Merge "init: print property/value for wait_for_property"
diff --git a/.clang-format-2 b/.clang-format-2
deleted file mode 100644
index ede5d7e..0000000
--- a/.clang-format-2
+++ /dev/null
@@ -1,9 +0,0 @@
-BasedOnStyle: Google
-AllowShortFunctionsOnASingleLine: Inline
-ColumnLimit: 100
-CommentPragmas: NOLINT:.*
-DerivePointerAlignment: false
-IndentWidth: 2
-PointerAlignment: Left
-TabWidth: 2
-UseTab: Never
diff --git a/.clang-format-2 b/.clang-format-2
new file mode 120000
index 0000000..7ab20d4
--- /dev/null
+++ b/.clang-format-2
@@ -0,0 +1 @@
+../../build/soong/scripts/system-clang-format-2
\ No newline at end of file
diff --git a/.clang-format-4 b/.clang-format-4
deleted file mode 100644
index 55773a2..0000000
--- a/.clang-format-4
+++ /dev/null
@@ -1,11 +0,0 @@
-BasedOnStyle: Google
-AccessModifierOffset: -2
-AllowShortFunctionsOnASingleLine: Inline
-ColumnLimit: 100
-CommentPragmas: NOLINT:.*
-DerivePointerAlignment: false
-IndentWidth: 4
-ContinuationIndentWidth: 8
-PointerAlignment: Left
-TabWidth: 4
-UseTab: Never
diff --git a/.clang-format-4 b/.clang-format-4
new file mode 120000
index 0000000..ddcf5a2
--- /dev/null
+++ b/.clang-format-4
@@ -0,0 +1 @@
+../../build/soong/scripts/system-clang-format
\ No newline at end of file
diff --git a/adb/Android.bp b/adb/Android.bp
index 8199fff..3813578 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp
@@ -156,8 +156,6 @@
         "client/usb_libusb.cpp",
         "client/usb_dispatch.cpp",
         "client/transport_mdns.cpp",
-        "client/fastdeploy.cpp",
-        "client/fastdeploycallbacks.cpp",
     ],
 
     generated_headers: ["platform_tools_version"],
@@ -192,9 +190,6 @@
         "libdiagnose_usb",
         "libmdnssd",
         "libusb",
-        "libandroidfw",
-        "libziparchive",
-        "libz",
         "libutils",
         "liblog",
         "libcutils",
@@ -280,9 +275,6 @@
         "liblog",
         "libmdnssd",
         "libusb",
-        "libandroidfw",
-        "libziparchive",
-        "libz",
         "libutils",
         "liblog",
         "libcutils",
diff --git a/adb/adb.cpp b/adb/adb.cpp
index 06e4c50..a5b2f7b 100644
--- a/adb/adb.cpp
+++ b/adb/adb.cpp
@@ -1134,7 +1134,9 @@
         std::string host;
         int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
         std::string error;
-        if (!android::base::ParseNetAddress(address, &host, &port, &serial, &error)) {
+        if (address.starts_with("vsock:")) {
+            serial = address;
+        } else if (!android::base::ParseNetAddress(address, &host, &port, &serial, &error)) {
             SendFail(reply_fd, android::base::StringPrintf("couldn't parse '%s': %s",
                                                            address.c_str(), error.c_str()));
             return true;
diff --git a/adb/adb.h b/adb/adb.h
index d79cd2d..9209997 100644
--- a/adb/adb.h
+++ b/adb/adb.h
@@ -139,7 +139,7 @@
 atransport* find_emulator_transport_by_console_port(int console_port);
 #endif
 
-int service_to_fd(std::string_view name, atransport* transport);
+unique_fd service_to_fd(std::string_view name, atransport* transport);
 #if !ADB_HOST
 unique_fd daemon_service_to_fd(std::string_view name, atransport* transport);
 #endif
diff --git a/adb/adb_listeners.cpp b/adb/adb_listeners.cpp
index be457a6..29909a5 100644
--- a/adb/adb_listeners.cpp
+++ b/adb/adb_listeners.cpp
@@ -75,41 +75,36 @@
 
 static void ss_listener_event_func(int _fd, unsigned ev, void *_l) {
     if (ev & FDE_READ) {
-        int fd = adb_socket_accept(_fd, nullptr, nullptr);
+        unique_fd fd(adb_socket_accept(_fd, nullptr, nullptr));
         if (fd < 0) return;
 
         int rcv_buf_size = CHUNK_SIZE;
-        adb_setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &rcv_buf_size, sizeof(rcv_buf_size));
+        adb_setsockopt(fd.get(), SOL_SOCKET, SO_RCVBUF, &rcv_buf_size, sizeof(rcv_buf_size));
 
-        asocket* s = create_local_socket(fd);
+        asocket* s = create_local_socket(std::move(fd));
         if (s) {
             connect_to_smartsocket(s);
             return;
         }
-
-        adb_close(fd);
     }
 }
 
 static void listener_event_func(int _fd, unsigned ev, void* _l)
 {
     alistener* listener = reinterpret_cast<alistener*>(_l);
-    asocket *s;
 
     if (ev & FDE_READ) {
-        int fd = adb_socket_accept(_fd, nullptr, nullptr);
+        unique_fd fd(adb_socket_accept(_fd, nullptr, nullptr));
         if (fd < 0) {
             return;
         }
 
-        s = create_local_socket(fd);
+        asocket* s = create_local_socket(std::move(fd));
         if (s) {
             s->transport = listener->transport;
             connect_to_remote(s, listener->connect_to);
             return;
         }
-
-        adb_close(fd);
     }
 }
 
diff --git a/adb/adb_utils.h b/adb/adb_utils.h
index 8253487..a85ca8c 100644
--- a/adb/adb_utils.h
+++ b/adb/adb_utils.h
@@ -53,8 +53,6 @@
 
 bool set_file_block_mode(int fd, bool block);
 
-int adb_close(int fd);
-
 // Given forward/reverse targets, returns true if they look sane. If an error is found, fills
 // |error| and returns false.
 // Currently this only checks "tcp:" targets. Additional checking could be added for other targets
diff --git a/adb/adb_utils_test.cpp b/adb/adb_utils_test.cpp
index bb09425..8518e17 100644
--- a/adb/adb_utils_test.cpp
+++ b/adb/adb_utils_test.cpp
@@ -147,17 +147,16 @@
 
 #if !defined(_WIN32)
 TEST(adb_utils, set_file_block_mode) {
-  int fd = adb_open("/dev/null", O_RDWR | O_APPEND);
-  ASSERT_GE(fd, 0);
-  int flags = fcntl(fd, F_GETFL, 0);
-  ASSERT_EQ(O_RDWR | O_APPEND, (flags & (O_RDWR | O_APPEND)));
-  ASSERT_TRUE(set_file_block_mode(fd, false));
-  int new_flags = fcntl(fd, F_GETFL, 0);
-  ASSERT_EQ(flags | O_NONBLOCK, new_flags);
-  ASSERT_TRUE(set_file_block_mode(fd, true));
-  new_flags = fcntl(fd, F_GETFL, 0);
-  ASSERT_EQ(flags, new_flags);
-  ASSERT_EQ(0, adb_close(fd));
+    unique_fd fd(adb_open("/dev/null", O_RDWR | O_APPEND));
+    ASSERT_GE(fd, 0);
+    int flags = fcntl(fd, F_GETFL, 0);
+    ASSERT_EQ(O_RDWR | O_APPEND, (flags & (O_RDWR | O_APPEND)));
+    ASSERT_TRUE(set_file_block_mode(fd, false));
+    int new_flags = fcntl(fd, F_GETFL, 0);
+    ASSERT_EQ(flags | O_NONBLOCK, new_flags);
+    ASSERT_TRUE(set_file_block_mode(fd, true));
+    new_flags = fcntl(fd, F_GETFL, 0);
+    ASSERT_EQ(flags, new_flags);
 }
 #endif
 
diff --git a/adb/client/adb_client.cpp b/adb/client/adb_client.cpp
index 9a25d10..0a09d1e 100644
--- a/adb/client/adb_client.cpp
+++ b/adb/client/adb_client.cpp
@@ -100,13 +100,11 @@
 
     if (!SendProtocolString(fd, service)) {
         *error = perror_str("write failure during connection");
-        adb_close(fd);
         return -1;
     }
     D("Switch transport in progress");
 
     if (!adb_status(fd, error)) {
-        adb_close(fd);
         D("Switch transport failed: %s", error->c_str());
         return -1;
     }
@@ -194,7 +192,7 @@
 
 int adb_connect(const std::string& service, std::string* error) {
     // first query the adb server's version
-    int fd = _adb_connect("host:version", error);
+    unique_fd fd(_adb_connect("host:version", error));
 
     D("adb_connect: service %s", service.c_str());
     if (fd == -2 && !is_local_socket_spec(__adb_server_socket_spec)) {
@@ -224,12 +222,10 @@
         if (fd >= 0) {
             std::string version_string;
             if (!ReadProtocolString(fd, &version_string, error)) {
-                adb_close(fd);
                 return -1;
             }
 
             ReadOrderlyShutdown(fd);
-            adb_close(fd);
 
             if (sscanf(&version_string[0], "%04x", &version) != 1) {
                 *error = android::base::StringPrintf("cannot parse version string: %s",
@@ -258,52 +254,48 @@
         return 0;
     }
 
-    fd = _adb_connect(service, error);
+    fd.reset(_adb_connect(service, error));
     if (fd == -1) {
         D("_adb_connect error: %s", error->c_str());
     } else if(fd == -2) {
         fprintf(stderr, "* daemon still not running\n");
     }
-    D("adb_connect: return fd %d", fd);
+    D("adb_connect: return fd %d", fd.get());
 
-    return fd;
+    return fd.release();
 }
 
 
 bool adb_command(const std::string& service) {
     std::string error;
-    int fd = adb_connect(service, &error);
+    unique_fd fd(adb_connect(service, &error));
     if (fd < 0) {
         fprintf(stderr, "error: %s\n", error.c_str());
         return false;
     }
 
-    if (!adb_status(fd, &error)) {
+    if (!adb_status(fd.get(), &error)) {
         fprintf(stderr, "error: %s\n", error.c_str());
-        adb_close(fd);
         return false;
     }
 
-    ReadOrderlyShutdown(fd);
-    adb_close(fd);
+    ReadOrderlyShutdown(fd.get());
     return true;
 }
 
 bool adb_query(const std::string& service, std::string* result, std::string* error) {
     D("adb_query: %s", service.c_str());
-    int fd = adb_connect(service, error);
+    unique_fd fd(adb_connect(service, error));
     if (fd < 0) {
         return false;
     }
 
     result->clear();
-    if (!ReadProtocolString(fd, result, error)) {
-        adb_close(fd);
+    if (!ReadProtocolString(fd.get(), result, error)) {
         return false;
     }
 
-    ReadOrderlyShutdown(fd);
-    adb_close(fd);
+    ReadOrderlyShutdown(fd.get());
     return true;
 }
 
diff --git a/adb/client/adb_install.cpp b/adb/client/adb_install.cpp
index d56a25f..2bf2924 100644
--- a/adb/client/adb_install.cpp
+++ b/adb/client/adb_install.cpp
@@ -36,7 +36,9 @@
 #include "commandline.h"
 #include "fastdeploy.h"
 
+#if defined(ENABLE_FASTDEPLOY)
 static constexpr int kFastDeployMinApi = 24;
+#endif
 
 static bool can_use_feature(const char* feature) {
     FeatureSet features;
@@ -130,10 +132,12 @@
     *buf = '\0';
 }
 
+#if defined(ENABLE_FASTDEPLOY)
 static int delete_device_patch_file(const char* apkPath) {
     std::string patchDevicePath = get_patch_path(apkPath);
     return delete_device_file(patchDevicePath);
 }
+#endif
 
 static int install_app_streamed(int argc, const char** argv, bool use_fastdeploy,
                                 bool use_localagent) {
@@ -159,6 +163,7 @@
     }
 
     if (use_fastdeploy == true) {
+#if defined(ENABLE_FASTDEPLOY)
         TemporaryFile metadataTmpFile;
         std::string patchTmpFilePath;
         {
@@ -179,6 +184,9 @@
         adb_unlink(patchTmpFilePath.c_str());
         delete_device_patch_file(file);
         return 0;
+#else
+        error_exit("fastdeploy is disabled");
+#endif
     } else {
         struct stat sb;
         if (stat(file, &sb) == -1) {
@@ -252,6 +260,7 @@
             "/data/local/tmp/" + android::base::Basename(argv[last_apk]);
 
     if (use_fastdeploy == true) {
+#if defined(ENABLE_FASTDEPLOY)
         TemporaryFile metadataTmpFile;
         TemporaryFile patchTmpFile;
 
@@ -261,6 +270,9 @@
 
         create_patch(apk_file[0], metadataTmpFile.path, patchTmpFile.path);
         apply_patch_on_device(apk_file[0], patchTmpFile.path, apk_dest.c_str());
+#else
+        error_exit("fastdeploy is disabled");
+#endif
     } else {
         if (!do_sync_push(apk_file, apk_dest.c_str(), false)) goto cleanup_apk;
     }
@@ -270,7 +282,9 @@
 
 cleanup_apk:
     if (use_fastdeploy == true) {
+#if defined(ENABLE_FASTDEPLOY)
         delete_device_patch_file(apk_file[0]);
+#endif
     }
     delete_device_file(apk_dest);
     return result;
@@ -334,12 +348,14 @@
         error_exit("Attempting to use streaming install on unsupported device");
     }
 
+#if defined(ENABLE_FASTDEPLOY)
     if (use_fastdeploy == true && get_device_api_level() < kFastDeployMinApi) {
         printf("Fast Deploy is only compatible with devices of API version %d or higher, "
                "ignoring.\n",
                kFastDeployMinApi);
         use_fastdeploy = false;
     }
+#endif
 
     std::vector<const char*> passthrough_argv;
     for (int i = 0; i < argc; i++) {
@@ -353,12 +369,16 @@
     }
 
     if (use_fastdeploy == true) {
+#if defined(ENABLE_FASTDEPLOY)
         fastdeploy_set_local_agent(use_localagent);
         update_agent(agent_update_strategy);
 
         // The last argument must be the APK file
         const char* file = passthrough_argv.back();
         use_fastdeploy = find_package(file);
+#else
+        error_exit("fastdeploy is disabled");
+#endif
     }
 
     switch (installMode) {
@@ -530,6 +550,10 @@
 
     std::string multi_package_cmd =
             android::base::StringPrintf("%s install-create --multi-package", install_cmd.c_str());
+    for (int i = 1; i < first_package; i++) {
+        multi_package_cmd += " " + escape_arg(argv[i]);
+    }
+
     if (apex_found) {
         multi_package_cmd += " --staged";
     }
diff --git a/adb/client/commandline.cpp b/adb/client/commandline.cpp
index e963e3d..f70b480 100644
--- a/adb/client/commandline.cpp
+++ b/adb/client/commandline.cpp
@@ -794,7 +794,7 @@
 
 static int adb_sideload_legacy(const char* filename, int in_fd, int size) {
     std::string error;
-    int out_fd = adb_connect(android::base::StringPrintf("sideload:%d", size), &error);
+    unique_fd out_fd(adb_connect(android::base::StringPrintf("sideload:%d", size), &error));
     if (out_fd < 0) {
         fprintf(stderr, "adb: pre-KitKat sideload connection failed: %s\n", error.c_str());
         return -1;
@@ -809,14 +809,12 @@
         unsigned xfer = (size > CHUNK_SIZE) ? CHUNK_SIZE : size;
         if (!ReadFdExactly(in_fd, buf, xfer)) {
             fprintf(stderr, "adb: failed to read data from %s: %s\n", filename, strerror(errno));
-            adb_close(out_fd);
             return -1;
         }
         if (!WriteFdExactly(out_fd, buf, xfer)) {
             std::string error;
             adb_status(out_fd, &error);
             fprintf(stderr, "adb: failed to write data: %s\n", error.c_str());
-            adb_close(out_fd);
             return -1;
         }
         size -= xfer;
@@ -827,11 +825,9 @@
 
     if (!adb_status(out_fd, &error)) {
         fprintf(stderr, "adb: error response: %s\n", error.c_str());
-        adb_close(out_fd);
         return -1;
     }
 
-    adb_close(out_fd);
     return 0;
 }
 
@@ -1091,7 +1087,7 @@
 
 int send_shell_command(const std::string& command, bool disable_shell_protocol,
                        StandardStreamsCallbackInterface* callback) {
-    int fd;
+    unique_fd fd;
     bool use_shell_protocol = false;
 
     while (true) {
@@ -1114,7 +1110,7 @@
             std::string error;
             std::string service_string = ShellServiceString(use_shell_protocol, "", command);
 
-            fd = adb_connect(service_string, &error);
+            fd.reset(adb_connect(service_string, &error));
             if (fd >= 0) {
                 break;
             }
@@ -1126,13 +1122,7 @@
         }
     }
 
-    int exit_code = read_and_dump(fd, use_shell_protocol, callback);
-
-    if (adb_close(fd) < 0) {
-        PLOG(ERROR) << "failure closing FD " << fd;
-    }
-
-    return exit_code;
+    return read_and_dump(fd.get(), use_shell_protocol, callback);
 }
 
 static int logcat(int argc, const char** argv) {
@@ -1196,7 +1186,7 @@
     if (argc < 2) error_exit("backup either needs a list of packages or -all/-shared");
 
     adb_unlink(filename);
-    int outFd = adb_creat(filename, 0640);
+    unique_fd outFd(adb_creat(filename, 0640));
     if (outFd < 0) {
         fprintf(stderr, "adb: backup unable to create file '%s': %s\n", filename, strerror(errno));
         return EXIT_FAILURE;
@@ -1211,20 +1201,16 @@
 
     D("backup. filename=%s cmd=%s", filename, cmd.c_str());
     std::string error;
-    int fd = adb_connect(cmd, &error);
+    unique_fd fd(adb_connect(cmd, &error));
     if (fd < 0) {
         fprintf(stderr, "adb: unable to connect for backup: %s\n", error.c_str());
-        adb_close(outFd);
         return EXIT_FAILURE;
     }
 
     fprintf(stdout, "Now unlock your device and confirm the backup operation...\n");
     fflush(stdout);
 
-    copy_to_file(fd, outFd);
-
-    adb_close(fd);
-    adb_close(outFd);
+    copy_to_file(fd.get(), outFd.get());
     return EXIT_SUCCESS;
 }
 
@@ -1232,33 +1218,29 @@
     if (argc != 2) error_exit("restore requires an argument");
 
     const char* filename = argv[1];
-    int tarFd = adb_open(filename, O_RDONLY);
+    unique_fd tarFd(adb_open(filename, O_RDONLY));
     if (tarFd < 0) {
         fprintf(stderr, "adb: unable to open file %s: %s\n", filename, strerror(errno));
         return -1;
     }
 
     std::string error;
-    int fd = adb_connect("restore:", &error);
+    unique_fd fd(adb_connect("restore:", &error));
     if (fd < 0) {
         fprintf(stderr, "adb: unable to connect for restore: %s\n", error.c_str());
-        adb_close(tarFd);
         return -1;
     }
 
     fprintf(stdout, "Now unlock your device and confirm the restore operation.\n");
     fflush(stdout);
 
-    copy_to_file(tarFd, fd);
+    copy_to_file(tarFd.get(), fd.get());
 
     // Provide an in-band EOD marker in case the archive file is malformed
-    write_zeros(512*2, fd);
+    write_zeros(512 * 2, fd);
 
     // Wait until the other side finishes, or it'll get sent SIGHUP.
-    copy_to_file(fd, STDOUT_FILENO);
-
-    adb_close(fd);
-    adb_close(tarFd);
+    copy_to_file(fd.get(), STDOUT_FILENO);
     return 0;
 }
 
@@ -1298,19 +1280,18 @@
 
 static int adb_connect_command(const std::string& command) {
     std::string error;
-    int fd = adb_connect(command, &error);
+    unique_fd fd(adb_connect(command, &error));
     if (fd < 0) {
         fprintf(stderr, "error: %s\n", error.c_str());
         return 1;
     }
     read_and_dump(fd);
-    adb_close(fd);
     return 0;
 }
 
 static int adb_connect_command_bidirectional(const std::string& command) {
     std::string error;
-    int fd = adb_connect(command, &error);
+    unique_fd fd(adb_connect(command, &error));
     if (fd < 0) {
         fprintf(stderr, "error: %s\n", error.c_str());
         return 1;
@@ -1336,11 +1317,10 @@
         }
     };
 
-    std::thread read(forward, fd, STDOUT_FILENO, true);
-    std::thread write(forward, STDIN_FILENO, fd, false);
+    std::thread read(forward, fd.get(), STDOUT_FILENO, true);
+    std::thread write(forward, STDIN_FILENO, fd.get(), false);
     read.join();
     write.join();
-    adb_close(fd);
     return 0;
 }
 
@@ -1599,19 +1579,17 @@
         }
 
         std::string error;
-        int fd = adb_connect(cmd, &error);
+        unique_fd fd(adb_connect(cmd, &error));
         if (fd < 0) {
             fprintf(stderr, "error: %s\n", error.c_str());
             return -1;
         }
 
         if (exec_in) {
-            copy_to_file(STDIN_FILENO, fd);
+            copy_to_file(STDIN_FILENO, fd.get());
         } else {
-            copy_to_file(fd, STDOUT_FILENO);
+            copy_to_file(fd.get(), STDOUT_FILENO);
         }
-
-        adb_close(fd);
         return 0;
     } else if (!strcmp(argv[0], "kill-server")) {
         return adb_kill_server() ? 0 : 1;
@@ -1706,9 +1684,8 @@
             error_exit("error: %s", error_message.c_str());
         }
 
-        int fd = adb_connect(cmd, &error_message);
-        if (fd < 0 || !adb_status(fd, &error_message)) {
-            adb_close(fd);
+        unique_fd fd(adb_connect(cmd, &error_message));
+        if (fd < 0 || !adb_status(fd.get(), &error_message)) {
             error_exit("error: %s", error_message.c_str());
         }
 
diff --git a/adb/client/console.cpp b/adb/client/console.cpp
index 4e8a3f8..1dbb6e2 100644
--- a/adb/client/console.cpp
+++ b/adb/client/console.cpp
@@ -108,7 +108,7 @@
 }
 
 int adb_send_emulator_command(int argc, const char** argv, const char* serial) {
-    int fd = connect_to_console(serial);
+    unique_fd fd(connect_to_console(serial));
     if (fd == -1) {
         return 1;
     }
@@ -125,7 +125,6 @@
     if (!WriteFdExactly(fd, commands)) {
         fprintf(stderr, "error: cannot write to emulator: %s\n",
                 strerror(errno));
-        adb_close(fd);
         return 1;
     }
 
