Merge "Make tombstones 664." into main
diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp
index a308ffb..f396b1d 100644
--- a/debuggerd/debuggerd_test.cpp
+++ b/debuggerd/debuggerd_test.cpp
@@ -37,6 +37,7 @@
 #include <string>
 #include <thread>
 
+#include <android/crash_detail.h>
 #include <android/dlext.h>
 #include <android/fdsan.h>
 #include <android/set_abort_message.h>
@@ -945,7 +946,7 @@
 
 inline crash_detail_t* _Nullable android_register_crash_detail_strs(const char* _Nonnull name,
                                                                     const char* _Nonnull data) {
-  return android_register_crash_detail(name, strlen(name), data, strlen(data));
+  return android_crash_detail_register(name, strlen(name), data, strlen(data));
 }
 
 TEST_F(CrasherTest, crash_detail_single) {
@@ -967,6 +968,52 @@
   ASSERT_MATCH(result, R"(CRASH_DETAIL_NAME: 'crash_detail_value')");
 }
 
+TEST_F(CrasherTest, crash_detail_replace_data) {
+  int intercept_result;
+  unique_fd output_fd;
+  StartProcess([]() {
+    auto *cd = android_register_crash_detail_strs("CRASH_DETAIL_NAME", "original_data");
+    android_crash_detail_replace_data(cd, "new_data", strlen("new_data"));
+    abort();
+  });
+  StartIntercept(&output_fd);
+  FinishCrasher();
+  AssertDeath(SIGABRT);
+  FinishIntercept(&intercept_result);
+
+  ASSERT_EQ(1, intercept_result) << "tombstoned reported failure";
+
+  std::string result;
+  ConsumeFd(std::move(output_fd), &result);
+  ASSERT_MATCH(result, R"(CRASH_DETAIL_NAME: 'new_data')");
+  // Ensure the old one no longer shows up, i.e. that we actually replaced
+  // it, not added a new one.
+  ASSERT_NOT_MATCH(result, R"(CRASH_DETAIL_NAME: 'original_data')");
+}
+
+TEST_F(CrasherTest, crash_detail_replace_name) {
+  int intercept_result;
+  unique_fd output_fd;
+  StartProcess([]() {
+    auto *cd = android_register_crash_detail_strs("old_name", g_crash_detail_value);
+    android_crash_detail_replace_name(cd, "new_name", strlen("new_name"));
+    abort();
+  });
+  StartIntercept(&output_fd);
+  FinishCrasher();
+  AssertDeath(SIGABRT);
+  FinishIntercept(&intercept_result);
+
+  ASSERT_EQ(1, intercept_result) << "tombstoned reported failure";
+
+  std::string result;
+  ConsumeFd(std::move(output_fd), &result);
+  ASSERT_MATCH(result, R"(new_name: 'crash_detail_value')");
+  // Ensure the old one no longer shows up, i.e. that we actually replaced
+  // it, not added a new one.
+  ASSERT_NOT_MATCH(result, R"(old_name: 'crash_detail_value')");
+}
+
 TEST_F(CrasherTest, crash_detail_single_byte_name) {
   int intercept_result;
   unique_fd output_fd;
@@ -991,7 +1038,7 @@
   int intercept_result;
   unique_fd output_fd;
   StartProcess([]() {
-    android_register_crash_detail("CRASH_DETAIL_NAME", strlen("CRASH_DETAIL_NAME"), "\1",
+    android_crash_detail_register("CRASH_DETAIL_NAME", strlen("CRASH_DETAIL_NAME"), "\1",
                                   sizeof("\1"));
     abort();
   });
@@ -1035,7 +1082,7 @@
       std::string name = "CRASH_DETAIL_NAME" + std::to_string(i);
       std::string value = "CRASH_DETAIL_VALUE" + std::to_string(i);
       auto* h = android_register_crash_detail_strs(name.data(), value.data());
-      android_unregister_crash_detail(h);
+      android_crash_detail_unregister(h);
     }
 
     android_register_crash_detail_strs("FINAL_NAME", "FINAL_VALUE");
@@ -1103,7 +1150,7 @@
   unique_fd output_fd;
   StartProcess([]() {
     auto* detail1 = android_register_crash_detail_strs("CRASH_DETAIL_NAME", g_crash_detail_value);
-    android_unregister_crash_detail(detail1);
+    android_crash_detail_unregister(detail1);
     android_register_crash_detail_strs("CRASH_DETAIL_NAME2", g_crash_detail_value2);
     abort();
   });
diff --git a/debuggerd/libdebuggerd/tombstone_proto.cpp b/debuggerd/libdebuggerd/tombstone_proto.cpp
index 0098209..74f9a8c 100644
--- a/debuggerd/libdebuggerd/tombstone_proto.cpp
+++ b/debuggerd/libdebuggerd/tombstone_proto.cpp
@@ -51,7 +51,7 @@
 #include <android/set_abort_message.h>
 #include <bionic/macros.h>
 #include <bionic/reserved_signals.h>
-#include <bionic/set_abort_message_internal.h>
+#include <bionic/crash_detail_internal.h>
 #include <log/log.h>
 #include <log/log_read.h>
 #include <log/logprint.h>
diff --git a/debuggerd/seccomp_policy/crash_dump.policy.def b/debuggerd/seccomp_policy/crash_dump.policy.def
index 972a575..dc751da 100644
--- a/debuggerd/seccomp_policy/crash_dump.policy.def
+++ b/debuggerd/seccomp_policy/crash_dump.policy.def
@@ -25,8 +25,8 @@
 faccessat: 1
 recvmsg: 1
 recvfrom: 1
-sysinfo: 1
 setsockopt: 1
+sysinfo: 1
 
