Merge changes Ia2c6a77c,I687e18ce into main
* changes:
init: Warn about future deprecation of memcg.swappiness
libprocessgroup: Deprecate setProcessGroupSwappiness
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 156dc3b..1c52da2 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -638,7 +638,10 @@
" --disable-verification Sets disable-verification when flashing vbmeta.\n"
" --disable-super-optimization\n"
" Disables optimizations on flashing super partition.\n"
- " --disable-fastboot-info Will collects tasks from image list rather than $OUT/fastboot-info.txt.\n"
+ " --exclude-dynamic-partitions\n"
+ " Excludes flashing of dynamic partitions.\n"
+ " --disable-fastboot-info Will collects tasks from image list rather than \n"
+ " $OUT/fastboot-info.txt.\n"
" --fs-options=OPTION[,OPTION]\n"
" Enable filesystem features. OPTION supports casefold, projid, compress\n"
// TODO: remove --unbuffered?
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index 88e26cf..40a3a91 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -2335,6 +2335,11 @@
if (!fs_mgr_filesystem_available("overlay")) {
return {.supported = false};
}
+
+ if (!use_override_creds) {
+ return {.supported = true};
+ }
+
struct utsname uts;
if (uname(&uts) == -1) {
return {.supported = false};
diff --git a/fs_mgr/include/fs_mgr_overlayfs.h b/fs_mgr/include/fs_mgr_overlayfs.h
index bf68b2c..253013b 100644
--- a/fs_mgr/include/fs_mgr_overlayfs.h
+++ b/fs_mgr/include/fs_mgr_overlayfs.h
@@ -43,5 +43,11 @@
// overlays if any partition is flashed or updated.
void TeardownAllOverlayForMountPoint(const std::string& mount_point = {});
+// Are we using overlayfs's non-upstreamed override_creds feature?
+// b/388912628 removes the need for override_creds
+// Once this bug is fixed and has had enough soak time, remove this variable and hard code to false
+// where it used
+constexpr bool use_override_creds = false;
+
} // namespace fs_mgr
} // namespace android
diff --git a/fs_mgr/libsnapshot/libsnapshot_cow/create_cow.cpp b/fs_mgr/libsnapshot/libsnapshot_cow/create_cow.cpp
index 4f8bfd2..b15e6ab 100644
--- a/fs_mgr/libsnapshot/libsnapshot_cow/create_cow.cpp
+++ b/fs_mgr/libsnapshot/libsnapshot_cow/create_cow.cpp
@@ -478,11 +478,12 @@
if (create_snapshot_patch_ && use_merkel_tree_) {
std::vector<uint8_t> digest(32, 0);
- CalculateDigest(bufptr, BLOCK_SZ, target_salt_.data(), target_salt_.size(),
+ CalculateDigest(bufptr, BLOCK_SZ, source_salt_.data(), source_salt_.size(),
digest.data());
std::vector<uint8_t> final_digest(32, 0);
- CalculateDigest(digest.data(), digest.size(), source_salt_.data(),
- source_salt_.size(), final_digest.data());
+ CalculateDigest(digest.data(), digest.size(), target_salt_.data(),
+ target_salt_.size(), final_digest.data());
+
hash = ToHexString(final_digest.data(), final_digest.size());
} else {
uint8_t checksum[32];
diff --git a/init/Android.bp b/init/Android.bp
index ed19b4b..dbdf80b 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -136,6 +136,8 @@
"-DWORLD_WRITABLE_KMSG=1",
"-UDUMP_ON_UMOUNT_FAILURE",
"-DDUMP_ON_UMOUNT_FAILURE=1",
+ "-UALLOW_REMOUNT_OVERLAYS",
+ "-DALLOW_REMOUNT_OVERLAYS=1",
],
},
eng: {
@@ -263,7 +265,10 @@
name: "init",
required: [
"init_second_stage",
- ],
+ ] + select(product_variable("debuggable"), {
+ true: ["overlay_remounter"],
+ false: [],