@@ -178,7 +177,5 @@
     }
 
     printf("%s", emulator_output.c_str() + found);
-    adb_close(fd);
-
     return 0;
 }
diff --git a/adb/client/file_sync_client.cpp b/adb/client/file_sync_client.cpp
index f0f9a80..b8827ef 100644
--- a/adb/client/file_sync_client.cpp
+++ b/adb/client/file_sync_client.cpp
@@ -207,11 +207,10 @@
 
         std::string error;
         if (!adb_get_feature_set(&features_, &error)) {
-            fd = -1;
             Error("failed to get feature set: %s", error.c_str());
         } else {
             have_stat_v2_ = CanUseFeature(features_, kFeatureStat2);
-            fd = adb_connect("sync:", &error);
+            fd.reset(adb_connect("sync:", &error));
             if (fd < 0) {
                 Error("connect failed: %s", error.c_str());
             }
@@ -230,7 +229,6 @@
             // case, this will wait for the server to do orderly shutdown.
             ReadOrderlyShutdown(fd);
         }
-        adb_close(fd);
 
         line_printer_.KeepInfoLine();
     }
@@ -240,7 +238,7 @@
     bool IsValid() { return fd >= 0; }
 
     bool ReceivedError(const char* from, const char* to) {
-        adb_pollfd pfd = {.fd = fd, .events = POLLIN};
+        adb_pollfd pfd = {.fd = fd.get(), .events = POLLIN};
         int rc = adb_poll(&pfd, 1, 0);
         if (rc < 0) {
             Error("failed to poll: %s", strerror(errno));
@@ -324,7 +322,7 @@
 
         memset(st, 0, sizeof(*st));
         if (have_stat_v2_) {
-            if (!ReadFdExactly(fd, &msg.stat_v2, sizeof(msg.stat_v2))) {
+            if (!ReadFdExactly(fd.get(), &msg.stat_v2, sizeof(msg.stat_v2))) {
                 PLOG(FATAL) << "protocol fault: failed to read stat response";
             }
 
@@ -350,7 +348,7 @@
             st->st_ctime = msg.stat_v2.ctime;
             return true;
         } else {
-            if (!ReadFdExactly(fd, &msg.stat_v1, sizeof(msg.stat_v1))) {
+            if (!ReadFdExactly(fd.get(), &msg.stat_v1, sizeof(msg.stat_v1))) {
                 PLOG(FATAL) << "protocol fault: failed to read stat response";
             }
 
@@ -437,7 +435,7 @@
         uint64_t total_size = st.st_size;
         uint64_t bytes_copied = 0;
 
-        int lfd = adb_open(lpath, O_RDONLY);
+        unique_fd lfd(adb_open(lpath, O_RDONLY));
         if (lfd < 0) {
             Error("opening '%s' locally failed: %s", lpath, strerror(errno));
             return false;
@@ -449,7 +447,6 @@
             int bytes_read = adb_read(lfd, sbuf.data, max - sizeof(SyncRequest));
             if (bytes_read == -1) {
                 Error("reading '%s' locally failed: %s", lpath, strerror(errno));
-                adb_close(lfd);
                 return false;
             } else if (bytes_read == 0) {
                 break;
@@ -469,8 +466,6 @@
             ReportProgress(rpath, bytes_copied, total_size);
         }
 
-        adb_close(lfd);
-
         syncmsg msg;
         msg.data.id = ID_DONE;
         msg.data.size = mtime;
@@ -576,7 +571,7 @@
     }
 
     // TODO: add a char[max] buffer here, to replace syncsendbuf...
-    int fd;
+    unique_fd fd;
     size_t max;
 
   private:
@@ -740,7 +735,7 @@
     if (!sc.SendRequest(ID_RECV, rpath)) return false;
 
     adb_unlink(lpath);
-    int lfd = adb_creat(lpath, 0644);
+    unique_fd lfd(adb_creat(lpath, 0644));
     if (lfd < 0) {
         sc.Error("cannot create '%s': %s", lpath, strerror(errno));
         return false;
@@ -750,7 +745,6 @@
     while (true) {
         syncmsg msg;
         if (!ReadFdExactly(sc.fd, &msg.data, sizeof(msg.data))) {
-            adb_close(lfd);
             adb_unlink(lpath);
             return false;
         }
@@ -758,7 +752,6 @@
         if (msg.data.id == ID_DONE) break;
 
         if (msg.data.id != ID_DATA) {
-            adb_close(lfd);
             adb_unlink(lpath);
             sc.ReportCopyFailure(rpath, lpath, msg);
             return false;
@@ -766,21 +759,18 @@
 
         if (msg.data.size > sc.max) {
             sc.Error("msg.data.size too large: %u (max %zu)", msg.data.size, sc.max);
-            adb_close(lfd);
             adb_unlink(lpath);
             return false;
         }
 
         char buffer[SYNC_DATA_MAX];
         if (!ReadFdExactly(sc.fd, buffer, msg.data.size)) {
-            adb_close(lfd);
             adb_unlink(lpath);
             return false;
         }
 
         if (!WriteFdExactly(lfd, buffer, msg.data.size)) {
             sc.Error("cannot write '%s': %s", lpath, strerror(errno));
-            adb_close(lfd);
             adb_unlink(lpath);
             return false;
         }
@@ -792,7 +782,6 @@
     }
 
     sc.RecordFilesTransferred(1);
-    adb_close(lfd);
     return true;
 }
 
diff --git a/adb/daemon/file_sync_service.cpp b/adb/daemon/file_sync_service.cpp
index 62c18c5..9e1760d 100644
--- a/adb/daemon/file_sync_service.cpp
+++ b/adb/daemon/file_sync_service.cpp
@@ -25,6 +25,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/mount.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -209,6 +210,22 @@
     return WriteFdExactly(s, &msg.dent, sizeof(msg.dent));
 }
 
+static bool is_mountpoint(const std::string& path, pid_t tid) {
+    const std::string mountinfo_path = "/proc/" + std::to_string(tid) + "/mountinfo";
+    std::string mountinfo;
+    if (!android::base::ReadFileToString(mountinfo_path, &mountinfo)) {
+        PLOG(ERROR) << "Failed to open " << mountinfo_path;
+        return false;
+    }
+    std::vector<std::string> lines = android::base::Split(mountinfo, "\n");
+    return std::find_if(lines.begin(), lines.end(), [&path](const auto& line) {
+               auto tokens = android::base::Split(line, " ");
+               // line format is ...
+               // mountid parentmountid major:minor sourcepath targetpath option ...
+               return tokens.size() >= 4 && tokens[4] == path;
+           }) != lines.end();
+}
+
 // Make sure that SendFail from adb_io.cpp isn't accidentally used in this file.
 #pragma GCC poison SendFail
 
@@ -232,7 +249,7 @@
 
     __android_log_security_bswrite(SEC_TAG_ADB_SEND_FILE, path);
 
-    int fd = adb_open_mode(path, O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC, mode);
+    unique_fd fd(adb_open_mode(path, O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC, mode));
 
     if (posix_fadvise(fd, 0, 0, POSIX_FADV_SEQUENTIAL | POSIX_FADV_NOREUSE | POSIX_FADV_WILLNEED) <
         0) {
@@ -244,16 +261,16 @@
             SendSyncFailErrno(s, "secure_mkdirs failed");
             goto fail;
         }
-        fd = adb_open_mode(path, O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC, mode);
+        fd.reset(adb_open_mode(path, O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC, mode));
     }
     if (fd < 0 && errno == EEXIST) {
-        fd = adb_open_mode(path, O_WRONLY | O_CLOEXEC, mode);
+        fd.reset(adb_open_mode(path, O_WRONLY | O_CLOEXEC, mode));
     }
     if (fd < 0) {
         SendSyncFailErrno(s, "couldn't create file");
         goto fail;
     } else {
-        if (fchown(fd, uid, gid) == -1) {
+        if (fchown(fd.get(), uid, gid) == -1) {
             SendSyncFailErrno(s, "fchown failed");
             goto fail;
         }
@@ -266,7 +283,7 @@
         // fchown clears the setuid bit - restore it if present.
         // Ignore the result of calling fchmod. It's not supported
         // by all filesystems, so we don't check for success. b/12441485
-        fchmod(fd, mode);
+        fchmod(fd.get(), mode);
     }
 
     while (true) {
@@ -288,14 +305,12 @@
 
         if (!ReadFdExactly(s, &buffer[0], msg.data.size)) goto abort;
 
-        if (!WriteFdExactly(fd, &buffer[0], msg.data.size)) {
+        if (!WriteFdExactly(fd.get(), &buffer[0], msg.data.size)) {
             SendSyncFailErrno(s, "write failed");
             goto fail;
         }
     }
 
-    adb_close(fd);
-
     if (!update_capabilities(path, capabilities)) {
         SendSyncFailErrno(s, "update_capabilities failed");
         goto fail;
@@ -340,7 +355,6 @@
     }
 
 abort:
-    if (fd >= 0) adb_close(fd);
     if (do_unlink) adb_unlink(path);
     return false;
 }
@@ -418,6 +432,18 @@
     struct stat st;
     bool do_unlink = (lstat(path.c_str(), &st) == -1) || S_ISREG(st.st_mode) ||
                      (S_ISLNK(st.st_mode) && !S_ISLNK(mode));
+
+    // If the path is a file that is a mount point, don't unlink it, but instead
+    // truncate to zero. If unlinked, existing mounts on the path is all
+    // unmounted
+    if (S_ISREG(st.st_mode) && is_mountpoint(path, getpid())) {
+        do_unlink = false;
+        if (truncate(path.c_str(), 0) == -1) {
+            SendSyncFail(s, "truncate to zero failed");
+            return false;
+        }
+    }
+
     if (do_unlink) {
         adb_unlink(path.c_str());
     }
@@ -445,35 +471,31 @@
 static bool do_recv(int s, const char* path, std::vector<char>& buffer) {
     __android_log_security_bswrite(SEC_TAG_ADB_RECV_FILE, path);
 
-    int fd = adb_open(path, O_RDONLY | O_CLOEXEC);
+    unique_fd fd(adb_open(path, O_RDONLY | O_CLOEXEC));
     if (fd < 0) {
         SendSyncFailErrno(s, "open failed");
         return false;
     }
 
-    if (posix_fadvise(fd, 0, 0, POSIX_FADV_SEQUENTIAL | POSIX_FADV_NOREUSE) < 0) {
+    if (posix_fadvise(fd.get(), 0, 0, POSIX_FADV_SEQUENTIAL | POSIX_FADV_NOREUSE) < 0) {
         D("[ Failed to fadvise: %d ]", errno);
     }
 
     syncmsg msg;
     msg.data.id = ID_DATA;
     while (true) {
-        int r = adb_read(fd, &buffer[0], buffer.size() - sizeof(msg.data));
+        int r = adb_read(fd.get(), &buffer[0], buffer.size() - sizeof(msg.data));
         if (r <= 0) {
             if (r == 0) break;
             SendSyncFailErrno(s, "read failed");
-            adb_close(fd);
             return false;
         }
         msg.data.size = r;
         if (!WriteFdExactly(s, &msg.data, sizeof(msg.data)) || !WriteFdExactly(s, &buffer[0], r)) {
-            adb_close(fd);
             return false;
         }
     }
 
-    adb_close(fd);
-
     msg.data.id = ID_DONE;
     msg.data.size = 0;
     return WriteFdExactly(s, &msg.data, sizeof(msg.data));
@@ -553,7 +575,64 @@
     return true;
 }
 
+#if defined(__ANDROID__)
+class FileSyncPreparer {
+  public:
+    FileSyncPreparer() : saved_ns_fd_(-1), rooted_(getuid() == 0) {
+        const std::string namespace_path = "/proc/" + std::to_string(gettid()) + "/ns/mnt";
+        const int ns_fd = adb_open(namespace_path.c_str(), O_RDONLY | O_CLOEXEC);
+        if (ns_fd == -1) {
+            if (rooted_) PLOG(ERROR) << "Failed to save mount namespace";
+            return;
+        }
+        saved_ns_fd_.reset(ns_fd);
+
+        // Note: this is for the current thread only
+        if (unshare(CLONE_NEWNS) != 0) {
+            if (rooted_) PLOG(ERROR) << "Failed to clone mount namespace";
+            return;
+        }
+
+        // Set the propagation type of / to private so that unmount below is
+        // not propagated to other mount namespaces.
+        if (mount(nullptr, "/", nullptr, MS_PRIVATE | MS_REC, nullptr) == -1) {
+            if (rooted_) PLOG(ERROR) << "Could not change propagation type of / to MS_PRIVATE";
+            return;
+        }
+
+        // unmount /bionic which is bind-mount to itself by init. Under /bionic,
+        // there are other bind mounts for the bionic files. By unmounting this,
+        // we unmount them all thus revealing the raw file system that is the
+        // same as the local file system seen by the adb client.
+        if (umount2("/bionic", MNT_DETACH) == -1 && errno != ENOENT) {
+            if (rooted_) PLOG(ERROR) << "Could not unmount /bionic to reveal raw filesystem";
+            return;
+        }
+    }
+
+    ~FileSyncPreparer() {
+        if (saved_ns_fd_.get() != -1) {
+            // In fact, this is not strictly required because this thread for file
+            // sync service will be destroyed after the current transfer is all
+            // done. However, let's restore the ns in case the same thread is
+            // reused by multiple transfers in the future refactoring.
+            if (setns(saved_ns_fd_, CLONE_NEWNS) == -1) {
+                PLOG(ERROR) << "Failed to restore saved mount namespace";
+            }
+        }
+    }
+
+  private:
+    unique_fd saved_ns_fd_;
+    bool rooted_;
+};
+#endif
+
 void file_sync_service(unique_fd fd) {
+#if defined(__ANDROID__)
+    FileSyncPreparer preparer;
+#endif
+
     std::vector<char> buffer(SYNC_DATA_MAX);
 
     while (handle_sync_command(fd.get(), buffer)) {
diff --git a/adb/daemon/jdwp_service.cpp b/adb/daemon/jdwp_service.cpp
index f02cc13..032ee42 100644
--- a/adb/daemon/jdwp_service.cpp
+++ b/adb/daemon/jdwp_service.cpp
@@ -303,7 +303,6 @@
 static int jdwp_control_init(JdwpControl* control, const char* sockname, int socknamelen) {
     sockaddr_un addr;
     socklen_t addrlen;
-    int s;
     int maxpath = sizeof(addr.sun_path);
     int pathlen = socknamelen;
 
@@ -316,7 +315,7 @@
     addr.sun_family = AF_UNIX;
     memcpy(addr.sun_path, sockname, socknamelen);
 
-    s = socket(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0);
+    unique_fd s(socket(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0));
     if (s < 0) {
         D("could not create vm debug control socket. %d: %s", errno, strerror(errno));
         return -1;
@@ -326,22 +325,18 @@
 
     if (bind(s, reinterpret_cast<sockaddr*>(&addr), addrlen) < 0) {
         D("could not bind vm debug control socket: %d: %s", errno, strerror(errno));
-        adb_close(s);
         return -1;
     }
 
     if (listen(s, 4) < 0) {
         D("listen failed in jdwp control socket: %d: %s", errno, strerror(errno));
-        adb_close(s);
         return -1;
     }
 
-    control->listen_socket = s;
-
-    control->fde = fdevent_create(s, jdwp_control_event, control);
+    control->listen_socket = s.release();
+    control->fde = fdevent_create(control->listen_socket, jdwp_control_event, control);
     if (control->fde == nullptr) {
         D("could not create fdevent for jdwp control socket");
-        adb_close(s);
         return -1;
     }
 
diff --git a/adb/daemon/remount_service.cpp b/adb/daemon/remount_service.cpp
index 3c9dd04..5e6d416 100644
--- a/adb/daemon/remount_service.cpp
+++ b/adb/daemon/remount_service.cpp
@@ -49,6 +49,8 @@
 #include "set_verity_enable_state_service.h"
 
 using android::base::Realpath;
+using android::fs_mgr::Fstab;
+using android::fs_mgr::ReadDefaultFstab;
 
 // Returns the last device used to mount a directory in /proc/mounts.
 // This will find overlayfs entry where upperdir=lowerdir, to make sure
@@ -75,16 +77,20 @@
 
 // Returns the device used to mount a directory in the fstab.
 static std::string find_fstab_mount(const char* dir) {
-    std::unique_ptr<fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(),
-                                                               fs_mgr_free_fstab);
-    struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab.get(), dir);
-    if (!rec) {
+    Fstab fstab;
+    if (!ReadDefaultFstab(&fstab)) {
         return "";
     }
-    if (fs_mgr_is_logical(rec)) {
-        fs_mgr_update_logical_partition(rec);
+
+    auto entry = std::find_if(fstab.begin(), fstab.end(),
+                              [&dir](const auto& entry) { return entry.mount_point == dir; });
+    if (entry == fstab.end()) {
+        return "";
     }
-    return rec->blk_device;
+    if (entry->fs_mgr_flags.logical) {
+        fs_mgr_update_logical_partition(&(*entry));
+    }
+    return entry->blk_device;
 }
 
 // The proc entry for / is full of lies, so check fstab instead.
@@ -226,6 +232,23 @@
     android::base::SetProperty(ANDROID_RB_PROPERTY, reboot_cmd.c_str());
 }
 
+static void try_unmount_bionic(int fd) {
+    static constexpr const char* kBionic = "/bionic";
+    struct statfs buf;
+    if (statfs(kBionic, &buf) == -1) {
+        WriteFdFmt(fd, "statfs of the %s mount failed: %s.\n", kBionic, strerror(errno));
+        return;
+    }
+    if (buf.f_flags & ST_RDONLY) {
+        // /bionic is on a read-only partition; can happen for
+        // non-system-as-root-devices. Don' try to unmount.
+        return;
+    }
+    // Success/Fail of the actual remount will be reported by the function.
+    remount_partition(fd, kBionic);
+    return;
+}
+
 void remount_service(unique_fd fd, const std::string& cmd) {
     bool user_requested_reboot = cmd == "-R";
 
@@ -319,6 +342,8 @@
         return;
     }
 
+    try_unmount_bionic(fd.get());
+
     if (!success) {
         WriteFdExactly(fd.get(), "remount failed\n");
     } else {
diff --git a/adb/daemon/set_verity_enable_state_service.cpp b/adb/daemon/set_verity_enable_state_service.cpp
index 3676de5..92851c0 100644
--- a/adb/daemon/set_verity_enable_state_service.cpp
+++ b/adb/daemon/set_verity_enable_state_service.cpp
@@ -41,8 +41,6 @@
 
 #include "fec/io.h"
 
-struct fstab *fstab;
-
 #ifdef ALLOW_ADBD_DISABLE_VERITY
 static const bool kAllowDisableVerity = true;
 #else
@@ -213,18 +211,18 @@
         // Not using AVB - assume VB1.0.
 
         // read all fstab entries at once from all sources
-        if (!fstab) fstab = fs_mgr_read_fstab_default();
-        if (!fstab) {
+        android::fs_mgr::Fstab fstab;
+        if (!android::fs_mgr::ReadDefaultFstab(&fstab)) {
             WriteFdExactly(fd.get(), "Failed to read fstab\n");
             suggest_run_adb_root(fd.get());
             return;
         }
 
         // Loop through entries looking for ones that verity manages.
-        for (int i = 0; i < fstab->num_entries; i++) {
-            if (fs_mgr_is_verified(&fstab->recs[i])) {
-                if (set_verity_enabled_state(fd.get(), fstab->recs[i].blk_device,
-                                             fstab->recs[i].mount_point, enable)) {
+        for (const auto& entry : fstab) {
+            if (entry.fs_mgr_flags.verify) {
+                if (set_verity_enabled_state(fd.get(), entry.blk_device.c_str(),
+                                             entry.mount_point.c_str(), enable)) {
                     any_changed = true;
                 }
             }
diff --git a/adb/daemon/transport_qemu.cpp b/adb/daemon/transport_qemu.cpp
index 8ad2572..aa760bc 100644
--- a/adb/daemon/transport_qemu.cpp
+++ b/adb/daemon/transport_qemu.cpp
@@ -78,7 +78,7 @@
         /* This could be an older version of the emulator, that doesn't
          * implement adb QEMUD service. Fall back to the old TCP way. */
         D("adb service is not available. Falling back to TCP socket.");
-        std::thread(server_socket_thread, port).detach();
+        std::thread(server_socket_thread, tcp_listen_inaddr_any, port).detach();
         return;
     }
 
diff --git a/adb/fdevent.cpp b/adb/fdevent.cpp
index e096560..32f9086 100644
--- a/adb/fdevent.cpp
+++ b/adb/fdevent.cpp
@@ -32,7 +32,10 @@
 #include <functional>
 #include <list>
 #include <mutex>
+#include <optional>
 #include <unordered_map>
+#include <utility>
+#include <variant>
 #include <vector>
 
 #include <android-base/chrono_utils.h>
@@ -121,13 +124,8 @@
                                        state.c_str());
 }
 
-void fdevent_install(fdevent* fde, int fd, fd_func func, void* arg) {
-    check_main_thread();
-    CHECK_GE(fd, 0);
-    memset(fde, 0, sizeof(fdevent));
-}
-
-fdevent* fdevent_create(int fd, fd_func func, void* arg) {
+template <typename F>
+static fdevent* fdevent_create_impl(int fd, F func, void* arg) {
     check_main_thread();
     CHECK_GE(fd, 0);
 
@@ -150,6 +148,14 @@
     return fde;
 }
 
+fdevent* fdevent_create(int fd, fd_func func, void* arg) {
+    return fdevent_create_impl(fd, func, arg);
+}
+
+fdevent* fdevent_create(int fd, fd_func2 func, void* arg) {
+    return fdevent_create_impl(fd, func, arg);
+}
+
 unique_fd fdevent_release(fdevent* fde) {
     check_main_thread();
     if (!fde) {
@@ -220,14 +226,22 @@
 
 void fdevent_add(fdevent* fde, unsigned events) {
     check_main_thread();
+    CHECK(!(events & FDE_TIMEOUT));
     fdevent_set(fde, (fde->state & FDE_EVENTMASK) | events);
 }
 
 void fdevent_del(fdevent* fde, unsigned events) {
     check_main_thread();
+    CHECK(!(events & FDE_TIMEOUT));
     fdevent_set(fde, (fde->state & FDE_EVENTMASK) & ~events);
 }
 
+void fdevent_set_timeout(fdevent* fde, std::optional<std::chrono::milliseconds> timeout) {
+    check_main_thread();
+    fde->timeout = timeout;
+    fde->last_active = std::chrono::steady_clock::now();
+}
+
 static std::string dump_pollfds(const std::vector<adb_pollfd>& pollfds) {
     std::string result;
     for (const auto& pollfd : pollfds) {
@@ -243,6 +257,32 @@
     return result;
 }
 