 process_vm_readv: 1
 
@@ -53,20 +53,29 @@
 
 #if 0
 libminijail on vendor partitions older than P does not have constants from <sys/mman.h>.
-Define the values of PROT_READ and PROT_WRITE ourselves to maintain backwards compatibility.
+Define values for PROT_READ, PROT_WRITE and PROT_MTE ourselves to maintain backwards compatibility.
 #else
 #define PROT_READ 0x1
 #define PROT_WRITE 0x2
+#define PROT_MTE 0x20
 #endif
 
 madvise: 1
+#if defined(__aarch64__)
+mprotect: arg2 in PROT_READ|PROT_WRITE|PROT_MTE
+#else
 mprotect: arg2 in PROT_READ|PROT_WRITE
+#endif
 munmap: 1
 
 #if defined(__LP64__)
 getuid: 1
 fstat: 1
+#if defined(__aarch64__)
+mmap: arg2 in PROT_READ|PROT_WRITE|PROT_MTE
+#else
 mmap: arg2 in PROT_READ|PROT_WRITE
+#endif
 #else
 getuid32: 1
 fstat64: 1
diff --git a/debuggerd/tombstoned/tombstoned.cpp b/debuggerd/tombstoned/tombstoned.cpp
index 5a36a74..98eb003 100644
--- a/debuggerd/tombstoned/tombstoned.cpp
+++ b/debuggerd/tombstoned/tombstoned.cpp
@@ -422,6 +422,7 @@
     return false;
   }
 
+  // This fd is created inside of dirfd in CrashQueue::create_temporary_file.
   std::string fd_path = StringPrintf("/proc/self/fd/%d", fd.get());
   rc = linkat(AT_FDCWD, fd_path.c_str(), dirfd.get(), path.c_str(), AT_SYMLINK_FOLLOW);
   if (rc != 0) {
diff --git a/fs_mgr/libsnapshot/libsnapshot_cow/test_v3.cpp b/fs_mgr/libsnapshot/libsnapshot_cow/test_v3.cpp
index 3c5b394..2021348 100644
--- a/fs_mgr/libsnapshot/libsnapshot_cow/test_v3.cpp
+++ b/fs_mgr/libsnapshot/libsnapshot_cow/test_v3.cpp
@@ -109,6 +109,40 @@
     ASSERT_EQ(reader.header_v3().op_count, 20);
 }
 
+TEST_F(CowTestV3, MaxOpSingleThreadCompression) {
+    CowOptions options;
+    options.op_count_max = 20;
+    options.num_compress_threads = 1;
+    options.compression_factor = 4096 * 8;
+    options.compression = "lz4";
+
+    auto writer = CreateCowWriter(3, options, GetCowFd());
+    ASSERT_TRUE(writer->AddZeroBlocks(1, 20));
+    std::string data = "This is some data, believe it";
+    data.resize(options.block_size, '\0');
+
+    ASSERT_FALSE(writer->AddRawBlocks(5, data.data(), data.size()));
+
+    ASSERT_TRUE(writer->Finalize());
+}
+
+TEST_F(CowTestV3, MaxOpMultiThreadCompression) {
+    CowOptions options;
+    options.op_count_max = 20;
+    options.num_compress_threads = 2;
+    options.compression_factor = 4096 * 8;
+    options.compression = "lz4";
+
+    auto writer = CreateCowWriter(3, options, GetCowFd());
+    ASSERT_TRUE(writer->AddZeroBlocks(1, 20));
+    std::string data = "This is some data, believe it";
+    data.resize(options.block_size, '\0');
+
+    ASSERT_FALSE(writer->AddRawBlocks(5, data.data(), data.size()));
+
+    ASSERT_TRUE(writer->Finalize());
+}
+
 TEST_F(CowTestV3, ZeroOp) {
     CowOptions options;
     options.op_count_max = 20;
diff --git a/fs_mgr/libsnapshot/libsnapshot_cow/writer_v3.cpp b/fs_mgr/libsnapshot/libsnapshot_cow/writer_v3.cpp
index 22e6f2c..de2e528 100644
--- a/fs_mgr/libsnapshot/libsnapshot_cow/writer_v3.cpp
+++ b/fs_mgr/libsnapshot/libsnapshot_cow/writer_v3.cpp
@@ -121,7 +121,6 @@
         return false;
     }
 
-    LOG(INFO) << "Compression factor: " << header_.max_compression_size;
     num_compress_threads_ = std::max(int(options_.num_compress_threads), 1);
     auto parts = android::base::Split(options_.compression, ",");
     if (parts.size() > 2) {
@@ -356,6 +355,9 @@
                    << ", actual number of blocks received from compressor " << blocks.size();
         return false;
     }
+    if (!CheckOpCount(blocks.size())) {
+        return false;
+    }
     size_t blocks_written = 0;
     for (size_t blk_index = 0; blk_index < blocks.size(); blk_index++) {
         CowOperation& op = cached_ops_.emplace_back();
@@ -395,9 +397,6 @@
     }
     const auto bytes = reinterpret_cast<const uint8_t*>(data);
     const size_t num_blocks = (size / header_.block_size);
-    if (!CheckOpCount(num_blocks)) {
-        return false;
-    }
     for (size_t i = 0; i < num_blocks;) {
         const size_t blocks_to_write =
                 std::min<size_t>(batch_size_ - cached_data_.size(), num_blocks - i);
@@ -604,41 +603,47 @@
 std::vector<CowWriterV3::CompressedBuffer> CowWriterV3::ProcessBlocksWithThreadedCompression(
         const size_t num_blocks, const void* data, CowOperationType type) {
     const size_t num_threads = num_compress_threads_;
-    const size_t blocks_per_thread = DivRoundUp(num_blocks, num_threads);
     const uint8_t* iter = reinterpret_cast<const uint8_t*>(data);
 