+ }),
}
cc_defaults {
diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
index e06a645..6bb0ad7 100644
--- a/init/first_stage_init.cpp
+++ b/init/first_stage_init.cpp
@@ -402,7 +402,7 @@
// /second_stage_resources is used to preserve files from first to second
// stage init
- CHECKCALL(mount("tmpfs", kSecondStageRes, "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV,
+ CHECKCALL(mount("tmpfs", kSecondStageRes, "tmpfs", MS_NOSUID | MS_NODEV,
"mode=0755,uid=0,gid=0"));
if (IsMicrodroid() && android::virtualization::IsOpenDiceChangesFlagEnabled()) {
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 6316b4d..8bdf5b6 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -69,6 +69,7 @@
#include <android/avf_cc_flags.h>
#include <fs_avb/fs_avb.h>
#include <fs_mgr.h>
+#include <fs_mgr_overlayfs.h>
#include <genfslabelsversion.h>
#include <libgsi/libgsi.h>
#include <libsnapshot/snapshot.h>
@@ -77,6 +78,7 @@
#include "block_dev_initializer.h"
#include "debug_ramdisk.h"
#include "reboot_utils.h"
+#include "second_stage_resources.h"
#include "snapuserd_transition.h"
#include "util.h"
@@ -698,6 +700,65 @@
}
}
+#ifdef ALLOW_REMOUNT_OVERLAYS
+void SetupOverlays() {
+ if (android::fs_mgr::use_override_creds) return;
+
+ bool has_overlays = false;
+ std::string contents;
+ auto result = android::base::ReadFileToString("/proc/mounts", &contents, true);
+
+ auto lines = android::base::Split(contents, "\n");
+ for (auto const& line : lines)
+ if (android::base::StartsWith(line, "overlay")) {
+ has_overlays = true;
+ break;
+ }
+
+ if (!has_overlays) return;
+
+ // After adb remount, we mount all r/o volumes with overlayfs to allow writing.
+ // However, since overlayfs performs its file operations in the context of the
+ // mounting process, this will not work as is - init is in the kernel domain in
+ // first stage, which has very limited permissions.
+
+ // In order to fix this, we need to unmount remount all these volumes from a process
+ // with sufficient privileges to be able to perform these operations. The
+ // overlay_remounter domain has those privileges on debuggable devices.
+ // We will call overlay_remounter which will do the unmounts/mounts.
+ // But for that to work, the volumes must not be busy, so we need to copy
+ // overlay_remounter from system to a ramdisk and run it from there.
+
+ const char* kOverlayRemounter = "overlay_remounter";
+ auto or_src = std::filesystem::path("/system/xbin/") / kOverlayRemounter;
+ auto or_dest = std::filesystem::path(kSecondStageRes) / kOverlayRemounter;
+ std::error_code ec;
+ std::filesystem::copy(or_src, or_dest, ec);
+ if (ec) {
+ LOG(FATAL) << "Failed to copy " << or_src << " to " << or_dest << " " << ec.message();
+ }
+
+ if (selinux_android_restorecon(or_dest.c_str(), 0) == -1) {
+ PLOG(FATAL) << "restorecon of " << or_dest << " failed";
+ }
+ auto dest = unique_fd(open(or_dest.c_str(), O_RDONLY | O_CLOEXEC));
+ if (dest.get() == -1) {
+ PLOG(FATAL) << "Failed to reopen " << or_dest;
+ }
+ if (unlink(or_dest.c_str()) == -1) {
+ PLOG(FATAL) << "Failed to unlink " << or_dest;
+ }
+ const char* args[] = {or_dest.c_str(), nullptr};
+ fexecve(dest.get(), const_cast<char**>(args), nullptr);
+
+ // execv() only returns if an error happened, in which case we
+ // panic and never return from this function.