+static std::optional<std::chrono::milliseconds> calculate_timeout() {
+    std::optional<std::chrono::milliseconds> result = std::nullopt;
+    auto now = std::chrono::steady_clock::now();
+    check_main_thread();
+
+    for (const auto& [fd, pollnode] : g_poll_node_map) {
+        UNUSED(fd);
+        auto timeout_opt = pollnode.fde->timeout;
+        if (timeout_opt) {
+            auto deadline = pollnode.fde->last_active + *timeout_opt;
+            auto time_left = std::chrono::duration_cast<std::chrono::milliseconds>(deadline - now);
+            if (time_left < std::chrono::milliseconds::zero()) {
+                time_left = std::chrono::milliseconds::zero();
+            }
+
+            if (!result) {
+                result = time_left;
+            } else {
+                result = std::min(*result, time_left);
+            }
+        }
+    }
+
+    return result;
+}
+
 static void fdevent_process() {
     std::vector<adb_pollfd> pollfds;
     for (const auto& pair : g_poll_node_map) {
@@ -251,11 +291,22 @@
     CHECK_GT(pollfds.size(), 0u);
     D("poll(), pollfds = %s", dump_pollfds(pollfds).c_str());
 
-    int ret = adb_poll(&pollfds[0], pollfds.size(), -1);
+    auto timeout = calculate_timeout();
+    int timeout_ms;
+    if (!timeout) {
+        timeout_ms = -1;
+    } else {
+        timeout_ms = timeout->count();
+    }
+
+    int ret = adb_poll(&pollfds[0], pollfds.size(), timeout_ms);
     if (ret == -1) {
         PLOG(ERROR) << "poll(), ret = " << ret;
         return;
     }
+
+    auto post_poll = std::chrono::steady_clock::now();
+
     for (const auto& pollfd : pollfds) {
         if (pollfd.revents != 0) {
             D("for fd %d, revents = %x", pollfd.fd, pollfd.revents);
@@ -277,12 +328,24 @@
             events |= FDE_READ | FDE_ERROR;
         }
 #endif
+        auto it = g_poll_node_map.find(pollfd.fd);
+        CHECK(it != g_poll_node_map.end());
+        fdevent* fde = it->second.fde;
+
+        if (events == 0) {
+            // Check for timeout.
+            if (fde->timeout) {
+                auto deadline = fde->last_active + *fde->timeout;
+                if (deadline < post_poll) {
+                    events |= FDE_TIMEOUT;
+                }
+            }
+        }
+
         if (events != 0) {
-            auto it = g_poll_node_map.find(pollfd.fd);
-            CHECK(it != g_poll_node_map.end());
-            fdevent* fde = it->second.fde;
             CHECK_EQ(fde->fd.get(), pollfd.fd);
             fde->events |= events;
+            fde->last_active = post_poll;
             D("%s got events %x", dump_fde(fde).c_str(), events);
             fde->state |= FDE_PENDING;
             g_pending_list.push_back(fde);
@@ -290,13 +353,27 @@
     }
 }
 
+template <class T>
+struct always_false : std::false_type {};
+
 static void fdevent_call_fdfunc(fdevent* fde) {
     unsigned events = fde->events;
     fde->events = 0;
     CHECK(fde->state & FDE_PENDING);
     fde->state &= (~FDE_PENDING);
     D("fdevent_call_fdfunc %s", dump_fde(fde).c_str());
-    fde->func(fde->fd.get(), events, fde->arg);
+    std::visit(
+            [&](auto&& f) {
+                using F = std::decay_t<decltype(f)>;
+                if constexpr (std::is_same_v<fd_func, F>) {
+                    f(fde->fd.get(), events, fde->arg);
+                } else if constexpr (std::is_same_v<fd_func2, F>) {
+                    f(fde, events, fde->arg);
+                } else {
+                    static_assert(always_false<F>::value, "non-exhaustive visitor");
+                }
+            },
+            fde->func);
 }
 
 static void fdevent_run_flush() EXCLUDES(run_queue_mutex) {
diff --git a/adb/fdevent.h b/adb/fdevent.h
index df2339a..42dbb9e 100644
--- a/adb/fdevent.h
+++ b/adb/fdevent.h
@@ -18,18 +18,23 @@
 #define __FDEVENT_H
 
 #include <stddef.h>
-#include <stdint.h>  /* for int64_t */
+#include <stdint.h>
 
+#include <chrono>
 #include <functional>
+#include <optional>
+#include <variant>
 
 #include "adb_unique_fd.h"
 
-/* events that may be observed */
-#define FDE_READ              0x0001
-#define FDE_WRITE             0x0002
-#define FDE_ERROR             0x0004
+// Events that may be observed
+#define FDE_READ 0x0001
+#define FDE_WRITE 0x0002
+#define FDE_ERROR 0x0004
+#define FDE_TIMEOUT 0x0008
 
 typedef void (*fd_func)(int fd, unsigned events, void *userdata);
+typedef void (*fd_func2)(struct fdevent* fde, unsigned events, void* userdata);
 
 struct fdevent {
     uint64_t id;
@@ -39,16 +44,17 @@
 
     uint16_t state = 0;
     uint16_t events = 0;
+    std::optional<std::chrono::milliseconds> timeout;
+    std::chrono::steady_clock::time_point last_active;
 
-    fd_func func = nullptr;
+    std::variant<fd_func, fd_func2> func;
     void* arg = nullptr;
 };
 
-/* Allocate and initialize a new fdevent object
- * Note: use FD_TIMER as 'fd' to create a fd-less object
- * (used to implement timers).
-*/
+// Allocate and initialize a new fdevent object
+// TODO: Switch these to unique_fd.
 fdevent *fdevent_create(int fd, fd_func func, void *arg);
+fdevent* fdevent_create(int fd, fd_func2 func, void* arg);
 
 // Deallocate an fdevent object that was created by fdevent_create.
 void fdevent_destroy(fdevent *fde);
@@ -56,16 +62,18 @@
 // fdevent_destroy, except releasing the file descriptor previously owned by the fdevent.
 unique_fd fdevent_release(fdevent* fde);
 
-/* Change which events should cause notifications
-*/
+// Change which events should cause notifications
 void fdevent_set(fdevent *fde, unsigned events);
 void fdevent_add(fdevent *fde, unsigned events);
 void fdevent_del(fdevent *fde, unsigned events);
 
-void fdevent_set_timeout(fdevent *fde, int64_t  timeout_ms);
+// Set a timeout on an fdevent.
+// If no events are triggered by the timeout, an FDE_TIMEOUT will be generated.
+// Note timeouts are not defused automatically; if a timeout is set on an fdevent, it will
+// trigger repeatedly every |timeout| ms.
+void fdevent_set_timeout(fdevent* fde, std::optional<std::chrono::milliseconds> timeout);
 
-/* loop forever, handling events.
-*/
+// Loop forever, handling events.
 void fdevent_loop();
 
 void check_main_thread();
diff --git a/adb/fdevent_test.cpp b/adb/fdevent_test.cpp
index 816134f..682f061 100644
--- a/adb/fdevent_test.cpp
+++ b/adb/fdevent_test.cpp
@@ -18,6 +18,7 @@
 
 #include <gtest/gtest.h>
 
+#include <chrono>
 #include <limits>
 #include <memory>
 #include <queue>
@@ -28,12 +29,20 @@
 #include "adb_io.h"
 #include "fdevent_test.h"
 
+using namespace std::chrono_literals;
+
 class FdHandler {
   public:
-    FdHandler(int read_fd, int write_fd) : read_fd_(read_fd), write_fd_(write_fd) {
-        read_fde_ = fdevent_create(read_fd_, FdEventCallback, this);
+    FdHandler(int read_fd, int write_fd, bool use_new_callback)
+        : read_fd_(read_fd), write_fd_(write_fd) {
+        if (use_new_callback) {
+            read_fde_ = fdevent_create(read_fd_, FdEventNewCallback, this);
+            write_fde_ = fdevent_create(write_fd_, FdEventNewCallback, this);
+        } else {
+            read_fde_ = fdevent_create(read_fd_, FdEventCallback, this);
+            write_fde_ = fdevent_create(write_fd_, FdEventCallback, this);
+        }
         fdevent_add(read_fde_, FDE_READ);
-        write_fde_ = fdevent_create(write_fd_, FdEventCallback, this);
     }
 
     ~FdHandler() {
@@ -64,6 +73,29 @@
         }
     }
 
+    static void FdEventNewCallback(fdevent* fde, unsigned events, void* userdata) {
+        int fd = fde->fd.get();
+        FdHandler* handler = reinterpret_cast<FdHandler*>(userdata);
+        ASSERT_EQ(0u, (events & ~(FDE_READ | FDE_WRITE))) << "unexpected events: " << events;
+        if (events & FDE_READ) {
+            ASSERT_EQ(fd, handler->read_fd_);
+            char c;
+            ASSERT_EQ(1, adb_read(fd, &c, 1));
+            handler->queue_.push(c);
+            fdevent_add(handler->write_fde_, FDE_WRITE);
+        }
+        if (events & FDE_WRITE) {
+            ASSERT_EQ(fd, handler->write_fd_);
+            ASSERT_FALSE(handler->queue_.empty());
+            char c = handler->queue_.front();
+            handler->queue_.pop();
+            ASSERT_EQ(1, adb_write(fd, &c, 1));
+            if (handler->queue_.empty()) {
+                fdevent_del(handler->write_fde_, FDE_WRITE);
+            }
+        }
+    }
+
   private:
     const int read_fd_;
     const int write_fd_;
@@ -84,56 +116,60 @@
 }
 
 TEST_F(FdeventTest, smoke) {
-    const size_t PIPE_COUNT = 10;
-    const size_t MESSAGE_LOOP_COUNT = 100;
-    const std::string MESSAGE = "fdevent_test";
-    int fd_pair1[2];
-    int fd_pair2[2];
-    ASSERT_EQ(0, adb_socketpair(fd_pair1));
-    ASSERT_EQ(0, adb_socketpair(fd_pair2));
-    ThreadArg thread_arg;
-    thread_arg.first_read_fd = fd_pair1[0];
-    thread_arg.last_write_fd = fd_pair2[1];
-    thread_arg.middle_pipe_count = PIPE_COUNT;
-    int writer = fd_pair1[1];
-    int reader = fd_pair2[0];
+    for (bool use_new_callback : {true, false}) {
+        fdevent_reset();
+        const size_t PIPE_COUNT = 10;
+        const size_t MESSAGE_LOOP_COUNT = 100;
+        const std::string MESSAGE = "fdevent_test";
+        int fd_pair1[2];
+        int fd_pair2[2];
+        ASSERT_EQ(0, adb_socketpair(fd_pair1));
+        ASSERT_EQ(0, adb_socketpair(fd_pair2));
+        ThreadArg thread_arg;
+        thread_arg.first_read_fd = fd_pair1[0];
+        thread_arg.last_write_fd = fd_pair2[1];
+        thread_arg.middle_pipe_count = PIPE_COUNT;
+        int writer = fd_pair1[1];
+        int reader = fd_pair2[0];
 
-    PrepareThread();
+        PrepareThread();
 
-    std::vector<std::unique_ptr<FdHandler>> fd_handlers;
-    fdevent_run_on_main_thread([&thread_arg, &fd_handlers]() {
-        std::vector<int> read_fds;
-        std::vector<int> write_fds;
+        std::vector<std::unique_ptr<FdHandler>> fd_handlers;
+        fdevent_run_on_main_thread([&thread_arg, &fd_handlers, use_new_callback]() {
+            std::vector<int> read_fds;
+            std::vector<int> write_fds;
 
-        read_fds.push_back(thread_arg.first_read_fd);
-        for (size_t i = 0; i < thread_arg.middle_pipe_count; ++i) {
-            int fds[2];
-            ASSERT_EQ(0, adb_socketpair(fds));
-            read_fds.push_back(fds[0]);
-            write_fds.push_back(fds[1]);
+            read_fds.push_back(thread_arg.first_read_fd);
+            for (size_t i = 0; i < thread_arg.middle_pipe_count; ++i) {
+                int fds[2];
+                ASSERT_EQ(0, adb_socketpair(fds));
+                read_fds.push_back(fds[0]);
+                write_fds.push_back(fds[1]);
+            }
+            write_fds.push_back(thread_arg.last_write_fd);
+
+            for (size_t i = 0; i < read_fds.size(); ++i) {
+                fd_handlers.push_back(
+                        std::make_unique<FdHandler>(read_fds[i], write_fds[i], use_new_callback));
+            }
+        });
+        WaitForFdeventLoop();
+
+        for (size_t i = 0; i < MESSAGE_LOOP_COUNT; ++i) {
+            std::string read_buffer = MESSAGE;
+            std::string write_buffer(MESSAGE.size(), 'a');
+            ASSERT_TRUE(WriteFdExactly(writer, read_buffer.c_str(), read_buffer.size()));
+            ASSERT_TRUE(ReadFdExactly(reader, &write_buffer[0], write_buffer.size()));
+            ASSERT_EQ(read_buffer, write_buffer);
         }
-        write_fds.push_back(thread_arg.last_write_fd);
 
-        for (size_t i = 0; i < read_fds.size(); ++i) {
-            fd_handlers.push_back(std::make_unique<FdHandler>(read_fds[i], write_fds[i]));
-        }
-    });
-    WaitForFdeventLoop();
+        fdevent_run_on_main_thread([&fd_handlers]() { fd_handlers.clear(); });
+        WaitForFdeventLoop();
 
-    for (size_t i = 0; i < MESSAGE_LOOP_COUNT; ++i) {
-        std::string read_buffer = MESSAGE;
-        std::string write_buffer(MESSAGE.size(), 'a');
-        ASSERT_TRUE(WriteFdExactly(writer, read_buffer.c_str(), read_buffer.size()));
-        ASSERT_TRUE(ReadFdExactly(reader, &write_buffer[0], write_buffer.size()));
-        ASSERT_EQ(read_buffer, write_buffer);
+        TerminateThread();
+        ASSERT_EQ(0, adb_close(writer));
+        ASSERT_EQ(0, adb_close(reader));
     }
-
-    fdevent_run_on_main_thread([&fd_handlers]() { fd_handlers.clear(); });
-    WaitForFdeventLoop();
-
-    TerminateThread();
-    ASSERT_EQ(0, adb_close(writer));
-    ASSERT_EQ(0, adb_close(reader));
 }
 
 struct InvalidFdArg {
@@ -224,3 +260,100 @@
         ASSERT_EQ(i, vec[i]);
     }
 }
+
+TEST_F(FdeventTest, timeout) {
+    fdevent_reset();
+    PrepareThread();
+
+    enum class TimeoutEvent {
+        read,
+        timeout,
+        done,
+    };
+
+    struct TimeoutTest {
+        std::vector<std::pair<TimeoutEvent, std::chrono::steady_clock::time_point>> events;
+        fdevent* fde;
+    };
+    TimeoutTest test;
+
+    int fds[2];
+    ASSERT_EQ(0, adb_socketpair(fds));
+    static constexpr auto delta = 100ms;
+    fdevent_run_on_main_thread([&]() {
+        test.fde = fdevent_create(fds[0], [](fdevent* fde, unsigned events, void* arg) {
+            auto test = static_cast<TimeoutTest*>(arg);
+            auto now = std::chrono::steady_clock::now();
+            CHECK((events & FDE_READ) ^ (events & FDE_TIMEOUT));
+            TimeoutEvent event;
+            if ((events & FDE_READ)) {
+                char buf[2];
+                ssize_t rc = adb_read(fde->fd.get(), buf, sizeof(buf));
+                if (rc == 0) {
+                    event = TimeoutEvent::done;
+                } else if (rc == 1) {
+                    event = TimeoutEvent::read;
+                } else {
+                    abort();
+                }
+            } else if ((events & FDE_TIMEOUT)) {
+                event = TimeoutEvent::timeout;
+            } else {
+                abort();
+            }
+
+            CHECK_EQ(fde, test->fde);
+            test->events.emplace_back(event, now);
+
+            if (event == TimeoutEvent::done) {
+                fdevent_destroy(fde);
+            }
+        }, &test);
+        fdevent_add(test.fde, FDE_READ);
+        fdevent_set_timeout(test.fde, delta);
+    });
+
+    ASSERT_EQ(1, adb_write(fds[1], "", 1));
+
+    // Timeout should happen here
+    std::this_thread::sleep_for(delta);
+
+    // and another.
+    std::this_thread::sleep_for(delta);
+
+    // No timeout should happen here.
+    std::this_thread::sleep_for(delta / 2);
+    adb_close(fds[1]);
+
+    TerminateThread();
+
+    ASSERT_EQ(4ULL, test.events.size());
+    ASSERT_EQ(TimeoutEvent::read, test.events[0].first);
+    ASSERT_EQ(TimeoutEvent::timeout, test.events[1].first);
+    ASSERT_EQ(TimeoutEvent::timeout, test.events[2].first);
+    ASSERT_EQ(TimeoutEvent::done, test.events[3].first);
+
+    std::vector<int> time_deltas;
+    for (size_t i = 0; i < test.events.size() - 1; ++i) {
+        auto before = test.events[i].second;
+        auto after = test.events[i + 1].second;
+        auto diff = std::chrono::duration_cast<std::chrono::milliseconds>(after - before);
+        time_deltas.push_back(diff.count());
+    }
+
+    std::vector<int> expected = {
+        delta.count(),
+        delta.count(),
+        delta.count() / 2,
+    };
+
+    std::vector<int> diff;
+    ASSERT_EQ(time_deltas.size(), expected.size());
+    for (size_t i = 0; i < time_deltas.size(); ++i) {
+        diff.push_back(std::abs(time_deltas[i] - expected[i]));
+    }
+
+    ASSERT_LT(diff[0], delta.count() * 0.5);
+    ASSERT_LT(diff[1], delta.count() * 0.5);
+    ASSERT_LT(diff[2], delta.count() * 0.5);
+}
diff --git a/adb/fdevent_test.h b/adb/fdevent_test.h
index 8d853c3..24bce59 100644
--- a/adb/fdevent_test.h
+++ b/adb/fdevent_test.h
@@ -21,6 +21,7 @@
 #include <thread>
 
 #include "adb_io.h"
+#include "adb_unique_fd.h"
 #include "socket.h"
 #include "sysdeps.h"
 #include "sysdeps/chrono.h"
@@ -45,7 +46,7 @@
 
 class FdeventTest : public ::testing::Test {
   protected:
-    int dummy = -1;
+    unique_fd dummy;
 
     static void SetUpTestCase() {
 #if !defined(_WIN32)
@@ -65,12 +66,12 @@
             FAIL() << "failed to create socketpair: " << strerror(errno);
         }
 
-        asocket* dummy_socket = create_local_socket(dummy_fds[1]);
+        asocket* dummy_socket = create_local_socket(unique_fd(dummy_fds[1]));
         if (!dummy_socket) {
             FAIL() << "failed to create local socket: " << strerror(errno);
         }
         dummy_socket->ready(dummy_socket);
-        dummy = dummy_fds[0];
+        dummy.reset(dummy_fds[0]);
 
         thread_ = std::thread([]() { fdevent_loop(); });
         WaitForFdeventLoop();
@@ -85,7 +86,7 @@
         fdevent_terminate_loop();
         ASSERT_TRUE(WriteFdExactly(dummy, "", 1));
         thread_.join();
-        ASSERT_EQ(0, adb_close(dummy));
+        dummy.reset();
     }
 
     std::thread thread_;
diff --git a/adb/services.cpp b/adb/services.cpp
index 73fed09..0061f0e 100644
--- a/adb/services.cpp
+++ b/adb/services.cpp
@@ -71,7 +71,7 @@
     return unique_fd(s[0]);
 }
 
-int service_to_fd(std::string_view name, atransport* transport) {
+unique_fd service_to_fd(std::string_view name, atransport* transport) {
     unique_fd ret;
 
     if (is_socket_spec(name)) {
@@ -86,9 +86,9 @@
     }
 
     if (ret >= 0) {
-        close_on_exec(ret);
+        close_on_exec(ret.get());
     }
-    return ret.release();
+    return ret;
 }
 
 #if ADB_HOST
@@ -99,9 +99,7 @@
     ConnectionState state;
 };
 
-static void wait_for_state(int fd, void* data) {
-    std::unique_ptr<state_info> sinfo(reinterpret_cast<state_info*>(data));
-
+static void wait_for_state(int fd, state_info* sinfo) {
     D("wait_for_state %d", sinfo->state);
 
     while (true) {
@@ -197,7 +195,7 @@
     } else if (android::base::StartsWith(name, "wait-for-")) {
         name += strlen("wait-for-");
 
-        std::unique_ptr<state_info> sinfo = std::make_unique<state_info>();
+        std::shared_ptr<state_info> sinfo = std::make_shared<state_info>();
         if (sinfo == nullptr) {
             fprintf(stderr, "couldn't allocate state_info: %s", strerror(errno));
             return nullptr;
@@ -233,19 +231,15 @@
             return nullptr;
         }
 
-        int fd = create_service_thread(
-                         "wait", std::bind(wait_for_state, std::placeholders::_1, sinfo.get()))
-                         .release();
-        if (fd != -1) {
-            sinfo.release();
-        }
-        return create_local_socket(fd);
+        unique_fd fd = create_service_thread("wait", [sinfo](int fd) {
+            wait_for_state(fd, sinfo.get());
+        });
+        return create_local_socket(std::move(fd));
     } else if (!strncmp(name, "connect:", 8)) {
         std::string host(name + strlen("connect:"));
-        int fd = create_service_thread("connect",
-                                       std::bind(connect_service, std::placeholders::_1, host))
-                         .release();
-        return create_local_socket(fd);
+        unique_fd fd = create_service_thread(
+                "connect", std::bind(connect_service, std::placeholders::_1, host));
+        return create_local_socket(std::move(fd));
     }
     return nullptr;
 }
diff --git a/adb/socket.h b/adb/socket.h
index e7df991..b8c559a 100644
--- a/adb/socket.h
+++ b/adb/socket.h
@@ -23,6 +23,7 @@
 #include <memory>
 #include <string>
 
+#include "adb_unique_fd.h"
 #include "fdevent.h"
 #include "types.h"
 
@@ -102,7 +103,7 @@
 void remove_socket(asocket *s);
 void close_all_sockets(atransport *t);
 
-asocket *create_local_socket(int fd);
+asocket* create_local_socket(unique_fd fd);
 asocket* create_local_service_socket(std::string_view destination, atransport* transport);
 
 asocket *create_remote_socket(unsigned id, atransport *t);
diff --git a/adb/socket_spec.cpp b/adb/socket_spec.cpp
index cc67b6b..de4fff9 100644
--- a/adb/socket_spec.cpp
+++ b/adb/socket_spec.cpp
@@ -46,6 +46,11 @@
 #define ADB_WINDOWS 0
 #endif
 