+    // We will alternate which thread to send compress work to. E.g. alternate between T1 and T2
+    // until all blocks are processed
     std::vector<CompressedBuffer> compressed_vec;
-    // Submit the blocks per thread. The retrieval of
-    // compressed buffers has to be done in the same order.
-    // We should not poll for completed buffers in a different order as the
-    // buffers are tightly coupled with block ordering.
-    for (size_t i = 0; i < num_threads; i++) {
-        CompressWorker* worker = compress_threads_[i].get();
-        auto blocks_in_batch = std::min(num_blocks - i * blocks_per_thread, blocks_per_thread);
-        // Enqueue the blocks to be compressed for each thread.
-        while (blocks_in_batch) {
-            CompressedBuffer buffer;
+    int iteration = 0;
+    int blocks_to_compress = static_cast<int>(num_blocks);
+    while (blocks_to_compress) {
+        CompressedBuffer buffer;
+        CompressWorker* worker = compress_threads_[iteration % num_threads].get();
 
-            const size_t compression_factor = GetCompressionFactor(blocks_in_batch, type);
-            size_t num_blocks = compression_factor / header_.block_size;
+        const size_t compression_factor = GetCompressionFactor(blocks_to_compress, type);
+        size_t num_blocks = compression_factor / header_.block_size;
 
-            buffer.compression_factor = compression_factor;
-            worker->EnqueueCompressBlocks(iter, compression_factor, 1);
-            compressed_vec.push_back(std::move(buffer));
-            blocks_in_batch -= num_blocks;
-            iter += compression_factor;
-        }
+        worker->EnqueueCompressBlocks(iter, compression_factor, 1);
+        buffer.compression_factor = compression_factor;
+        compressed_vec.push_back(std::move(buffer));
+
+        iteration++;
+        iter += compression_factor;
+        blocks_to_compress -= num_blocks;
     }
 
-    // Fetch compressed buffers from the threads
     std::vector<std::vector<uint8_t>> compressed_buf;
+    std::vector<std::vector<std::vector<uint8_t>>> worker_buffers(num_threads);
     compressed_buf.clear();
     for (size_t i = 0; i < num_threads; i++) {
         CompressWorker* worker = compress_threads_[i].get();
-        if (!worker->GetCompressedBuffers(&compressed_buf)) {
+        if (!worker->GetCompressedBuffers(&worker_buffers[i])) {
             return {};
         }
     }
+    // compressed_vec | CB 1 | CB 2 | CB 3 | CB 4 | <-compressed buffers
+    //                   t1     t2     t1     t2    <- processed by these threads
+    // Ordering is important here. We need to retrieve the compressed data in the same order we
+    // processed it and assume that that we submit data beginning with the first thread and then
+    // round robin the consecutive data calls. We need to Fetch compressed buffers from the threads
+    // via the same ordering
+    for (size_t i = 0; i < compressed_vec.size(); i++) {
+        compressed_buf.emplace_back(worker_buffers[i % num_threads][i / num_threads]);
+    }
 
     if (compressed_vec.size() != compressed_buf.size()) {
         LOG(ERROR) << "Compressed buffer size: " << compressed_buf.size()
diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp
index ba5fb88..e6c4de6 100644
--- a/fs_mgr/libsnapshot/snapshot.cpp
+++ b/fs_mgr/libsnapshot/snapshot.cpp
@@ -508,8 +508,6 @@
         // When snapshots are on current slot, we determine the size
         // of block device based on the number of COW operations. We cannot
         // use base device as it will be from older image.
-        size_t num_ops = 0;
-        uint64_t dev_sz = 0;
         unique_fd fd(open(cow_file.c_str(), O_RDONLY | O_CLOEXEC));
         if (fd < 0) {
             PLOG(ERROR) << "Failed to open " << cow_file;
@@ -522,13 +520,18 @@
             return false;
         }
 
+        uint64_t dev_sz = 0;
         const auto& header = reader.GetHeader();
-        if (header.prefix.major_version > 2) {
-            LOG(ERROR) << "COW format not supported";
-            return false;
+        if (header.prefix.major_version == 2) {
+            const size_t num_ops = reader.get_num_total_data_ops();
+            dev_sz = (num_ops * header.block_size);
+        } else {
+            // create_snapshot will skip in-place copy ops. Hence, fetch this
+            // information directly from v3 header.
+            const auto& v3_header = reader.header_v3();
+            dev_sz = v3_header.op_count_max * v3_header.block_size;
         }
-        num_ops = reader.get_num_total_data_ops();
-        dev_sz = (num_ops * header.block_size);
+
         base_sectors = dev_sz >> 9;
     } else {
         // For userspace snapshots, the size of the base device is taken as the
@@ -3242,6 +3245,8 @@
             // Older OTAs don't set an explicit compression type, so default to gz.
             compression_algorithm = "gz";
         }
+        LOG(INFO) << "using compression algorithm: " << compression_algorithm
+                   << ", max compressible block size: " << compression_factor;
     }
 
