib64/libskia.so.
-  LibUnwindingTest("arm64", "offline_testdata_for_libskia", "libskia.so");
-}
-
-TEST_F(BacktraceTest, offline_empty_eh_frame_hdr) {
-  // Make sure we can unwind through libraries with empty .eh_frame_hdr section. One example is
-  // /vendor/lib64/egl/eglSubDriverAndroid.so.
-  LibUnwindingTest("arm64", "offline_testdata_for_eglSubDriverAndroid", "eglSubDriverAndroid.so");
-}
-
-TEST_F(BacktraceTest, offline_max_frames_limit) {
-  // The length of callchain can reach 256 when recording an application.
-  ASSERT_GE(MAX_BACKTRACE_FRAMES, 256);
-}
diff --git a/libbacktrace/include/backtrace/Backtrace.h b/libbacktrace/include/backtrace/Backtrace.h
index 404e7e8..664b531 100644
--- a/libbacktrace/include/backtrace/Backtrace.h
+++ b/libbacktrace/include/backtrace/Backtrace.h
@@ -126,24 +126,6 @@
   // If map is not NULL, the map is still owned by the caller.
   static Backtrace* Create(pid_t pid, pid_t tid, BacktraceMap* map = nullptr);
 
-  // Create an offline Backtrace object that can be used to do an unwind without a process
-  // that is still running. By default, information is only cached in the map
-  // file. If the calling code creates the map, data can be cached between
-  // unwinds. If not, all cached data will be destroyed when the Backtrace
-  // object is destroyed.
-  static Backtrace* CreateOffline(ArchEnum arch, pid_t pid, pid_t tid,
-                                  const std::vector<backtrace_map_t>& maps,
-                                  const backtrace_stackinfo_t& stack);
-  static Backtrace* CreateOffline(ArchEnum arch, pid_t pid, pid_t tid, BacktraceMap* map);
-
-  // Create an offline Backtrace object that can be used to do an unwind without a process
-  // that is still running. If cache_file is set to true, then elf information will be cached
-  // for this call. The cached information survives until the calling process ends. This means
-  // that subsequent calls to create offline Backtrace objects will continue to use the same
-  // cache. It also assumes that the elf files used for each offline unwind are the same.
-  static Backtrace* CreateOffline(pid_t pid, pid_t tid, BacktraceMap* map,
-                                  const backtrace_stackinfo_t& stack, bool cache_file = false);
-
   virtual ~Backtrace();
 
   // Get the current stack trace and store in the backtrace_ structure.
@@ -153,11 +135,6 @@
                      std::vector<backtrace_frame_data_t>* frames, size_t num_ignore_frames,
                      std::vector<std::string>* skip_names, BacktraceUnwindError* error = nullptr);
 
-  static bool UnwindOffline(unwindstack::Regs* regs, BacktraceMap* back_map,
-                            const backtrace_stackinfo_t& stack_info,
-                            std::vector<backtrace_frame_data_t>* frames,
-                            BacktraceUnwindError* error = nullptr);
-
   // Get the function name and offset into the function given the pc.
   // If the string is empty, then no valid function name was found,
   // or the pc is not in any valid map.
diff --git a/libbacktrace/include/backtrace/BacktraceMap.h b/libbacktrace/include/backtrace/BacktraceMap.h
index c564271..f8d5058 100644
--- a/libbacktrace/include/backtrace/BacktraceMap.h
+++ b/libbacktrace/include/backtrace/BacktraceMap.h
@@ -69,8 +69,6 @@
   // is unsupported.
   static BacktraceMap* Create(pid_t pid, bool uncached = false);
 
-  static BacktraceMap* CreateOffline(pid_t pid, const std::vector<backtrace_map_t>& maps);
-
   virtual ~BacktraceMap();
 
   class iterator : public std::iterator<std::bidirectional_iterator_tag, backtrace_map_t*> {
diff --git a/libcutils/Android.bp b/libcutils/Android.bp
index 619bc56..319a73a 100644
--- a/libcutils/Android.bp
+++ b/libcutils/Android.bp
@@ -34,6 +34,7 @@
     vendor_available: true,
     recovery_available: true,
     host_supported: true,
+    native_bridge_supported: true,
     export_include_dirs: ["include"],
     target: {
         vendor: {
@@ -57,6 +58,7 @@
     },
     recovery_available: true,
     host_supported: true,
+    native_bridge_supported: true,
     srcs: [
         "config_utils.cpp",
         "canned_fs_config.cpp",
diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
index 494a06f..6606030 100644
--- a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp
@@ -158,8 +158,9 @@
     { 00750, AID_ROOT,      AID_SHELL,     0, "data/nativetest64/*" },
     { 00600, AID_ROOT,      AID_ROOT,      0, "default.prop" }, // legacy
     { 00600, AID_ROOT,      AID_ROOT,      0, "system/etc/prop.default" },
-    { 00600, AID_ROOT,      AID_ROOT,      0, "odm/build.prop" },
-    { 00600, AID_ROOT,      AID_ROOT,      0, "odm/default.prop" },
+    { 00600, AID_ROOT,      AID_ROOT,      0, "odm/build.prop" }, // legacy; only for P release
+    { 00600, AID_ROOT,      AID_ROOT,      0, "odm/default.prop" }, // legacy; only for P release
+    { 00600, AID_ROOT,      AID_ROOT,      0, "odm/etc/build.prop" },
     { 00444, AID_ROOT,      AID_ROOT,      0, odm_conf_dir + 1 },
     { 00444, AID_ROOT,      AID_ROOT,      0, odm_conf_file + 1 },
     { 00444, AID_ROOT,      AID_ROOT,      0, oem_conf_dir + 1 },
diff --git a/liblog/tests/liblog_benchmark.cpp b/liblog/tests/liblog_benchmark.cpp
index 7d11ccf..21d12a1 100644
--- a/liblog/tests/liblog_benchmark.cpp
+++ b/liblog/tests/liblog_benchmark.cpp
@@ -56,8 +56,8 @@
  */
 static void BM_log_maximum_retry(benchmark::State& state) {
   while (state.KeepRunning()) {
-    LOG_FAILURE_RETRY(__android_log_print(
-        ANDROID_LOG_INFO, "BM_log_maximum_retry", "%zu", state.iterations()));
+    LOG_FAILURE_RETRY(__android_log_print(ANDROID_LOG_INFO, "BM_log_maximum_retry", "%" PRIu64,
+                                          state.iterations()));
   }
 }
 BENCHMARK(BM_log_maximum_retry);
@@ -69,8 +69,7 @@
  */
 static void BM_log_maximum(benchmark::State& state) {
   while (state.KeepRunning()) {
-    __android_log_print(ANDROID_LOG_INFO, "BM_log_maximum", "%zu",
-                        state.iterations());
+    __android_log_print(ANDROID_LOG_INFO, "BM_log_maximum", "%" PRIu64, state.iterations());
   }
 }
 BENCHMARK(BM_log_maximum);
@@ -286,7 +285,7 @@
   memset(buf, 0, sizeof(buf));
   struct packet* buffer = (struct packet*)(((uintptr_t)buf + 7) & ~7);
   if (((uintptr_t)&buffer->pmsg_header) & 7) {
-    fprintf(stderr, "&buffer=0x%p iterations=%zu\n", &buffer->pmsg_header,
+    fprintf(stderr, "&buffer=0x%p iterations=%" PRIu64 "\n", &buffer->pmsg_header,
             state.iterations());
   }
 
@@ -361,7 +360,7 @@
   memset(buf, 0, sizeof(buf));
   struct packet* buffer = (struct packet*)((((uintptr_t)buf + 7) & ~7) + 1);
   if ((((uintptr_t)&buffer->pmsg_header) & 7) != 1) {
-    fprintf(stderr, "&buffer=0x%p iterations=%zu\n", &buffer->pmsg_header,
+    fprintf(stderr, "&buffer=0x%p iterations=%" PRIu64 "\n", &buffer->pmsg_header,
             state.iterations());
   }
 
@@ -436,7 +435,7 @@
   memset(buf, 0, sizeof(buf));
   struct packet* buffer = (struct packet*)(((uintptr_t)buf + 7) & ~7);
   if (((uintptr_t)&buffer->pmsg_header) & 7) {
-    fprintf(stderr, "&buffer=0x%p iterations=%zu\n", &buffer->pmsg_header,
+    fprintf(stderr, "&buffer=0x%p iterations=%" PRIu64 "\n", &buffer->pmsg_header,
             state.iterations());
   }
 
@@ -509,7 +508,7 @@
   memset(buf, 0, sizeof(buf));
   struct packet* buffer = (struct packet*)((((uintptr_t)buf + 7) & ~7) + 1);
   if ((((uintptr_t)&buffer->pmsg_header) & 7) != 1) {
-    fprintf(stderr, "&buffer=0x%p iterations=%zu\n", &buffer->pmsg_header,
+    fprintf(stderr, "&buffer=0x%p iterations=%" PRIu64 "\n", &buffer->pmsg_header,
             state.iterations());
   }
 
@@ -560,7 +559,7 @@
 /* performance test */
 static void BM_sprintf_overhead(benchmark::State& state) {
   while (state.KeepRunning()) {
-    test_print("BM_sprintf_overhead:%zu", state.iterations());
+    test_print("BM_sprintf_overhead:%" PRIu64, state.iterations());
     state.PauseTiming();
     logd_yield();
     state.ResumeTiming();
@@ -575,8 +574,7 @@
  */
 static void BM_log_print_overhead(benchmark::State& state) {
   while (state.KeepRunning()) {
-    __android_log_print(ANDROID_LOG_INFO, "BM_log_overhead", "%zu",
-                        state.iterations());
+    __android_log_print(ANDROID_LOG_INFO, "BM_log_overhead", "%" PRIu64, state.iterations());
     state.PauseTiming();
     logd_yield();
     state.ResumeTiming();
diff --git a/libmemunreachable/Android.bp b/libmemunreachable/Android.bp
index b78a4c4..62a7266 100644
--- a/libmemunreachable/Android.bp
+++ b/libmemunreachable/Android.bp
@@ -22,6 +22,7 @@
 
 cc_library {
     name: "libmemunreachable",
+    vendor_available: true,
     defaults: ["libmemunreachable_defaults"],
     srcs: [
         "Allocator.cpp",
@@ -48,10 +49,23 @@
     },
     export_include_dirs: ["include"],
     local_include_dirs: ["include"],
+    version_script: "libmemunreachable.map",
+}
+
+// Integration test that runs against the public API of libmemunreachable
+cc_test {
+    name: "memunreachable_test",
+    defaults: ["libmemunreachable_defaults"],
+    srcs: [
+        "tests/MemUnreachable_test.cpp",
+    ],
+    shared_libs: ["libmemunreachable"],
+
+    test_suites: ["device-tests"],
 }
 
 cc_test {
-    name: "memunreachable_test",
+    name: "memunreachable_unit_test",
     defaults: ["libmemunreachable_defaults"],
     host_supported: true,
     srcs: [
@@ -67,8 +81,9 @@
                 "tests/MemUnreachable_test.cpp",
                 "tests/ThreadCapture_test.cpp",
             ],
-            shared_libs: [
+            static_libs: [
                 "libmemunreachable",
+                "libc_malloc_debug_backtrace",
             ],
         },
         host: {
diff --git a/libmemunreachable/MemUnreachable.cpp b/libmemunreachable/MemUnreachable.cpp
index 299c320..ce937fd 100644
--- a/libmemunreachable/MemUnreachable.cpp
+++ b/libmemunreachable/MemUnreachable.cpp
@@ -280,6 +280,12 @@
 }
 
 bool GetUnreachableMemory(UnreachableMemoryInfo& info, size_t limit) {
+  if (info.version > 0) {
+    MEM_ALOGE("unsupported UnreachableMemoryInfo.version %zu in GetUnreachableMemory",
+              info.version);
+    return false;
+  }
+
   int parent_pid = getpid();
   int parent_tid = gettid();
 
diff --git a/libmemunreachable/include/memunreachable/memunreachable.h b/libmemunreachable/include/memunreachable/memunreachable.h
index c028eab..011443f 100644
--- a/libmemunreachable/include/memunreachable/memunreachable.h
+++ b/libmemunreachable/include/memunreachable/memunreachable.h
@@ -28,38 +28,45 @@
 namespace android {
 
 struct Leak {
-  uintptr_t begin;
-  size_t size;
+  uintptr_t begin = 0;
+  size_t size = 0;
 
-  size_t referenced_count;
-  size_t referenced_size;
+  size_t referenced_count = 0;
+  size_t referenced_size = 0;
 
-  size_t similar_count;
-  size_t similar_size;
-  size_t similar_referenced_count;
-  size_t similar_referenced_size;
+  size_t similar_count = 0;
+  size_t similar_size = 0;
+  size_t similar_referenced_count = 0;
+  size_t similar_referenced_size = 0;
 
-  size_t total_size;
+  size_t total_size = 0;
 
   static const size_t contents_length = 32;
-  char contents[contents_length];
+  char contents[contents_length] = {};
 
   struct Backtrace {
-    size_t num_frames;
+    size_t num_frames = 0;
 
     static const size_t max_frames = 16;
-    uintptr_t frames[max_frames];
+    uintptr_t frames[max_frames] = {};
+
+    size_t reserved[8] = {};
   } backtrace;
 
+  size_t reserved[8] = {};
+
   std::string ToString(bool log_contents) const;
 };
 
 struct UnreachableMemoryInfo {
   std::vector<Leak> leaks;
-  size_t num_leaks;
-  size_t leak_bytes;
-  size_t num_allocations;
-  size_t allocation_bytes;
+  size_t num_leaks = 0;
+  size_t leak_bytes = 0;
+  size_t num_allocations = 0;
+  size_t allocation_bytes = 0;
+
+  size_t version = 0;  // Must be 0
+  size_t reserved[8] = {};
 
   UnreachableMemoryInfo() {}
   ~UnreachableMemoryInfo();
diff --git a/libmemunreachable/libmemunreachable.map b/libmemunreachable/libmemunreachable.map
new file mode 100644
index 0000000..0d0d954
--- /dev/null
+++ b/libmemunreachable/libmemunreachable.map
@@ -0,0 +1,13 @@
+LIBMEMUNREACHABLE {
+  global:
+    LogUnreachableMemory;
+    NoLeaks;
+    extern "C++" {
+      android::GetUnreachableMemory*;
+      android::GetUnreachableMemoryString*;
+      android::Leak::*;
+      android::UnreachableMemoryInfo::*;
+    };
+  local:
+    *;
+};
diff --git a/libmemunreachable/tests/MemUnreachable_test.cpp b/libmemunreachable/tests/MemUnreachable_test.cpp
index bba0c6d..9cb1623 100644
--- a/libmemunreachable/tests/MemUnreachable_test.cpp
+++ b/libmemunreachable/tests/MemUnreachable_test.cpp
@@ -47,7 +47,8 @@
 