+#if ADB_LINUX
+#include <sys/socket.h>
+#include "sysdeps/vm_sockets.h"
+#endif
+
 // Not static because it is used in commandline.c.
 int gListenAll = 0;
 
@@ -174,6 +179,62 @@
             return true;
         }
         return false;
+    } else if (address.starts_with("vsock:")) {
+#if ADB_LINUX
+        std::string spec_str(address);
+        std::vector<std::string> fragments = android::base::Split(spec_str, ":");
+        unsigned int port_value = port ? *port : 0;
+        if (fragments.size() != 2 && fragments.size() != 3) {
+            *error = android::base::StringPrintf("expected vsock:cid or vsock:port:cid in '%s'",
+                                                 spec_str.c_str());
+            errno = EINVAL;
+            return false;
+        }
+        unsigned int cid = 0;
+        if (!android::base::ParseUint(fragments[1], &cid)) {
+            *error = android::base::StringPrintf("could not parse vsock cid in '%s'",
+                                                 spec_str.c_str());
+            errno = EINVAL;
+            return false;
+        }
+        if (fragments.size() == 3 && !android::base::ParseUint(fragments[2], &port_value)) {
+            *error = android::base::StringPrintf("could not parse vsock port in '%s'",
+                                                 spec_str.c_str());
+            errno = EINVAL;
+            return false;
+        }
+        if (port_value == 0) {
+            *error = android::base::StringPrintf("vsock port was not provided.");
+            errno = EINVAL;
+            return false;
+        }
+        fd->reset(socket(AF_VSOCK, SOCK_STREAM, 0));
+        if (fd->get() == -1) {
+            *error = "could not open vsock socket";
+            return false;
+        }
+        sockaddr_vm addr{};
+        addr.svm_family = AF_VSOCK;
+        addr.svm_port = port_value;
+        addr.svm_cid = cid;
+        if (serial) {
+            *serial = android::base::StringPrintf("vsock:%u:%d", cid, port_value);
+        }
+        if (connect(fd->get(), reinterpret_cast<sockaddr*>(&addr), sizeof(addr))) {
+            int error_num = errno;
+            *error = android::base::StringPrintf("could not connect to vsock address '%s'",
+                                                 spec_str.c_str());
+            errno = error_num;
+            return false;
+        }
+        if (port) {
+            *port = port_value;
+        }
+        return true;
+#else   // ADB_LINUX
+        *error = "vsock is only supported on linux";
+        return false;
+#endif  // ADB_LINUX
     }
 
     for (const auto& it : kLocalSocketTypes) {
@@ -187,6 +248,9 @@
 
             fd->reset(network_local_client(&address[prefix.length()], it.second.socket_namespace,
                                            SOCK_STREAM, error));
+            if (serial) {
+                *serial = address;
+            }
             return true;
         }
     }
@@ -196,7 +260,7 @@
     return false;
 }
 
-int socket_spec_listen(std::string_view spec, std::string* error, int* resolved_tcp_port) {
+int socket_spec_listen(std::string_view spec, std::string* error, int* resolved_port) {
     if (spec.starts_with("tcp:")) {
         std::string hostname;
         int port;
@@ -215,10 +279,59 @@
             return -1;
         }
 
-        if (result >= 0 && port == 0 && resolved_tcp_port) {
-            *resolved_tcp_port = adb_socket_get_local_port(result);
+        if (result >= 0 && resolved_port) {
+            *resolved_port = adb_socket_get_local_port(result);
         }
         return result;
+    } else if (spec.starts_with("vsock:")) {
+#if ADB_LINUX
+        std::string spec_str(spec);
+        std::vector<std::string> fragments = android::base::Split(spec_str, ":");
+        if (fragments.size() != 2) {
+            *error = "given vsock server socket string was invalid";
+            return -1;
+        }
+        int port;
+        if (!android::base::ParseInt(fragments[1], &port)) {
+            *error = "could not parse vsock port";
+            errno = EINVAL;
+            return -1;
+        } else if (port < 0) {
+            *error = "vsock port was negative.";
+            errno = EINVAL;
+            return -1;
+        }
+        unique_fd serverfd(socket(AF_VSOCK, SOCK_STREAM, 0));
+        if (serverfd == -1) {
+            int error_num = errno;
+            *error = android::base::StringPrintf("could not create vsock server: '%s'",
+                                                 strerror(error_num));
+            errno = error_num;
+            return -1;
+        }
+        sockaddr_vm addr{};
+        addr.svm_family = AF_VSOCK;
+        addr.svm_port = port == 0 ? VMADDR_PORT_ANY : port;
+        addr.svm_cid = VMADDR_CID_ANY;
+        socklen_t addr_len = sizeof(addr);
+        if (bind(serverfd, reinterpret_cast<struct sockaddr*>(&addr), addr_len)) {
+            return -1;
+        }
+        if (listen(serverfd, 4)) {
+            return -1;
+        }
+        if (serverfd >= 0 && resolved_port) {
+            if (getsockname(serverfd, reinterpret_cast<sockaddr*>(&addr), &addr_len) == 0) {
+                *resolved_port = addr.svm_port;
+            } else {
+                return -1;
+            }
+        }
+        return serverfd.release();
+#else   // ADB_LINUX
+        *error = "vsock is only supported on linux";
+        return -1;
+#endif  // ADB_LINUX
     }
 
     for (const auto& it : kLocalSocketTypes) {
diff --git a/adb/socket_test.cpp b/adb/socket_test.cpp
index 80f9430..5e28f76 100644
--- a/adb/socket_test.cpp
+++ b/adb/socket_test.cpp
@@ -58,7 +58,7 @@
     intermediates.resize(INTERMEDIATE_COUNT);
     ASSERT_EQ(0, adb_socketpair(first)) << strerror(errno);
     ASSERT_EQ(0, adb_socketpair(last)) << strerror(errno);
-    asocket* prev_tail = create_local_socket(first[1]);
+    asocket* prev_tail = create_local_socket(unique_fd(first[1]));
     ASSERT_NE(nullptr, prev_tail);
 
     auto connect = [](asocket* tail, asocket* head) {
@@ -70,17 +70,17 @@
     for (auto& intermediate : intermediates) {
         ASSERT_EQ(0, adb_socketpair(intermediate.data())) << strerror(errno);
 
-        asocket* head = create_local_socket(intermediate[0]);
+        asocket* head = create_local_socket(unique_fd(intermediate[0]));
         ASSERT_NE(nullptr, head);
 
-        asocket* tail = create_local_socket(intermediate[1]);
+        asocket* tail = create_local_socket(unique_fd(intermediate[1]));
         ASSERT_NE(nullptr, tail);
 
         connect(prev_tail, head);
         prev_tail = tail;
     }
 
-    asocket* end = create_local_socket(last[0]);
+    asocket* end = create_local_socket(unique_fd(last[0]));
     ASSERT_NE(nullptr, end);
     connect(prev_tail, end);
 
@@ -104,14 +104,14 @@
 }
 
 struct CloseWithPacketArg {
-    int socket_fd;
+    unique_fd socket_fd;
     size_t bytes_written;
-    int cause_close_fd;
+    unique_fd cause_close_fd;
 };
 
 static void CreateCloser(CloseWithPacketArg* arg) {
     fdevent_run_on_main_thread([arg]() {
-        asocket* s = create_local_socket(arg->socket_fd);
+        asocket* s = create_local_socket(std::move(arg->socket_fd));
         ASSERT_TRUE(s != nullptr);
         arg->bytes_written = 0;
 
@@ -135,7 +135,7 @@
         }
         ASSERT_TRUE(socket_filled);
 
-        asocket* cause_close_s = create_local_socket(arg->cause_close_fd);
+        asocket* cause_close_s = create_local_socket(std::move(arg->cause_close_fd));
         ASSERT_TRUE(cause_close_s != nullptr);
         cause_close_s->peer = s;
         s->peer = cause_close_s;
@@ -154,8 +154,8 @@
     int cause_close_fd[2];
     ASSERT_EQ(0, adb_socketpair(cause_close_fd));
     CloseWithPacketArg arg;
-    arg.socket_fd = socket_fd[1];
-    arg.cause_close_fd = cause_close_fd[1];
+    arg.socket_fd.reset(socket_fd[1]);
+    arg.cause_close_fd.reset(cause_close_fd[1]);
 
     PrepareThread();
     CreateCloser(&arg);
@@ -178,8 +178,8 @@
     int cause_close_fd[2];
     ASSERT_EQ(0, adb_socketpair(cause_close_fd));
     CloseWithPacketArg arg;
-    arg.socket_fd = socket_fd[1];
-    arg.cause_close_fd = cause_close_fd[1];
+    arg.socket_fd.reset(socket_fd[1]);
+    arg.cause_close_fd.reset(cause_close_fd[1]);
 
     PrepareThread();
     CreateCloser(&arg);
@@ -211,8 +211,8 @@
     int cause_close_fd[2];
     ASSERT_EQ(0, adb_socketpair(cause_close_fd));
     CloseWithPacketArg arg;
-    arg.socket_fd = socket_fd[1];
-    arg.cause_close_fd = cause_close_fd[1];
+    arg.socket_fd.reset(socket_fd[1]);
+    arg.cause_close_fd.reset(cause_close_fd[1]);
 
     PrepareThread();
     CreateCloser(&arg);
@@ -221,6 +221,8 @@
     EXPECT_EQ(2u + GetAdditionalLocalSocketCount(), fdevent_installed_count());
     ASSERT_EQ(0, adb_close(socket_fd[0]));
 
+    std::this_thread::sleep_for(2s);
+
     WaitForFdeventLoop();
     ASSERT_EQ(GetAdditionalLocalSocketCount(), fdevent_installed_count());
     TerminateThread();
@@ -233,8 +235,8 @@
     ASSERT_EQ(0, adb_socketpair(head_fd));
     ASSERT_EQ(0, adb_socketpair(tail_fd));
 
-    asocket* head = create_local_socket(head_fd[1]);
-    asocket* tail = create_local_socket(tail_fd[1]);
+    asocket* head = create_local_socket(unique_fd(head_fd[1]));
+    asocket* tail = create_local_socket(unique_fd(tail_fd[1]));
 
     head->peer = tail;
     head->ready(head);
@@ -287,7 +289,7 @@
     PrepareThread();
 
     fdevent_run_on_main_thread([accept_fd]() {
-        asocket* s = create_local_socket(accept_fd);
+        asocket* s = create_local_socket(unique_fd(accept_fd));
         ASSERT_TRUE(s != nullptr);
     });
 
diff --git a/adb/sockets.cpp b/adb/sockets.cpp
index 47ae883..420a6d5 100644
--- a/adb/sockets.cpp
+++ b/adb/sockets.cpp
@@ -26,6 +26,7 @@
 #include <unistd.h>
 
 #include <algorithm>
+#include <chrono>
 #include <mutex>
 #include <string>
 #include <vector>
@@ -41,6 +42,8 @@
 #include "transport.h"
 #include "types.h"
 
+using namespace std::chrono_literals;
+
 static std::recursive_mutex& local_socket_list_lock = *new std::recursive_mutex();
 static unsigned local_socket_next_id = 1;
 
@@ -238,16 +241,64 @@
     fdevent_add(s->fde, FDE_READ);
 }
 
+struct ClosingSocket {
+    std::chrono::steady_clock::time_point begin;
+};
+
+// The standard (RFC 1122 - 4.2.2.13) says that if we call close on a
+// socket while we have pending data, a TCP RST should be sent to the
+// other end to notify it that we didn't read all of its data. However,
+// this can result in data that we've successfully written out to be dropped
+// on the other end. To avoid this, instead of immediately closing a
+// socket, call shutdown on it instead, and then read from the file
+// descriptor until we hit EOF or an error before closing.
+static void deferred_close(unique_fd fd) {
+    // Shutdown the socket in the outgoing direction only, so that
+    // we don't have the same problem on the opposite end.
+    adb_shutdown(fd.get(), SHUT_WR);
+    auto callback = [](fdevent* fde, unsigned event, void* arg) {
+        auto socket_info = static_cast<ClosingSocket*>(arg);
+        if (event & FDE_READ) {
+            ssize_t rc;
+            char buf[BUFSIZ];
+            while ((rc = adb_read(fde->fd.get(), buf, sizeof(buf))) > 0) {
+                continue;
+            }
+
+            if (rc == -1 && errno == EAGAIN) {
+                // There's potentially more data to read.
+                auto duration = std::chrono::steady_clock::now() - socket_info->begin;
+                if (duration > 1s) {
+                    LOG(WARNING) << "timeout expired while flushing socket, closing";
+                } else {
+                    return;
+                }
+            }
+        } else if (event & FDE_TIMEOUT) {
+            LOG(WARNING) << "timeout expired while flushing socket, closing";
+        }
+
+        // Either there was an error, we hit the end of the socket, or our timeout expired.
+        fdevent_destroy(fde);
+        delete socket_info;
+    };
+
+    ClosingSocket* socket_info = new ClosingSocket{
+            .begin = std::chrono::steady_clock::now(),
+    };
+
+    fdevent* fde = fdevent_create(fd.release(), callback, socket_info);
+    fdevent_add(fde, FDE_READ);
+    fdevent_set_timeout(fde, 1s);
+}
+
 // be sure to hold the socket list lock when calling this
 static void local_socket_destroy(asocket* s) {
     int exit_on_close = s->exit_on_close;
 
     D("LS(%d): destroying fde.fd=%d", s->id, s->fd);
 
-    /* IMPORTANT: the remove closes the fd
-    ** that belongs to this socket
-    */
-    fdevent_destroy(s->fde);
+    deferred_close(fdevent_release(s->fde));
 
     remove_socket(s);
     delete s;
@@ -333,7 +384,8 @@
     }
 }
 
-asocket* create_local_socket(int fd) {
+asocket* create_local_socket(unique_fd ufd) {
+    int fd = ufd.release();
     asocket* s = new asocket();
     s->fd = fd;
     s->enqueue = local_socket_enqueue;
@@ -353,13 +405,14 @@
         return s;
     }
 #endif
-    int fd = service_to_fd(name, transport);
+    unique_fd fd = service_to_fd(name, transport);
     if (fd < 0) {
         return nullptr;
     }
 
-    asocket* s = create_local_socket(fd);
-    LOG(VERBOSE) << "LS(" << s->id << "): bound to '" << name << "' via " << fd;
+    int fd_value = fd.get();
+    asocket* s = create_local_socket(std::move(fd));
+    LOG(VERBOSE) << "LS(" << s->id << "): bound to '" << name << "' via " << fd_value;
 
 #if !ADB_HOST
     if ((name.starts_with("root:") && getuid() != 0 && __android_log_is_debuggable()) ||
@@ -608,6 +661,14 @@
             return false;
         }
     }
+    if (command.starts_with("vsock:")) {
+        // vsock serials are vsock:cid:port, which have an extra colon compared to tcp.
+        size_t next_colon = command.find(':');
+        if (next_colon == std::string::npos) {
+            return false;
+        }
+        consume(next_colon + 1);
+    }
 
     bool found_address = false;
     if (command[0] == '[') {
diff --git a/adb/sysdeps/chrono.h b/adb/sysdeps/chrono.h
index c73a638..5c5af7c 100644
--- a/adb/sysdeps/chrono.h
+++ b/adb/sysdeps/chrono.h
@@ -18,29 +18,4 @@
 
 #include <chrono>
 
-#if defined(_WIN32)
-// We don't have C++14 on Windows yet.
-// Reimplement std::chrono_literals ourselves until we do.
-
-// Silence the following warning (which gets promoted to an error):
-// error: literal operator suffixes not preceded by ‘_’ are reserved for future standardization
-#pragma GCC system_header
-
-constexpr std::chrono::seconds operator"" s(unsigned long long s) {
-    return std::chrono::seconds(s);
-}
-
-constexpr std::chrono::duration<long double> operator"" s(long double s) {
-    return std::chrono::duration<long double>(s);
-}
-
-constexpr std::chrono::milliseconds operator"" ms(unsigned long long ms) {
-    return std::chrono::milliseconds(ms);
-}
-
-constexpr std::chrono::duration<long double, std::milli> operator"" ms(long double ms) {
-    return std::chrono::duration<long double, std::milli>(ms);
-}
-#else
 using namespace std::chrono_literals;
-#endif
diff --git a/adb/sysdeps/posix/network.cpp b/adb/sysdeps/posix/network.cpp
index 33ddb4e..4de240e 100644
--- a/adb/sysdeps/posix/network.cpp
+++ b/adb/sysdeps/posix/network.cpp
@@ -24,6 +24,7 @@
 #include <string>
 
 #include <android-base/logging.h>
+#include <android-base/stringprintf.h>
 #include <cutils/sockets.h>
 
 #include "adb_unique_fd.h"
@@ -136,11 +137,13 @@
         return fd;
     }
     if (getaddrinfo_error != 0) {
-        *error = gai_strerror(getaddrinfo_error);
-        LOG(WARNING) << "failed to resolve host '" << host << "': " << *error;
+        *error = android::base::StringPrintf("failed to resolve host: '%s': %s", host.c_str(),
+                                             gai_strerror(getaddrinfo_error));
+        LOG(WARNING) << *error;
     } else {
-        *error = strerror(errno);
-        LOG(WARNING) << "failed to connect to '" << host << "': " << *error;
+        *error = android::base::StringPrintf("failed to connect to '%s:%d': %s", host.c_str(), port,
+                                             strerror(errno));
+        LOG(WARNING) << *error;
     }
     return -1;
 }
diff --git a/adb/sysdeps/vm_sockets.h b/adb/sysdeps/vm_sockets.h
new file mode 100644
index 0000000..75c5f44
--- /dev/null
+++ b/adb/sysdeps/vm_sockets.h
@@ -0,0 +1,49 @@
+#if __BIONIC__
+#include <linux/vm_sockets.h>
+#else
+/****************************************************************************
+ ****************************************************************************
+ ***
+ ***   This header was automatically generated from a Linux kernel header
+ ***   of the same name, to make information necessary for userspace to
+ ***   call into the kernel available to libc.  It contains only constants,
+ ***   structures, and macros generated from the original header, and thus,
+ ***   contains no copyrightable information.
+ ***
+ ***   Copied and modified from bionic/libc/kernel/uapi/linux/vm_sockets.h
+ ***
+ ****************************************************************************
+ ****************************************************************************/
+#ifndef _UAPI_VM_SOCKETS_H
+#define _UAPI_VM_SOCKETS_H
+#include <linux/socket.h>
+#define SO_VM_SOCKETS_BUFFER_SIZE 0
+#define SO_VM_SOCKETS_BUFFER_MIN_SIZE 1
+#define SO_VM_SOCKETS_BUFFER_MAX_SIZE 2
+#define SO_VM_SOCKETS_PEER_HOST_VM_ID 3
+#define SO_VM_SOCKETS_TRUSTED 5
+#define SO_VM_SOCKETS_CONNECT_TIMEOUT 6
+#define SO_VM_SOCKETS_NONBLOCK_TXRX 7
+#define VMADDR_CID_ANY -1U
+#define VMADDR_PORT_ANY -1U
+#define VMADDR_CID_HYPERVISOR 0
+#define VMADDR_CID_RESERVED 1
+#define VMADDR_CID_HOST 2
+#define VM_SOCKETS_INVALID_VERSION -1U
+#define VM_SOCKETS_VERSION_EPOCH(_v) (((_v)&0xFF000000) >> 24)
+#define VM_SOCKETS_VERSION_MAJOR(_v) (((_v)&0x00FF0000) >> 16)
+#define VM_SOCKETS_VERSION_MINOR(_v) (((_v)&0x0000FFFF))
+struct sockaddr_vm {
+    __kernel_sa_family_t svm_family;
+    unsigned short svm_reserved1;
+    unsigned int svm_port;
+    unsigned int svm_cid;
+    unsigned char svm_zero[sizeof(struct sockaddr) - sizeof(sa_family_t) - sizeof(unsigned short) -
+                           sizeof(unsigned int) - sizeof(unsigned int)];
+};
+#define IOCTL_VM_SOCKETS_GET_LOCAL_CID _IO(7, 0xb9)
+#ifndef AF_VSOCK
+#define AF_VSOCK 40
+#endif
+#endif
+#endif
diff --git a/adb/test_device.py b/adb/test_device.py
index 34f8fd9..f95a5b3 100755
--- a/adb/test_device.py
+++ b/adb/test_device.py
@@ -35,6 +35,8 @@
 import time
 import unittest
 
+from datetime import datetime
+
 import adb
 
 def requires_root(func):
@@ -1335,6 +1337,63 @@
             self.device.forward_remove("tcp:{}".format(local_port))
 
 
+class SocketTest(DeviceTest):
+    def test_socket_flush(self):
+        """Test that we handle socket closure properly.
+
+        If we're done writing to a socket, closing before the other end has
+        closed will send a TCP_RST if we have incoming data queued up, which
+        may result in data that we've written being discarded.
+
+        Bug: http://b/74616284
+        """
+        s = socket.create_connection(("localhost", 5037))
+
+        def adb_length_prefixed(string):
+            encoded = string.encode("utf8")
+            result = b"%04x%s" % (len(encoded), encoded)
+            return result
+
+        if "ANDROID_SERIAL" in os.environ:
+            transport_string = "host:transport:" + os.environ["ANDROID_SERIAL"]
+        else:
+            transport_string = "host:transport-any"
+
+        s.sendall(adb_length_prefixed(transport_string))
+        response = s.recv(4)
+        self.assertEquals(b"OKAY", response)
+
+        shell_string = "shell:sleep 0.5; dd if=/dev/zero bs=1m count=1 status=none; echo foo"
+        s.sendall(adb_length_prefixed(shell_string))
+
+        response = s.recv(4)
+        self.assertEquals(b"OKAY", response)
+
+        # Spawn a thread that dumps garbage into the socket until failure.
+        def spam():
+            buf = b"\0" * 16384
+            try:
+                while True:
+                    s.sendall(buf)
+            except Exception as ex:
+                print(ex)
+
+        thread = threading.Thread(target=spam)
+        thread.start()
+
+        time.sleep(1)
+
+        received = b""
+        while True:
+            read = s.recv(512)
+            if len(read) == 0:
+                break
+            received += read
+
+        self.assertEquals(1024 * 1024 + len("foo\n"), len(received))
+        thread.join()
+
+
 if sys.platform == "win32":
     # From https://stackoverflow.com/a/38749458
     import os
diff --git a/adb/transport.h b/adb/transport.h
index 3baeb1c..065c81f 100644
--- a/adb/transport.h
+++ b/adb/transport.h
@@ -28,6 +28,7 @@
 #include <memory>
 #include <mutex>
 #include <string>
+#include <string_view>
 #include <thread>
 #include <unordered_set>
 
@@ -400,7 +401,8 @@
 asocket* create_device_tracker(bool long_output);
 