     PartitionCowCreator cow_creator{
diff --git a/init/Android.bp b/init/Android.bp
index 181de2e..c3abefe 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -88,7 +88,6 @@
 init_host_sources = [
     "check_builtins.cpp",
     "host_import_parser.cpp",
-    "host_init_verifier.cpp",
 ]
 
 soong_config_module_type {
@@ -321,7 +320,6 @@
     visibility: ["//packages/modules/Virtualization/microdroid"],
 }
 
-
 soong_config_module_type {
     name: "init_first_stage_cc_defaults",
     module_type: "cc_defaults",
@@ -599,7 +597,6 @@
     },
     generated_headers: [
         "generated_stub_builtin_function_map",
-        "generated_android_ids",
     ],
     target: {
         android: {
@@ -614,13 +611,16 @@
 cc_binary {
     name: "host_init_verifier",
     defaults: ["init_host_defaults"],
-    srcs: init_common_sources + init_host_sources,
+    srcs: ["host_init_verifier.cpp"] + init_common_sources + init_host_sources,
+    generated_headers: [
+        "generated_android_ids",
+    ],
 }
 
 cc_library_host_static {
     name: "libinit_host",
     defaults: ["init_host_defaults"],
-    srcs: init_common_sources,
+    srcs: init_common_sources + init_host_sources,
     export_include_dirs: ["."],
     proto: {
         export_proto_headers: true,
diff --git a/init/check_builtins.cpp b/init/check_builtins.cpp
index 461ed22..9725458 100644
--- a/init/check_builtins.cpp
+++ b/init/check_builtins.cpp
@@ -28,9 +28,9 @@
 #include <android-base/parsedouble.h>
 #include <android-base/parseint.h>
 #include <android-base/strings.h>
+#include <property_info_parser/property_info_parser.h>
 
 #include "builtin_arguments.h"
-#include "host_init_verifier.h"
 #include "interface_utils.h"
 #include "property_type.h"
 #include "rlimit_parser.h"
@@ -39,6 +39,9 @@
 
 using android::base::ParseInt;
 using android::base::StartsWith;
+using android::properties::BuildTrie;
+using android::properties::PropertyInfoArea;
+using android::properties::PropertyInfoEntry;
 
 #define ReturnIfAnyArgsEmpty()     \
     for (const auto& arg : args) { \
@@ -50,6 +53,26 @@
 namespace android {
 namespace init {
 
+const PropertyInfoArea* property_info_area;
+
+Result<void> InitializeHostPropertyInfoArea(const std::vector<PropertyInfoEntry>& property_infos) {
+    static std::string serialized_contexts;
+    std::string trie_error;
+    if (!BuildTrie(property_infos, "u:object_r:default_prop:s0", "string", &serialized_contexts,
+                   &trie_error)) {
+        return Error() << "Unable to serialize property contexts: " << trie_error;
+    }
+
+    property_info_area = reinterpret_cast<const PropertyInfoArea*>(serialized_contexts.c_str());
+    return {};
+}
+
+static Result<void> check_stub(const BuiltinArguments& args) {
+    return {};
+}
+
+#include "generated_stub_builtin_function_map.h"
+
 Result<void> check_chown(const BuiltinArguments& args) {
     if (!args[1].empty()) {
         auto uid = DecodeUid(args[1]);
diff --git a/init/check_builtins.h b/init/check_builtins.h
index dc1b752..9b00a7c 100644
--- a/init/check_builtins.h
+++ b/init/check_builtins.h
@@ -19,6 +19,10 @@
 #include "builtin_arguments.h"
 #include "result.h"
 
+#include <vector>
+
+#include <property_info_serializer/property_info_serializer.h>
+
 namespace android {
 namespace init {
 
@@ -43,5 +47,8 @@
 Result<void> check_wait(const BuiltinArguments& args);
 Result<void> check_wait_for_prop(const BuiltinArguments& args);
 
+Result<void> InitializeHostPropertyInfoArea(
+        const std::vector<properties::PropertyInfoEntry>& property_infos);
+
 }  // namespace init
 }  // namespace android
diff --git a/init/first_stage_console.cpp b/init/first_stage_console.cpp
index c6c3008..f6f9329 100644
--- a/init/first_stage_console.cpp
+++ b/init/first_stage_console.cpp
@@ -16,6 +16,7 @@
 
 #include "first_stage_console.h"
 
+#include <spawn.h>
 #include <stdio.h>
 #include <sys/stat.h>
 #include <sys/sysmacros.h>
@@ -65,19 +66,20 @@
     return true;
 }
 