 // Trick the compiler into thinking a value on the stack is still referenced.
 static void Ref(void** ptr) {
-  write(0, ptr, 0);
+  void** volatile storage;
+  storage = ptr;
 }
 
 class MemunreachableTest : public ::testing::Test {
@@ -264,4 +265,12 @@
   ASSERT_TRUE(LogUnreachableMemory(true, 100));
 }
 
+TEST_F(MemunreachableTest, version) {
+  UnreachableMemoryInfo info;
+  info.version = 1;
+
+  ASSERT_FALSE(GetUnreachableMemory(info));
+  ASSERT_EQ(0U, info.leaks.size());
+}
+
 }  // namespace android
diff --git a/libprocessgroup/Android.bp b/libprocessgroup/Android.bp
index 0207a75..52a297c 100644
--- a/libprocessgroup/Android.bp
+++ b/libprocessgroup/Android.bp
@@ -3,6 +3,7 @@
     vendor_available: true,
     recovery_available: true,
     host_supported: true,
+    native_bridge_supported: true,
     export_include_dirs: ["include"],
     target: {
         linux_bionic: {
@@ -25,6 +26,7 @@
     host_supported: true,
     recovery_available: true,
     vendor_available: true,
+    native_bridge_supported: true,
     vndk: {
         enabled: true,
         support_system_process: true,
diff --git a/libprocessgroup/cgroup_map.cpp b/libprocessgroup/cgroup_map.cpp
index 6cd6b6e..92fcd1e 100644
--- a/libprocessgroup/cgroup_map.cpp
+++ b/libprocessgroup/cgroup_map.cpp
@@ -67,6 +67,13 @@
     return controller_ != nullptr;
 }
 
+bool CgroupController::IsUsable() const {
+    if (!HasValue()) return false;
+
+    uint32_t flags = ACgroupController_getFlags(controller_);
+    return (flags & CGROUPRC_CONTROLLER_FLAG_MOUNTED) != 0;
+}
+
 std::string CgroupController::GetTasksFilePath(const std::string& rel_path) const {
     std::string tasks_path = path();
 
@@ -153,6 +160,7 @@
         const ACgroupController* controller = ACgroupFile_getController(i);
         LOG(INFO) << "\t" << ACgroupController_getName(controller) << " ver "
                   << ACgroupController_getVersion(controller) << " path "
+                  << ACgroupController_getFlags(controller) << " flags "
                   << ACgroupController_getPath(controller);
     }
 }
diff --git a/libprocessgroup/cgroup_map.h b/libprocessgroup/cgroup_map.h
index d765e60..9350412 100644
--- a/libprocessgroup/cgroup_map.h
+++ b/libprocessgroup/cgroup_map.h
@@ -38,6 +38,7 @@
     const char* path() const;
 
     bool HasValue() const;
+    bool IsUsable() const;
 
     std::string GetTasksFilePath(const std::string& path) const;
     std::string GetProcsFilePath(const std::string& path, uid_t uid, pid_t pid) const;
diff --git a/libprocessgroup/cgrouprc/Android.bp b/libprocessgroup/cgrouprc/Android.bp
index 6848620..0af75bb 100644
--- a/libprocessgroup/cgrouprc/Android.bp
+++ b/libprocessgroup/cgrouprc/Android.bp
@@ -21,6 +21,7 @@
     // modules should use libprocessgroup which links to the LL-NDK library
     // defined below. The static library is built for tests.
     vendor_available: false,
+    native_bridge_supported: true,
     srcs: [
         "cgroup_controller.cpp",
         "cgroup_file.cpp",
@@ -42,19 +43,20 @@
         "libcgrouprc_format",
     ],
     stubs: {
-        symbol_file: "libcgrouprc.map.txt",
+        symbol_file: "libcgrouprc.llndk.txt",
         versions: ["29"],
     },
     target: {
         linux: {
-            version_script: "libcgrouprc.map.txt",
+            version_script: "libcgrouprc.llndk.txt",
         },
     },
 }
 
 llndk_library {
     name: "libcgrouprc",
-    symbol_file: "libcgrouprc.map.txt",
+    symbol_file: "libcgrouprc.llndk.txt",
+    native_bridge_supported: true,
     export_include_dirs: [
         "include",
     ],
diff --git a/libprocessgroup/cgrouprc/cgroup_controller.cpp b/libprocessgroup/cgrouprc/cgroup_controller.cpp
index d064d31..5a326e5 100644
--- a/libprocessgroup/cgrouprc/cgroup_controller.cpp
+++ b/libprocessgroup/cgrouprc/cgroup_controller.cpp
@@ -27,6 +27,11 @@
     return controller->version();
 }
 
+uint32_t ACgroupController_getFlags(const ACgroupController* controller) {
+    CHECK(controller != nullptr);
+    return controller->flags();
+}
+
 const char* ACgroupController_getName(const ACgroupController* controller) {
     CHECK(controller != nullptr);
     return controller->name();
diff --git a/libprocessgroup/cgrouprc/include/android/cgrouprc.h b/libprocessgroup/cgrouprc/include/android/cgrouprc.h
index 4edd239..ffc9f0b 100644
--- a/libprocessgroup/cgrouprc/include/android/cgrouprc.h
+++ b/libprocessgroup/cgrouprc/include/android/cgrouprc.h
@@ -66,6 +66,18 @@
         __INTRODUCED_IN(29);
 
 /**
+ * Flag bitmask used in ACgroupController_getFlags
+ */
+#define CGROUPRC_CONTROLLER_FLAG_MOUNTED 0x1
+
+/**
+ * Returns the flags bitmask of the given controller.
+ * If the given controller is null, return 0.
+ */
+__attribute__((warn_unused_result)) uint32_t ACgroupController_getFlags(const ACgroupController*)
+        __INTRODUCED_IN(29);
+
+/**
  * Returns the name of the given controller.
  * If the given controller is null, return nullptr.
  */
diff --git a/libprocessgroup/cgrouprc/libcgrouprc.map.txt b/libprocessgroup/cgrouprc/libcgrouprc.llndk.txt
similarity index 88%
rename from libprocessgroup/cgrouprc/libcgrouprc.map.txt
rename to libprocessgroup/cgrouprc/libcgrouprc.llndk.txt
index 91df392..ea3df33 100644
--- a/libprocessgroup/cgrouprc/libcgrouprc.map.txt
+++ b/libprocessgroup/cgrouprc/libcgrouprc.llndk.txt
@@ -4,6 +4,7 @@
     ACgroupFile_getControllerCount;
     ACgroupFile_getController;
     ACgroupController_getVersion;
+    ACgroupController_getFlags;
     ACgroupController_getName;
     ACgroupController_getPath;
   local:
diff --git a/libprocessgroup/cgrouprc_format/Android.bp b/libprocessgroup/cgrouprc_format/Android.bp
index dfbeed7..559a869 100644
--- a/libprocessgroup/cgrouprc_format/Android.bp
+++ b/libprocessgroup/cgrouprc_format/Android.bp
@@ -16,6 +16,7 @@
     name: "libcgrouprc_format",
     host_supported: true,
     recovery_available: true,
+    native_bridge_supported: true,
     srcs: [
         "cgroup_controller.cpp",
     ],
diff --git a/libprocessgroup/cgrouprc_format/cgroup_controller.cpp b/libprocessgroup/cgrouprc_format/cgroup_controller.cpp
index 877eed8..202b23e 100644
--- a/libprocessgroup/cgrouprc_format/cgroup_controller.cpp
+++ b/libprocessgroup/cgrouprc_format/cgroup_controller.cpp
@@ -20,12 +20,19 @@
 namespace cgrouprc {
 namespace format {
 
-CgroupController::CgroupController(uint32_t version, const std::string& name,
-                                   const std::string& path) {
+CgroupController::CgroupController() : version_(0), flags_(0) {
+    memset(name_, 0, sizeof(name_));
+    memset(path_, 0, sizeof(path_));
+}
+
+CgroupController::CgroupController(uint32_t version, uint32_t flags, const std::string& name,
+                                   const std::string& path)
+    : CgroupController() {
     // strlcpy isn't available on host. Although there is an implementation
     // in licutils, libcutils itself depends on libcgrouprc_format, causing
     // a circular dependency.
     version_ = version;
+    flags_ = flags;
     strncpy(name_, name.c_str(), sizeof(name_) - 1);
     name_[sizeof(name_) - 1] = '\0';
     strncpy(path_, path.c_str(), sizeof(path_) - 1);
@@ -36,6 +43,10 @@
     return version_;
 }
 
+uint32_t CgroupController::flags() const {
+    return flags_;
+}
+
 const char* CgroupController::name() const {
     return name_;
 }
@@ -44,6 +55,10 @@
     return path_;
 }
 
+void CgroupController::set_flags(uint32_t flags) {
+    flags_ = flags;
+}
+
 }  // namespace format
 }  // namespace cgrouprc
 }  // namespace android
diff --git a/libprocessgroup/cgrouprc_format/include/processgroup/format/cgroup_controller.h b/libprocessgroup/cgrouprc_format/include/processgroup/format/cgroup_controller.h
index 64c7532..40d8548 100644
--- a/libprocessgroup/cgrouprc_format/include/processgroup/format/cgroup_controller.h
+++ b/libprocessgroup/cgrouprc_format/include/processgroup/format/cgroup_controller.h
@@ -26,18 +26,23 @@
 // Minimal controller description to be mmapped into process address space
 struct CgroupController {
   public:
-    CgroupController() {}
-    CgroupController(uint32_t version, const std::string& name, const std::string& path);
+    CgroupController();
+    CgroupController(uint32_t version, uint32_t flags, const std::string& name,
+                     const std::string& path);
 
     uint32_t version() const;
+    uint32_t flags() const;
     const char* name() const;
     const char* path() const;
 
+    void set_flags(uint32_t flags);
+
   private:
     static constexpr size_t CGROUP_NAME_BUF_SZ = 16;
     static constexpr size_t CGROUP_PATH_BUF_SZ = 32;
 
     uint32_t version_;
+    uint32_t flags_;
     char name_[CGROUP_NAME_BUF_SZ];
     char path_[CGROUP_PATH_BUF_SZ];
 };
diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp
index 1485ae9..d3ac26b 100644
--- a/libprocessgroup/processgroup.cpp
+++ b/libprocessgroup/processgroup.cpp
@@ -106,8 +106,7 @@
 }
 
 static bool isMemoryCgroupSupported() {
-    std::string cgroup_name;
-    static bool memcg_supported = CgroupMap::GetInstance().FindController("memory").HasValue();
+    static bool memcg_supported = CgroupMap::GetInstance().FindController("memory").IsUsable();
 
     return memcg_supported;
 }
diff --git a/libprocessgroup/sched_policy.cpp b/libprocessgroup/sched_policy.cpp
index fe4f93b..15f8139 100644
--- a/libprocessgroup/sched_policy.cpp
+++ b/libprocessgroup/sched_policy.cpp
@@ -151,19 +151,19 @@
 }
 
 bool cpusets_enabled() {
-    static bool enabled = (CgroupMap::GetInstance().FindController("cpuset").HasValue());
+    static bool enabled = (CgroupMap::GetInstance().FindController("cpuset").IsUsable());
     return enabled;
 }
 
 bool schedboost_enabled() {
-    static bool enabled = (CgroupMap::GetInstance().FindController("schedtune").HasValue());
+    static bool enabled = (CgroupMap::GetInstance().FindController("schedtune").IsUsable());
     return enabled;
 }
 
 static int getCGroupSubsys(int tid, const char* subsys, std::string& subgroup) {
     auto controller = CgroupMap::GetInstance().FindController(subsys);
 
-    if (!controller.HasValue()) return -1;
+    if (!controller.IsUsable()) return -1;
 
     if (!controller.GetTaskGroup(tid, &subgroup)) {
         LOG(ERROR) << "Failed to find cgroup for tid " << tid;
diff --git a/libprocessgroup/setup/cgroup_descriptor.h b/libprocessgroup/setup/cgroup_descriptor.h
index 597060e..f029c4f 100644
--- a/libprocessgroup/setup/cgroup_descriptor.h
+++ b/libprocessgroup/setup/cgroup_descriptor.h
@@ -32,6 +32,8 @@
     std::string uid() const { return uid_; }
     std::string gid() const { return gid_; }
 
+    void set_mounted(bool mounted);
+
   private:
     format::CgroupController controller_;
     mode_t mode_ = 0;
diff --git a/libprocessgroup/setup/cgroup_map_write.cpp b/libprocessgroup/setup/cgroup_map_write.cpp
index da60948..17ea06e 100644
--- a/libprocessgroup/setup/cgroup_map_write.cpp
+++ b/libprocessgroup/setup/cgroup_map_write.cpp
@@ -35,6 +35,7 @@
 #include <android-base/properties.h>
 #include <android-base/stringprintf.h>
 #include <android-base/unique_fd.h>
+#include <android/cgrouprc.h>
 #include <json/reader.h>
 #include <json/value.h>
 #include <processgroup/format/cgroup_file.h>
@@ -267,7 +268,17 @@
 CgroupDescriptor::CgroupDescriptor(uint32_t version, const std::string& name,
                                    const std::string& path, mode_t mode, const std::string& uid,
                                    const std::string& gid)
-    : controller_(version, name, path), mode_(mode), uid_(uid), gid_(gid) {}
+    : controller_(version, 0, name, path), mode_(mode), uid_(uid), gid_(gid) {}
+
+void CgroupDescriptor::set_mounted(bool mounted) {
+    uint32_t flags = controller_.flags();
+    if (mounted) {
+        flags |= CGROUPRC_CONTROLLER_FLAG_MOUNTED;
+    } else {
+        flags &= ~CGROUPRC_CONTROLLER_FLAG_MOUNTED;
+    }
+    controller_.set_flags(flags);
+}
 