+ PLOG(FATAL) << "execv(\"" << or_dest << "\") failed";
+}
+#else
+void SetupOverlays() {}
+#endif
+
int SetupSelinux(char** argv) {
SetStdioToDevNull(argv);
InitKernelLogging(argv);
@@ -738,6 +799,10 @@
setenv(kEnvSelinuxStartedAt, std::to_string(start_time.time_since_epoch().count()).c_str(), 1);
+ // SetupOverlays does not return if overlays exist, instead it execs overlay_remounter
+ // which then execs second stage init
+ SetupOverlays();
+
const char* path = "/system/bin/init";
const char* args[] = {path, "second_stage", nullptr};
execv(path, const_cast<char**>(args));
diff --git a/libcutils/ashmem_test.cpp b/libcutils/ashmem_test.cpp
index b0a552f..96f20db 100644
--- a/libcutils/ashmem_test.cpp
+++ b/libcutils/ashmem_test.cpp
@@ -31,7 +31,7 @@
using android::base::unique_fd;
-void TestCreateRegion(size_t size, unique_fd &fd, int prot) {
+static void TestCreateRegion(size_t size, unique_fd &fd, int prot) {
fd = unique_fd(ashmem_create_region(nullptr, size));
ASSERT_TRUE(fd >= 0);
ASSERT_TRUE(ashmem_valid(fd));
@@ -44,26 +44,26 @@
ASSERT_EQ(FD_CLOEXEC, (fcntl(fd, F_GETFD) & FD_CLOEXEC));
}
-void TestMmap(const unique_fd& fd, size_t size, int prot, void** region, off_t off = 0) {
+static void TestMmap(const unique_fd& fd, size_t size, int prot, void** region, off_t off = 0) {
ASSERT_TRUE(fd >= 0);
ASSERT_TRUE(ashmem_valid(fd));
*region = mmap(nullptr, size, prot, MAP_SHARED, fd, off);
ASSERT_NE(MAP_FAILED, *region);
}
-void TestProtDenied(const unique_fd &fd, size_t size, int prot) {
+static void TestProtDenied(const unique_fd &fd, size_t size, int prot) {
ASSERT_TRUE(fd >= 0);
ASSERT_TRUE(ashmem_valid(fd));
EXPECT_EQ(MAP_FAILED, mmap(nullptr, size, prot, MAP_SHARED, fd, 0));
}
-void TestProtIs(const unique_fd& fd, int prot) {
+static void TestProtIs(const unique_fd& fd, int prot) {
ASSERT_TRUE(fd >= 0);
ASSERT_TRUE(ashmem_valid(fd));
EXPECT_EQ(prot, ioctl(fd, ASHMEM_GET_PROT_MASK));
}
-void FillData(std::vector<uint8_t>& data) {
+static void FillData(std::vector<uint8_t>& data) {
for (size_t i = 0; i < data.size(); i++) {
data[i] = i & 0xFF;
}
@@ -78,15 +78,11 @@
ASSERT_EQ(0, WEXITSTATUS(exitStatus));
}
-TEST(AshmemTest, ForkTest) {
- const size_t size = getpagesize();
+static void ForkTest(const unique_fd &fd, size_t size) {
+ void* region1 = nullptr;
std::vector<uint8_t> data(size);
FillData(data);
- unique_fd fd;
- ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE));
-
- void* region1 = nullptr;
ASSERT_NO_FATAL_FAILURE(TestMmap(fd, size, PROT_READ | PROT_WRITE, ®ion1));
memcpy(region1, data.data(), size);
@@ -125,16 +121,12 @@
EXPECT_EQ(0, munmap(region2, size));
}
-TEST(AshmemTest, FileOperationsTest) {
- unique_fd fd;
+static void FileOperationsTest(const unique_fd &fd, size_t size) {
void* region = nullptr;
- // Allocate a 4-page buffer, but leave page-sized holes on either side
const size_t pageSize = getpagesize();
- const size_t size = pageSize * 4;
const size_t dataSize = pageSize * 2;
const size_t holeSize = pageSize;
- ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE));
ASSERT_NO_FATAL_FAILURE(TestMmap(fd, dataSize, PROT_READ | PROT_WRITE, ®ion, holeSize));