-static void RunScript() {
-    LOG(INFO) << "Attempting to run /first_stage.sh...";
-    pid_t pid = fork();
-    if (pid != 0) {
-        int status;
-        waitpid(pid, &status, 0);
-        LOG(INFO) << "/first_stage.sh exited with status " << status;
-        return;
-    }
-    const char* path = "/system/bin/sh";
-    const char* args[] = {path, "/first_stage.sh", nullptr};
-    int rv = execv(path, const_cast<char**>(args));
-    LOG(ERROR) << "unable to execv /first_stage.sh, returned " << rv << " errno " << errno;
+static pid_t SpawnImage(const char* file) {
+    const char* argv[] = {file, NULL};
+    const char* envp[] = {NULL};
+
+    char* const* argvp = const_cast<char* const*>(argv);
+    char* const* envpp = const_cast<char* const*>(envp);
+
+    pid_t pid;
+    errno = posix_spawn(&pid, argv[0], NULL, NULL, argvp, envpp);
+    if (!errno) return pid;
+
+    PLOG(ERROR) << "Failed to spawn '" << file << "'";
+
+    return (pid_t)0;
 }
 
 namespace android {
@@ -93,19 +95,21 @@
     sigaction(SIGCHLD, &chld_act, nullptr);
     pid_t pid = fork();
     if (pid != 0) {
-        int status;
-        waitpid(pid, &status, 0);
-        LOG(ERROR) << "console shell exited with status " << status;
+        wait(NULL);
+        LOG(ERROR) << "console shell exited";
         return;
     }
 
     if (console) console = SetupConsole();
-    RunScript();
+
+    LOG(INFO) << "Attempting to run /first_stage.sh...";
+    if (SpawnImage("/first_stage.sh")) {
+        wait(NULL);
+        LOG(INFO) << "/first_stage.sh exited";
+    }
+
     if (console) {
-        const char* path = "/system/bin/sh";
-        const char* args[] = {path, nullptr};
-        int rv = execv(path, const_cast<char**>(args));
-        LOG(ERROR) << "unable to execv, returned " << rv << " errno " << errno;
+        if (SpawnImage("/system/bin/sh")) wait(NULL);
     }
     _exit(127);
 }
diff --git a/init/host_init_verifier.cpp b/init/host_init_verifier.cpp
index 662185c..f746ab9 100644
--- a/init/host_init_verifier.cpp
+++ b/init/host_init_verifier.cpp
@@ -14,8 +14,6 @@
 // limitations under the License.
 //
 
-#include "host_init_verifier.h"
-
 #include <errno.h>
 #include <getopt.h>
 #include <pwd.h>
@@ -36,6 +34,7 @@
 #include <android-base/strings.h>
 #include <generated_android_ids.h>
 #include <hidl/metadata.h>
+#include <property_info_parser/property_info_parser.h>
 #include <property_info_serializer/property_info_serializer.h>
 
 #include "action.h"
@@ -57,9 +56,7 @@
 using android::base::ParseInt;
 using android::base::ReadFileToString;
 using android::base::Split;
-using android::properties::BuildTrie;
 using android::properties::ParsePropertyInfoFile;
-using android::properties::PropertyInfoArea;
 using android::properties::PropertyInfoEntry;
 
 static std::vector<std::string> passwd_files;
@@ -148,12 +145,6 @@
 namespace android {
 namespace init {
 
-static Result<void> check_stub(const BuiltinArguments& args) {
-    return {};
-}
-
-#include "generated_stub_builtin_function_map.h"
-
 void PrintUsage() {
     fprintf(stdout, R"(usage: host_init_verifier [options]
 
@@ -196,8 +187,6 @@
     return result;
 }
 
-const PropertyInfoArea* property_info_area;
-
 void HandlePropertyContexts(const std::string& filename,
                             std::vector<PropertyInfoEntry>* property_infos) {
     auto file_contents = std::string();
@@ -288,16 +277,11 @@
     }
     SetKnownInterfaces(*interface_inheritance_hierarchy_map);
 
-    std::string serialized_contexts;
-    std::string trie_error;
-    if (!BuildTrie(property_infos, "u:object_r:default_prop:s0", "string", &serialized_contexts,
-                   &trie_error)) {
-        LOG(ERROR) << "Unable to serialize property contexts: " << trie_error;
+    if (auto result = InitializeHostPropertyInfoArea(property_infos); !result.ok()) {
+        LOG(ERROR) << result.error();
         return EXIT_FAILURE;
     }
 
-    property_info_area = reinterpret_cast<const PropertyInfoArea*>(serialized_contexts.c_str());
-
     if (!partition_map.empty()) {
         std::vector<std::string> vendor_prefixes;
         for (const auto& partition : {"vendor", "odm"}) {
diff --git a/init/host_init_verifier.h b/init/host_init_verifier.h
deleted file mode 100644
index 5d24f2a..0000000
--- a/init/host_init_verifier.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include <property_info_parser/property_info_parser.h>
-
-namespace android {
-namespace init {
-
-extern const android::properties::PropertyInfoArea* property_info_area;
-
-}  // namespace init
-}  // namespace android
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 30ad800..bc4ef42 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -1104,7 +1104,8 @@
         product_first_api_level = GetIntProperty("ro.build.version.sdk", __ANDROID_API_FUTURE__);
     }
 
-    vendor_api_level = std::min(vendor_api_level_of(product_first_api_level), vendor_api_level);
+    vendor_api_level =
+            std::min(AVendorSupport_getVendorApiLevelOf(product_first_api_level), vendor_api_level);
 
     if (vendor_api_level < 0) {
         LOG(ERROR) << "Unexpected vendor api level for " << VENDOR_API_LEVEL_PROP << ". Check "
diff --git a/init/snapuserd_transition.cpp b/init/snapuserd_transition.cpp
index 3a78343..dea7af9 100644
--- a/init/snapuserd_transition.cpp
+++ b/init/snapuserd_transition.cpp
@@ -195,22 +195,20 @@
             return;
         }
         auto start = reinterpret_cast<const void*>(map.start);
-        auto len = map.end - map.start;
+        uint64_t len = android::procinfo::MappedFileSize(map);
         if (!len) {
             return;
         }
+
         if (mlock(start, len) < 0) {
-            LOG(ERROR) << "mlock failed, " << start << " for " << len << " bytes.";
+            PLOG(ERROR) << "\"" << map.name << "\": mlock(" << start << ", " << len
+                        << ") failed: pgoff = " << map.pgoff;
             ok = false;
         }
     };
 