 }  // namespace cgrouprc
 }  // namespace android
@@ -296,10 +307,11 @@
     }
 
     // setup cgroups
-    for (const auto& [name, descriptor] : descriptors) {
-        if (!SetupCgroup(descriptor)) {
+    for (auto& [name, descriptor] : descriptors) {
+        if (SetupCgroup(descriptor)) {
+            descriptor.set_mounted(true);
+        } else {
             // issue a warning and proceed with the next cgroup
-            // TODO: mark the descriptor as invalid and skip it in WriteRcFile()
             LOG(WARNING) << "Failed to setup " << name << " cgroup";
         }
     }
diff --git a/libprocessgroup/task_profiles.cpp b/libprocessgroup/task_profiles.cpp
index 40d8d90..edc316a 100644
--- a/libprocessgroup/task_profiles.cpp
+++ b/libprocessgroup/task_profiles.cpp
@@ -150,6 +150,7 @@
 }
 
 void SetCgroupAction::EnableResourceCaching() {
+    std::lock_guard<std::mutex> lock(fd_mutex_);
     if (fd_ != FDS_NOT_CACHED) {
         return;
     }
@@ -191,6 +192,7 @@
 }
 
 bool SetCgroupAction::ExecuteForProcess(uid_t uid, pid_t pid) const {
+    std::lock_guard<std::mutex> lock(fd_mutex_);
     if (IsFdValid()) {
         // fd is cached, reuse it
         if (!AddTidToCgroup(pid, fd_)) {
@@ -221,6 +223,7 @@
 }
 
 bool SetCgroupAction::ExecuteForTask(int tid) const {
+    std::lock_guard<std::mutex> lock(fd_mutex_);
     if (IsFdValid()) {
         // fd is cached, reuse it
         if (!AddTidToCgroup(tid, fd_)) {
diff --git a/libprocessgroup/task_profiles.h b/libprocessgroup/task_profiles.h
index 445647d..77bac2d 100644
--- a/libprocessgroup/task_profiles.h
+++ b/libprocessgroup/task_profiles.h
@@ -19,6 +19,7 @@
 #include <sys/cdefs.h>
 #include <sys/types.h>
 #include <map>
+#include <mutex>
 #include <string>
 #include <vector>
 
@@ -127,6 +128,7 @@
     CgroupController controller_;
     std::string path_;
     android::base::unique_fd fd_;
+    mutable std::mutex fd_mutex_;
 
     static bool IsAppDependentPath(const std::string& path);
     static bool AddTidToCgroup(int tid, int fd);
diff --git a/libsystem/Android.bp b/libsystem/Android.bp
index 2e22b43..b265b61 100644
--- a/libsystem/Android.bp
+++ b/libsystem/Android.bp
@@ -3,6 +3,7 @@
     vendor_available: true,
     recovery_available: true,
     host_supported: true,
+    native_bridge_supported: true,
     export_include_dirs: ["include"],
 
     target: {
diff --git a/libunwindstack/Android.bp b/libunwindstack/Android.bp
index b7650a1..5423de5 100644
--- a/libunwindstack/Android.bp
+++ b/libunwindstack/Android.bp
@@ -241,6 +241,7 @@
         "tests/files/offline/debug_frame_first_x86/*",
         "tests/files/offline/debug_frame_load_bias_arm/*",
         "tests/files/offline/eh_frame_hdr_begin_x86_64/*",
+        "tests/files/offline/invalid_elf_offset_arm/*",
         "tests/files/offline/jit_debug_arm/*",
         "tests/files/offline/jit_debug_x86/*",
         "tests/files/offline/jit_map_arm/*",
diff --git a/libunwindstack/ElfInterface.cpp b/libunwindstack/ElfInterface.cpp
index dee8eb3..f0e4138 100644
--- a/libunwindstack/ElfInterface.cpp
+++ b/libunwindstack/ElfInterface.cpp
@@ -29,12 +29,12 @@
 #include <unwindstack/DwarfSection.h>
 #include <unwindstack/ElfInterface.h>
 #include <unwindstack/Log.h>
-#include <unwindstack/Memory.h>
 #include <unwindstack/Regs.h>
 
 #include "DwarfDebugFrame.h"
 #include "DwarfEhFrame.h"
 #include "DwarfEhFrameWithHdr.h"
+#include "MemoryBuffer.h"
 #include "Symbols.h"
 
 namespace unwindstack {
diff --git a/libunwindstack/JitDebug.cpp b/libunwindstack/JitDebug.cpp
index 20bc4b9..8a85607 100644
--- a/libunwindstack/JitDebug.cpp
+++ b/libunwindstack/JitDebug.cpp
@@ -23,7 +23,8 @@
 #include <unwindstack/Elf.h>
 #include <unwindstack/JitDebug.h>
 #include <unwindstack/Maps.h>
-#include <unwindstack/Memory.h>
+
+#include "MemoryRange.h"
 
 // This implements the JIT Compilation Interface.
 // See https://sourceware.org/gdb/onlinedocs/gdb/JIT-Interface.html
diff --git a/libunwindstack/MapInfo.cpp b/libunwindstack/MapInfo.cpp
index 03658b4..1c0f1e6 100644
--- a/libunwindstack/MapInfo.cpp
+++ b/libunwindstack/MapInfo.cpp
@@ -27,7 +27,9 @@
 #include <unwindstack/Elf.h>
 #include <unwindstack/MapInfo.h>
 #include <unwindstack/Maps.h>
-#include <unwindstack/Memory.h>
+
+#include "MemoryFileAtOffset.h"
+#include "MemoryRange.h"
 
 namespace unwindstack {
 
@@ -231,11 +233,13 @@
     }
   }
 
-  // If there is a read-only map then a read-execute map that represents the
-  // same elf object, make sure the previous map is using the same elf
-  // object if it hasn't already been set.
-  if (prev_map != nullptr && elf_start_offset != offset && prev_map->offset == elf_start_offset &&
-      prev_map->name == name) {
+  if (!elf->valid()) {
+    elf_start_offset = offset;
+  } else if (prev_map != nullptr && elf_start_offset != offset &&
+             prev_map->offset == elf_start_offset && prev_map->name == name) {
+    // If there is a read-only map then a read-execute map that represents the
+    // same elf object, make sure the previous map is using the same elf
+    // object if it hasn't already been set.
     std::lock_guard<std::mutex> guard(prev_map->mutex_);
     if (prev_map->elf.get() == nullptr) {
       prev_map->elf = elf;
diff --git a/libunwindstack/Memory.cpp b/libunwindstack/Memory.cpp
index 9904fef..a66cd5b 100644
--- a/libunwindstack/Memory.cpp
+++ b/libunwindstack/Memory.cpp
@@ -32,6 +32,14 @@
 #include <unwindstack/Memory.h>
 
 #include "Check.h"
+#include "MemoryBuffer.h"
+#include "MemoryCache.h"
+#include "MemoryFileAtOffset.h"
+#include "MemoryLocal.h"
+#include "MemoryOffline.h"
+#include "MemoryOfflineBuffer.h"
+#include "MemoryRange.h"
+#include "MemoryRemote.h"
 
 namespace unwindstack {
 
@@ -168,6 +176,16 @@
   return false;
 }
 
+std::unique_ptr<Memory> Memory::CreateFileMemory(const std::string& path, uint64_t offset) {
+  auto memory = std::make_unique<MemoryFileAtOffset>();
+
+  if (memory->Init(path, offset)) {
+    return memory;
+  }
+
+  return nullptr;
+}
+
 std::shared_ptr<Memory> Memory::CreateProcessMemory(pid_t pid) {
   if (pid == getpid()) {
     return std::shared_ptr<Memory>(new MemoryLocal());
@@ -182,6 +200,11 @@
   return std::shared_ptr<Memory>(new MemoryCache(new MemoryRemote(pid)));
 }
 
+std::shared_ptr<Memory> Memory::CreateOfflineMemory(const uint8_t* data, uint64_t start,
+                                                    uint64_t end) {
+  return std::shared_ptr<Memory>(new MemoryOfflineBuffer(data, start, end));
+}
+
 size_t MemoryBuffer::Read(uint64_t addr, void* dst, size_t size) {
   if (addr >= raw_.size()) {
     return 0;
diff --git a/libunwindstack/MemoryBuffer.h b/libunwindstack/MemoryBuffer.h
new file mode 100644
index 0000000..3fe4bbb
--- /dev/null
+++ b/libunwindstack/MemoryBuffer.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _LIBUNWINDSTACK_MEMORY_BUFFER_H
+#define _LIBUNWINDSTACK_MEMORY_BUFFER_H
+
+#include <stdint.h>
+
+#include <string>
+#include <vector>
+
+#include <unwindstack/Memory.h>
+
+namespace unwindstack {
+
+class MemoryBuffer : public Memory {
+ public:
+  MemoryBuffer() = default;
+  virtual ~MemoryBuffer() = default;
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+
+  uint8_t* GetPtr(size_t offset);
+
+  void Resize(size_t size) { raw_.resize(size); }
+
+  uint64_t Size() { return raw_.size(); }
+
+ private:
+  std::vector<uint8_t> raw_;
+};
+
+}  // namespace unwindstack
+
+#endif  // _LIBUNWINDSTACK_MEMORY_BUFFER_H
diff --git a/libunwindstack/MemoryCache.h b/libunwindstack/MemoryCache.h
new file mode 100644
index 0000000..769d907
--- /dev/null
+++ b/libunwindstack/MemoryCache.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _LIBUNWINDSTACK_MEMORY_CACHE_H
+#define _LIBUNWINDSTACK_MEMORY_CACHE_H
+
+#include <stdint.h>
+
+#include <memory>
+#include <string>
+#include <unordered_map>
+
+#include <unwindstack/Memory.h>
+
+namespace unwindstack {
+
+class MemoryCache : public Memory {
+ public:
+  MemoryCache(Memory* memory) : impl_(memory) {}
+  virtual ~MemoryCache() = default;
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+
+  void Clear() override { cache_.clear(); }
+
+ private:
+  constexpr static size_t kCacheBits = 12;
+  constexpr static size_t kCacheMask = (1 << kCacheBits) - 1;
+  constexpr static size_t kCacheSize = 1 << kCacheBits;
+  std::unordered_map<uint64_t, uint8_t[kCacheSize]> cache_;
+
+  std::unique_ptr<Memory> impl_;
+};
+
+}  // namespace unwindstack
+
+#endif  // _LIBUNWINDSTACK_MEMORY_CACHE_H
diff --git a/libunwindstack/MemoryFileAtOffset.h b/libunwindstack/MemoryFileAtOffset.h
new file mode 100644
index 0000000..d136eb4
--- /dev/null
+++ b/libunwindstack/MemoryFileAtOffset.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _LIBUNWINDSTACK_MEMORY_FILE_AT_OFFSET_H
+#define _LIBUNWINDSTACK_MEMORY_FILE_AT_OFFSET_H
+
+#include <stdint.h>
+
+#include <unwindstack/Memory.h>
+
+namespace unwindstack {
+
+class MemoryFileAtOffset : public Memory {
+ public:
+  MemoryFileAtOffset() = default;
+  virtual ~MemoryFileAtOffset();
+
+  bool Init(const std::string& file, uint64_t offset, uint64_t size = UINT64_MAX);
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+
+  size_t Size() { return size_; }
+
+  void Clear() override;
+
+ protected:
+  size_t size_ = 0;
+  size_t offset_ = 0;
+  uint8_t* data_ = nullptr;
+};
+
+}  // namespace unwindstack
+
+#endif  // _LIBUNWINDSTACK_MEMORY_FILE_AT_OFFSET_H
diff --git a/libunwindstack/MemoryLocal.h b/libunwindstack/MemoryLocal.h
new file mode 100644
index 0000000..29aaf12
--- /dev/null
+++ b/libunwindstack/MemoryLocal.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _LIBUNWINDSTACK_MEMORY_LOCAL_H
+#define _LIBUNWINDSTACK_MEMORY_LOCAL_H
+
+#include <stdint.h>
+
+#include <unwindstack/Memory.h>
+
+namespace unwindstack {
+
+class MemoryLocal : public Memory {
+ public:
+  MemoryLocal() = default;
+  virtual ~MemoryLocal() = default;
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+};
+
+}  // namespace unwindstack
+
+#endif  // _LIBUNWINDSTACK_MEMORY_LOCAL_H
diff --git a/libunwindstack/MemoryOffline.h b/libunwindstack/MemoryOffline.h
new file mode 100644
index 0000000..789f1a2
--- /dev/null
+++ b/libunwindstack/MemoryOffline.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _LIBUNWINDSTACK_MEMORY_OFFLINE_H
+#define _LIBUNWINDSTACK_MEMORY_OFFLINE_H
+
+#include <stdint.h>
+
+#include <memory>
+#include <string>
+#include <vector>
+
+#include <unwindstack/Memory.h>
+
+#include "MemoryRange.h"
+
+namespace unwindstack {
+
+class MemoryOffline : public Memory {
+ public:
+  MemoryOffline() = default;
+  virtual ~MemoryOffline() = default;
+
+  bool Init(const std::string& file, uint64_t offset);
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+
+ private:
+  std::unique_ptr<MemoryRange> memory_;
+};
+
+class MemoryOfflineParts : public Memory {
+ public:
+  MemoryOfflineParts() = default;
+  virtual ~MemoryOfflineParts();
+
+  void Add(MemoryOffline* memory) { memories_.push_back(memory); }
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+
+ private:
+  std::vector<MemoryOffline*> memories_;
+};
+
+}  // namespace unwindstack
+
+#endif  // _LIBUNWINDSTACK_MEMORY_OFFLINE_H
diff --git a/libunwindstack/MemoryOfflineBuffer.h b/libunwindstack/MemoryOfflineBuffer.h
new file mode 100644
index 0000000..64c49a1
--- /dev/null
+++ b/libunwindstack/MemoryOfflineBuffer.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _LIBUNWINDSTACK_MEMORY_OFFLINE_BUFFER_H
+#define _LIBUNWINDSTACK_MEMORY_OFFLINE_BUFFER_H
+
+#include <stdint.h>
+
+#include <unwindstack/Memory.h>
+
+namespace unwindstack {
+
+class MemoryOfflineBuffer : public Memory {
+ public:
+  MemoryOfflineBuffer(const uint8_t* data, uint64_t start, uint64_t end);
+  virtual ~MemoryOfflineBuffer() = default;
+
+  void Reset(const uint8_t* data, uint64_t start, uint64_t end);
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+
+ private:
+  const uint8_t* data_;
+  uint64_t start_;
+  uint64_t end_;
+};
+
+}  // namespace unwindstack
+
+#endif  // _LIBUNWINDSTACK_MEMORY_OFFLINE_BUFFER_H
diff --git a/libunwindstack/MemoryRange.h b/libunwindstack/MemoryRange.h
new file mode 100644
index 0000000..3b4ab5c
--- /dev/null
+++ b/libunwindstack/MemoryRange.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _LIBUNWINDSTACK_MEMORY_RANGE_H
+#define _LIBUNWINDSTACK_MEMORY_RANGE_H
+
+#include <stdint.h>
+
+#include <map>
+#include <memory>
+#include <string>
+
+#include <unwindstack/Memory.h>
+
+namespace unwindstack {
+
+// MemoryRange maps one address range onto another.
+// The range [src_begin, src_begin + length) in the underlying Memory is mapped onto offset,
+// such that range.read(offset) is equivalent to underlying.read(src_begin).
+class MemoryRange : public Memory {
+ public:
+  MemoryRange(const std::shared_ptr<Memory>& memory, uint64_t begin, uint64_t length,
+              uint64_t offset);
+  virtual ~MemoryRange() = default;
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+
+  uint64_t offset() { return offset_; }
+  uint64_t length() { return length_; }
+
+ private:
+  std::shared_ptr<Memory> memory_;
+  uint64_t begin_;
+  uint64_t length_;
+  uint64_t offset_;
+};
+
+class MemoryRanges : public Memory {
+ public:
+  MemoryRanges() = default;
+  virtual ~MemoryRanges() = default;
+
+  void Insert(MemoryRange* memory);
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+
+ private:
+  std::map<uint64_t, std::unique_ptr<MemoryRange>> maps_;
+};
+
+}  // namespace unwindstack
+
+#endif  // _LIBUNWINDSTACK_MEMORY_RANGE_H
diff --git a/libunwindstack/MemoryRemote.h b/libunwindstack/MemoryRemote.h
new file mode 100644
index 0000000..db367d6
--- /dev/null
+++ b/libunwindstack/MemoryRemote.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _LIBUNWINDSTACK_MEMORY_REMOTE_H
+#define _LIBUNWINDSTACK_MEMORY_REMOTE_H
+
+#include <stdint.h>
+#include <sys/types.h>
+
+#include <atomic>
+
+#include <unwindstack/Memory.h>
+
+namespace unwindstack {
+
+class MemoryRemote : public Memory {
+ public:
+  MemoryRemote(pid_t pid) : pid_(pid), read_redirect_func_(0) {}
+  virtual ~MemoryRemote() = default;
+
+  size_t Read(uint64_t addr, void* dst, size_t size) override;
+
+  pid_t pid() { return pid_; }
+
+ private:
+  pid_t pid_;
+  std::atomic_uintptr_t read_redirect_func_;
+};
+
+}  // namespace unwindstack
+
+#endif  // _LIBUNWINDSTACK_MEMORY_REMOTE_H
diff --git a/libunwindstack/Unwinder.cpp b/libunwindstack/Unwinder.cpp
index 37323dc..c95f852 100644
--- a/libunwindstack/Unwinder.cpp
+++ b/libunwindstack/Unwinder.cpp
@@ -63,7 +63,10 @@
   if (info != nullptr) {
     frame->map_start = info->start;
     frame->map_end = info->end;
-    frame->map_elf_start_offset = info->elf_start_offset;
+    // Since this is a dex file frame, the elf_start_offset is not set
+    // by any of the normal code paths. Use the offset of the map since
+    // that matches the actual offset.
+    frame->map_elf_start_offset = info->offset;
     frame->map_exact_offset = info->offset;
     frame->map_load_bias = info->load_bias;
     frame->map_flags = info->flags;
diff --git a/libunwindstack/include/unwindstack/MapInfo.h b/libunwindstack/include/unwindstack/MapInfo.h
index 025fd98..13ce10f 100644
--- a/libunwindstack/include/unwindstack/MapInfo.h
+++ b/libunwindstack/include/unwindstack/MapInfo.h
@@ -25,10 +25,11 @@
 #include <string>
 