std::vector<uint8_t> data(dataSize);
@@ -187,19 +179,16 @@
EXPECT_EQ(0, munmap(region, dataSize));
}
-TEST(AshmemTest, ProtTest) {
- unique_fd fd;
- const size_t size = getpagesize();
+static void ProtTestROBuffer(const unique_fd &fd, size_t size) {
void *region;
- ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_EXEC));
TestProtDenied(fd, size, PROT_WRITE);
TestProtIs(fd, PROT_READ | PROT_EXEC);
ASSERT_NO_FATAL_FAILURE(TestMmap(fd, size, PROT_READ, ®ion));
EXPECT_EQ(0, munmap(region, size));
+}
- ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE |
- PROT_EXEC));
+static void ProtTestRWBuffer(const unique_fd &fd, size_t size) {
TestProtIs(fd, PROT_READ | PROT_WRITE | PROT_EXEC);
ASSERT_EQ(0, ashmem_set_prot_region(fd, PROT_READ | PROT_EXEC));
errno = 0;
@@ -211,12 +200,7 @@
TestProtDenied(fd, size, PROT_WRITE);
}
-TEST(AshmemTest, ForkProtTest) {
- unique_fd fd;
- const size_t size = getpagesize();
-
- ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE));
-
+static void ForkProtTest(const unique_fd &fd, size_t size) {
pid_t pid = fork();
if (!pid) {
// Change buffer mapping permissions to read-only to ensure that
@@ -236,17 +220,13 @@
ASSERT_NO_FATAL_FAILURE(TestProtDenied(fd, size, PROT_WRITE));
}
-TEST(AshmemTest, ForkMultiRegionTest) {
- const size_t size = getpagesize();
+static void ForkMultiRegionTest(unique_fd fds[], int nRegions, size_t size) {
std::vector<uint8_t> data(size);
FillData(data);
- constexpr int nRegions = 16;
- unique_fd fd[nRegions];
for (int i = 0; i < nRegions; i++) {
- ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd[i], PROT_READ | PROT_WRITE));
void* region = nullptr;
- ASSERT_NO_FATAL_FAILURE(TestMmap(fd[i], size, PROT_READ | PROT_WRITE, ®ion));
+ ASSERT_NO_FATAL_FAILURE(TestMmap(fds[i], size, PROT_READ | PROT_WRITE, ®ion));
memcpy(region, data.data(), size);
ASSERT_EQ(0, memcmp(region, data.data(), size));
EXPECT_EQ(0, munmap(region, size));
@@ -257,10 +237,10 @@
// Clear each ashmem buffer in the context of the child process to
// ensure that the updates are visible to the parent process later.
for (int i = 0; i < nRegions; i++) {
- if (!ashmem_valid(fd[i])) {
+ if (!ashmem_valid(fds[i])) {
_exit(3);
}
- void *region = mmap(nullptr, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd[i], 0);
+ void *region = mmap(nullptr, size, PROT_READ | PROT_WRITE, MAP_SHARED, fds[i], 0);
if (region == MAP_FAILED) {
_exit(1);
}
@@ -280,8 +260,59 @@
memset(data.data(), 0, size);
for (int i = 0; i < nRegions; i++) {
void *region;
- ASSERT_NO_FATAL_FAILURE(TestMmap(fd[i], size, PROT_READ | PROT_WRITE, ®ion));
+ ASSERT_NO_FATAL_FAILURE(TestMmap(fds[i], size, PROT_READ | PROT_WRITE, ®ion));
ASSERT_EQ(0, memcmp(region, data.data(), size));
EXPECT_EQ(0, munmap(region, size));
}
+
+}
+
+TEST(AshmemTest, ForkTest) {
+ const size_t size = getpagesize();
+ unique_fd fd;
+
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE));
+ ASSERT_NO_FATAL_FAILURE(ForkTest(fd, size));
+}
+
+TEST(AshmemTest, FileOperationsTest) {
+ const size_t pageSize = getpagesize();
+ // Allocate a 4-page buffer, but leave page-sized holes on either side in
+ // the test.