 #if !ADB_HOST
-void server_socket_thread(int port);
+unique_fd tcp_listen_inaddr_any(int port, std::string* error);
+void server_socket_thread(std::function<unique_fd(int, std::string*)> listen_func, int port);
 
 #if defined(__ANDROID__)
 void qemu_socket_thread(int port);
diff --git a/adb/transport_local.cpp b/adb/transport_local.cpp
index 8885db4..9a74fb3 100644
--- a/adb/transport_local.cpp
+++ b/adb/transport_local.cpp
@@ -26,6 +26,7 @@
 #include <sys/types.h>
 
 #include <condition_variable>
+#include <functional>
 #include <memory>
 #include <mutex>
 #include <thread>
@@ -74,14 +75,15 @@
     unique_fd fd;
     int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
     std::string serial;
-    if (socket_spec_connect(&fd, "tcp:" + address, &port, &serial, response)) {
+    std::string prefix_addr = address.starts_with("vsock:") ? address : "tcp:" + address;
+    if (socket_spec_connect(&fd, prefix_addr, &port, &serial, response)) {
         close_on_exec(fd);
         if (!set_tcp_keepalive(fd, 1)) {
             D("warning: failed to configure TCP keepalives (%s)", strerror(errno));
         }
         return std::make_tuple(std::move(fd), port, serial);
     }
-    return std::make_tuple(unique_fd(), 0, "");
+    return std::make_tuple(unique_fd(), 0, serial);
 }
 
 void connect_device(const std::string& address, std::string* response) {
@@ -95,6 +97,9 @@
     int port;
     std::string serial;
     std::tie(fd, port, serial) = tcp_connect(address, response);
+    if (fd.get() == -1) {
+        return;
+    }
     auto reconnect = [address](atransport* t) {
         std::string response;
         unique_fd fd;
@@ -231,16 +236,19 @@
 
 #else  // !ADB_HOST
 
-void server_socket_thread(int port) {
-    unique_fd serverfd;
-
+void server_socket_thread(std::function<unique_fd(int, std::string*)> listen_func, int port) {
     adb_thread_setname("server socket");
-    D("transport: server_socket_thread() starting");
+
+    unique_fd serverfd;
+    std::string error;
+
     while (serverfd == -1) {
-        std::string spec = android::base::StringPrintf("tcp:%d", port);
-        std::string error;
-        serverfd.reset(socket_spec_listen(spec, &error));
-        if (serverfd < 0) {
+        errno = 0;
+        serverfd = listen_func(port, &error);
+        if (errno == EAFNOSUPPORT || errno == EINVAL || errno == EPROTONOSUPPORT) {
+            D("unrecoverable error: '%s'", error.c_str());
+            return;
+        } else if (serverfd < 0) {
             D("server: cannot bind socket yet: %s", error.c_str());
             std::this_thread::sleep_for(1s);
             continue;
@@ -249,7 +257,7 @@
     }
 
     while (true) {
-        D("server: trying to get new connection from %d", port);
+        D("server: trying to get new connection from fd %d", serverfd.get());
         unique_fd fd(adb_socket_accept(serverfd, nullptr, nullptr));
         if (fd >= 0) {
             D("server: new connection on fd %d", fd.get());
@@ -265,26 +273,38 @@
 
 #endif
 
-void local_init(int port) {
-    void (*func)(int);
-    const char* debug_name = "";
+unique_fd tcp_listen_inaddr_any(int port, std::string* error) {
+    return unique_fd{network_inaddr_any_server(port, SOCK_STREAM, error)};
+}
 
+#if !ADB_HOST
+static unique_fd vsock_listen(int port, std::string* error) {
+    return unique_fd{
+        socket_spec_listen(android::base::StringPrintf("vsock:%d", port), error, nullptr)
+    };
+}
+#endif
+
+void local_init(int port) {
 #if ADB_HOST
-    func = client_socket_thread;
-    debug_name = "client";
+    D("transport: local client init");
+    std::thread(client_socket_thread, port).detach();
 #elif !defined(__ANDROID__)
     // Host adbd.
-    func = server_socket_thread;
-    debug_name = "server";
+    D("transport: local server init");
+    std::thread(server_socket_thread, tcp_listen_inaddr_any, port).detach();
+    std::thread(server_socket_thread, vsock_listen, port).detach();
 #else
+    D("transport: local server init");
     // For the adbd daemon in the system image we need to distinguish
     // between the device, and the emulator.
-    func = use_qemu_goldfish() ? qemu_socket_thread : server_socket_thread;
-    debug_name = "server";
+    if (use_qemu_goldfish()) {
+        std::thread(qemu_socket_thread, port).detach();
+    } else {
+        std::thread(server_socket_thread, tcp_listen_inaddr_any, port).detach();
+    }
+    std::thread(server_socket_thread, vsock_listen, port).detach();
 #endif // !ADB_HOST
-
-    D("transport: local %s init", debug_name);
-    std::thread(func, port).detach();
 }
 
 #if ADB_HOST
diff --git a/base/include/android-base/unique_fd.h b/base/include/android-base/unique_fd.h
index 2c890b4..83213e9 100644
--- a/base/include/android-base/unique_fd.h
+++ b/base/include/android-base/unique_fd.h
@@ -17,10 +17,10 @@
 #pragma once
 
 #include <dirent.h>
+#include <errno.h>
 #include <fcntl.h>
 
 #if !defined(_WIN32)
-#include <dirent.h>
 #include <sys/socket.h>
 #endif
 
@@ -114,6 +114,8 @@
 
  private:
   void reset(int new_value, void* previous_tag) {
+    int previous_errno = errno;
+
     if (fd_ != -1) {
       close(fd_, this);
     }
@@ -122,6 +124,8 @@
     if (new_value != -1) {
       tag(new_value, previous_tag, this);
     }
+
+    errno = previous_errno;
   }
 
   int fd_ = -1;
diff --git a/debuggerd/Android.bp b/debuggerd/Android.bp
index 10f52f4..4a53a33 100644
--- a/debuggerd/Android.bp
+++ b/debuggerd/Android.bp
@@ -114,7 +114,6 @@
         "libasync_safe",
         "libbase",
         "libdebuggerd",
-        "libbacktrace",
         "libunwindstack",
         "libdexfile",  // libunwindstack dependency
         "libdexfile_external",  // libunwindstack dependency
@@ -124,7 +123,6 @@
     ],
     target: {
         recovery: {
-            cflags: ["-DNO_LIBDEXFILE_SUPPORT"],
             exclude_static_libs: [
                 "libartbase",
                 "libdexfile",
@@ -164,7 +162,6 @@
 
     srcs: [
         "libdebuggerd/backtrace.cpp",
-        "libdebuggerd/elf_utils.cpp",
         "libdebuggerd/open_files_list.cpp",
         "libdebuggerd/tombstone.cpp",
         "libdebuggerd/utility.cpp",
@@ -177,7 +174,6 @@
     include_dirs: ["bionic/libc"],
 
     static_libs: [
-        "libbacktrace",
         "libdexfile_external",  // libunwindstack dependency
         "libdexfile_support",  // libunwindstack dependency
         "libunwindstack",
@@ -223,7 +219,6 @@
     },
 
     shared_libs: [
-        "libbacktrace",
         "libbase",
         "libcutils",
         "libdebuggerd_client",
@@ -291,7 +286,6 @@
     ],
 
     shared_libs: [
-        "libbacktrace",
         "libbase",
         "liblog",
         "libprocinfo",
diff --git a/debuggerd/crash_dump.cpp b/debuggerd/crash_dump.cpp
index d79d20b..82ba0a1 100644
--- a/debuggerd/crash_dump.cpp
+++ b/debuggerd/crash_dump.cpp
@@ -48,7 +48,12 @@
 #define ATRACE_TAG ATRACE_TAG_BIONIC
 #include <utils/Trace.h>
 
+#include <unwindstack/DexFiles.h>
+#include <unwindstack/JitDebug.h>
+#include <unwindstack/Maps.h>
+#include <unwindstack/Memory.h>
 #include <unwindstack/Regs.h>
+#include <unwindstack/Unwinder.h>
 
 #include "libdebuggerd/backtrace.h"
 #include "libdebuggerd/tombstone.h"
@@ -63,8 +68,6 @@
 using android::base::unique_fd;
 using android::base::StringPrintf;
 
-using unwindstack::Regs;
-
 static bool pid_contains_tid(int pid_proc_fd, pid_t tid) {
   struct stat st;
   std::string task_path = StringPrintf("task/%d", tid);
@@ -287,7 +290,8 @@
     case 1:
       *abort_msg_address = crash_info->data.v1.abort_msg_address;
       *siginfo = crash_info->data.v1.siginfo;
-      regs->reset(Regs::CreateFromUcontext(Regs::CurrentArch(), &crash_info->data.v1.ucontext));
+      regs->reset(unwindstack::Regs::CreateFromUcontext(unwindstack::Regs::CurrentArch(),
+                                                        &crash_info->data.v1.ucontext));
       break;
 
     default:
@@ -469,7 +473,7 @@
         info.siginfo = &siginfo;
         info.signo = info.siginfo->si_signo;
       } else {
-        info.registers.reset(Regs::RemoteGet(thread));
+        info.registers.reset(unwindstack::Regs::RemoteGet(thread));
         if (!info.registers) {
           PLOG(WARNING) << "failed to fetch registers for thread " << thread;
           ptrace(PTRACE_DETACH, thread, 0, 0);
@@ -562,30 +566,25 @@
   }
 
   // TODO: Use seccomp to lock ourselves down.
-  std::unique_ptr<BacktraceMap> map(BacktraceMap::Create(vm_pid, false));
-  if (!map) {
-    LOG(FATAL) << "failed to create backtrace map";
-  }
-
-  std::shared_ptr<unwindstack::Memory> process_memory = map->GetProcessMemory();
-  if (!process_memory) {
-    LOG(FATAL) << "failed to get unwindstack::Memory handle";
+  unwindstack::UnwinderFromPid unwinder(256, vm_pid);
+  if (!unwinder.Init(unwindstack::Regs::CurrentArch())) {
+    LOG(FATAL) << "Failed to init unwinder object.";
   }
 
   std::string amfd_data;
   if (backtrace) {
     ATRACE_NAME("dump_backtrace");
-    dump_backtrace(std::move(g_output_fd), map.get(), thread_info, g_target_thread);
+    dump_backtrace(std::move(g_output_fd), &unwinder, thread_info, g_target_thread);
   } else {
     {
       ATRACE_NAME("fdsan table dump");
-      populate_fdsan_table(&open_files, process_memory, fdsan_table_address);
+      populate_fdsan_table(&open_files, unwinder.GetProcessMemory(), fdsan_table_address);
     }
 
     {
       ATRACE_NAME("engrave_tombstone");
-      engrave_tombstone(std::move(g_output_fd), map.get(), process_memory.get(), thread_info,
-                        g_target_thread, abort_msg_address, &open_files, &amfd_data);
+      engrave_tombstone(std::move(g_output_fd), &unwinder, thread_info, g_target_thread,
+                        abort_msg_address, &open_files, &amfd_data);
     }
   }
 
diff --git a/debuggerd/handler/debuggerd_fallback.cpp b/debuggerd/handler/debuggerd_fallback.cpp
index 15c0265..bbec612 100644
--- a/debuggerd/handler/debuggerd_fallback.cpp
+++ b/debuggerd/handler/debuggerd_fallback.cpp
@@ -42,9 +42,12 @@
 #include <android-base/file.h>
 #include <android-base/unique_fd.h>
 #include <async_safe/log.h>
-#include <backtrace/BacktraceMap.h>
+#include <unwindstack/DexFiles.h>
+#include <unwindstack/JitDebug.h>
+#include <unwindstack/Maps.h>
 #include <unwindstack/Memory.h>
 #include <unwindstack/Regs.h>
+#include <unwindstack/Unwinder.h>
 
 #include "debuggerd/handler.h"
 #include "handler/fallback.h"
@@ -55,7 +58,6 @@
 #include "libdebuggerd/tombstone.h"
 
 using android::base::unique_fd;
-using unwindstack::Regs;
 
 extern "C" bool __linker_enable_fallback_allocator();
 extern "C" void __linker_disable_fallback_allocator();
@@ -73,17 +75,22 @@
   }
 
   {
-    std::unique_ptr<Regs> regs;
+    std::unique_ptr<unwindstack::Regs> regs;
 
     ThreadInfo thread;
     thread.pid = getpid();
     thread.tid = gettid();
     thread.thread_name = get_thread_name(gettid());
-    thread.registers.reset(Regs::CreateFromUcontext(Regs::CurrentArch(), ucontext));
+    unwindstack::ArchEnum arch = unwindstack::Regs::CurrentArch();
+    thread.registers.reset(unwindstack::Regs::CreateFromUcontext(arch, ucontext));
 
     // TODO: Create this once and store it in a global?
-    std::unique_ptr<BacktraceMap> map(BacktraceMap::Create(getpid()));
-    dump_backtrace_thread(output_fd, map.get(), thread);
+    unwindstack::UnwinderFromPid unwinder(kMaxFrames, getpid());
+    if (unwinder.Init(arch)) {
+      dump_backtrace_thread(output_fd, &unwinder, thread);
+    } else {
+      async_safe_format_log(ANDROID_LOG_ERROR, "libc", "Unable to init unwinder.");
+    }
   }
   __linker_disable_fallback_allocator();
 }
diff --git a/debuggerd/libdebuggerd/backtrace.cpp b/debuggerd/libdebuggerd/backtrace.cpp
index f0a01f4..753ebcb 100644
--- a/debuggerd/libdebuggerd/backtrace.cpp
+++ b/debuggerd/libdebuggerd/backtrace.cpp
@@ -35,8 +35,8 @@
 #include <string>
 
 #include <android-base/unique_fd.h>
-#include <backtrace/Backtrace.h>
 #include <log/log.h>
+#include <unwindstack/Unwinder.h>
 
 #include "libdebuggerd/types.h"
 #include "libdebuggerd/utility.h"
@@ -59,25 +59,27 @@
   _LOG(log, logtype::BACKTRACE, "\n----- end %d -----\n", pid);
 }
 
-void dump_backtrace_thread(int output_fd, BacktraceMap* map, const ThreadInfo& thread) {
+void dump_backtrace_thread(int output_fd, unwindstack::Unwinder* unwinder,
+                           const ThreadInfo& thread) {
   log_t log;
   log.tfd = output_fd;
   log.amfd_data = nullptr;
 
   _LOG(&log, logtype::BACKTRACE, "\n\"%s\" sysTid=%d\n", thread.thread_name.c_str(), thread.tid);
 
-  std::vector<backtrace_frame_data_t> frames;
-  if (!Backtrace::Unwind(thread.registers.get(), map, &frames, 0, nullptr)) {
+  unwinder->SetRegs(thread.registers.get());
+  unwinder->Unwind();
+  if (unwinder->NumFrames() == 0) {
     _LOG(&log, logtype::THREAD, "Unwind failed: tid = %d", thread.tid);
     return;
   }
 
-  for (auto& frame : frames) {
-    _LOG(&log, logtype::BACKTRACE, "  %s\n", Backtrace::FormatFrameData(&frame).c_str());
+  for (size_t i = 0; i < unwinder->NumFrames(); i++) {
+    _LOG(&log, logtype::BACKTRACE, "  %s\n", unwinder->FormatFrame(i).c_str());
   }
 }
 
-void dump_backtrace(android::base::unique_fd output_fd, BacktraceMap* map,
+void dump_backtrace(android::base::unique_fd output_fd, unwindstack::Unwinder* unwinder,
                     const std::map<pid_t, ThreadInfo>& thread_info, pid_t target_thread) {
   log_t log;
   log.tfd = output_fd.get();
@@ -91,10 +93,10 @@
 
   dump_process_header(&log, target->second.pid, target->second.process_name.c_str());
 
-  dump_backtrace_thread(output_fd.get(), map, target->second);
+  dump_backtrace_thread(output_fd.get(), unwinder, target->second);
   for (const auto& [tid, info] : thread_info) {
     if (tid != target_thread) {
-      dump_backtrace_thread(output_fd.get(), map, info);
+      dump_backtrace_thread(output_fd.get(), unwinder, info);
     }
   }
 
diff --git a/debuggerd/libdebuggerd/elf_utils.cpp b/debuggerd/libdebuggerd/elf_utils.cpp
deleted file mode 100644
index d7afc0b..0000000
--- a/debuggerd/libdebuggerd/elf_utils.cpp
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#define LOG_TAG "DEBUG"
-
-#include "libdebuggerd/elf_utils.h"
-
-#include <elf.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <string>
-
-#include <android-base/stringprintf.h>
-#include <log/log.h>
-#include <unwindstack/Memory.h>
-
-#define NOTE_ALIGN(size)  (((size) + 3) & ~3)
-
-template <typename HdrType, typename PhdrType, typename NhdrType>
-static bool get_build_id(unwindstack::Memory* memory, uintptr_t base_addr, uint8_t* e_ident,
-                         std::string* build_id) {
-  HdrType hdr;
-
-  memcpy(&hdr.e_ident[0], e_ident, EI_NIDENT);
-
-  // First read the rest of the header.
-  if (memory->Read(base_addr + EI_NIDENT, reinterpret_cast<uint8_t*>(&hdr) + EI_NIDENT,
-                   sizeof(HdrType) - EI_NIDENT) != sizeof(HdrType) - EI_NIDENT) {
-    return false;
-  }
-
-  for (size_t i = 0; i < hdr.e_phnum; i++) {
-    PhdrType phdr;
-    if (memory->Read(base_addr + hdr.e_phoff + i * hdr.e_phentsize,
-                     reinterpret_cast<uint8_t*>(&phdr), sizeof(phdr)) != sizeof(phdr)) {
-      return false;
-    }
-    // Looking for the .note.gnu.build-id note.
-    if (phdr.p_type == PT_NOTE) {
-      size_t hdr_size = phdr.p_filesz;
-      uintptr_t addr = base_addr + phdr.p_offset;
-      while (hdr_size >= sizeof(NhdrType)) {
-        NhdrType nhdr;
-        if (memory->Read(addr, reinterpret_cast<uint8_t*>(&nhdr), sizeof(nhdr)) != sizeof(nhdr)) {
-          return false;
-        }
-        addr += sizeof(nhdr);
-        if (nhdr.n_type == NT_GNU_BUILD_ID) {
-          // Skip the name (which is the owner and should be "GNU").
-          addr += NOTE_ALIGN(nhdr.n_namesz);
-          uint8_t build_id_data[160];
-          if (nhdr.n_descsz > sizeof(build_id_data)) {
-            ALOGE("Possible corrupted note, desc size value is too large: %u",
-                  nhdr.n_descsz);
-            return false;
-          }
-          if (memory->Read(addr, build_id_data, nhdr.n_descsz) != nhdr.n_descsz) {
-            return false;
-          }
-
-          build_id->clear();
-          for (size_t bytes = 0; bytes < nhdr.n_descsz; bytes++) {
-            *build_id += android::base::StringPrintf("%02x", build_id_data[bytes]);
-          }
-
-          return true;
-        } else {
-          // Move past the extra note data.
-          hdr_size -= sizeof(nhdr);
-          size_t skip_bytes = NOTE_ALIGN(nhdr.n_namesz) + NOTE_ALIGN(nhdr.n_descsz);
-          addr += skip_bytes;
-          if (hdr_size < skip_bytes) {
-            break;
-          }
-          hdr_size -= skip_bytes;
-        }
-      }
-    }
-  }
-  return false;
-}
-
-bool elf_get_build_id(unwindstack::Memory* memory, uintptr_t addr, std::string* build_id) {
-  // Read and verify the elf magic number first.
-  uint8_t e_ident[EI_NIDENT];
-  if (memory->Read(addr, e_ident, SELFMAG) != SELFMAG) {
-    return false;
-  }
-
-  if (memcmp(e_ident, ELFMAG, SELFMAG) != 0) {
-    return false;
-  }
-
-  // Read the rest of EI_NIDENT.
-  if (memory->Read(addr + SELFMAG, e_ident + SELFMAG, EI_NIDENT - SELFMAG) != EI_NIDENT - SELFMAG) {
-    return false;
-  }
-
-  if (e_ident[EI_CLASS] == ELFCLASS32) {
-    return get_build_id<Elf32_Ehdr, Elf32_Phdr, Elf32_Nhdr>(memory, addr, e_ident, build_id);
-  } else if (e_ident[EI_CLASS] == ELFCLASS64) {
-    return get_build_id<Elf64_Ehdr, Elf64_Phdr, Elf64_Nhdr>(memory, addr, e_ident, build_id);
-  }
-
-  return false;
-}
diff --git a/debuggerd/libdebuggerd/include/libdebuggerd/backtrace.h b/debuggerd/libdebuggerd/include/libdebuggerd/backtrace.h
index 119e59b..c20d090 100644
--- a/debuggerd/libdebuggerd/include/libdebuggerd/backtrace.h
+++ b/debuggerd/libdebuggerd/include/libdebuggerd/backtrace.h
@@ -28,15 +28,19 @@
 #include "types.h"
 #include "utility.h"
 
-class BacktraceMap;
+// Forward delcaration
+namespace unwindstack {
+class Unwinder;
+}
 
 // Dumps a backtrace using a format similar to what Dalvik uses so that the result
 // can be intermixed in a bug report.
-void dump_backtrace(android::base::unique_fd output_fd, BacktraceMap* map,
+void dump_backtrace(android::base::unique_fd output_fd, unwindstack::Unwinder* unwinder,
                     const std::map<pid_t, ThreadInfo>& thread_info, pid_t target_thread);
 
 void dump_backtrace_header(int output_fd);
-void dump_backtrace_thread(int output_fd, BacktraceMap* map, const ThreadInfo& thread);
+void dump_backtrace_thread(int output_fd, unwindstack::Unwinder* unwinder,
+                           const ThreadInfo& thread);
 void dump_backtrace_footer(int output_fd);
 
 #endif // _DEBUGGERD_BACKTRACE_H
diff --git a/debuggerd/libdebuggerd/include/libdebuggerd/tombstone.h b/debuggerd/libdebuggerd/include/libdebuggerd/tombstone.h
index be90d0f..7133f77 100644
--- a/debuggerd/libdebuggerd/include/libdebuggerd/tombstone.h
+++ b/debuggerd/libdebuggerd/include/libdebuggerd/tombstone.h
@@ -29,7 +29,13 @@
 #include "open_files_list.h"
 #include "types.h"
 
-class BacktraceMap;
+// Forward declarations
+namespace unwindstack {
+class Unwinder;
+}
+
+// The maximum number of frames to save when unwinding.
+constexpr size_t kMaxFrames = 256;
 
 /* Create and open a tombstone file for writing.
  * Returns a writable file descriptor, or -1 with errno set appropriately.
@@ -38,16 +44,15 @@
 int open_tombstone(std::string* path);
 