     if (!android::procinfo::ReadProcessMaps(getpid(), callback) || !ok) {
-        LOG(FATAL) << "Could not process /proc/" << getpid() << "/maps file for init, "
-                   << "falling back to mlockall().";
-        if (mlockall(MCL_CURRENT) < 0) {
-            LOG(FATAL) << "mlockall failed";
-        }
+        LOG(FATAL) << "Could not process /proc/" << getpid() << "/maps file for init";
     }
 }
 
diff --git a/libutils/binder/RefBase_test.cpp b/libutils/binder/RefBase_test.cpp
index d675598..65d40a2 100644
--- a/libutils/binder/RefBase_test.cpp
+++ b/libutils/binder/RefBase_test.cpp
@@ -300,8 +300,8 @@
     std::atomic<int>* mDeleteCount;
 };
 
-static sp<Bar> buffer;
-static std::atomic<bool> bufferFull(false);
+[[clang::no_destroy]] static constinit sp<Bar> buffer;
+static constinit std::atomic<bool> bufferFull(false);
 
 // Wait until bufferFull has value val.
 static inline void waitFor(bool val) {
@@ -380,8 +380,8 @@
     }  // Otherwise this is slow and probably pointless on a uniprocessor.
 }
 
-static wp<Bar> wpBuffer;
-static std::atomic<bool> wpBufferFull(false);
+[[clang::no_destroy]] static constinit wp<Bar> wpBuffer;
+static constinit std::atomic<bool> wpBufferFull(false);
 
 // Wait until wpBufferFull has value val.
 static inline void wpWaitFor(bool val) {
diff --git a/libutils/binder/include/utils/RefBase.h b/libutils/binder/include/utils/RefBase.h
index 5e3fa7d..f03e1be 100644
--- a/libutils/binder/include/utils/RefBase.h
+++ b/libutils/binder/include/utils/RefBase.h
@@ -404,7 +404,7 @@
 public:
     typedef typename RefBase::weakref_type weakref_type;
 
-    inline wp() : m_ptr(nullptr), m_refs(nullptr) { }
+    inline constexpr wp() : m_ptr(nullptr), m_refs(nullptr) { }
 
     // if nullptr, returns nullptr
     //
diff --git a/libutils/binder/include/utils/StrongPointer.h b/libutils/binder/include/utils/StrongPointer.h
index 43c00c9..fb9b8e8 100644
--- a/libutils/binder/include/utils/StrongPointer.h
+++ b/libutils/binder/include/utils/StrongPointer.h
@@ -30,7 +30,7 @@
 template<typename T>
 class sp {
 public:
-    inline sp() : m_ptr(nullptr) { }
+    inline constexpr sp() : m_ptr(nullptr) { }
 
     // The old way of using sp<> was like this. This is bad because it relies
     // on implicit conversion to sp<>, which we would like to remove (if an
diff --git a/libutils/include/utils/CallStack.h b/libutils/include/utils/CallStack.h
index 54d559b..0239b68 100644
--- a/libutils/include/utils/CallStack.h
+++ b/libutils/include/utils/CallStack.h
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-#ifndef ANDROID_CALLSTACK_H
-#define ANDROID_CALLSTACK_H
+#pragma once
 
 #include <memory>
 
@@ -27,14 +26,14 @@
 #include <sys/types.h>
 
 #if !defined(__APPLE__) && !defined(_WIN32)
-# define WEAKS_AVAILABLE 1
+# define CALLSTACK_WEAKS_AVAILABLE 1
 #endif
 #ifndef CALLSTACK_WEAK
-# ifdef WEAKS_AVAILABLE
+# ifdef CALLSTACK_WEAKS_AVAILABLE
 #   define CALLSTACK_WEAK __attribute__((weak))
-# else // !WEAKS_AVAILABLE
+# else // !CALLSTACK_WEAKS_AVAILABLE
 #   define CALLSTACK_WEAK
-# endif // !WEAKS_AVAILABLE
+# endif // !CALLSTACK_WEAKS_AVAILABLE
 #endif // CALLSTACK_WEAK predefined
 
 #ifndef CALLSTACK_ALWAYS_INLINE
@@ -91,7 +90,7 @@
     //
     // DO NOT USE THESE. They will disappear.
     struct StackDeleter {
-#ifdef WEAKS_AVAILABLE
+#ifdef CALLSTACK_WEAKS_AVAILABLE
         void operator()(CallStack* stack) {
             deleteStack(stack);
         }
@@ -103,7 +102,7 @@
     typedef std::unique_ptr<CallStack, StackDeleter> CallStackUPtr;
 
     // Return current call stack if possible, nullptr otherwise.
-#ifdef WEAKS_AVAILABLE
+#ifdef CALLSTACK_WEAKS_AVAILABLE
     static CallStackUPtr CALLSTACK_ALWAYS_INLINE getCurrent(int32_t ignoreDepth = 1) {
         if (reinterpret_cast<uintptr_t>(getCurrentInternal) == 0) {
             ALOGW("CallStack::getCurrentInternal not linked, returning null");
@@ -112,13 +111,13 @@
             return getCurrentInternal(ignoreDepth);
         }
     }
-#else // !WEAKS_AVAILABLE
+#else // !CALLSTACK_WEAKS_AVAILABLE
     static CallStackUPtr CALLSTACK_ALWAYS_INLINE getCurrent(int32_t = 1) {
         return CallStackUPtr(nullptr);
     }
-#endif // !WEAKS_AVAILABLE
+#endif // !CALLSTACK_WEAKS_AVAILABLE
 