+ const size_t size = pageSize * 4;
+ unique_fd fd;
+
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE));
+ ASSERT_NO_FATAL_FAILURE(FileOperationsTest(fd, size));
+}
+
+TEST(AshmemTest, ProtTest) {
+ unique_fd fd;
+ const size_t size = getpagesize();
+
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_EXEC));
+ ASSERT_NO_FATAL_FAILURE(ProtTestROBuffer(fd, size));
+
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE | PROT_EXEC));
+ ASSERT_NO_FATAL_FAILURE(ProtTestRWBuffer(fd, size));
+}
+
+TEST(AshmemTest, ForkProtTest) {
+ unique_fd fd;
+ const size_t size = getpagesize();
+
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE));
+ ASSERT_NO_FATAL_FAILURE(ForkProtTest(fd, size));
+}
+
+TEST(AshmemTest, ForkMultiRegionTest) {
+ const size_t size = getpagesize();
+ constexpr int nRegions = 16;
+ unique_fd fds[nRegions];
+
+ for (int i = 0; i < nRegions; i++) {
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fds[i], PROT_READ | PROT_WRITE));
+ }
+
+ ASSERT_NO_FATAL_FAILURE(ForkMultiRegionTest(fds, nRegions, size));
}
diff --git a/libmodprobe/include/exthandler/exthandler.h b/libmodprobe/include/exthandler/exthandler.h
index 232aa95..a619f81 100644
--- a/libmodprobe/include/exthandler/exthandler.h
+++ b/libmodprobe/include/exthandler/exthandler.h
@@ -17,6 +17,7 @@
#pragma once
#include <android-base/result.h>
#include <string>
+#include <sys/types.h>
android::base::Result<std::string> RunExternalHandler(
const std::string& handler, uid_t uid, gid_t gid,
diff --git a/libutils/binder/include/utils/String16.h b/libutils/binder/include/utils/String16.h
index 867dbac..20de647 100644
--- a/libutils/binder/include/utils/String16.h
+++ b/libutils/binder/include/utils/String16.h
@@ -19,16 +19,12 @@
#include <iostream>
#include <string>
+#include <string_view>
#include <utils/Errors.h>
#include <utils/String8.h>
#include <utils/TypeHelpers.h>
-#if __has_include(<string_view>)
-#include <string_view>
-#define HAS_STRING_VIEW
-#endif
-
#if __cplusplus >= 202002L
#include <compare>
#endif
@@ -125,11 +121,9 @@
inline operator const char16_t*() const;
-#ifdef HAS_STRING_VIEW
// Implicit cast to std::u16string is not implemented on purpose - u16string_view is much
// lighter and if one needs, they can still create u16string from u16string_view.
inline operator std::u16string_view() const;
-#endif
// Static and non-static String16 behave the same for the users, so
// this method isn't of much use for the users. It is public for testing.
@@ -414,6 +408,4 @@
// ---------------------------------------------------------------------------
-#undef HAS_STRING_VIEW
-
#endif // ANDROID_STRING16_H
diff --git a/libutils/binder/include/utils/String8.h b/libutils/binder/include/utils/String8.h
index 11415a1..404f8a0 100644
--- a/libutils/binder/include/utils/String8.h
+++ b/libutils/binder/include/utils/String8.h
@@ -18,6 +18,8 @@
#define ANDROID_STRING8_H
#include <iostream>
+#include <string>
+#include <string_view>
#include <utils/Errors.h>
#include <utils/Unicode.h>
@@ -26,16 +28,6 @@
#include <string.h> // for strcmp
#include <stdarg.h>
-#if __has_include(<string>)
-#include <string>
-#define HAS_STRING
-#endif
-
-#if __has_include(<string_view>)
-#include <string_view>
-#define HAS_STRING_VIEW
-#endif
-
#if __cplusplus >= 202002L
#include <compare>
#endif
@@ -57,9 +49,7 @@
String8(const String8& o);
explicit String8(const char* o);
explicit String8(const char* o, size_t numChars);
-#ifdef HAS_STRING_VIEW
explicit String8(std::string_view o);
-#endif
explicit String8(const String16& o);
explicit String8(const char16_t* o);
@@ -129,9 +119,7 @@
inline operator const char*() const;
-#ifdef HAS_STRING_VIEW
inline explicit operator std::string_view() const;
-#endif
char* lockBuffer(size_t size);
void unlockBuffer();
@@ -376,21 +364,15 @@
return mString;
}
-#ifdef HAS_STRING_VIEW
-