 #include <unwindstack/Elf.h>
-#include <unwindstack/Memory.h>
 
 namespace unwindstack {
 
+class MemoryFileAtOffset;
+
 struct MapInfo {
   MapInfo(MapInfo* map_info, uint64_t start, uint64_t end, uint64_t offset, uint64_t flags,
           const char* name)
diff --git a/libunwindstack/include/unwindstack/Memory.h b/libunwindstack/include/unwindstack/Memory.h
index b3beb6e..3106564 100644
--- a/libunwindstack/include/unwindstack/Memory.h
+++ b/libunwindstack/include/unwindstack/Memory.h
@@ -21,12 +21,8 @@
 #include <sys/types.h>
 #include <unistd.h>
 
-#include <atomic>
-#include <map>
 #include <memory>
 #include <string>
-#include <unordered_map>
-#include <vector>
 
 namespace unwindstack {
 
@@ -37,6 +33,9 @@
 
   static std::shared_ptr<Memory> CreateProcessMemory(pid_t pid);
   static std::shared_ptr<Memory> CreateProcessMemoryCached(pid_t pid);
+  static std::shared_ptr<Memory> CreateOfflineMemory(const uint8_t* data, uint64_t start,
+                                                     uint64_t end);
+  static std::unique_ptr<Memory> CreateFileMemory(const std::string& path, uint64_t offset);
 
   virtual bool ReadString(uint64_t addr, std::string* string, uint64_t max_read = UINT64_MAX);
 
@@ -55,157 +54,6 @@
   }
 };
 
-class MemoryCache : public Memory {
- public:
-  MemoryCache(Memory* memory) : impl_(memory) {}
-  virtual ~MemoryCache() = default;
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-
-  void Clear() override { cache_.clear(); }
-
- private:
-  constexpr static size_t kCacheBits = 12;
-  constexpr static size_t kCacheMask = (1 << kCacheBits) - 1;
-  constexpr static size_t kCacheSize = 1 << kCacheBits;
-  std::unordered_map<uint64_t, uint8_t[kCacheSize]> cache_;
-
-  std::unique_ptr<Memory> impl_;
-};
-
-class MemoryBuffer : public Memory {
- public:
-  MemoryBuffer() = default;
-  virtual ~MemoryBuffer() = default;
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-
-  uint8_t* GetPtr(size_t offset);
-
-  void Resize(size_t size) { raw_.resize(size); }
-
-  uint64_t Size() { return raw_.size(); }
-
- private:
-  std::vector<uint8_t> raw_;
-};
-
-class MemoryFileAtOffset : public Memory {
- public:
-  MemoryFileAtOffset() = default;
-  virtual ~MemoryFileAtOffset();
-
-  bool Init(const std::string& file, uint64_t offset, uint64_t size = UINT64_MAX);
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-
-  size_t Size() { return size_; }
-
-  void Clear() override;
-
- protected:
-  size_t size_ = 0;
-  size_t offset_ = 0;
-  uint8_t* data_ = nullptr;
-};
-
-class MemoryRemote : public Memory {
- public:
-  MemoryRemote(pid_t pid) : pid_(pid), read_redirect_func_(0) {}
-  virtual ~MemoryRemote() = default;
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-
-  pid_t pid() { return pid_; }
-
- private:
-  pid_t pid_;
-  std::atomic_uintptr_t read_redirect_func_;
-};
-
-class MemoryLocal : public Memory {
- public:
-  MemoryLocal() = default;
-  virtual ~MemoryLocal() = default;
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-};
-
-// MemoryRange maps one address range onto another.
-// The range [src_begin, src_begin + length) in the underlying Memory is mapped onto offset,
-// such that range.read(offset) is equivalent to underlying.read(src_begin).
-class MemoryRange : public Memory {
- public:
-  MemoryRange(const std::shared_ptr<Memory>& memory, uint64_t begin, uint64_t length,
-              uint64_t offset);
-  virtual ~MemoryRange() = default;
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-
-  uint64_t offset() { return offset_; }
-  uint64_t length() { return length_; }
-
- private:
-  std::shared_ptr<Memory> memory_;
-  uint64_t begin_;
-  uint64_t length_;
-  uint64_t offset_;
-};
-
-class MemoryRanges : public Memory {
- public:
-  MemoryRanges() = default;
-  virtual ~MemoryRanges() = default;
-
-  void Insert(MemoryRange* memory);
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-
- private:
-  std::map<uint64_t, std::unique_ptr<MemoryRange>> maps_;
-};
-
-class MemoryOffline : public Memory {
- public:
-  MemoryOffline() = default;
-  virtual ~MemoryOffline() = default;
-
-  bool Init(const std::string& file, uint64_t offset);
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-
- private:
-  std::unique_ptr<MemoryRange> memory_;
-};
-
-class MemoryOfflineBuffer : public Memory {
- public:
-  MemoryOfflineBuffer(const uint8_t* data, uint64_t start, uint64_t end);
-  virtual ~MemoryOfflineBuffer() = default;
-
-  void Reset(const uint8_t* data, uint64_t start, uint64_t end);
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-
- private:
-  const uint8_t* data_;
-  uint64_t start_;
-  uint64_t end_;
-};
-
-class MemoryOfflineParts : public Memory {
- public:
-  MemoryOfflineParts() = default;
-  virtual ~MemoryOfflineParts();
-
-  void Add(MemoryOffline* memory) { memories_.push_back(memory); }
-
-  size_t Read(uint64_t addr, void* dst, size_t size) override;
-
- private:
-  std::vector<MemoryOffline*> memories_;
-};
-
 }  // namespace unwindstack
 
 #endif  // _LIBUNWINDSTACK_MEMORY_H
diff --git a/libunwindstack/tests/MemoryBufferTest.cpp b/libunwindstack/tests/MemoryBufferTest.cpp
index 28e0e76..a6c12aa 100644
--- a/libunwindstack/tests/MemoryBufferTest.cpp
+++ b/libunwindstack/tests/MemoryBufferTest.cpp
@@ -18,9 +18,8 @@
 
 #include <gtest/gtest.h>
 
-#include <unwindstack/Memory.h>
-
 #include "LogFake.h"
+#include "MemoryBuffer.h"
 
 namespace unwindstack {
 
diff --git a/libunwindstack/tests/MemoryCacheTest.cpp b/libunwindstack/tests/MemoryCacheTest.cpp
index a3def20..3bd3e4d 100644
--- a/libunwindstack/tests/MemoryCacheTest.cpp
+++ b/libunwindstack/tests/MemoryCacheTest.cpp
@@ -20,8 +20,7 @@
 
 #include <gtest/gtest.h>
 
-#include <unwindstack/Memory.h>
-
+#include "MemoryCache.h"
 #include "MemoryFake.h"
 
 namespace unwindstack {
diff --git a/libunwindstack/tests/MemoryFileTest.cpp b/libunwindstack/tests/MemoryFileTest.cpp
index d7d1ace..4124a49 100644
--- a/libunwindstack/tests/MemoryFileTest.cpp
+++ b/libunwindstack/tests/MemoryFileTest.cpp
@@ -21,7 +21,7 @@
 #include <android-base/file.h>
 #include <gtest/gtest.h>
 
-#include <unwindstack/Memory.h>
+#include "MemoryFileAtOffset.h"
 
 namespace unwindstack {
 
diff --git a/libunwindstack/tests/MemoryLocalTest.cpp b/libunwindstack/tests/MemoryLocalTest.cpp
index 5a389d0..c9e5dc0 100644
--- a/libunwindstack/tests/MemoryLocalTest.cpp
+++ b/libunwindstack/tests/MemoryLocalTest.cpp
@@ -22,7 +22,7 @@
 
 #include <gtest/gtest.h>
 
-#include <unwindstack/Memory.h>
+#include "MemoryLocal.h"
 
 namespace unwindstack {
 
diff --git a/libunwindstack/tests/MemoryOfflineBufferTest.cpp b/libunwindstack/tests/MemoryOfflineBufferTest.cpp
index f022884..c62c53d 100644
--- a/libunwindstack/tests/MemoryOfflineBufferTest.cpp
+++ b/libunwindstack/tests/MemoryOfflineBufferTest.cpp
@@ -18,9 +18,8 @@
 
 #include <gtest/gtest.h>
 
-#include <unwindstack/Memory.h>
-
 #include "LogFake.h"
+#include "MemoryOfflineBuffer.h"
 
 namespace unwindstack {
 
diff --git a/libunwindstack/tests/MemoryOfflineTest.cpp b/libunwindstack/tests/MemoryOfflineTest.cpp
index ab9aa9d..d0c441b 100644
--- a/libunwindstack/tests/MemoryOfflineTest.cpp
+++ b/libunwindstack/tests/MemoryOfflineTest.cpp
@@ -19,7 +19,8 @@
 #include <gtest/gtest.h>
 
 #include <android-base/file.h>
-#include <unwindstack/Memory.h>
+
+#include "MemoryOffline.h"
 
 namespace unwindstack {
 
diff --git a/libunwindstack/tests/MemoryRangeTest.cpp b/libunwindstack/tests/MemoryRangeTest.cpp
index 2bac95b..2d4f141 100644
--- a/libunwindstack/tests/MemoryRangeTest.cpp
+++ b/libunwindstack/tests/MemoryRangeTest.cpp
@@ -21,9 +21,8 @@
 
 #include <gtest/gtest.h>
 
-#include <unwindstack/Memory.h>
-
 #include "MemoryFake.h"
+#include "MemoryRange.h"
 
 namespace unwindstack {
 
diff --git a/libunwindstack/tests/MemoryRangesTest.cpp b/libunwindstack/tests/MemoryRangesTest.cpp
index d24fcd2..e4e9fc4 100644
--- a/libunwindstack/tests/MemoryRangesTest.cpp
+++ b/libunwindstack/tests/MemoryRangesTest.cpp
@@ -20,9 +20,8 @@
 
 #include <gtest/gtest.h>
 
-#include <unwindstack/Memory.h>
-
 #include "MemoryFake.h"
+#include "MemoryRange.h"
 
 namespace unwindstack {
 
diff --git a/libunwindstack/tests/MemoryRemoteTest.cpp b/libunwindstack/tests/MemoryRemoteTest.cpp
index fb56e8a..c90dedc 100644
--- a/libunwindstack/tests/MemoryRemoteTest.cpp
+++ b/libunwindstack/tests/MemoryRemoteTest.cpp
@@ -30,7 +30,7 @@
 #include <android-base/file.h>
 #include <gtest/gtest.h>
 