-#ifdef WEAKS_AVAILABLE
+#ifdef CALLSTACK_WEAKS_AVAILABLE
     static void CALLSTACK_ALWAYS_INLINE logStack(const char* logtag,
                                                  CallStack* stack = getCurrent().get(),
                                                  android_LogPriority priority = ANDROID_LOG_DEBUG) {
@@ -135,9 +134,9 @@
                                                  android_LogPriority = ANDROID_LOG_DEBUG) {
         ALOG(LOG_WARN, logtag, "CallStack::logStackInternal not linked");
     }
-#endif // !WEAKS_AVAILABLE
+#endif // !CALLSTACK_WEAKS_AVAILABLE
 
-#ifdef WEAKS_AVAILABLE
+#ifdef CALLSTACK_WEAKS_AVAILABLE
     static String8 CALLSTACK_ALWAYS_INLINE
     stackToString(const char* prefix = nullptr, const CallStack* stack = getCurrent().get()) {
         if (reinterpret_cast<uintptr_t>(stackToStringInternal) != 0 && stack != nullptr) {
@@ -146,15 +145,15 @@
             return String8::format("%s<CallStack package not linked>", (prefix ? prefix : ""));
         }
     }
-#else // !WEAKS_AVAILABLE
+#else // !CALLSTACK_WEAKS_AVAILABLE
     static String8 CALLSTACK_ALWAYS_INLINE stackToString(const char* prefix = nullptr,
                                                          const CallStack* = getCurrent().get()) {
         return String8::format("%s<CallStack package not linked>", (prefix ? prefix : ""));
     }
-#endif // !WEAKS_AVAILABLE
+#endif // !CALLSTACK_WEAKS_AVAILABLE
 
   private:
-#ifdef WEAKS_AVAILABLE
+#ifdef CALLSTACK_WEAKS_AVAILABLE
     static CallStackUPtr CALLSTACK_WEAK getCurrentInternal(int32_t ignoreDepth);
     static void CALLSTACK_WEAK logStackInternal(const char* logtag, const CallStack* stack,
                                                 android_LogPriority priority);
@@ -162,13 +161,13 @@
     // The deleter is only invoked on non-null pointers. Hence it will never be
     // invoked if CallStack is not linked.
     static void CALLSTACK_WEAK deleteStack(CallStack* stack);
-#endif // WEAKS_AVAILABLE
+#endif // CALLSTACK_WEAKS_AVAILABLE
 
     Vector<String8> mFrameLines;
 };
 
 }  // namespace android
 
+#undef CALLSTACK_WEAKS_AVAILABLE
+#undef CALLSTACK_WEAK
 #undef CALLSTACK_ALWAYS_INLINE
-
-#endif // ANDROID_CALLSTACK_H
diff --git a/libvendorsupport/include/vendorsupport/api_level.h b/libvendorsupport/include/vendorsupport/api_level.h
index ba1a6b8..d365075 100644
--- a/libvendorsupport/include/vendorsupport/api_level.h
+++ b/libvendorsupport/include/vendorsupport/api_level.h
@@ -14,38 +14,34 @@
 
 #pragma once
 
-#include <android/api-level.h>
+#include <sys/cdefs.h>
+
+__BEGIN_DECLS
 
 #define __ANDROID_VENDOR_API_MAX__ 1000000
 #define __INVALID_API_LEVEL -1
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 /**
  * @brief Find corresponding vendor API level from an SDK API version.
  *
  * @details
  * SDK API versions and vendor API levels are not compatible and not
- * convertible. However, this function can be used to compare the two versions
+ * exchangeable. However, this function can be used to compare the two versions
  * to know which one is newer than the other.
  *
- * @param sdk_api_level The SDK version int. This must be less than 10000.
+ * @param sdkApiLevel The SDK version int. This must be less than 10000.
  * @return The corresponding vendor API level of the SDK version. -1 if the SDK
  * version is invalid or 10000.
  */
-int vendor_api_level_of(int sdk_api_level);
+int AVendorSupport_getVendorApiLevelOf(int sdkApiLevel);
 
 /**
  * @brief Find corresponding SDK API version from a vendor API level.
  *
- * @param vendor_api_level The vendor API level int.
+ * @param vendorApiLevel The vendor API level int.
  * @return The corresponding SDK API version of the vendor API level. -1 if the
  * vendor API level is invalid.
  */
-int sdk_api_level_of(int vendor_api_level);
+int AVendorSupport_getSdkApiLevelOf(int vendorApiLevel);
 