 /* Creates a tombstone file and writes the crash dump to it. */
-void engrave_tombstone(int tombstone_fd, BacktraceMap* map, const OpenFilesList* open_files,
-                       pid_t pid, pid_t tid, const std::string& process_name,
-                       const std::map<pid_t, std::string>& threads, uint64_t abort_msg_address,
-                       std::string* amfd_data);
+void engrave_tombstone(int tombstone_fd, unwindstack::Unwinder* unwinder,
+                       const OpenFilesList* open_files, pid_t pid, pid_t tid,
+                       const std::string& process_name, const std::map<pid_t, std::string>& threads,
+                       uint64_t abort_msg_address, std::string* amfd_data);
 
 void engrave_tombstone_ucontext(int tombstone_fd, uint64_t abort_msg_address, siginfo_t* siginfo,
                                 ucontext_t* ucontext);
 
-void engrave_tombstone(android::base::unique_fd output_fd, BacktraceMap* map,
-                       unwindstack::Memory* process_memory,
+void engrave_tombstone(android::base::unique_fd output_fd, unwindstack::Unwinder* unwinder,
                        const std::map<pid_t, ThreadInfo>& thread_info, pid_t target_thread,
                        uint64_t abort_msg_address, OpenFilesList* open_files,
                        std::string* amfd_data);
diff --git a/debuggerd/libdebuggerd/test/BacktraceMock.h b/debuggerd/libdebuggerd/test/BacktraceMock.h
deleted file mode 100644
index e7dbed7..0000000
--- a/debuggerd/libdebuggerd/test/BacktraceMock.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef _DEBUGGERD_TEST_BACKTRACE_MOCK_H
-#define _DEBUGGERD_TEST_BACKTRACE_MOCK_H
-
-#include <backtrace/BacktraceMap.h>
-
-class BacktraceMapMock : public BacktraceMap {
- public:
-  BacktraceMapMock() : BacktraceMap(0) {}
-  virtual ~BacktraceMapMock() {}
-
-  void AddMap(backtrace_map_t& map) {
-    maps_.push_back(map);
-  }
-};
-
-#endif //  _DEBUGGERD_TEST_BACKTRACE_MOCK_H
diff --git a/debuggerd/libdebuggerd/test/UnwinderMock.h b/debuggerd/libdebuggerd/test/UnwinderMock.h
new file mode 100644
index 0000000..023a578
--- /dev/null
+++ b/debuggerd/libdebuggerd/test/UnwinderMock.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <unwindstack/MapInfo.h>
+#include <unwindstack/Maps.h>
+#include <unwindstack/Unwinder.h>
+
+class UnwinderMock : public unwindstack::Unwinder {
+ public:
+  UnwinderMock() : Unwinder(128, new unwindstack::Maps, nullptr) {}
+  virtual ~UnwinderMock() { delete GetMaps(); }
+
+  void MockAddMap(uint64_t start, uint64_t end, uint64_t offset, uint64_t flags, std::string name,
+                  uint64_t load_bias) {
+    GetMaps()->Add(start, end, offset, flags, name, load_bias);
+  }
+
+  void MockSetBuildID(uint64_t offset, const std::string& build_id) {
+    unwindstack::MapInfo* map_info = GetMaps()->Find(offset);
+    if (map_info != nullptr) {
+      std::string* new_build_id = new std::string(build_id);
+      map_info->build_id = reinterpret_cast<uintptr_t>(new_build_id);
+    }
+  }
+};
diff --git a/debuggerd/libdebuggerd/test/tombstone_test.cpp b/debuggerd/libdebuggerd/test/tombstone_test.cpp
index d24c887..eed5bd3 100644
--- a/debuggerd/libdebuggerd/test/tombstone_test.cpp
+++ b/debuggerd/libdebuggerd/test/tombstone_test.cpp
@@ -26,26 +26,16 @@
 
 #include "libdebuggerd/utility.h"
 
-#include "BacktraceMock.h"
-#include "elf_fake.h"
+#include "UnwinderMock.h"
 #include "host_signal_fixup.h"
 #include "log_fake.h"
 
 #include "tombstone.cpp"
 
-void dump_registers(log_t*, pid_t) {
-}
-
-void dump_memory_and_code(log_t*, Backtrace*) {
-}
-
-void dump_backtrace_to_log(Backtrace*, log_t*, char const*) {
-}
-
 class TombstoneTest : public ::testing::Test {
  protected:
   virtual void SetUp() {
-    map_mock_.reset(new BacktraceMapMock());
+    unwinder_mock_.reset(new UnwinderMock());
 
     char tmp_file[256];
     const char data_template[] = "/data/local/tmp/debuggerd_memory_testXXXXXX";
@@ -71,7 +61,6 @@
     log_.should_retrieve_logcat = false;
 
     resetLogs();
-    elf_set_fake_build_id("");
   }
 
   virtual void TearDown() {
@@ -80,24 +69,20 @@
     }
   }
 
-  std::unique_ptr<BacktraceMapMock> map_mock_;
+  std::unique_ptr<UnwinderMock> unwinder_mock_;
 
   log_t log_;
   std::string amfd_data_;
 };
 
 TEST_F(TombstoneTest, single_map) {
-  backtrace_map_t map;
 #if defined(__LP64__)
-  map.start = 0x123456789abcd000UL;
-  map.end = 0x123456789abdf000UL;
+  unwinder_mock_->MockAddMap(0x123456789abcd000UL, 0x123456789abdf000UL, 0, 0, "", 0);
 #else
-  map.start = 0x1234000;
-  map.end = 0x1235000;
+  unwinder_mock_->MockAddMap(0x1234000, 0x1235000, 0, 0, "", 0);
 #endif
-  map_mock_->AddMap(map);
 
-  dump_all_maps(&log_, map_mock_.get(), nullptr, 0);
+  dump_all_maps(&log_, unwinder_mock_.get(), 0);
 
   std::string tombstone_contents;
   ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
@@ -119,20 +104,25 @@
 }
 
 TEST_F(TombstoneTest, single_map_elf_build_id) {
-  backtrace_map_t map;
+  uint64_t build_id_offset;
 #if defined(__LP64__)
-  map.start = 0x123456789abcd000UL;
-  map.end = 0x123456789abdf000UL;
+  build_id_offset = 0x123456789abcd000UL;
+  unwinder_mock_->MockAddMap(build_id_offset, 0x123456789abdf000UL, 0, PROT_READ,
+                             "/system/lib/libfake.so", 0);
 #else
-  map.start = 0x1234000;
-  map.end = 0x1235000;
+  build_id_offset = 0x1234000;
+  unwinder_mock_->MockAddMap(0x1234000, 0x1235000, 0, PROT_READ, "/system/lib/libfake.so", 0);
 #endif
-  map.flags = PROT_READ;
-  map.name = "/system/lib/libfake.so";
-  map_mock_->AddMap(map);
 
-  elf_set_fake_build_id("abcdef1234567890abcdef1234567890");
-  dump_all_maps(&log_, map_mock_.get(), nullptr, 0);
+  unwinder_mock_->MockSetBuildID(
+      build_id_offset,
+      std::string{static_cast<char>(0xab), static_cast<char>(0xcd), static_cast<char>(0xef),
+                  static_cast<char>(0x12), static_cast<char>(0x34), static_cast<char>(0x56),
+                  static_cast<char>(0x78), static_cast<char>(0x90), static_cast<char>(0xab),
+                  static_cast<char>(0xcd), static_cast<char>(0xef), static_cast<char>(0x12),
+                  static_cast<char>(0x34), static_cast<char>(0x56), static_cast<char>(0x78),
+                  static_cast<char>(0x90)});
+  dump_all_maps(&log_, unwinder_mock_.get(), 0);
 
   std::string tombstone_contents;
   ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
@@ -153,83 +143,15 @@
   ASSERT_STREQ("", getFakeLogPrint().c_str());
 }
 
-// Even though build id is present, it should not be printed in either of
-// these cases.
-TEST_F(TombstoneTest, single_map_no_build_id) {
-  backtrace_map_t map;
-#if defined(__LP64__)
-  map.start = 0x123456789abcd000UL;
-  map.end = 0x123456789abdf000UL;
-#else
-  map.start = 0x1234000;
-  map.end = 0x1235000;
-#endif
-  map.flags = PROT_WRITE;
-  map_mock_->AddMap(map);
-
-  map.name = "/system/lib/libfake.so";
-  map_mock_->AddMap(map);
-
-  elf_set_fake_build_id("abcdef1234567890abcdef1234567890");
-  dump_all_maps(&log_, map_mock_.get(), nullptr, 0);
-
-  std::string tombstone_contents;
-  ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
-  ASSERT_TRUE(android::base::ReadFdToString(log_.tfd, &tombstone_contents));
-  const char* expected_dump = \
-"\nmemory map (2 entries):\n"
-#if defined(__LP64__)
-"    12345678'9abcd000-12345678'9abdefff -w-         0     12000\n"
-"    12345678'9abcd000-12345678'9abdefff -w-         0     12000  /system/lib/libfake.so\n";
-#else
-"    01234000-01234fff -w-         0      1000\n"
-"    01234000-01234fff -w-         0      1000  /system/lib/libfake.so\n";
-#endif
-  ASSERT_STREQ(expected_dump, tombstone_contents.c_str());
-
-  ASSERT_STREQ("", amfd_data_.c_str());
-
-  // Verify that the log buf is empty, and no error messages.
-  ASSERT_STREQ("", getFakeLogBuf().c_str());
-  ASSERT_STREQ("", getFakeLogPrint().c_str());
-}
-
 TEST_F(TombstoneTest, multiple_maps) {
-  backtrace_map_t map;
+  unwinder_mock_->MockAddMap(0xa234000, 0xa235000, 0, 0, "", 0);
+  unwinder_mock_->MockAddMap(0xa334000, 0xa335000, 0xf000, PROT_READ, "", 0);
+  unwinder_mock_->MockAddMap(0xa434000, 0xa435000, 0x1000, PROT_WRITE, "", 0xd000);
+  unwinder_mock_->MockAddMap(0xa534000, 0xa535000, 0x3000, PROT_EXEC, "", 0x2000);
+  unwinder_mock_->MockAddMap(0xa634000, 0xa635000, 0, PROT_READ | PROT_WRITE | PROT_EXEC,
+                             "/system/lib/fake.so", 0);
 
-  map.start = 0xa234000;
-  map.end = 0xa235000;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa334000;
-  map.end = 0xa335000;
-  map.offset = 0xf000;
-  map.flags = PROT_READ;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa434000;
-  map.end = 0xa435000;
-  map.offset = 0x1000;
-  map.load_bias = 0xd000;
-  map.flags = PROT_WRITE;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa534000;
-  map.end = 0xa535000;
-  map.offset = 0x3000;
-  map.load_bias = 0x2000;
-  map.flags = PROT_EXEC;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa634000;
-  map.end = 0xa635000;
-  map.offset = 0;
-  map.load_bias = 0;
-  map.flags = PROT_READ | PROT_WRITE | PROT_EXEC;
-  map.name = "/system/lib/fake.so";
-  map_mock_->AddMap(map);
-
-  dump_all_maps(&log_, map_mock_.get(), nullptr, 0);
+  dump_all_maps(&log_, unwinder_mock_.get(), 0);
 
   std::string tombstone_contents;
   ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
@@ -259,31 +181,12 @@
 }
 
 TEST_F(TombstoneTest, multiple_maps_fault_address_before) {
-  backtrace_map_t map;
+  unwinder_mock_->MockAddMap(0xa434000, 0xa435000, 0x1000, PROT_WRITE, "", 0xd000);
+  unwinder_mock_->MockAddMap(0xa534000, 0xa535000, 0x3000, PROT_EXEC, "", 0x2000);
+  unwinder_mock_->MockAddMap(0xa634000, 0xa635000, 0, PROT_READ | PROT_WRITE | PROT_EXEC,
+                             "/system/lib/fake.so", 0);
 
-  map.start = 0xa434000;
-  map.end = 0xa435000;
-  map.offset = 0x1000;
-  map.load_bias = 0xd000;
-  map.flags = PROT_WRITE;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa534000;
-  map.end = 0xa535000;
-  map.offset = 0x3000;
-  map.load_bias = 0x2000;
-  map.flags = PROT_EXEC;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa634000;
-  map.end = 0xa635000;
-  map.offset = 0;
-  map.load_bias = 0;
-  map.flags = PROT_READ | PROT_WRITE | PROT_EXEC;
-  map.name = "/system/lib/fake.so";
-  map_mock_->AddMap(map);
-
-  dump_all_maps(&log_, map_mock_.get(), nullptr, 0x1000);
+  dump_all_maps(&log_, unwinder_mock_.get(), 0x1000);
 
   std::string tombstone_contents;
   ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
@@ -311,31 +214,12 @@
 }
 
 TEST_F(TombstoneTest, multiple_maps_fault_address_between) {
-  backtrace_map_t map;
+  unwinder_mock_->MockAddMap(0xa434000, 0xa435000, 0x1000, PROT_WRITE, "", 0xd000);
+  unwinder_mock_->MockAddMap(0xa534000, 0xa535000, 0x3000, PROT_EXEC, "", 0x2000);
+  unwinder_mock_->MockAddMap(0xa634000, 0xa635000, 0, PROT_READ | PROT_WRITE | PROT_EXEC,
+                             "/system/lib/fake.so", 0);
 
-  map.start = 0xa434000;
-  map.end = 0xa435000;
-  map.offset = 0x1000;
-  map.load_bias = 0xd000;
-  map.flags = PROT_WRITE;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa534000;
-  map.end = 0xa535000;
-  map.offset = 0x3000;
-  map.load_bias = 0x2000;
-  map.flags = PROT_EXEC;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa634000;
-  map.end = 0xa635000;
-  map.offset = 0;
-  map.load_bias = 0;
-  map.flags = PROT_READ | PROT_WRITE | PROT_EXEC;
-  map.name = "/system/lib/fake.so";
-  map_mock_->AddMap(map);
-
-  dump_all_maps(&log_, map_mock_.get(), nullptr, 0xa533000);
+  dump_all_maps(&log_, unwinder_mock_.get(), 0xa533000);
 
   std::string tombstone_contents;
   ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
@@ -363,31 +247,12 @@
 }
 
 TEST_F(TombstoneTest, multiple_maps_fault_address_in_map) {
-  backtrace_map_t map;
+  unwinder_mock_->MockAddMap(0xa434000, 0xa435000, 0x1000, PROT_WRITE, "", 0xd000);
+  unwinder_mock_->MockAddMap(0xa534000, 0xa535000, 0x3000, PROT_EXEC, "", 0x2000);
+  unwinder_mock_->MockAddMap(0xa634000, 0xa635000, 0, PROT_READ | PROT_WRITE | PROT_EXEC,
+                             "/system/lib/fake.so", 0);
 
-  map.start = 0xa434000;
-  map.end = 0xa435000;
-  map.offset = 0x1000;
-  map.load_bias = 0xd000;
-  map.flags = PROT_WRITE;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa534000;
-  map.end = 0xa535000;
-  map.offset = 0x3000;
-  map.load_bias = 0x2000;
-  map.flags = PROT_EXEC;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa634000;
-  map.end = 0xa635000;
-  map.offset = 0;
-  map.load_bias = 0;
-  map.flags = PROT_READ | PROT_WRITE | PROT_EXEC;
-  map.name = "/system/lib/fake.so";
-  map_mock_->AddMap(map);
-
-  dump_all_maps(&log_, map_mock_.get(), nullptr, 0xa534040);
+  dump_all_maps(&log_, unwinder_mock_.get(), 0xa534040);
 
   std::string tombstone_contents;
   ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
@@ -413,36 +278,17 @@
 }
 
 TEST_F(TombstoneTest, multiple_maps_fault_address_after) {
-  backtrace_map_t map;
-
-  map.start = 0xa434000;
-  map.end = 0xa435000;
-  map.offset = 0x1000;
-  map.load_bias = 0xd000;
-  map.flags = PROT_WRITE;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa534000;
-  map.end = 0xa535000;
-  map.offset = 0x3000;
-  map.load_bias = 0x2000;
-  map.flags = PROT_EXEC;
-  map_mock_->AddMap(map);
-
-  map.start = 0xa634000;
-  map.end = 0xa635000;
-  map.offset = 0;
-  map.load_bias = 0;
-  map.flags = PROT_READ | PROT_WRITE | PROT_EXEC;
-  map.name = "/system/lib/fake.so";
-  map_mock_->AddMap(map);
+  unwinder_mock_->MockAddMap(0xa434000, 0xa435000, 0x1000, PROT_WRITE, "", 0xd000);
+  unwinder_mock_->MockAddMap(0xa534000, 0xa535000, 0x3000, PROT_EXEC, "", 0x2000);
+  unwinder_mock_->MockAddMap(0xa634000, 0xa635000, 0, PROT_READ | PROT_WRITE | PROT_EXEC,
+                             "/system/lib/fake.so", 0);
 
 #if defined(__LP64__)
   uint64_t addr = 0x12345a534040UL;
 #else
   uint64_t addr = 0xf534040UL;
 #endif
-  dump_all_maps(&log_, map_mock_.get(), nullptr, addr);
+  dump_all_maps(&log_, unwinder_mock_.get(), addr);
 