-#include <unwindstack/Memory.h>
+#include "MemoryRemote.h"
 
 #include "MemoryFake.h"
 #include "TestUtils.h"
diff --git a/libunwindstack/tests/UnwindOfflineTest.cpp b/libunwindstack/tests/UnwindOfflineTest.cpp
index 6c64c40..baada82 100644
--- a/libunwindstack/tests/UnwindOfflineTest.cpp
+++ b/libunwindstack/tests/UnwindOfflineTest.cpp
@@ -35,7 +35,6 @@
 #include <unwindstack/MachineX86.h>
 #include <unwindstack/MachineX86_64.h>
 #include <unwindstack/Maps.h>
-#include <unwindstack/Memory.h>
 #include <unwindstack/RegsArm.h>
 #include <unwindstack/RegsArm64.h>
 #include <unwindstack/RegsX86.h>
@@ -43,6 +42,7 @@
 #include <unwindstack/Unwinder.h>
 
 #include "ElfTestUtils.h"
+#include "MemoryOffline.h"
 #include "TestUtils.h"
 
 namespace unwindstack {
@@ -62,7 +62,7 @@
     free(cwd_);
   }
 
-  void Init(const char* file_dir, ArchEnum arch) {
+  void Init(const char* file_dir, ArchEnum arch, bool add_stack = true) {
     dir_ = TestGetFileDirectory() + "offline/" + file_dir;
 
     std::string data;
@@ -71,23 +71,25 @@
     maps_.reset(new BufferMaps(data.c_str()));
     ASSERT_TRUE(maps_->Parse());
 
-    std::string stack_name(dir_ + "stack.data");
-    struct stat st;
-    if (stat(stack_name.c_str(), &st) == 0 && S_ISREG(st.st_mode)) {
-      std::unique_ptr<MemoryOffline> stack_memory(new MemoryOffline);
-      ASSERT_TRUE(stack_memory->Init((dir_ + "stack.data").c_str(), 0));
-      process_memory_.reset(stack_memory.release());
-    } else {
-      std::unique_ptr<MemoryOfflineParts> stack_memory(new MemoryOfflineParts);
-      for (size_t i = 0;; i++) {
-        stack_name = dir_ + "stack" + std::to_string(i) + ".data";
-        if (stat(stack_name.c_str(), &st) == -1 || !S_ISREG(st.st_mode)) {
-          ASSERT_TRUE(i != 0) << "No stack data files found.";
-          break;
+    if (add_stack) {
+      std::string stack_name(dir_ + "stack.data");
+      struct stat st;
+      if (stat(stack_name.c_str(), &st) == 0 && S_ISREG(st.st_mode)) {
+        std::unique_ptr<MemoryOffline> stack_memory(new MemoryOffline);
+        ASSERT_TRUE(stack_memory->Init((dir_ + "stack.data").c_str(), 0));
+        process_memory_.reset(stack_memory.release());
+      } else {
+        std::unique_ptr<MemoryOfflineParts> stack_memory(new MemoryOfflineParts);
+        for (size_t i = 0;; i++) {
+          stack_name = dir_ + "stack" + std::to_string(i) + ".data";
+          if (stat(stack_name.c_str(), &st) == -1 || !S_ISREG(st.st_mode)) {
+            ASSERT_TRUE(i != 0) << "No stack data files found.";
+            break;
+          }
+          AddMemory(stack_name, stack_memory.get());
         }
-        AddMemory(stack_name, stack_memory.get());
+        process_memory_.reset(stack_memory.release());
       }
-      process_memory_.reset(stack_memory.release());
     }
 
     switch (arch) {
@@ -1442,4 +1444,17 @@
   EXPECT_EQ(0x7be4f07d20ULL, unwinder.frames()[12].sp);
 }
 
+TEST_F(UnwindOfflineTest, invalid_elf_offset_arm) {
+  ASSERT_NO_FATAL_FAILURE(Init("invalid_elf_offset_arm/", ARCH_ARM, false));
+
+  Unwinder unwinder(128, maps_.get(), regs_.get(), process_memory_);
+  unwinder.Unwind();
+
+  std::string frame_info(DumpFrames(unwinder));
+  ASSERT_EQ(1U, unwinder.NumFrames()) << "Unwind:\n" << frame_info;
+  EXPECT_EQ("  #00 pc 00aa7508  invalid.apk (offset 0x12e4000)\n", frame_info);
+  EXPECT_EQ(0xc898f508, unwinder.frames()[0].pc);
+  EXPECT_EQ(0xc2044218, unwinder.frames()[0].sp);
+}
+
 }  // namespace unwindstack
diff --git a/libunwindstack/tests/UnwindTest.cpp b/libunwindstack/tests/UnwindTest.cpp
index 4e38015..f76a101 100644
--- a/libunwindstack/tests/UnwindTest.cpp
+++ b/libunwindstack/tests/UnwindTest.cpp
@@ -35,11 +35,11 @@
 #include <android-base/threads.h>
 
 #include <unwindstack/Maps.h>
-#include <unwindstack/Memory.h>
 #include <unwindstack/Regs.h>
 #include <unwindstack/RegsGetLocal.h>
 #include <unwindstack/Unwinder.h>
 
+#include "MemoryRemote.h"
 #include "TestUtils.h"
 
 namespace unwindstack {
diff --git a/libunwindstack/tests/UnwinderTest.cpp b/libunwindstack/tests/UnwinderTest.cpp
index 30e57a1..1463167 100644
--- a/libunwindstack/tests/UnwinderTest.cpp
+++ b/libunwindstack/tests/UnwinderTest.cpp
@@ -132,6 +132,10 @@
     const auto& info6 = *--maps_->end();
     info6->memory_backed_elf = true;
 
+    AddMapInfo(0xd0000, 0xd1000, 0x1000, PROT_READ | PROT_WRITE | PROT_EXEC, "/fake/fake.apk");
+    const auto& info7 = *--maps_->end();
+    info7->load_bias = 0;
+
     process_memory_.reset(new MemoryFake);
   }
 
@@ -1015,6 +1019,50 @@
   EXPECT_EQ(PROT_READ | PROT_WRITE, frame->map_flags);
 }
 
+TEST_F(UnwinderTest, dex_pc_in_map_non_zero_offset) {
+  ElfInterfaceFake::FakePushFunctionData(FunctionData("Frame0", 0));
+  regs_.set_pc(0x1000);
+  regs_.set_sp(0x10000);
+  regs_.FakeSetDexPc(0xd0400);
+
+  Unwinder unwinder(64, maps_.get(), &regs_, process_memory_);
+  unwinder.Unwind();
+  EXPECT_EQ(ERROR_NONE, unwinder.LastErrorCode());
+  EXPECT_FALSE(unwinder.elf_from_memory_not_file());
+
+  ASSERT_EQ(2U, unwinder.NumFrames());
+
+  auto* frame = &unwinder.frames()[0];
+  EXPECT_EQ(0U, frame->num);
+  EXPECT_EQ(0x400U, frame->rel_pc);
+  EXPECT_EQ(0xd0400U, frame->pc);
+  EXPECT_EQ(0x10000U, frame->sp);
+  EXPECT_EQ("", frame->function_name);
+  EXPECT_EQ(0U, frame->function_offset);
+  EXPECT_EQ("/fake/fake.apk", frame->map_name);
+  EXPECT_EQ(0x1000U, frame->map_elf_start_offset);
+  EXPECT_EQ(0x1000U, frame->map_exact_offset);
+  EXPECT_EQ(0xd0000U, frame->map_start);
+  EXPECT_EQ(0xd1000U, frame->map_end);
+  EXPECT_EQ(0U, frame->map_load_bias);
+  EXPECT_EQ(PROT_READ | PROT_WRITE | PROT_EXEC, frame->map_flags);
+
+  frame = &unwinder.frames()[1];
+  EXPECT_EQ(1U, frame->num);
+  EXPECT_EQ(0U, frame->rel_pc);
+  EXPECT_EQ(0x1000U, frame->pc);
+  EXPECT_EQ(0x10000U, frame->sp);
+  EXPECT_EQ("Frame0", frame->function_name);
+  EXPECT_EQ(0U, frame->function_offset);
+  EXPECT_EQ("/system/fake/libc.so", frame->map_name);
+  EXPECT_EQ(0U, frame->map_elf_start_offset);
+  EXPECT_EQ(0U, frame->map_exact_offset);
+  EXPECT_EQ(0x1000U, frame->map_start);
+  EXPECT_EQ(0x8000U, frame->map_end);
+  EXPECT_EQ(0U, frame->map_load_bias);
+  EXPECT_EQ(PROT_READ | PROT_WRITE, frame->map_flags);
+}
+
 TEST_F(UnwinderTest, dex_pc_not_in_map) {
   ElfInterfaceFake::FakePushFunctionData(FunctionData("Frame0", 0));
   regs_.set_pc(0x1000);
diff --git a/libunwindstack/tests/files/offline/invalid_elf_offset_arm/maps.txt b/libunwindstack/tests/files/offline/invalid_elf_offset_arm/maps.txt
new file mode 100644
index 0000000..022404c
--- /dev/null
+++ b/libunwindstack/tests/files/offline/invalid_elf_offset_arm/maps.txt
@@ -0,0 +1 @@
+c7ee8000-c8c52fff r-xp  12e4000    00:00 0  invalid.apk
diff --git a/libunwindstack/tests/files/offline/invalid_elf_offset_arm/regs.txt b/libunwindstack/tests/files/offline/invalid_elf_offset_arm/regs.txt
new file mode 100644
index 0000000..b7f10ef
--- /dev/null
+++ b/libunwindstack/tests/files/offline/invalid_elf_offset_arm/regs.txt
@@ -0,0 +1,16 @@
+r0: c0434c00
+r1: 2a4c9fbc
+r2: 00000000
+r3: c83ef1f9
+r4: 00000004
+r5: c2044904
+r6: 00000000
+r7: c20443b8
+r8: 000b33ff
+r9: c20444b0
+r10: cac90740
+r11: 00000000
+ip: ed891ca4
+sp: c2044218
+lr: ed807265
+pc: c898f508
diff --git a/libunwindstack/tools/unwind_info.cpp b/libunwindstack/tools/unwind_info.cpp
index 92e5c0a..7a6d8ba 100644
--- a/libunwindstack/tools/unwind_info.cpp
+++ b/libunwindstack/tools/unwind_info.cpp
@@ -31,6 +31,7 @@
 #include <unwindstack/Elf.h>
 #include <unwindstack/ElfInterface.h>
 #include <unwindstack/Log.h>
+#include <unwindstack/Memory.h>
 
 #include "ArmExidx.h"
 #include "ElfInterfaceArm.h"
@@ -105,14 +106,7 @@
   // Send all log messages to stdout.
   log_to_stdout(true);
 
-  MemoryFileAtOffset* memory = new MemoryFileAtOffset;
-  if (!memory->Init(file, offset)) {
-    // Initializatation failed.
-    printf("Failed to init\n");
-    return 1;
-  }
-
-  Elf elf(memory);
+  Elf elf(Memory::CreateFileMemory(file, offset).release());
   if (!elf.Init() || !elf.valid()) {
     printf("%s is not a valid elf file.\n", file);
     return 1;
diff --git a/libunwindstack/tools/unwind_reg_info.cpp b/libunwindstack/tools/unwind_reg_info.cpp
index b77a86b..d0562d9 100644
--- a/libunwindstack/tools/unwind_reg_info.cpp
+++ b/libunwindstack/tools/unwind_reg_info.cpp
@@ -33,6 +33,7 @@
 #include <unwindstack/Elf.h>
 #include <unwindstack/ElfInterface.h>
 #include <unwindstack/Log.h>
+#include <unwindstack/Memory.h>
 
 #include "ArmExidx.h"
 #include "DwarfOp.h"
@@ -165,14 +166,7 @@
 }
 
 int GetInfo(const char* file, uint64_t pc) {
-  MemoryFileAtOffset* memory = new MemoryFileAtOffset;
-  if (!memory->Init(file, 0)) {
-    // Initializatation failed.
-    printf("Failed to init\n");
-    return 1;
-  }
-
-  Elf elf(memory);
+  Elf elf(Memory::CreateFileMemory(file, pc).release());
   if (!elf.Init() || !elf.valid()) {
     printf("%s is not a valid elf file.\n", file);
     return 1;
@@ -205,7 +199,7 @@
   DwarfSection* section = interface->eh_frame();
   if (section != nullptr) {
     printf("\neh_frame:\n");
-    PrintRegInformation(section, memory, pc, elf.class_type());
+    PrintRegInformation(section, elf.memory(), pc, elf.class_type());
   } else {
     printf("\nno eh_frame information\n");
   }
@@ -213,7 +207,7 @@
   section = interface->debug_frame();
   if (section != nullptr) {
     printf("\ndebug_frame:\n");
-    PrintRegInformation(section, memory, pc, elf.class_type());
+    PrintRegInformation(section, elf.memory(), pc, elf.class_type());
     printf("\n");
   } else {
     printf("\nno debug_frame information\n");
diff --git a/libunwindstack/tools/unwind_symbols.cpp b/libunwindstack/tools/unwind_symbols.cpp
index b0a4dd0..8df2284 100644
--- a/libunwindstack/tools/unwind_symbols.cpp
+++ b/libunwindstack/tools/unwind_symbols.cpp
@@ -59,13 +59,7 @@
   // Send all log messages to stdout.
   unwindstack::log_to_stdout(true);
 