inline String8::String8(std::string_view o) : String8(o.data(), o.length()) { }
inline String8::operator std::string_view() const
{
return {mString, length()};
}
-#endif
} // namespace android
// ---------------------------------------------------------------------------
-#undef HAS_STRING
-#undef HAS_STRING_VIEW
-
#endif // ANDROID_STRING8_H
diff --git a/overlay_remounter/Android.bp b/overlay_remounter/Android.bp
new file mode 100644
index 0000000..d74f7da
--- /dev/null
+++ b/overlay_remounter/Android.bp
@@ -0,0 +1,34 @@
+//
+// Copyright (C) 2025 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+cc_binary {
+ name: "overlay_remounter",
+ srcs: [
+ "overlay_remounter.cpp",
+ ],
+ cflags: [
+ "-D_FILE_OFFSET_BITS=64",
+ "-Wall",
+ "-Werror",
+ ],
+ static_libs: [
+ "libbase",
+ "liblog",
+ ],
+ system_shared_libs: [],
+ static_executable: true,
+ install_in_xbin: true,
+}
diff --git a/overlay_remounter/overlay_remounter.cpp b/overlay_remounter/overlay_remounter.cpp
new file mode 100644
index 0000000..ddf97fa
--- /dev/null
+++ b/overlay_remounter/overlay_remounter.cpp
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2025 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <sys/mount.h>
+#include <unistd.h>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/strings.h>
+
+int main(int /*argc*/, char** argv) {
+ android::base::InitLogging(argv, &android::base::KernelLogger);
+ LOG(INFO) << "Overlay remounter will remount all overlay mount points in the overlay_remounter "
+ "domain";
+
+ // Remount ouerlayfs
+ std::string contents;
+ auto result = android::base::ReadFileToString("/proc/mounts", &contents, true);
+
+ auto lines = android::base::Split(contents, "\n");
+ for (auto const& line : lines) {
+ if (!android::base::StartsWith(line, "overlay")) {
+ continue;
+ }
+ auto bits = android::base::Split(line, " ");
+ if (int result = umount(bits[1].c_str()); result == -1) {
+ PLOG(FATAL) << "umount FAILED: " << bits[1];
+ }
+ std::string options;
+ for (auto const& option : android::base::Split(bits[3], ",")) {
+ if (option == "ro" || option == "seclabel" || option == "noatime") continue;
+ if (!options.empty()) options += ',';
+ options += option;
+ }
+ result = mount("overlay", bits[1].c_str(), "overlay", MS_RDONLY | MS_NOATIME,
+ options.c_str());
+ if (result == 0) {
+ LOG(INFO) << "mount succeeded: " << bits[1] << " " << options;
+ } else {
+ PLOG(FATAL) << "mount FAILED: " << bits[1] << " " << bits[3];
+ }
+ }
+
+ const char* path = "/system/bin/init";
+ const char* args[] = {path, "second_stage", nullptr};
+ execv(path, const_cast<char**>(args));
+
+ // execv() only returns if an error happened, in which case we
+ // panic and never return from this function.
+ PLOG(FATAL) << "execv(\"" << path << "\") failed";
+
+ return 1;
+}
diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index 8ebfc1a..f2c284a 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@@ -120,10 +120,9 @@
"libtrusty",
"libutils",
],
- required: select(release_flag("RELEASE_AIDL_USE_UNFROZEN"), {
- true: ["android.hardware.hardware_keystore.xml"],
- default: ["android.hardware.hardware_keystore_V3.xml"],
- }),
+ required: [
+ "android.hardware.hardware_keystore.xml",
+ ],
}
prebuilt_etc {
diff --git a/trusty/keymint/Android.bp b/trusty/keymint/Android.bp
index 36efb1b..caaaac2 100644
--- a/trusty/keymint/Android.bp
+++ b/trusty/keymint/Android.bp
@@ -42,10 +42,7 @@
defaults: ["android.hardware.security.keymint-service.rust.trusty.default"],
init_rc: ["android.hardware.security.keymint-service.rust.trusty.rc"],
vintf_fragments: ["android.hardware.security.keymint-service.rust.trusty.xml"],
- required: select(release_flag("RELEASE_AIDL_USE_UNFROZEN"), {
- true: ["android.hardware.hardware_keystore.xml"],
- default: ["android.hardware.hardware_keystore_V3.xml"],
- }),
+ required: ["android.hardware.hardware_keystore.xml"],
}
rust_binary {