   std::string tombstone_contents;
   ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
@@ -502,3 +348,467 @@
   dump_timestamp(&log_, 0);
   ASSERT_STREQ("Timestamp: 1970-01-01 00:00:00+0000\n", amfd_data_.c_str());
 }
+
+class MemoryPattern : public unwindstack::Memory {
+ public:
+  MemoryPattern() = default;
+  virtual ~MemoryPattern() = default;
+
+  size_t Read(uint64_t, void* dst, size_t size) override {
+    uint8_t* data = reinterpret_cast<uint8_t*>(dst);
+    for (size_t i = 0; i < size; i++) {
+      data[i] = (i % 0xff);
+    }
+    return size;
+  }
+};
+
+TEST_F(TombstoneTest, dump_stack_single_frame) {
+  std::vector<unwindstack::FrameData> frames;
+  unwindstack::Maps maps;
+  MemoryPattern memory;
+
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1000, .pc = 0x301000, .sp = 0x2000});
+  dump_stack(&log_, frames, &maps, &memory);
+
+  std::string contents;
+  ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
+  ASSERT_TRUE(android::base::ReadFdToString(log_.tfd, &contents));
+
+  std::string expected =
+#if defined(__LP64__)
+      "         0000000000001f80  0706050403020100\n"
+      "         0000000000001f88  0f0e0d0c0b0a0908\n"
+      "         0000000000001f90  1716151413121110\n"
+      "         0000000000001f98  1f1e1d1c1b1a1918\n"
+      "         0000000000001fa0  2726252423222120\n"
+      "         0000000000001fa8  2f2e2d2c2b2a2928\n"
+      "         0000000000001fb0  3736353433323130\n"
+      "         0000000000001fb8  3f3e3d3c3b3a3938\n"
+      "         0000000000001fc0  4746454443424140\n"
+      "         0000000000001fc8  4f4e4d4c4b4a4948\n"
+      "         0000000000001fd0  5756555453525150\n"
+      "         0000000000001fd8  5f5e5d5c5b5a5958\n"
+      "         0000000000001fe0  6766656463626160\n"
+      "         0000000000001fe8  6f6e6d6c6b6a6968\n"
+      "         0000000000001ff0  7776757473727170\n"
+      "         0000000000001ff8  7f7e7d7c7b7a7978\n"
+      "    #00  0000000000002000  0706050403020100\n"
+      "         0000000000002008  0f0e0d0c0b0a0908\n"
+      "         0000000000002010  1716151413121110\n"
+      "         0000000000002018  1f1e1d1c1b1a1918\n"
+      "         0000000000002020  2726252423222120\n"
+      "         0000000000002028  2f2e2d2c2b2a2928\n"
+      "         0000000000002030  3736353433323130\n"
+      "         0000000000002038  3f3e3d3c3b3a3938\n"
+      "         0000000000002040  4746454443424140\n"
+      "         0000000000002048  4f4e4d4c4b4a4948\n"
+      "         0000000000002050  5756555453525150\n"
+      "         0000000000002058  5f5e5d5c5b5a5958\n"
+      "         0000000000002060  6766656463626160\n"
+      "         0000000000002068  6f6e6d6c6b6a6968\n"
+      "         0000000000002070  7776757473727170\n"
+      "         0000000000002078  7f7e7d7c7b7a7978\n";
+#else
+      "         00001fc0  03020100\n"
+      "         00001fc4  07060504\n"
+      "         00001fc8  0b0a0908\n"
+      "         00001fcc  0f0e0d0c\n"
+      "         00001fd0  13121110\n"
+      "         00001fd4  17161514\n"
+      "         00001fd8  1b1a1918\n"
+      "         00001fdc  1f1e1d1c\n"
+      "         00001fe0  23222120\n"
+      "         00001fe4  27262524\n"
+      "         00001fe8  2b2a2928\n"
+      "         00001fec  2f2e2d2c\n"
+      "         00001ff0  33323130\n"
+      "         00001ff4  37363534\n"
+      "         00001ff8  3b3a3938\n"
+      "         00001ffc  3f3e3d3c\n"
+      "    #00  00002000  03020100\n"
+      "         00002004  07060504\n"
+      "         00002008  0b0a0908\n"
+      "         0000200c  0f0e0d0c\n"
+      "         00002010  13121110\n"
+      "         00002014  17161514\n"
+      "         00002018  1b1a1918\n"
+      "         0000201c  1f1e1d1c\n"
+      "         00002020  23222120\n"
+      "         00002024  27262524\n"
+      "         00002028  2b2a2928\n"
+      "         0000202c  2f2e2d2c\n"
+      "         00002030  33323130\n"
+      "         00002034  37363534\n"
+      "         00002038  3b3a3938\n"
+      "         0000203c  3f3e3d3c\n";
+#endif
+  EXPECT_EQ(expected, contents);
+}
+
+TEST_F(TombstoneTest, dump_stack_multiple_frames_same_sp) {
+  std::vector<unwindstack::FrameData> frames;
+  unwindstack::Maps maps;
+  MemoryPattern memory;
+
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1000, .pc = 0x301000, .sp = 0x2000});
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1400, .pc = 0x301400, .sp = 0x2000});
+  dump_stack(&log_, frames, &maps, &memory);
+
+  std::string contents;
+  ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
+  ASSERT_TRUE(android::base::ReadFdToString(log_.tfd, &contents));
+
+  std::string expected =
+#if defined(__LP64__)
+      "         0000000000001f80  0706050403020100\n"
+      "         0000000000001f88  0f0e0d0c0b0a0908\n"
+      "         0000000000001f90  1716151413121110\n"
+      "         0000000000001f98  1f1e1d1c1b1a1918\n"
+      "         0000000000001fa0  2726252423222120\n"
+      "         0000000000001fa8  2f2e2d2c2b2a2928\n"
+      "         0000000000001fb0  3736353433323130\n"
+      "         0000000000001fb8  3f3e3d3c3b3a3938\n"
+      "         0000000000001fc0  4746454443424140\n"
+      "         0000000000001fc8  4f4e4d4c4b4a4948\n"
+      "         0000000000001fd0  5756555453525150\n"
+      "         0000000000001fd8  5f5e5d5c5b5a5958\n"
+      "         0000000000001fe0  6766656463626160\n"
+      "         0000000000001fe8  6f6e6d6c6b6a6968\n"
+      "         0000000000001ff0  7776757473727170\n"
+      "         0000000000001ff8  7f7e7d7c7b7a7978\n"
+      "    #00  0000000000002000  0706050403020100\n"
+      "         ................  ................\n"
+      "    #01  0000000000002000  0706050403020100\n"
+      "         0000000000002008  0f0e0d0c0b0a0908\n"
+      "         0000000000002010  1716151413121110\n"
+      "         0000000000002018  1f1e1d1c1b1a1918\n"
+      "         0000000000002020  2726252423222120\n"
+      "         0000000000002028  2f2e2d2c2b2a2928\n"
+      "         0000000000002030  3736353433323130\n"
+      "         0000000000002038  3f3e3d3c3b3a3938\n"
+      "         0000000000002040  4746454443424140\n"
+      "         0000000000002048  4f4e4d4c4b4a4948\n"
+      "         0000000000002050  5756555453525150\n"
+      "         0000000000002058  5f5e5d5c5b5a5958\n"
+      "         0000000000002060  6766656463626160\n"
+      "         0000000000002068  6f6e6d6c6b6a6968\n"
+      "         0000000000002070  7776757473727170\n"
+      "         0000000000002078  7f7e7d7c7b7a7978\n";
+#else
+      "         00001fc0  03020100\n"
+      "         00001fc4  07060504\n"
+      "         00001fc8  0b0a0908\n"
+      "         00001fcc  0f0e0d0c\n"
+      "         00001fd0  13121110\n"
+      "         00001fd4  17161514\n"
+      "         00001fd8  1b1a1918\n"
+      "         00001fdc  1f1e1d1c\n"
+      "         00001fe0  23222120\n"
+      "         00001fe4  27262524\n"
+      "         00001fe8  2b2a2928\n"
+      "         00001fec  2f2e2d2c\n"
+      "         00001ff0  33323130\n"
+      "         00001ff4  37363534\n"
+      "         00001ff8  3b3a3938\n"
+      "         00001ffc  3f3e3d3c\n"
+      "    #00  00002000  03020100\n"
+      "         ........  ........\n"
+      "    #01  00002000  03020100\n"
+      "         00002004  07060504\n"
+      "         00002008  0b0a0908\n"
+      "         0000200c  0f0e0d0c\n"
+      "         00002010  13121110\n"
+      "         00002014  17161514\n"
+      "         00002018  1b1a1918\n"
+      "         0000201c  1f1e1d1c\n"
+      "         00002020  23222120\n"
+      "         00002024  27262524\n"
+      "         00002028  2b2a2928\n"
+      "         0000202c  2f2e2d2c\n"
+      "         00002030  33323130\n"
+      "         00002034  37363534\n"
+      "         00002038  3b3a3938\n"
+      "         0000203c  3f3e3d3c\n";
+#endif
+  EXPECT_EQ(expected, contents);
+}
+
+TEST_F(TombstoneTest, dump_stack_multiple_frames) {
+  std::vector<unwindstack::FrameData> frames;
+  unwindstack::Maps maps;
+  MemoryPattern memory;
+
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1000, .pc = 0x301000, .sp = 0x2000});
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1400, .pc = 0x301400, .sp = 0x2010});
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1400, .pc = 0x301400, .sp = 0x2100});
+  dump_stack(&log_, frames, &maps, &memory);
+
+  std::string contents;
+  ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
+  ASSERT_TRUE(android::base::ReadFdToString(log_.tfd, &contents));
+
+  std::string expected =
+#if defined(__LP64__)
+      "         0000000000001f80  0706050403020100\n"
+      "         0000000000001f88  0f0e0d0c0b0a0908\n"
+      "         0000000000001f90  1716151413121110\n"
+      "         0000000000001f98  1f1e1d1c1b1a1918\n"
+      "         0000000000001fa0  2726252423222120\n"
+      "         0000000000001fa8  2f2e2d2c2b2a2928\n"
+      "         0000000000001fb0  3736353433323130\n"
+      "         0000000000001fb8  3f3e3d3c3b3a3938\n"
+      "         0000000000001fc0  4746454443424140\n"
+      "         0000000000001fc8  4f4e4d4c4b4a4948\n"
+      "         0000000000001fd0  5756555453525150\n"
+      "         0000000000001fd8  5f5e5d5c5b5a5958\n"
+      "         0000000000001fe0  6766656463626160\n"
+      "         0000000000001fe8  6f6e6d6c6b6a6968\n"
+      "         0000000000001ff0  7776757473727170\n"
+      "         0000000000001ff8  7f7e7d7c7b7a7978\n"
+      "    #00  0000000000002000  0706050403020100\n"
+      "         0000000000002008  0f0e0d0c0b0a0908\n"
+      "    #01  0000000000002010  0706050403020100\n"
+      "         0000000000002018  0f0e0d0c0b0a0908\n"
+      "         0000000000002020  1716151413121110\n"
+      "         0000000000002028  1f1e1d1c1b1a1918\n"
+      "         0000000000002030  2726252423222120\n"
+      "         0000000000002038  2f2e2d2c2b2a2928\n"
+      "         0000000000002040  3736353433323130\n"
+      "         0000000000002048  3f3e3d3c3b3a3938\n"
+      "         0000000000002050  4746454443424140\n"
+      "         0000000000002058  4f4e4d4c4b4a4948\n"
+      "         0000000000002060  5756555453525150\n"
+      "         0000000000002068  5f5e5d5c5b5a5958\n"
+      "         0000000000002070  6766656463626160\n"
+      "         0000000000002078  6f6e6d6c6b6a6968\n"
+      "         0000000000002080  7776757473727170\n"
+      "         0000000000002088  7f7e7d7c7b7a7978\n"
+      "         ................  ................\n"
+      "    #02  0000000000002100  0706050403020100\n"
+      "         0000000000002108  0f0e0d0c0b0a0908\n"
+      "         0000000000002110  1716151413121110\n"
+      "         0000000000002118  1f1e1d1c1b1a1918\n"
+      "         0000000000002120  2726252423222120\n"
+      "         0000000000002128  2f2e2d2c2b2a2928\n"
+      "         0000000000002130  3736353433323130\n"
+      "         0000000000002138  3f3e3d3c3b3a3938\n"
+      "         0000000000002140  4746454443424140\n"
+      "         0000000000002148  4f4e4d4c4b4a4948\n"
+      "         0000000000002150  5756555453525150\n"
+      "         0000000000002158  5f5e5d5c5b5a5958\n"
+      "         0000000000002160  6766656463626160\n"
+      "         0000000000002168  6f6e6d6c6b6a6968\n"
+      "         0000000000002170  7776757473727170\n"
+      "         0000000000002178  7f7e7d7c7b7a7978\n";
+#else
+      "         00001fc0  03020100\n"
+      "         00001fc4  07060504\n"
+      "         00001fc8  0b0a0908\n"
+      "         00001fcc  0f0e0d0c\n"
+      "         00001fd0  13121110\n"
+      "         00001fd4  17161514\n"
+      "         00001fd8  1b1a1918\n"
+      "         00001fdc  1f1e1d1c\n"
+      "         00001fe0  23222120\n"
+      "         00001fe4  27262524\n"
+      "         00001fe8  2b2a2928\n"
+      "         00001fec  2f2e2d2c\n"
+      "         00001ff0  33323130\n"
+      "         00001ff4  37363534\n"
+      "         00001ff8  3b3a3938\n"
+      "         00001ffc  3f3e3d3c\n"
+      "    #00  00002000  03020100\n"
+      "         00002004  07060504\n"
+      "         00002008  0b0a0908\n"
+      "         0000200c  0f0e0d0c\n"
+      "    #01  00002010  03020100\n"
+      "         00002014  07060504\n"
+      "         00002018  0b0a0908\n"
+      "         0000201c  0f0e0d0c\n"
+      "         00002020  13121110\n"
+      "         00002024  17161514\n"
+      "         00002028  1b1a1918\n"
+      "         0000202c  1f1e1d1c\n"
+      "         00002030  23222120\n"
+      "         00002034  27262524\n"
+      "         00002038  2b2a2928\n"
+      "         0000203c  2f2e2d2c\n"
+      "         00002040  33323130\n"
+      "         00002044  37363534\n"
+      "         00002048  3b3a3938\n"
+      "         0000204c  3f3e3d3c\n"
+      "         ........  ........\n"
+      "    #02  00002100  03020100\n"
+      "         00002104  07060504\n"
+      "         00002108  0b0a0908\n"
+      "         0000210c  0f0e0d0c\n"
+      "         00002110  13121110\n"
+      "         00002114  17161514\n"
+      "         00002118  1b1a1918\n"
+      "         0000211c  1f1e1d1c\n"
+      "         00002120  23222120\n"
+      "         00002124  27262524\n"
+      "         00002128  2b2a2928\n"
+      "         0000212c  2f2e2d2c\n"
+      "         00002130  33323130\n"
+      "         00002134  37363534\n"
+      "         00002138  3b3a3938\n"
+      "         0000213c  3f3e3d3c\n";
+#endif
+  EXPECT_EQ(expected, contents);
+}
+
+TEST_F(TombstoneTest, dump_stack_multiple_frames_disjoint_frames) {
+  std::vector<unwindstack::FrameData> frames;
+  unwindstack::Maps maps;
+  MemoryPattern memory;
+
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1000, .pc = 0x301000, .sp = 0x2000});
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1400, .pc = 0x301400, .sp = 0x2010});
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1400, .pc = 0x301400, .sp = 0x1000});
+  frames.push_back(
+      unwindstack::FrameData{.num = 0, .rel_pc = 0x1400, .pc = 0x301400, .sp = 0x1030});
+  dump_stack(&log_, frames, &maps, &memory);
+
+  std::string contents;
+  ASSERT_TRUE(lseek(log_.tfd, 0, SEEK_SET) == 0);
+  ASSERT_TRUE(android::base::ReadFdToString(log_.tfd, &contents));
+
+  std::string expected =
+#if defined(__LP64__)
+      "         0000000000001f80  0706050403020100\n"
+      "         0000000000001f88  0f0e0d0c0b0a0908\n"
+      "         0000000000001f90  1716151413121110\n"
+      "         0000000000001f98  1f1e1d1c1b1a1918\n"
+      "         0000000000001fa0  2726252423222120\n"
+      "         0000000000001fa8  2f2e2d2c2b2a2928\n"
+      "         0000000000001fb0  3736353433323130\n"
+      "         0000000000001fb8  3f3e3d3c3b3a3938\n"
+      "         0000000000001fc0  4746454443424140\n"
+      "         0000000000001fc8  4f4e4d4c4b4a4948\n"
+      "         0000000000001fd0  5756555453525150\n"
+      "         0000000000001fd8  5f5e5d5c5b5a5958\n"
+      "         0000000000001fe0  6766656463626160\n"
+      "         0000000000001fe8  6f6e6d6c6b6a6968\n"
+      "         0000000000001ff0  7776757473727170\n"
+      "         0000000000001ff8  7f7e7d7c7b7a7978\n"
+      "    #00  0000000000002000  0706050403020100\n"
+      "         0000000000002008  0f0e0d0c0b0a0908\n"
+      "    #01  0000000000002010  0706050403020100\n"
+      "         0000000000002018  0f0e0d0c0b0a0908\n"
+      "         0000000000002020  1716151413121110\n"
+      "         0000000000002028  1f1e1d1c1b1a1918\n"
+      "         0000000000002030  2726252423222120\n"
+      "         0000000000002038  2f2e2d2c2b2a2928\n"
+      "         0000000000002040  3736353433323130\n"
+      "         0000000000002048  3f3e3d3c3b3a3938\n"
+      "         0000000000002050  4746454443424140\n"
+      "         0000000000002058  4f4e4d4c4b4a4948\n"
+      "         0000000000002060  5756555453525150\n"
+      "         0000000000002068  5f5e5d5c5b5a5958\n"
+      "         0000000000002070  6766656463626160\n"
+      "         0000000000002078  6f6e6d6c6b6a6968\n"
+      "         0000000000002080  7776757473727170\n"
+      "         0000000000002088  7f7e7d7c7b7a7978\n"
+      "         ................  ................\n"
+      "    #02  0000000000001000  0706050403020100\n"
+      "         0000000000001008  0f0e0d0c0b0a0908\n"
+      "         0000000000001010  1716151413121110\n"
+      "         0000000000001018  1f1e1d1c1b1a1918\n"
+      "         0000000000001020  2726252423222120\n"
+      "         0000000000001028  2f2e2d2c2b2a2928\n"
+      "    #03  0000000000001030  0706050403020100\n"
+      "         0000000000001038  0f0e0d0c0b0a0908\n"
+      "         0000000000001040  1716151413121110\n"
+      "         0000000000001048  1f1e1d1c1b1a1918\n"
+      "         0000000000001050  2726252423222120\n"
+      "         0000000000001058  2f2e2d2c2b2a2928\n"
+      "         0000000000001060  3736353433323130\n"
+      "         0000000000001068  3f3e3d3c3b3a3938\n"
+      "         0000000000001070  4746454443424140\n"
+      "         0000000000001078  4f4e4d4c4b4a4948\n"
+      "         0000000000001080  5756555453525150\n"
+      "         0000000000001088  5f5e5d5c5b5a5958\n"
+      "         0000000000001090  6766656463626160\n"
+      "         0000000000001098  6f6e6d6c6b6a6968\n"
+      "         00000000000010a0  7776757473727170\n"
+      "         00000000000010a8  7f7e7d7c7b7a7978\n";
+#else
+      "         00001fc0  03020100\n"
+      "         00001fc4  07060504\n"
+      "         00001fc8  0b0a0908\n"
+      "         00001fcc  0f0e0d0c\n"
+      "         00001fd0  13121110\n"
+      "         00001fd4  17161514\n"
+      "         00001fd8  1b1a1918\n"
+      "         00001fdc  1f1e1d1c\n"
+      "         00001fe0  23222120\n"
+      "         00001fe4  27262524\n"
+      "         00001fe8  2b2a2928\n"
+      "         00001fec  2f2e2d2c\n"
+      "         00001ff0  33323130\n"
+      "         00001ff4  37363534\n"
+      "         00001ff8  3b3a3938\n"
+      "         00001ffc  3f3e3d3c\n"
+      "    #00  00002000  03020100\n"
+      "         00002004  07060504\n"
+      "         00002008  0b0a0908\n"
+      "         0000200c  0f0e0d0c\n"
+      "    #01  00002010  03020100\n"
+      "         00002014  07060504\n"
+      "         00002018  0b0a0908\n"
+      "         0000201c  0f0e0d0c\n"
+      "         00002020  13121110\n"
+      "         00002024  17161514\n"
+      "         00002028  1b1a1918\n"
+      "         0000202c  1f1e1d1c\n"
+      "         00002030  23222120\n"
+      "         00002034  27262524\n"
+      "         00002038  2b2a2928\n"
+      "         0000203c  2f2e2d2c\n"
+      "         00002040  33323130\n"
+      "         00002044  37363534\n"
+      "         00002048  3b3a3938\n"
+      "         0000204c  3f3e3d3c\n"
+      "         ........  ........\n"
+      "    #02  00001000  03020100\n"
+      "         00001004  07060504\n"
+      "         00001008  0b0a0908\n"
+      "         0000100c  0f0e0d0c\n"
+      "         00001010  13121110\n"
+      "         00001014  17161514\n"
+      "         00001018  1b1a1918\n"
+      "         0000101c  1f1e1d1c\n"
+      "         00001020  23222120\n"
+      "         00001024  27262524\n"
+      "         00001028  2b2a2928\n"
+      "         0000102c  2f2e2d2c\n"
+      "    #03  00001030  03020100\n"
+      "         00001034  07060504\n"
+      "         00001038  0b0a0908\n"
+      "         0000103c  0f0e0d0c\n"
+      "         00001040  13121110\n"
+      "         00001044  17161514\n"
+      "         00001048  1b1a1918\n"
+      "         0000104c  1f1e1d1c\n"
+      "         00001050  23222120\n"
+      "         00001054  27262524\n"
+      "         00001058  2b2a2928\n"
+      "         0000105c  2f2e2d2c\n"
+      "         00001060  33323130\n"
+      "         00001064  37363534\n"
+      "         00001068  3b3a3938\n"
+      "         0000106c  3f3e3d3c\n";
+#endif
+  EXPECT_EQ(expected, contents);
+}
diff --git a/debuggerd/libdebuggerd/tombstone.cpp b/debuggerd/libdebuggerd/tombstone.cpp
index b20014f..8798ad3 100644
--- a/debuggerd/libdebuggerd/tombstone.cpp
+++ b/debuggerd/libdebuggerd/tombstone.cpp
@@ -41,19 +41,20 @@
 #include <android-base/strings.h>
 #include <android-base/unique_fd.h>
 #include <android/log.h>
-#include <backtrace/Backtrace.h>
-#include <backtrace/BacktraceMap.h>
 #include <log/log.h>
 #include <log/logprint.h>
 #include <private/android_filesystem_config.h>
+#include <unwindstack/DexFiles.h>
+#include <unwindstack/JitDebug.h>
+#include <unwindstack/Maps.h>
 #include <unwindstack/Memory.h>
 #include <unwindstack/Regs.h>
+#include <unwindstack/Unwinder.h>
 
 // Needed to get DEBUGGER_SIGNAL.
 #include "debuggerd/handler.h"
 
 #include "libdebuggerd/backtrace.h"
-#include "libdebuggerd/elf_utils.h"
 #include "libdebuggerd/open_files_list.h"
 #include "libdebuggerd/utility.h"
 
@@ -62,9 +63,6 @@
 using android::base::StringPrintf;
 using android::base::unique_fd;
 
-using unwindstack::Memory;
-using unwindstack::Regs;
-
 using namespace std::literals::string_literals;
 
 #define STACK_WORDS 16
@@ -87,7 +85,7 @@
   _LOG(log, logtype::HEADER, "Timestamp: %s\n", buf);
 }
 
-static void dump_probable_cause(log_t* log, const siginfo_t* si, BacktraceMap* map) {
+static void dump_probable_cause(log_t* log, const siginfo_t* si, unwindstack::Maps* maps) {
   std::string cause;
   if (si->si_signo == SIGSEGV && si->si_code == SEGV_MAPERR) {
     if (si->si_addr < reinterpret_cast<void*>(4096)) {
@@ -104,12 +102,9 @@
       cause = "call to kuser_cmpxchg64";
     }
   } else if (si->si_signo == SIGSEGV && si->si_code == SEGV_ACCERR) {
-    for (auto it = map->begin(); it != map->end(); ++it) {
-      const backtrace_map_t* entry = *it;
-      if (si->si_addr >= reinterpret_cast<void*>(entry->start) &&
-          si->si_addr < reinterpret_cast<void*>(entry->end) && entry->flags == PROT_EXEC) {
-        cause = "execute-only (no-read) memory access error; likely due to data in .text.";
-      }
+    unwindstack::MapInfo* map_info = maps->Find(reinterpret_cast<uint64_t>(si->si_addr));
+    if (map_info != nullptr && map_info->flags == PROT_EXEC) {
+      cause = "execute-only (no-read) memory access error; likely due to data in .text.";
     }
   } else if (si->si_signo == SIGSYS && si->si_code == SYS_SECCOMP) {
     cause = StringPrintf("seccomp prevented call to disallowed %s system call %d", ABI_STRING,
@@ -119,7 +114,8 @@
   if (!cause.empty()) _LOG(log, logtype::HEADER, "Cause: %s\n", cause.c_str());
 }
 
-static void dump_signal_info(log_t* log, const ThreadInfo& thread_info, Memory* process_memory) {
+static void dump_signal_info(log_t* log, const ThreadInfo& thread_info,
+                             unwindstack::Memory* process_memory) {
   char addr_desc[64];  // ", fault addr 0x1234"
   if (signal_has_si_addr(thread_info.siginfo)) {
     void* addr = thread_info.siginfo->si_addr;
@@ -156,14 +152,14 @@
        thread_info.tid, thread_info.thread_name.c_str(), thread_info.process_name.c_str());
 }
 
-static void dump_stack_segment(log_t* log, BacktraceMap* backtrace_map, Memory* process_memory,
+static void dump_stack_segment(log_t* log, unwindstack::Maps* maps, unwindstack::Memory* memory,
                                uint64_t* sp, size_t words, int label) {
   // Read the data all at once.
   word_t stack_data[words];
 
   // TODO: Do we need to word align this for crashes caused by a misaligned sp?
   //       The process_vm_readv implementation of Memory should handle this appropriately?
-  size_t bytes_read = process_memory->Read(*sp, stack_data, sizeof(word_t) * words);
+  size_t bytes_read = memory->Read(*sp, stack_data, sizeof(word_t) * words);
   words = bytes_read / sizeof(word_t);
   std::string line;
   for (size_t i = 0; i < words; i++) {
@@ -176,17 +172,15 @@
     }
     line += StringPrintf("%" PRIPTR "  %" PRIPTR, *sp, static_cast<uint64_t>(stack_data[i]));
 
-    backtrace_map_t map;
-    backtrace_map->FillIn(stack_data[i], &map);
-    std::string map_name{map.Name()};
-    if (BacktraceMap::IsValid(map) && !map_name.empty()) {
-      line += "  " + map_name;
-      uint64_t offset = 0;
-      std::string func_name = backtrace_map->GetFunctionName(stack_data[i], &offset);
-      if (!func_name.empty()) {
+    unwindstack::MapInfo* map_info = maps->Find(stack_data[i]);
+    if (map_info != nullptr && !map_info->name.empty()) {
+      line += "  " + map_info->name;
+      std::string func_name;
+      uint64_t func_offset = 0;
+      if (map_info->GetFunctionName(stack_data[i], &func_name, &func_offset)) {
         line += " (" + func_name;
-        if (offset) {
-          line += StringPrintf("+%" PRIu64, offset);
+        if (func_offset) {
+          line += StringPrintf("+%" PRIu64, func_offset);
         }
         line += ')';
       }
@@ -197,12 +191,11 @@
   }
 }
 
-static void dump_stack(log_t* log, BacktraceMap* backtrace_map, Memory* process_memory,
-                       std::vector<backtrace_frame_data_t>& frames) {
+static void dump_stack(log_t* log, const std::vector<unwindstack::FrameData>& frames,
+                       unwindstack::Maps* maps, unwindstack::Memory* memory) {
   size_t first = 0, last;
   for (size_t i = 0; i < frames.size(); i++) {
-    const backtrace_frame_data_t& frame = frames[i];
-    if (frame.sp) {
+    if (frames[i].sp) {
       if (!first) {
         first = i+1;
       }
@@ -217,29 +210,44 @@
 