-  unwindstack::MemoryFileAtOffset* memory = new unwindstack::MemoryFileAtOffset;
-  if (!memory->Init(argv[1], 0)) {
-    printf("Failed to init\n");
-    return 1;
-  }
-
-  unwindstack::Elf elf(memory);
+  unwindstack::Elf elf(unwindstack::Memory::CreateFileMemory(argv[1], 0).release());
   if (!elf.Init() || !elf.valid()) {
     printf("%s is not a valid elf file.\n", argv[1]);
     return 1;
diff --git a/libutils/Android.bp b/libutils/Android.bp
index 4f194c7..8be4dd0 100644
--- a/libutils/Android.bp
+++ b/libutils/Android.bp
@@ -17,6 +17,7 @@
     vendor_available: true,
     recovery_available: true,
     host_supported: true,
+    native_bridge_supported: true,
 
     header_libs: [
         "liblog_headers",
@@ -121,6 +122,7 @@
 cc_library {
     name: "libutils",
     defaults: ["libutils_defaults"],
+    native_bridge_supported: true,
 
     srcs: [
         "FileMap.cpp",
diff --git a/libvndksupport/Android.bp b/libvndksupport/Android.bp
index 546c15c..e5b536c 100644
--- a/libvndksupport/Android.bp
+++ b/libvndksupport/Android.bp
@@ -2,6 +2,7 @@
 
 cc_library {
     name: "libvndksupport",
+    native_bridge_supported: true,
     srcs: ["linker.c"],
     cflags: [
         "-Wall",
@@ -22,6 +23,7 @@
 
 llndk_library {
     name: "libvndksupport",
+    native_bridge_supported: true,
     symbol_file: "libvndksupport.map.txt",
     export_include_dirs: ["include"],
 }
diff --git a/libziparchive/include/ziparchive/zip_archive.h b/libziparchive/include/ziparchive/zip_archive.h
index 7eead7e..463851c 100644
--- a/libziparchive/include/ziparchive/zip_archive.h
+++ b/libziparchive/include/ziparchive/zip_archive.h
@@ -25,6 +25,7 @@
 #include <sys/cdefs.h>
 #include <sys/types.h>
 
+#include <string>
 #include <string_view>
 
 #include "android-base/off64_t.h"
@@ -35,6 +36,7 @@
   kCompressDeflated = 8,  // standard deflate
 };
 
+// TODO: remove this when everyone's moved over to std::string.
 struct ZipString {
   const uint8_t* name;
   uint16_t name_length;
@@ -180,9 +182,6 @@
 int32_t StartIteration(ZipArchiveHandle archive, void** cookie_ptr,
                        const std::string_view optional_prefix = "",
                        const std::string_view optional_suffix = "");
-// TODO: remove this.
-int32_t StartIteration(ZipArchiveHandle archive, void** cookie_ptr,
-                       const ZipString* optional_prefix, const ZipString* optional_suffix);
 
 /*
  * Advance to the next element in the zipfile in iteration order.
@@ -190,6 +189,9 @@
  * Returns 0 on success, -1 if there are no more elements in this
  * archive and lower negative values on failure.
  */
+int32_t Next(void* cookie, ZipEntry* data, std::string* name);
+int32_t Next(void* cookie, ZipEntry* data, std::string_view* name);
+// TODO: remove this when everyone's moved over to std::string/std::string_view.
 int32_t Next(void* cookie, ZipEntry* data, ZipString* name);
 
 /*
diff --git a/libziparchive/unzip.cpp b/libziparchive/unzip.cpp
index 3a3a694..426325e 100644
--- a/libziparchive/unzip.cpp
+++ b/libziparchive/unzip.cpp
@@ -255,9 +255,8 @@
   }
 
   ZipEntry entry;
-  ZipString string;
-  while ((err = Next(cookie, &entry, &string)) >= 0) {
-    std::string name(string.name, string.name + string.name_length);
+  std::string name;
+  while ((err = Next(cookie, &entry, &name)) >= 0) {
     if (ShouldInclude(name)) ProcessOne(zah, entry, name);
   }
 
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc
index ac3e236..e966295 100644
--- a/libziparchive/zip_archive.cc
+++ b/libziparchive/zip_archive.cc
@@ -726,22 +726,6 @@
   return 0;
 }
 
-// TODO: remove this.
-int32_t StartIteration(ZipArchiveHandle archive, void** cookie_ptr,
-                       const ZipString* optional_prefix, const ZipString* optional_suffix) {
-  std::string prefix;
-  if (optional_prefix) {
-    prefix = std::string(reinterpret_cast<const char*>(optional_prefix->name),
-                         optional_prefix->name_length);
-  }
-  std::string suffix;
-  if (optional_suffix) {
-    suffix = std::string(reinterpret_cast<const char*>(optional_suffix->name),
-                         optional_suffix->name_length);
-  }
-  return StartIteration(archive, cookie_ptr, prefix.c_str(), suffix.c_str());
-}
-
 void EndIteration(void* cookie) {
   delete reinterpret_cast<IterationHandle*>(cookie);
 }
@@ -763,6 +747,24 @@
   return FindEntry(archive, static_cast<uint32_t>(ent), data);
 }
 
+int32_t Next(void* cookie, ZipEntry* data, std::string* name) {
+  std::string_view sv;
+  int32_t result = Next(cookie, data, &sv);
+  if (result == 0 && name) {
+    *name = std::string(sv);
+  }
+  return result;
+}
+
+int32_t Next(void* cookie, ZipEntry* data, std::string_view* name) {
+  ZipString zs;
+  int32_t result = Next(cookie, data, &zs);
+  if (result == 0 && name) {
+    *name = std::string_view(reinterpret_cast<const char*>(zs.name), zs.name_length);
+  }
+  return result;
+}
+
 int32_t Next(void* cookie, ZipEntry* data, ZipString* name) {
   IterationHandle* handle = reinterpret_cast<IterationHandle*>(cookie);
   if (handle == NULL) {
diff --git a/libziparchive/zip_archive_benchmark.cpp b/libziparchive/zip_archive_benchmark.cpp
index 434f2e1..23ed408 100644
--- a/libziparchive/zip_archive_benchmark.cpp
+++ b/libziparchive/zip_archive_benchmark.cpp
@@ -71,7 +71,7 @@
   ZipArchiveHandle handle;
   void* iteration_cookie;
   ZipEntry data;
-  ZipString name;
+  std::string name;
 
   while (state.KeepRunning()) {
     OpenArchive(temp_file->path, &handle);
diff --git a/libziparchive/zip_archive_test.cc b/libziparchive/zip_archive_test.cc
index 993c975..8781ab7 100644
--- a/libziparchive/zip_archive_test.cc
+++ b/libziparchive/zip_archive_test.cc
@@ -107,6 +107,26 @@
   close(fd);
 }
 
+TEST(ziparchive, Iteration_std_string_view) {
+  ZipArchiveHandle handle;
+  ASSERT_EQ(0, OpenArchiveWrapper(kValidZip, &handle));
+
+  void* iteration_cookie;
+  ASSERT_EQ(0, StartIteration(handle, &iteration_cookie));
+
+  ZipEntry data;
+  std::vector<std::string_view> names;
+  std::string_view name;
+  while (Next(iteration_cookie, &data, &name) == 0) names.push_back(name);
+
+  // Assert that the names are as expected.
+  std::vector<std::string_view> expected_names{"a.txt", "b.txt", "b/", "b/c.txt", "b/d.txt"};
+  std::sort(names.begin(), names.end());
+  ASSERT_EQ(expected_names, names);
+
+  CloseArchive(handle);
+}
+
 static void AssertIterationOrder(const std::string_view prefix, const std::string_view suffix,
                                  const std::vector<std::string>& expected_names_sorted) {
   ZipArchiveHandle handle;
@@ -118,10 +138,10 @@
   ZipEntry data;
   std::vector<std::string> names;
 
-  ZipString name;
+  std::string name;
   for (size_t i = 0; i < expected_names_sorted.size(); ++i) {
     ASSERT_EQ(0, Next(iteration_cookie, &data, &name));
-    names.push_back(std::string(reinterpret_cast<const char*>(name.name), name.name_length));
+    names.push_back(name);
   }
 
   // End of iteration.
@@ -167,7 +187,7 @@
   ASSERT_EQ(0, StartIteration(handle, &iteration_cookie, "x", "y"));
 
   ZipEntry data;
-  ZipString name;
+  std::string name;
 
   // End of iteration.
   ASSERT_EQ(-1, Next(iteration_cookie, &data, &name));
@@ -224,7 +244,7 @@
   void* iteration_cookie;
   ASSERT_EQ(0, StartIteration(handle, &iteration_cookie));
 
-  ZipString name;
+  std::string name;
   ZipEntry data;
 
   ASSERT_EQ(Next(iteration_cookie, &data, &name), 0);
diff --git a/lmkd/lmkd.c b/lmkd/lmkd.c
index 48140b8..521f92e 100644
--- a/lmkd/lmkd.c
+++ b/lmkd/lmkd.c
@@ -1373,8 +1373,8 @@
     set_process_group_and_prio(pid, SP_FOREGROUND, ANDROID_PRIORITY_HIGHEST);
 
     inc_killcnt(procp->oomadj);
-    ALOGI("Kill '%s' (%d), uid %d, oom_adj %d to free %ldkB",
-        taskname, pid, uid, procp->oomadj, tasksize * page_k);
+    ALOGE("Kill '%s' (%d), uid %d, oom_adj %d to free %ldkB", taskname, pid, uid, procp->oomadj,
+          tasksize * page_k);
 
     TRACE_KILL_END();
 
diff --git a/logcat/logcatd.rc b/logcat/logcatd.rc
index 07040b0..25104eb 100644
--- a/logcat/logcatd.rc
+++ b/logcat/logcatd.rc
@@ -4,10 +4,15 @@
 # Make sure any property changes are only performed with /data mounted, after
 # post-fs-data state because otherwise behavior is undefined. The exceptions
 # are device adjustments for logcatd service properties (persist.* overrides
-# notwithstanding) for logd.logpersistd.size and logd.logpersistd.buffer.
+# notwithstanding) for logd.logpersistd.size logd.logpersistd.rotate_kbytes and
+# logd.logpersistd.buffer.
 
 # persist to non-persistent trampolines to permit device properties can be
 # overridden when /data mounts, or during runtime.
+on property:persist.logd.logpersistd.count=*
+    # expect /init to report failure if property empty (default)
+    setprop persist.logd.logpersistd.size ${persist.logd.logpersistd.count}
+
 on property:persist.logd.logpersistd.size=256
     setprop persist.logd.logpersistd.size ""
     setprop logd.logpersistd.size ""
@@ -16,6 +21,14 @@
     # expect /init to report failure if property empty (default)
     setprop logd.logpersistd.size ${persist.logd.logpersistd.size}
 
+on property:persist.logd.logpersistd.rotate_kbytes=1024
+    setprop persist.logd.logpersistd.rotate_kbytes ""
+    setprop logd.logpersistd.rotate_kbytes ""
+
+on property:persist.logd.logpersistd.rotate_kbytes=*
+   # expect /init to report failure if property empty (default)
+   setprop logd.logpersistd.rotate_kbytes ${persist.logd.logpersistd.rotate_kbytes}
+
 on property:persist.logd.logpersistd.buffer=all
     setprop persist.logd.logpersistd.buffer ""
     setprop logd.logpersistd.buffer ""
@@ -54,7 +67,7 @@
     stop logcatd
 
 # logcatd service
-service logcatd /system/bin/logcatd -L -b ${logd.logpersistd.buffer:-all} -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 1024 -n ${logd.logpersistd.size:-256} --id=${ro.build.id}
+service logcatd /system/bin/logcatd -L -b ${logd.logpersistd.buffer:-all} -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r ${logd.logpersistd.rotate_kbytes:-1024} -n ${logd.logpersistd.size:-256} --id=${ro.build.id}
     class late_start
     disabled
     # logd for write to /data/misc/logd, log group for read from log daemon
diff --git a/logd/README.property b/logd/README.property
index da5f96f..d2a2cbb 100644
--- a/logd/README.property
+++ b/logd/README.property
@@ -17,10 +17,13 @@
 					 Responds to logcatd, clear and stop.
 logd.logpersistd.buffer          persist logpersistd buffers to collect
 logd.logpersistd.size            persist logpersistd size in MB
+logd.logpersistd.rotate_kbytes   	 persist logpersistd outout file size in KB.
 persist.logd.logpersistd   string        Enable logpersist daemon, "logcatd"
                                          turns on logcat -f in logd context.
 persist.logd.logpersistd.buffer    all   logpersistd buffers to collect
 persist.logd.logpersistd.size      256   logpersistd size in MB
+persist.logd.logpersistd.count     256   sets max number of rotated logs to <count>.
+persist.logd.logpersistd.rotate_kbytes   1024  logpersistd output file size in KB
 persist.logd.size          number  ro    Global default size of the buffer for
                                          all log ids at initial startup, at
                                          runtime use: logcat -b all -G <value>
diff --git a/logd/logd.rc b/logd/logd.rc
index 438419a..530f342 100644
--- a/logd/logd.rc
+++ b/logd/logd.rc
@@ -6,7 +6,8 @@
     file /dev/kmsg w
     user logd
     group logd system package_info readproc
-    capabilities SYSLOG AUDIT_CONTROL SETGID
+    capabilities SYSLOG AUDIT_CONTROL
+    priority 10
     writepid /dev/cpuset/system-background/tasks
 
 service logd-reinit /system/bin/logd --reinit
diff --git a/logd/main.cpp b/logd/main.cpp
index fd3cdf8..23bbf86 100644
--- a/logd/main.cpp
+++ b/logd/main.cpp
@@ -17,6 +17,7 @@
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <linux/capability.h>
 #include <poll.h>
 #include <sched.h>
 #include <semaphore.h>
@@ -57,35 +58,10 @@
     '<', '0' + LOG_MAKEPRI(LOG_DAEMON, LOG_PRI(PRI)) / 10, \
         '0' + LOG_MAKEPRI(LOG_DAEMON, LOG_PRI(PRI)) % 10, '>'
 
-//
-// The service is designed to be run by init, it does not respond well
-// to starting up manually. When starting up manually the sockets will
-// fail to open typically for one of the following reasons:
-//     EADDRINUSE if logger is running.
-//     EACCESS if started without precautions (below)
-//
-// Here is a cookbook procedure for starting up logd manually assuming
-// init is out of the way, pedantically all permissions and SELinux
-// security is put back in place:
-//
-//    setenforce 0
-//    rm /dev/socket/logd*
-//    chmod 777 /dev/socket
-//        # here is where you would attach the debugger or valgrind for example
-//    runcon u:r:logd:s0 /system/bin/logd </dev/null >/dev/null 2>&1 &
-//    sleep 1
-//    chmod 755 /dev/socket
-//    chown logd.logd /dev/socket/logd*
-//    restorecon /dev/socket/logd*
-//    setenforce 1
-//
-// If minimalism prevails, typical for debugging and security is not a concern:
-//
-//    setenforce 0
-//    chmod 777 /dev/socket
-//    logd
-//
-
+// The service is designed to be run by init, it does not respond well to starting up manually. Init
+// has a 'sigstop' feature that sends SIGSTOP to a service immediately before calling exec().  This
+// allows debuggers, etc to be attached to logd at the very beginning, while still having init
+// handle the user, groups, capabilities, files, etc setup.
 static int drop_privs(bool klogd, bool auditd) {
     sched_param param = {};
 