-#ifdef __cplusplus
-}
-#endif
+__END_DECLS
diff --git a/libvendorsupport/libvendorsupport.map.txt b/libvendorsupport/libvendorsupport.map.txt
index 9a23b94..d99c834 100644
--- a/libvendorsupport/libvendorsupport.map.txt
+++ b/libvendorsupport/libvendorsupport.map.txt
@@ -1,7 +1,7 @@
 LIBVENDORSUPPORT {
   global:
-    vendor_api_level_of; # llndk systemapi
-    sdk_api_level_of; # llndk systemapi
+    AVendorSupport_getVendorApiLevelOf; # llndk systemapi
+    AVendorSupport_getSdkApiLevelOf; # llndk systemapi
   local:
     *;
 };
diff --git a/libvendorsupport/tests/version_props_test.cpp b/libvendorsupport/tests/version_props_test.cpp
index 538a2e2..ad54c88 100644
--- a/libvendorsupport/tests/version_props_test.cpp
+++ b/libvendorsupport/tests/version_props_test.cpp
@@ -21,17 +21,17 @@
 
 namespace {
 
-TEST(vendorsupport, get_corresponding_vendor_api_level) {
-    ASSERT_EQ(__ANDROID_API_U__, vendor_api_level_of(__ANDROID_API_U__));
-    ASSERT_EQ(202404, vendor_api_level_of(__ANDROID_API_V__));
-    ASSERT_EQ(__INVALID_API_LEVEL, vendor_api_level_of(__ANDROID_API_FUTURE__));
+TEST(VendorSupport, GetCorrespondingVendorApiLevel) {
+    ASSERT_EQ(__ANDROID_API_U__, AVendorSupport_getVendorApiLevelOf(__ANDROID_API_U__));
+    ASSERT_EQ(202404, AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__));
+    ASSERT_EQ(__INVALID_API_LEVEL, AVendorSupport_getVendorApiLevelOf(__ANDROID_API_FUTURE__));
 }
 
-TEST(vendorsupport, get_corresponding_sdk_api_level) {
-    ASSERT_EQ(__ANDROID_API_U__, sdk_api_level_of(__ANDROID_API_U__));
-    ASSERT_EQ(__ANDROID_API_V__, sdk_api_level_of(202404));
-    ASSERT_EQ(__INVALID_API_LEVEL, sdk_api_level_of(__ANDROID_VENDOR_API_MAX__));
-    ASSERT_EQ(__INVALID_API_LEVEL, sdk_api_level_of(35));
+TEST(VendorSupport, GetCorrespondingSdkApiLevel) {
+    ASSERT_EQ(__ANDROID_API_U__, AVendorSupport_getSdkApiLevelOf(__ANDROID_API_U__));
+    ASSERT_EQ(__ANDROID_API_V__, AVendorSupport_getSdkApiLevelOf(202404));
+    ASSERT_EQ(__INVALID_API_LEVEL, AVendorSupport_getSdkApiLevelOf(__ANDROID_VENDOR_API_MAX__));
+    ASSERT_EQ(__INVALID_API_LEVEL, AVendorSupport_getSdkApiLevelOf(35));
 }
 
 }  // namespace
\ No newline at end of file
diff --git a/libvendorsupport/version_props.c b/libvendorsupport/version_props.c
index 4d0e45e..835828c 100644
--- a/libvendorsupport/version_props.c
+++ b/libvendorsupport/version_props.c
@@ -16,26 +16,26 @@
 
 #include <log/log.h>
 
-int vendor_api_level_of(int sdk_api_level) {
-    if (sdk_api_level < __ANDROID_API_V__) {
-        return sdk_api_level;
+int AVendorSupport_getVendorApiLevelOf(int sdkApiLevel) {
+    if (sdkApiLevel < __ANDROID_API_V__) {
+        return sdkApiLevel;
     }
     // In Android V, vendor API level started with version 202404.
     // The calculation assumes that the SDK api level bumps once a year.
-    if (sdk_api_level < __ANDROID_API_FUTURE__) {
-        return 202404 + ((sdk_api_level - __ANDROID_API_V__) * 100);
+    if (sdkApiLevel < __ANDROID_API_FUTURE__) {
+        return 202404 + ((sdkApiLevel - __ANDROID_API_V__) * 100);
     }
-    ALOGE("The SDK version must be less than 10000: %d", sdk_api_level);
+    ALOGE("The SDK version must be less than 10000: %d", sdkApiLevel);
     return __INVALID_API_LEVEL;
 }
 
-int sdk_api_level_of(int vendor_api_level) {
-    if (vendor_api_level < __ANDROID_API_V__) {
-        return vendor_api_level;
+int AVendorSupport_getSdkApiLevelOf(int vendorApiLevel) {
+    if (vendorApiLevel < __ANDROID_API_V__) {
+        return vendorApiLevel;
     }
-    if (vendor_api_level >= 202404 && vendor_api_level < __ANDROID_VENDOR_API_MAX__) {
-        return (vendor_api_level - 202404) / 100 + __ANDROID_API_V__;
+    if (vendorApiLevel >= 202404 && vendorApiLevel < __ANDROID_VENDOR_API_MAX__) {
+        return (vendorApiLevel - 202404) / 100 + __ANDROID_API_V__;
     }
-    ALOGE("Unexpected vendor api level: %d", vendor_api_level);
+    ALOGE("Unexpected vendor api level: %d", vendorApiLevel);
     return __INVALID_API_LEVEL;
 }
diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk
index 5aa4392..b21eca6 100644
--- a/trusty/trusty-base.mk
+++ b/trusty/trusty-base.mk
@@ -35,7 +35,6 @@
     LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.trusty
 endif
 
-# TODO(b/306364873): move this to be flag-controlled?
 ifeq ($(SECRETKEEPER_ENABLED),true)
     LOCAL_SECRETKEEPER_PRODUCT_PACKAGE := android.hardware.security.secretkeeper.trusty
 else