@@ -99,11 +75,6 @@
         return -1;
     }
 
-    if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) {
-        android::prdebug("failed to set background cgroup");
-        return -1;
-    }
-
     if (!__android_logger_property_get_bool("ro.debuggable",
                                             BOOL_DEFAULT_FALSE) &&
         prctl(PR_SET_DUMPABLE, 0) == -1) {
@@ -111,52 +82,26 @@
         return -1;
     }
 
-    std::unique_ptr<struct _cap_struct, int (*)(void*)> caps(cap_init(),
-                                                             cap_free);
-    if (cap_clear(caps.get()) < 0) return -1;
-    cap_value_t cap_value[] = { CAP_SETGID,  // must be first for below
-                                klogd ? CAP_SYSLOG : CAP_SETGID,
-                                auditd ? CAP_AUDIT_CONTROL : CAP_SETGID };
-    if (cap_set_flag(caps.get(), CAP_PERMITTED, arraysize(cap_value), cap_value,
-                     CAP_SET) < 0) {
+    std::unique_ptr<struct _cap_struct, int (*)(void*)> caps(cap_init(), cap_free);
+    if (cap_clear(caps.get()) < 0) {
         return -1;
     }
-    if (cap_set_flag(caps.get(), CAP_EFFECTIVE, arraysize(cap_value), cap_value,
-                     CAP_SET) < 0) {
+    std::vector<cap_value_t> cap_value;
+    if (klogd) {
+        cap_value.emplace_back(CAP_SYSLOG);
+    }
+    if (auditd) {
+        cap_value.emplace_back(CAP_AUDIT_CONTROL);
+    }
+
+    if (cap_set_flag(caps.get(), CAP_PERMITTED, cap_value.size(), cap_value.data(), CAP_SET) < 0) {
+        return -1;
+    }
+    if (cap_set_flag(caps.get(), CAP_EFFECTIVE, cap_value.size(), cap_value.data(), CAP_SET) < 0) {
         return -1;
     }
     if (cap_set_proc(caps.get()) < 0) {
-        android::prdebug(
-            "failed to set CAP_SETGID, CAP_SYSLOG or CAP_AUDIT_CONTROL (%d)",
-            errno);
-        return -1;
-    }
-
-    gid_t groups[] = { AID_READPROC };
-
-    if (setgroups(arraysize(groups), groups) == -1) {
-        android::prdebug("failed to set AID_READPROC groups");
-        return -1;
-    }
-
-    if (setgid(AID_LOGD) != 0) {
-        android::prdebug("failed to set AID_LOGD gid");
-        return -1;
-    }
-
-    if (setuid(AID_LOGD) != 0) {
-        android::prdebug("failed to set AID_LOGD uid");
-        return -1;
-    }
-
-    if (cap_set_flag(caps.get(), CAP_PERMITTED, 1, cap_value, CAP_CLEAR) < 0) {
-        return -1;
-    }
-    if (cap_set_flag(caps.get(), CAP_EFFECTIVE, 1, cap_value, CAP_CLEAR) < 0) {
-        return -1;
-    }
-    if (cap_set_proc(caps.get()) < 0) {
-        android::prdebug("failed to clear CAP_SETGID (%d)", errno);
+        android::prdebug("failed to set CAP_SYSLOG or CAP_AUDIT_CONTROL (%d)", errno);
         return -1;
     }
 
@@ -205,67 +150,14 @@
     }
 }
 
-static sem_t uidName;
-static uid_t uid;
-static char* name;
-
 static sem_t reinit;
 static bool reinit_running = false;
 static LogBuffer* logBuf = nullptr;
 
-static bool package_list_parser_cb(pkg_info* info, void* /* userdata */) {
-    bool rc = true;
-    if (info->uid == uid) {
-        name = strdup(info->name);
-        // false to stop processing
-        rc = false;
-    }
-
-    packagelist_free(info);
-    return rc;
-}
-
 static void* reinit_thread_start(void* /*obj*/) {
     prctl(PR_SET_NAME, "logd.daemon");
-    set_sched_policy(0, SP_BACKGROUND);
-    setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND);
-
-    // We should drop to AID_LOGD, if we are anything else, we have
-    // even lesser privileges and accept our fate.
-    gid_t groups[] = {
-        AID_SYSTEM,        // search access to /data/system path
-        AID_PACKAGE_INFO,  // readonly access to /data/system/packages.list
-    };
-    if (setgroups(arraysize(groups), groups) == -1) {
-        android::prdebug(
-            "logd.daemon: failed to set AID_SYSTEM AID_PACKAGE_INFO groups");
-    }
-    if (setgid(AID_LOGD) != 0) {
-        android::prdebug("logd.daemon: failed to set AID_LOGD gid");
-    }
-    if (setuid(AID_LOGD) != 0) {
-        android::prdebug("logd.daemon: failed to set AID_LOGD uid");
-    }
-
-    cap_t caps = cap_init();
-    (void)cap_clear(caps);
-    (void)cap_set_proc(caps);
-    (void)cap_free(caps);
 
     while (reinit_running && !sem_wait(&reinit) && reinit_running) {
-        // uidToName Privileged Worker
-        if (uid) {
-            name = nullptr;
-
-            // if we got the perms wrong above, this would spam if we reported
-            // problems with acquisition of an uid name from the packages.
-            (void)packagelist_parse(package_list_parser_cb, nullptr);
-
-            uid = 0;
-            sem_post(&uidName);
-            continue;
-        }
-
         if (fdDmesg >= 0) {
             static const char reinit_message[] = { KMSG_PRIORITY(LOG_INFO),
                                                    'l',
@@ -302,26 +194,30 @@
     return nullptr;
 }
 
-static sem_t sem_name;
-
 char* android::uidToName(uid_t u) {
-    if (!u || !reinit_running) {
-        return nullptr;
-    }
+    struct Userdata {
+        uid_t uid;
+        char* name;
+    } userdata = {
+            .uid = u,
+            .name = nullptr,
+    };
 
-    sem_wait(&sem_name);
+    packagelist_parse(
+            [](pkg_info* info, void* callback_parameter) {
+                auto userdata = reinterpret_cast<Userdata*>(callback_parameter);
+                bool result = true;
+                if (info->uid == userdata->uid) {
+                    userdata->name = strdup(info->name);
+                    // false to stop processing
+                    result = false;
+                }
+                packagelist_free(info);
+                return result;
+            },
+            &userdata);
 
-    // Not multi-thread safe, we use sem_name to protect
-    uid = u;
-
-    name = nullptr;
-    sem_post(&reinit);
-    sem_wait(&uidName);
-    char* ret = name;
-
-    sem_post(&sem_name);
-
-    return ret;
+    return userdata.name;
 }
 
 // Serves as a global method to trigger reinitialization
@@ -373,11 +269,6 @@
 }
 
 static int issueReinit() {
-    cap_t caps = cap_init();
-    (void)cap_clear(caps);
-    (void)cap_set_proc(caps);
-    (void)cap_free(caps);
-
     int sock = TEMP_FAILURE_RETRY(socket_local_client(
         "logd", ANDROID_SOCKET_NAMESPACE_RESERVED, SOCK_STREAM));
     if (sock < 0) return -errno;
@@ -440,10 +331,13 @@
         if (fdPmesg < 0) android::prdebug("Failed to open %s\n", proc_kmsg);
     }
 
+    bool auditd = __android_logger_property_get_bool("ro.logd.auditd", BOOL_DEFAULT_TRUE);
+    if (drop_privs(klogd, auditd) != 0) {
+        return EXIT_FAILURE;
+    }
+
     // Reinit Thread
     sem_init(&reinit, 0, 0);
-    sem_init(&uidName, 0, 0);
-    sem_init(&sem_name, 0, 1);
     pthread_attr_t attr;
     if (!pthread_attr_init(&attr)) {
         struct sched_param param;
@@ -461,12 +355,6 @@
         pthread_attr_destroy(&attr);
     }
 
-    bool auditd =
-        __android_logger_property_get_bool("ro.logd.auditd", BOOL_DEFAULT_TRUE);
-    if (drop_privs(klogd, auditd) != 0) {
-        return EXIT_FAILURE;
-    }
-
     // Serves the purpose of managing the last logs times read on a
     // socket connection, and as a reader lock on a range of log
     // entries.
diff --git a/mkbootimg/mkbootimg.py b/mkbootimg/mkbootimg.py
index 92b11a5..934f28e 100644
--- a/mkbootimg/mkbootimg.py
+++ b/mkbootimg/mkbootimg.py
@@ -113,6 +113,10 @@
         args.output.write(pack('I', BOOT_IMAGE_HEADER_V2_SIZE))
 
     if args.header_version > 1:
+
+        if filesize(args.dtb) == 0:
+            raise ValueError("DTB image must not be empty.")
+
         args.output.write(pack('I', filesize(args.dtb)))   # size in bytes
         args.output.write(pack('Q', args.base + args.dtb_offset)) # dtb physical load address
     pad_file(args.output, args.pagesize)
diff --git a/rootdir/etc/ld.config.legacy.txt b/rootdir/etc/ld.config.legacy.txt
index f6b5e95..ad14493 100644
--- a/rootdir/etc/ld.config.legacy.txt
+++ b/rootdir/etc/ld.config.legacy.txt
@@ -56,7 +56,7 @@
 namespace.default.link.runtime.shared_libs  = libandroidicu.so
 namespace.default.link.runtime.shared_libs += libdexfile_external.so
 namespace.default.link.runtime.shared_libs += libdexfiled_external.so
-# libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466
+# TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept for app compat.
 namespace.default.link.runtime.shared_libs += libicui18n.so
 namespace.default.link.runtime.shared_libs += libicuuc.so
 namespace.default.link.runtime.shared_libs += libnativebridge.so
diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt
index d1293d0..d9373bf 100644
--- a/rootdir/etc/ld.config.txt
+++ b/rootdir/etc/ld.config.txt
@@ -135,7 +135,7 @@
 namespace.default.link.runtime.shared_libs  = libandroidicu.so
 namespace.default.link.runtime.shared_libs += libdexfile_external.so
 namespace.default.link.runtime.shared_libs += libdexfiled_external.so
-# libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466
+# TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept for app compat.
 namespace.default.link.runtime.shared_libs += libicui18n.so
 namespace.default.link.runtime.shared_libs += libicuuc.so
 namespace.default.link.runtime.shared_libs += libnativebridge.so
@@ -144,6 +144,7 @@
 
 # TODO(b/122876336): Remove libpac.so once it's migrated to Webview
 namespace.default.link.runtime.shared_libs += libpac.so
+namespace.default.link.runtime.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
 
 # When libnetd_resolv.so can't be found in the default namespace, search for it
 # in the resolv namespace. Don't allow any other libraries from the resolv namespace
@@ -187,6 +188,7 @@
 namespace.media.links = default
 namespace.media.link.default.shared_libs  = %LLNDK_LIBRARIES%
 namespace.media.link.default.shared_libs += libbinder_ndk.so
+namespace.media.link.default.shared_libs += libcgrouprc.so
 namespace.media.link.default.shared_libs += libmediametrics.so
 namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
 
@@ -371,7 +373,7 @@
 # The "vndk" namespace links to "default" namespace for LLNDK libs and links to
 # "sphal" namespace for vendor libs.  The ordering matters.  The "default"
 # namespace has higher priority than the "sphal" namespace.
-namespace.vndk.links = default,sphal
+namespace.vndk.links = default,sphal,runtime
 
 # When these NDK libs are required inside this namespace, then it is redirected
 # to the default namespace. This is possible since their ABI is stable across
@@ -379,6 +381,8 @@
 namespace.vndk.link.default.shared_libs  = %LLNDK_LIBRARIES%
 namespace.vndk.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
 
+namespace.vndk.link.runtime.shared_libs = %SANITIZER_RUNTIME_LIBRARIES%
+
 # Allow VNDK-SP extensions to use vendor libraries
 namespace.vndk.link.sphal.allow_all_shared_libs = true
 
@@ -431,8 +435,10 @@
 namespace.default.asan.permitted.paths += /data/asan/vendor
 namespace.default.asan.permitted.paths +=           /vendor
 
-namespace.default.links = system,vndk%VNDK_IN_SYSTEM_NS%
-namespace.default.link.system.shared_libs = %LLNDK_LIBRARIES%
+namespace.default.links = system,vndk%VNDK_IN_SYSTEM_NS%,runtime
+namespace.default.link.runtime.shared_libs = %SANITIZER_RUNTIME_LIBRARIES%
+namespace.default.link.system.shared_libs  = %LLNDK_LIBRARIES%
+namespace.default.link.system.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
 namespace.default.link.vndk_in_system.shared_libs = %VNDK_USING_CORE_VARIANT_LIBRARIES%
 namespace.default.link.vndk.shared_libs  = %VNDK_SAMEPROCESS_LIBRARIES%
 namespace.default.link.vndk.shared_libs += %VNDK_CORE_LIBRARIES%
@@ -485,13 +491,15 @@
 # Android releases.  The links here should be identical to that of the
 # 'vndk_in_system' namespace, except for the link between 'vndk' and
 # 'vndk_in_system'.
-namespace.vndk.links = system,default%VNDK_IN_SYSTEM_NS%
+namespace.vndk.links = system,default%VNDK_IN_SYSTEM_NS%,runtime
 
 namespace.vndk.link.system.shared_libs  = %LLNDK_LIBRARIES%
 namespace.vndk.link.system.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
 
 namespace.vndk.link.default.allow_all_shared_libs = true
 
+namespace.vndk.link.runtime.shared_libs = %SANITIZER_RUNTIME_LIBRARIES%
+
 namespace.vndk.link.vndk_in_system.shared_libs = %VNDK_USING_CORE_VARIANT_LIBRARIES%
 
 ###############################################################################
@@ -516,7 +524,7 @@
 namespace.system.links = runtime
 namespace.system.link.runtime.shared_libs  = libdexfile_external.so
 namespace.system.link.runtime.shared_libs += libdexfiled_external.so
-# libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466
+# TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept for app compat.
 namespace.system.link.runtime.shared_libs += libicui18n.so
 namespace.system.link.runtime.shared_libs += libicuuc.so
 namespace.system.link.runtime.shared_libs += libnativebridge.so
@@ -524,6 +532,7 @@
 namespace.system.link.runtime.shared_libs += libnativeloader.so
 # Workaround for b/124772622
 namespace.system.link.runtime.shared_libs += libandroidicu.so
+namespace.system.link.runtime.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
 
 ###############################################################################
 # "vndk_in_system" namespace
@@ -562,7 +571,8 @@
 #   1. 'vndk_in_system' needs to be freely linked back to 'vndk'.
 #   2. 'vndk_in_system' does not need to link to 'default', as any library that
 #      requires anything vendor would not be a vndk_in_system library.
-namespace.vndk_in_system.links = vndk,system
+namespace.vndk_in_system.links = vndk,system,runtime
+namespace.vndk_in_system.link.runtime.shared_libs = %SANITIZER_RUNTIME_LIBRARIES%
 
 namespace.vndk_in_system.link.system.shared_libs  = %LLNDK_LIBRARIES%
 namespace.vndk_in_system.link.system.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
@@ -599,7 +609,7 @@
 namespace.default.link.runtime.shared_libs  = libandroidicu.so
 namespace.default.link.runtime.shared_libs += libdexfile_external.so
 namespace.default.link.runtime.shared_libs += libdexfiled_external.so
-# libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466
+# TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept for app compat.
 namespace.default.link.runtime.shared_libs += libicui18n.so
 namespace.default.link.runtime.shared_libs += libicuuc.so
 namespace.default.link.runtime.shared_libs += libnativebridge.so
@@ -698,3 +708,5 @@
 namespace.default.search.paths  = /system/${LIB}
 namespace.default.search.paths += /%PRODUCT%/${LIB}
 namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
+
+namespace.default.link.runtime.shared_libs = %SANITIZER_RUNTIME_LIBRARIES%
diff --git a/rootdir/etc/ld.config.vndk_lite.txt b/rootdir/etc/ld.config.vndk_lite.txt
index d616582..0880be0 100644
--- a/rootdir/etc/ld.config.vndk_lite.txt
+++ b/rootdir/etc/ld.config.vndk_lite.txt
@@ -75,7 +75,7 @@
 namespace.default.link.runtime.shared_libs  = libandroidicu.so
 namespace.default.link.runtime.shared_libs += libdexfile_external.so
 namespace.default.link.runtime.shared_libs += libdexfiled_external.so
-# libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466
+# TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept for app compat.
 namespace.default.link.runtime.shared_libs += libicui18n.so
 namespace.default.link.runtime.shared_libs += libicuuc.so
 namespace.default.link.runtime.shared_libs += libnativebridge.so
@@ -366,7 +366,7 @@
 namespace.default.links = runtime
 namespace.default.link.runtime.shared_libs  = libdexfile_external.so
 namespace.default.link.runtime.shared_libs += libdexfiled_external.so
-# libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466
+# TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept for app compat.
 namespace.default.link.runtime.shared_libs += libicui18n.so
 namespace.default.link.runtime.shared_libs += libicuuc.so
 namespace.default.link.runtime.shared_libs += libnativebridge.so
@@ -419,7 +419,7 @@
 namespace.default.link.runtime.shared_libs  = libandroidicu.so
 namespace.default.link.runtime.shared_libs += libdexfile_external.so
 namespace.default.link.runtime.shared_libs += libdexfiled_external.so
-# libicuuc.so and libicui18n.so are kept for app compat reason. http://b/130788466
+# TODO(b/120786417 or b/134659294): libicuuc.so and libicui18n.so are kept for app compat.
 namespace.default.link.runtime.shared_libs += libicui18n.so
 namespace.default.link.runtime.shared_libs += libicuuc.so
 namespace.default.link.runtime.shared_libs += libnativebridge.so
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 1b7367c..0b57dba 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -32,6 +32,12 @@
     # cgroup for system_server and surfaceflinger
     mkdir /dev/memcg/system 0550 system system
 
+    # set RLIMIT_NICE to allow priorities from 19 to -20
+    setrlimit nice 40 40
+
+    # Allow up to 32K FDs per process
+    setrlimit nofile 32768 32768
+
     start ueventd
 
     # Run apexd-bootstrap so that APEXes that provide critical libraries
@@ -267,12 +273,6 @@
 
     export DOWNLOAD_CACHE /data/cache
 
-    # set RLIMIT_NICE to allow priorities from 19 to -20
-    setrlimit nice 40 40
-
-    # Allow up to 32K FDs per process
-    setrlimit nofile 32768 32768
-
     # This allows the ledtrig-transient properties to be created here so
     # that they can be chown'd to system:system later on boot
     write /sys/class/leds/vibrator/trigger "transient"
@@ -586,7 +586,6 @@
     symlink /data/data /data/user/0
 
     mkdir /data/media 0770 media_rw media_rw
-    mkdir /data/media/obb 0770 media_rw media_rw
 
     mkdir /data/cache 0770 system cache
     mkdir /data/cache/recovery 0770 system cache
@@ -602,8 +601,9 @@
     # Set SELinux security contexts on upgrade or policy update.
     restorecon --recursive --skip-ce /data
 
-    # Check any timezone data in /data is newer than the copy in the runtime module, delete if not.
-    exec - system system -- /system/bin/tzdatacheck /apex/com.android.runtime/etc/tz /data/misc/zoneinfo
+    # Check any timezone data in /data is newer than the copy in the time zone data
+    # module, delete if not.
+    exec - system system -- /system/bin/tzdatacheck /apex/com.android.tzdata/etc/tz /data/misc/zoneinfo
 
     # If there is no post-fs-data action in the init.<device>.rc file, you
     # must uncomment this line, otherwise encrypted filesystems
diff --git a/sdcard/sdcard.cpp b/sdcard/sdcard.cpp
index 2b35819..0acea72 100644
--- a/sdcard/sdcard.cpp
+++ b/sdcard/sdcard.cpp
@@ -214,7 +214,14 @@
 
     if (multi_user) {
         std::string obb_path = source_path + "/obb";
-        fs_prepare_dir(obb_path.c_str(), 0775, uid, gid);
+        // Only attempt to prepare the /obb dir if it already exists. We want
+        // the legacy obb path "/data/media/obb" to be fixed up so that we can
+        // migrate it to its new location, but we don't want the directory to be
+        // created if it doesn't already exist.
+        struct stat sb;
+        if (TEMP_FAILURE_RETRY(lstat(obb_path.c_str(), &sb)) == 0) {
+            fs_prepare_dir(obb_path.c_str(), 0775, uid, gid);
+        }
     }
 
     exit(0);
diff --git a/shell_and_utilities/README.md b/shell_and_utilities/README.md
index ffda3a5..1926a4f 100644
--- a/shell_and_utilities/README.md
+++ b/shell_and_utilities/README.md
@@ -211,3 +211,32 @@
 true truncate tty tunctl ulimit umount uname uniq unix2dos unlink
 unshare uptime usleep uudecode uuencode uuidgen vconfig vmstat watch
 wc which whoami xargs xxd yes zcat
+
+## Android R
+
+BSD: grep fsck\_msdos newfs\_msdos
+
+bzip2: bzcat bzip2 bunzip2
+
+one-true-awk: awk
+
+toolbox: getevent getprop setprop start stop
+
+toybox: acpi base64 basename bc blkid blockdev cal cat chattr chcon chgrp
+chmod chown chroot chrt cksum clear cmp comm cp cpio cut date dd df
+diff dirname dmesg dos2unix du echo egrep env expand expr fallocate
+false fgrep file find flock fmt free freeramdisk fsfreeze getconf
+getenforce getfattr grep groups gunzip gzip head help hostname hwclock
+i2cdetect i2cdump i2cget i2cset iconv id ifconfig inotifyd insmod
+install ionice iorenice iotop kill killall ln load\_policy log logname
+losetup ls lsattr lsmod lsof lspci lsusb makedevs md5sum microcom
+mkdir mkfifo mknod mkswap mktemp modinfo modprobe more mount mountpoint
+mv nbd-client nc netcat netstat nice nl nohup nproc nsenter od partprobe
+paste patch pgrep pidof ping ping6 pivot\_root pkill pmap printenv
+printf prlimit ps pwd pwdx readlink realpath renice restorecon rev
+rfkill rm rmdir rmmod runcon sed sendevent seq setenforce setfattr
+setsid sha1sum sha224sum sha256sum sha384sum sha512sum sleep sort split
+stat strings stty swapoff swapon sync sysctl tac tail tar taskset tee
+time timeout top touch tr traceroute traceroute6 true truncate tty tunctl
+ulimit umount uname uniq unix2dos unlink unshare uptime usleep uudecode
+uuencode uuidgen vconfig vmstat watch wc which whoami xargs xxd yes zcat
diff --git a/toolbox/Android.bp b/toolbox/Android.bp
index 5289976..9ca5607 100644
--- a/toolbox/Android.bp
+++ b/toolbox/Android.bp
@@ -28,6 +28,8 @@
         "toolbox.c",
         "getevent.c",
         "getprop.cpp",
+        "setprop.cpp",
+        "start.cpp",
     ],
     generated_headers: [
         "toolbox_input_labels",
@@ -40,6 +42,9 @@
     symlinks: [
         "getevent",
         "getprop",
+        "setprop",
+        "start",
+        "stop",
     ],
 }
 
diff --git a/toolbox/setprop.cpp b/toolbox/setprop.cpp
new file mode 100644
index 0000000..acf8c3e
--- /dev/null
+++ b/toolbox/setprop.cpp
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <ctype.h>
+#include <stdlib.h>
+#include <sys/system_properties.h>
+
+#include <iostream>
+
+#include <android-base/properties.h>
+#include <android-base/strings.h>
+
+using android::base::SetProperty;
+using android::base::StartsWith;
+
+extern "C" int setprop_main(int argc, char** argv) {
+    if (argc != 3) {
+        std::cout << "usage: setprop NAME VALUE\n"
+                     "\n"
+                     "Sets an Android system property."
+                  << std::endl;
+        return EXIT_FAILURE;
+    }
+
+    auto name = std::string{argv[1]};
+    auto value = std::string{argv[2]};
+
+    // SetProperty() doesn't tell us why it failed, and actually can't recognize most failures, so
+    // we duplicate some of init's checks here to help the user.
+
+    if (name.front() == '.' || name.back() == '.') {
+        std::cerr << "Property names must not start or end with a '.'" << std::endl;
+        return EXIT_FAILURE;
+    }
+
+    if (name.find("..") != std::string::npos) {
+        std::cerr << "'..' is not allowed in a property name" << std::endl;
+        return EXIT_FAILURE;
+    }
+
+    for (const auto& c : name) {
+        if (!isalnum(c) && !strchr(":@_.-", c)) {
+            std::cerr << "Invalid character '" << c << "' in name '" << name << "'" << std::endl;
+            return EXIT_FAILURE;
+        }
+    }
+
+    if (value.size() >= PROP_VALUE_MAX && !StartsWith(value, "ro.")) {
+        std::cerr << "Value '" << value << "' is too long, " << value.size()
+                  << " bytes vs a max of " << PROP_VALUE_MAX << std::endl;
+        return EXIT_FAILURE;
+    }
+
+    if (mbstowcs(nullptr, value.data(), 0) == static_cast<std::size_t>(-1)) {
+        std::cerr << "Value '" << value << "' is not a UTF8 encoded string" << std::endl;
+        return EXIT_FAILURE;
+    }
+
+    if (!SetProperty(name, value)) {
+        std::cerr << "Failed to set property '" << name << "' to '" << value
+                  << "'.\nSee dmesg for error reason." << std::endl;
+        return EXIT_FAILURE;
+    }
+
+    return EXIT_SUCCESS;
+}
\ No newline at end of file
diff --git a/toolbox/start.cpp b/toolbox/start.cpp
new file mode 100644
index 0000000..b87ed15
--- /dev/null
+++ b/toolbox/start.cpp
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <iostream>
+#include <string>
+#include <vector>
+
+#include <android-base/properties.h>
+
+using android::base::GetProperty;
+using android::base::SetProperty;
+using namespace std::literals;
+
+static void ControlService(bool start, const std::string& service) {
+    if (!android::base::SetProperty(start ? "ctl.start" : "ctl.stop", service)) {
+        std::cerr << "Unable to " << (start ? "start" : "stop") << " service '" << service
+                  << "'\nSee dmesg for error reason." << std::endl;
+        exit(EXIT_FAILURE);
+    }
+}
+
+static void ControlDefaultServices(bool start) {
+    std::vector<std::string> services = {"netd", "surfaceflinger", "zygote"};
+
+    // Only start zygote_secondary if not single arch.
+    std::string zygote_configuration = GetProperty("ro.zygote", "");
+    if (zygote_configuration != "zygote32" && zygote_configuration != "zygote64") {
+        services.emplace_back("zygote_secondary");
+    }
+
+    if (start) {
+        for (const auto& service : services) {
+            ControlService(true, service);
+        }
+    } else {
+        for (auto it = services.crbegin(); it != services.crend(); ++it) {
+            ControlService(false, *it);
+        }
+    }
+}
+
+static int StartStop(int argc, char** argv, bool start) {
+    if (getuid()) {
+        std::cerr << "Must be root" << std::endl;
+        return EXIT_FAILURE;
+    }
+
+    if (argc == 1) {
+        ControlDefaultServices(start);
+    }
+
+    if (argc == 2 && argv[1] == "--help"s) {
+        std::cout << "usage: " << (start ? "start" : "stop")
+                  << " [SERVICE...]\n"
+                     "\n"
+                  << (start ? "Starts" : "Stops")
+                  << " the given system service, or netd/surfaceflinger/zygotes." << std::endl;
+        return EXIT_SUCCESS;
+    }
+
+    for (int i = 1; i < argc; ++i) {
+        ControlService(start, argv[i]);
+    }
+    return EXIT_SUCCESS;
+}
+
+extern "C" int start_main(int argc, char** argv) {
+    return StartStop(argc, argv, true);
+}
+
+extern "C" int stop_main(int argc, char** argv) {
+    return StartStop(argc, argv, false);
+}
\ No newline at end of file
diff --git a/toolbox/tools.h b/toolbox/tools.h
index abeb3ef..9a7ebd2 100644
--- a/toolbox/tools.h
+++ b/toolbox/tools.h
@@ -1,3 +1,6 @@
 TOOL(getevent)
 TOOL(getprop)
+TOOL(setprop)
+TOOL(start)
+TOOL(stop)
 TOOL(toolbox)