   // Dump a few words before the first frame.
   uint64_t sp = frames[first].sp - STACK_WORDS * sizeof(word_t);
-  dump_stack_segment(log, backtrace_map, process_memory, &sp, STACK_WORDS, -1);
+  dump_stack_segment(log, maps, memory, &sp, STACK_WORDS, -1);
+
+#if defined(__LP64__)
+  static constexpr const char delimiter[] = "         ................  ................\n";
+#else
+  static constexpr const char delimiter[] = "         ........  ........\n";
+#endif
 
   // Dump a few words from all successive frames.
-  // Only log the first 3 frames, put the rest in the tombstone.
   for (size_t i = first; i <= last; i++) {
-    const backtrace_frame_data_t* frame = &frames[i];
+    auto* frame = &frames[i];
     if (sp != frame->sp) {
-      _LOG(log, logtype::STACK, "         ........  ........\n");
+      _LOG(log, logtype::STACK, delimiter);
       sp = frame->sp;
     }
-    if (i == last) {
-      dump_stack_segment(log, backtrace_map, process_memory, &sp, STACK_WORDS, i);
-      if (sp < frame->sp + frame->stack_size) {
-        _LOG(log, logtype::STACK, "         ........  ........\n");
-      }
-    } else {
-      size_t words = frame->stack_size / sizeof(word_t);
-      if (words == 0) {
-        words = 1;
-      } else if (words > STACK_WORDS) {
+    if (i != last) {
+      // Print stack data up to the stack from the next frame.
+      size_t words;
+      uint64_t next_sp = frames[i + 1].sp;
+      if (next_sp < sp) {
+        // The next frame is probably using a completely different stack,
+        // so dump the max from this stack.
         words = STACK_WORDS;
+      } else {
+        words = (next_sp - sp) / sizeof(word_t);
+        if (words == 0) {
+          // The sp is the same as the next frame, print at least
+          // one line for this frame.
+          words = 1;
+        } else if (words > STACK_WORDS) {
+          words = STACK_WORDS;
+        }
       }
-      dump_stack_segment(log, backtrace_map, process_memory, &sp, words, i);
+      dump_stack_segment(log, maps, memory, &sp, words, i);
+    } else {
+      // Print some number of words past the last stack frame since we
+      // don't know how large the stack is.
+      dump_stack_segment(log, maps, memory, &sp, STACK_WORDS, i);
     }
   }
 }
@@ -256,7 +264,7 @@
   return addr_str;
 }
 
-static void dump_abort_message(log_t* log, Memory* process_memory, uint64_t address) {
+static void dump_abort_message(log_t* log, unwindstack::Memory* process_memory, uint64_t address) {
   if (address == 0) {
     return;
   }
@@ -285,16 +293,16 @@
   _LOG(log, logtype::HEADER, "Abort message: '%s'\n", &msg[0]);
 }
 
-static void dump_all_maps(log_t* log, BacktraceMap* map, Memory* process_memory, uint64_t addr) {
+static void dump_all_maps(log_t* log, unwindstack::Unwinder* unwinder, uint64_t addr) {
   bool print_fault_address_marker = addr;
 
-  ScopedBacktraceMapIteratorLock lock(map);
+  unwindstack::Maps* maps = unwinder->GetMaps();
   _LOG(log, logtype::MAPS,
        "\n"
        "memory map (%zu entr%s):",
-       map->size(), map->size() == 1 ? "y" : "ies");
+       maps->Total(), maps->Total() == 1 ? "y" : "ies");
   if (print_fault_address_marker) {
-    if (map->begin() != map->end() && addr < (*map->begin())->start) {
+    if (maps->Total() != 0 && addr < maps->Get(0)->start) {
       _LOG(log, logtype::MAPS, "\n--->Fault address falls at %s before any mapped regions\n",
            get_addr_string(addr).c_str());
       print_fault_address_marker = false;
@@ -305,51 +313,54 @@
     _LOG(log, logtype::MAPS, "\n");
   }
 
+  std::shared_ptr<unwindstack::Memory>& process_memory = unwinder->GetProcessMemory();
+
   std::string line;
-  for (auto it = map->begin(); it != map->end(); ++it) {
-    const backtrace_map_t* entry = *it;
+  for (unwindstack::MapInfo* map_info : *maps) {
     line = "    ";
     if (print_fault_address_marker) {
-      if (addr < entry->start) {
+      if (addr < map_info->start) {
         _LOG(log, logtype::MAPS, "--->Fault address falls at %s between mapped regions\n",
              get_addr_string(addr).c_str());
         print_fault_address_marker = false;
-      } else if (addr >= entry->start && addr < entry->end) {
+      } else if (addr >= map_info->start && addr < map_info->end) {
         line = "--->";
         print_fault_address_marker = false;
       }
     }
-    line += get_addr_string(entry->start) + '-' + get_addr_string(entry->end - 1) + ' ';
-    if (entry->flags & PROT_READ) {
+    line += get_addr_string(map_info->start) + '-' + get_addr_string(map_info->end - 1) + ' ';
+    if (map_info->flags & PROT_READ) {
       line += 'r';
     } else {
       line += '-';
     }
-    if (entry->flags & PROT_WRITE) {
+    if (map_info->flags & PROT_WRITE) {
       line += 'w';
     } else {
       line += '-';
     }
-    if (entry->flags & PROT_EXEC) {
+    if (map_info->flags & PROT_EXEC) {
       line += 'x';
     } else {
       line += '-';
     }
-    line += StringPrintf("  %8" PRIx64 "  %8" PRIx64, entry->offset, entry->end - entry->start);
+    line += StringPrintf("  %8" PRIx64 "  %8" PRIx64, map_info->offset,
+                         map_info->end - map_info->start);
     bool space_needed = true;
-    if (entry->name.length() > 0) {
+    if (!map_info->name.empty()) {
       space_needed = false;
-      line += "  " + entry->name;
-      std::string build_id;
-      if ((entry->flags & PROT_READ) && elf_get_build_id(process_memory, entry->start, &build_id)) {
+      line += "  " + map_info->name;
+      std::string build_id = map_info->GetPrintableBuildID();
+      if (!build_id.empty()) {
         line += " (BuildId: " + build_id + ")";
       }
     }
-    if (entry->load_bias != 0) {
+    uint64_t load_bias = map_info->GetLoadBias(process_memory);
+    if (load_bias != 0) {
       if (space_needed) {
         line += ' ';
       }
-      line += StringPrintf(" (load bias 0x%" PRIx64 ")", entry->load_bias);
+      line += StringPrintf(" (load bias 0x%" PRIx64 ")", load_bias);
     }
     _LOG(log, logtype::MAPS, "%s\n", line.c_str());
   }
@@ -359,9 +370,9 @@
   }
 }
 
-void dump_backtrace(log_t* log, std::vector<backtrace_frame_data_t>& frames, const char* prefix) {
-  for (auto& frame : frames) {
-    _LOG(log, logtype::BACKTRACE, "%s%s\n", prefix, Backtrace::FormatFrameData(&frame).c_str());
+void dump_backtrace(log_t* log, unwindstack::Unwinder* unwinder, const char* prefix) {
+  for (size_t i = 0; i < unwinder->NumFrames(); i++) {
+    _LOG(log, logtype::BACKTRACE, "%s%s\n", prefix, unwinder->FormatFrame(i).c_str());
   }
 }
 
@@ -377,7 +388,7 @@
   _LOG(log, logtype::REGISTERS, "  %s\n", output.c_str());
 }
 
-void dump_registers(log_t* log, Regs* regs) {
+void dump_registers(log_t* log, unwindstack::Regs* regs) {
   // Split lr/sp/pc into their own special row.
   static constexpr size_t column_count = 4;
   std::vector<std::pair<std::string, uint64_t>> current_row;
@@ -416,23 +427,22 @@
   print_register_row(log, special_row);
 }
 
-void dump_memory_and_code(log_t* log, BacktraceMap* map, Memory* memory, Regs* regs) {
-  regs->IterateRegisters([log, map, memory](const char* reg_name, uint64_t reg_value) {
+void dump_memory_and_code(log_t* log, unwindstack::Maps* maps, unwindstack::Memory* memory,
+                          unwindstack::Regs* regs) {
+  regs->IterateRegisters([log, maps, memory](const char* reg_name, uint64_t reg_value) {
     std::string label{"memory near "s + reg_name};
-    if (map) {
-      backtrace_map_t map_info;
-      map->FillIn(reg_value, &map_info);
-      std::string map_name{map_info.Name()};
-      if (!map_name.empty()) label += " (" + map_info.Name() + ")";
+    if (maps) {
+      unwindstack::MapInfo* map_info = maps->Find(reg_value);
+      if (map_info != nullptr && !map_info->name.empty()) {
+        label += " (" + map_info->name + ")";
+      }
     }
     dump_memory(log, memory, reg_value, label);
   });
 }
 
-static bool dump_thread(log_t* log, BacktraceMap* map, Memory* process_memory,
-                        const ThreadInfo& thread_info, uint64_t abort_msg_address,
-                        bool primary_thread) {
-  UNUSED(process_memory);
+static bool dump_thread(log_t* log, unwindstack::Unwinder* unwinder, const ThreadInfo& thread_info,
+                        uint64_t abort_msg_address, bool primary_thread) {
   log->current_tid = thread_info.tid;
   if (!primary_thread) {
     _LOG(log, logtype::THREAD, "--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---\n");
@@ -440,41 +450,41 @@
   dump_thread_info(log, thread_info);
 
   if (thread_info.siginfo) {
-    dump_signal_info(log, thread_info, process_memory);
-    dump_probable_cause(log, thread_info.siginfo, map);
+    dump_signal_info(log, thread_info, unwinder->GetProcessMemory().get());
+    dump_probable_cause(log, thread_info.siginfo, unwinder->GetMaps());
   }
 
   if (primary_thread) {
-    dump_abort_message(log, process_memory, abort_msg_address);
+    dump_abort_message(log, unwinder->GetProcessMemory().get(), abort_msg_address);
   }
 
   dump_registers(log, thread_info.registers.get());
 
   // Unwind will mutate the registers, so make a copy first.
-  std::unique_ptr<Regs> regs_copy(thread_info.registers->Clone());
-  std::vector<backtrace_frame_data_t> frames;
-  if (!Backtrace::Unwind(regs_copy.get(), map, &frames, 0, nullptr)) {
+  std::unique_ptr<unwindstack::Regs> regs_copy(thread_info.registers->Clone());
+  unwinder->SetRegs(regs_copy.get());
+  unwinder->Unwind();
+  if (unwinder->NumFrames() == 0) {
     _LOG(log, logtype::THREAD, "Failed to unwind");
-    return false;
-  }
-
-  if (!frames.empty()) {
+  } else {
     _LOG(log, logtype::BACKTRACE, "\nbacktrace:\n");
-    dump_backtrace(log, frames, "    ");
+    dump_backtrace(log, unwinder, "    ");
 
     _LOG(log, logtype::STACK, "\nstack:\n");
-    dump_stack(log, map, process_memory, frames);
+    dump_stack(log, unwinder->frames(), unwinder->GetMaps(), unwinder->GetProcessMemory().get());
   }
 
   if (primary_thread) {
-    dump_memory_and_code(log, map, process_memory, thread_info.registers.get());
-    if (map) {
+    unwindstack::Maps* maps = unwinder->GetMaps();
+    dump_memory_and_code(log, maps, unwinder->GetProcessMemory().get(),
+                         thread_info.registers.get());
+    if (maps != nullptr) {
       uint64_t addr = 0;
       siginfo_t* si = thread_info.siginfo;
       if (signal_has_si_addr(si)) {
         addr = reinterpret_cast<uint64_t>(si->si_addr);
       }
-      dump_all_maps(log, map, process_memory, addr);
+      dump_all_maps(log, unwinder, addr);
     }
   }
 
@@ -625,7 +635,8 @@
   read_with_default("/proc/self/comm", thread_name, sizeof(thread_name), "<unknown>");
   read_with_default("/proc/self/cmdline", process_name, sizeof(process_name), "<unknown>");
 
-  std::unique_ptr<Regs> regs(Regs::CreateFromUcontext(Regs::CurrentArch(), ucontext));
+  std::unique_ptr<unwindstack::Regs> regs(
+      unwindstack::Regs::CreateFromUcontext(unwindstack::Regs::CurrentArch(), ucontext));
 
   std::map<pid_t, ThreadInfo> threads;
   threads[gettid()] = ThreadInfo{
@@ -637,18 +648,16 @@
       .siginfo = siginfo,
   };
 
-  std::unique_ptr<BacktraceMap> backtrace_map(BacktraceMap::Create(getpid(), false));
-  if (!backtrace_map) {
-    ALOGE("failed to create backtrace map");
-    _exit(1);
+  unwindstack::UnwinderFromPid unwinder(kMaxFrames, pid);
+  if (!unwinder.Init(unwindstack::Regs::CurrentArch())) {
+    LOG(FATAL) << "Failed to init unwinder object.";
   }
 
-  std::shared_ptr<Memory> process_memory = backtrace_map->GetProcessMemory();
-  engrave_tombstone(unique_fd(dup(tombstone_fd)), backtrace_map.get(), process_memory.get(),
-                    threads, tid, abort_msg_address, nullptr, nullptr);
+  engrave_tombstone(unique_fd(dup(tombstone_fd)), &unwinder, threads, tid, abort_msg_address,
+                    nullptr, nullptr);
 }
 
-void engrave_tombstone(unique_fd output_fd, BacktraceMap* map, Memory* process_memory,
+void engrave_tombstone(unique_fd output_fd, unwindstack::Unwinder* unwinder,
                        const std::map<pid_t, ThreadInfo>& threads, pid_t target_thread,
                        uint64_t abort_msg_address, OpenFilesList* open_files,
                        std::string* amfd_data) {
@@ -669,7 +678,7 @@
   if (it == threads.end()) {
     LOG(FATAL) << "failed to find target thread";
   }
-  dump_thread(&log, map, process_memory, it->second, abort_msg_address, true);
+  dump_thread(&log, unwinder, it->second, abort_msg_address, true);
 
   if (want_logs) {
     dump_logs(&log, it->second.pid, 50);
@@ -680,7 +689,7 @@
       continue;
     }
 
-    dump_thread(&log, map, process_memory, thread_info, 0, false);
+    dump_thread(&log, unwinder, thread_info, 0, false);
   }
 
   if (open_files) {
diff --git a/fastboot/bootimg_utils.cpp b/fastboot/bootimg_utils.cpp
index e433787..46d4bd3 100644
--- a/fastboot/bootimg_utils.cpp
+++ b/fastboot/bootimg_utils.cpp
@@ -34,25 +34,27 @@
 #include <stdlib.h>
 #include <string.h>
 
-void bootimg_set_cmdline(boot_img_hdr_v1* h, const std::string& cmdline) {
+void bootimg_set_cmdline(boot_img_hdr_v2* h, const std::string& cmdline) {
     if (cmdline.size() >= sizeof(h->cmdline)) die("command line too large: %zu", cmdline.size());
     strcpy(reinterpret_cast<char*>(h->cmdline), cmdline.c_str());
 }
 
-boot_img_hdr_v1* mkbootimg(const std::vector<char>& kernel, const std::vector<char>& ramdisk,
-                           const std::vector<char>& second, size_t base, const boot_img_hdr_v1& src,
-                           std::vector<char>* out) {
+boot_img_hdr_v2* mkbootimg(const std::vector<char>& kernel, const std::vector<char>& ramdisk,
+                           const std::vector<char>& second, const std::vector<char>& dtb,
+                           size_t base, const boot_img_hdr_v2& src, std::vector<char>* out) {
     const size_t page_mask = src.page_size - 1;
 
     int64_t header_actual = (sizeof(boot_img_hdr_v1) + page_mask) & (~page_mask);
     int64_t kernel_actual = (kernel.size() + page_mask) & (~page_mask);
     int64_t ramdisk_actual = (ramdisk.size() + page_mask) & (~page_mask);
     int64_t second_actual = (second.size() + page_mask) & (~page_mask);
+    int64_t dtb_actual = (dtb.size() + page_mask) & (~page_mask);
 
-    int64_t bootimg_size = header_actual + kernel_actual + ramdisk_actual + second_actual;
+    int64_t bootimg_size =
+            header_actual + kernel_actual + ramdisk_actual + second_actual + dtb_actual;
     out->resize(bootimg_size);
 
-    boot_img_hdr_v1* hdr = reinterpret_cast<boot_img_hdr_v1*>(out->data());
+    boot_img_hdr_v2* hdr = reinterpret_cast<boot_img_hdr_v2*>(out->data());
 
     *hdr = src;
     memcpy(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE);
@@ -66,13 +68,19 @@
     hdr->second_addr += base;
     hdr->tags_addr += base;
 
-    if (hdr->header_version != 0) {
+    if (hdr->header_version == 1) {
         hdr->header_size = sizeof(boot_img_hdr_v1);
+    } else if (hdr->header_version == 2) {
+        hdr->header_size = sizeof(boot_img_hdr_v2);
+        hdr->dtb_size = dtb.size();
+        hdr->dtb_addr += base;
     }
 
     memcpy(hdr->magic + hdr->page_size, kernel.data(), kernel.size());
     memcpy(hdr->magic + hdr->page_size + kernel_actual, ramdisk.data(), ramdisk.size());
     memcpy(hdr->magic + hdr->page_size + kernel_actual + ramdisk_actual, second.data(),
            second.size());
+    memcpy(hdr->magic + hdr->page_size + kernel_actual + ramdisk_actual + second_actual, dtb.data(),
+           dtb.size());
     return hdr;
 }
diff --git a/fastboot/bootimg_utils.h b/fastboot/bootimg_utils.h
index a4e8870..b7cf9bd 100644
--- a/fastboot/bootimg_utils.h
+++ b/fastboot/bootimg_utils.h
@@ -35,7 +35,7 @@
 #include <string>
 #include <vector>
 
-boot_img_hdr_v1* mkbootimg(const std::vector<char>& kernel, const std::vector<char>& ramdisk,
-                           const std::vector<char>& second, size_t base, const boot_img_hdr_v1& src,
-                           std::vector<char>* out);
-void bootimg_set_cmdline(boot_img_hdr_v1* h, const std::string& cmdline);
+boot_img_hdr_v2* mkbootimg(const std::vector<char>& kernel, const std::vector<char>& ramdisk,
+                           const std::vector<char>& second, const std::vector<char>& dtb,
+                           size_t base, const boot_img_hdr_v2& src, std::vector<char>* out);
+void bootimg_set_cmdline(boot_img_hdr_v2* h, const std::string& cmdline);
diff --git a/fastboot/device/commands.cpp b/fastboot/device/commands.cpp
index a2336bf..1b09f79 100644
--- a/fastboot/device/commands.cpp
+++ b/fastboot/device/commands.cpp
@@ -28,6 +28,7 @@
 #include <cutils/android_reboot.h>
 #include <ext4_utils/wipe.h>
 #include <fs_mgr.h>
+#include <fs_mgr/roots.h>
 #include <libgsi/libgsi.h>
 #include <liblp/builder.h>
 #include <liblp/liblp.h>
@@ -462,13 +463,56 @@
     return UpdateSuper(device, args[1], wipe);
 }
 
-bool GsiHandler(FastbootDevice* device, const std::vector<std::string>& args) {
-    if (!android::gsi::IsGsiInstalled()) {
-        return device->WriteStatus(FastbootResult::FAIL, "No GSI is installed");
+class AutoMountMetadata {
+  public:
+    AutoMountMetadata() {
+        Fstab proc_mounts;
+        if (!ReadFstabFromFile("/proc/mounts", &proc_mounts)) {
+            LOG(ERROR) << "Could not read /proc/mounts";
+            return;
+        }
+
+        auto iter = std::find_if(proc_mounts.begin(), proc_mounts.end(),
+                [](const auto& entry) { return entry.mount_point == "/metadata"; });
+        if (iter != proc_mounts.end()) {
+            mounted_ = true;
+            return;
+        }
+
+        if (!ReadDefaultFstab(&fstab_)) {
+            LOG(ERROR) << "Could not read default fstab";
+            return;
+        }
+        mounted_ = EnsurePathMounted(&fstab_, "/metadata");
+        should_unmount_ = true;
     }
+    ~AutoMountMetadata() {
+        if (mounted_ && should_unmount_) {
+            EnsurePathUnmounted(&fstab_, "/metadata");
+        }
+    }
+    explicit operator bool() const { return mounted_; }
+
+  private:
+    Fstab fstab_;
+    bool mounted_ = false;
+    bool should_unmount_ = false;
+};
+
+bool GsiHandler(FastbootDevice* device, const std::vector<std::string>& args) {
     if (args.size() != 2) {
         return device->WriteFail("Invalid arguments");
     }
+
+    AutoMountMetadata mount_metadata;
+    if (!mount_metadata) {
+        return device->WriteFail("Could not find GSI install");
+    }
+
+    if (!android::gsi::IsGsiInstalled()) {
+        return device->WriteStatus(FastbootResult::FAIL, "No GSI is installed");
+    }
+
     if (args[1] == "wipe") {
         if (!android::gsi::UninstallGsi()) {
             return device->WriteStatus(FastbootResult::FAIL, strerror(errno));
diff --git a/fastboot/device/flashing.cpp b/fastboot/device/flashing.cpp
index f737405..99854c9 100644
--- a/fastboot/device/flashing.cpp
+++ b/fastboot/device/flashing.cpp
@@ -52,15 +52,17 @@
     // Following appears to have a first time 2% impact on flashing speeds.
 
     // Convert partition_name to a validated mount point and wipe.
-    std::unique_ptr<fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(),
-                                                               fs_mgr_free_fstab);
-    for (auto i = 0; i < fstab->num_entries; i++) {
-        const auto mount_point = fstab->recs[i].mount_point;
-        if (!mount_point) continue;
-        auto partition = android::base::Basename(mount_point);
-        if ("/"s == mount_point) partition = "system";
+    Fstab fstab;
+    ReadDefaultFstab(&fstab);
+
+    for (const auto& entry : fstab) {
+        auto partition = android::base::Basename(entry.mount_point);
+        if ("/" == entry.mount_point) {
+            partition = "system";
+        }
+
         if ((partition + device->GetCurrentSlot()) == partition_name) {
-            fs_mgr_overlayfs_teardown(mount_point);
+            fs_mgr_overlayfs_teardown(entry.mount_point.c_str());
         }
     }
 }
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index d753f0f..4cdd8bc 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -92,8 +92,9 @@
 static int64_t target_sparse_limit = -1;
 
 static unsigned g_base_addr = 0x10000000;
-static boot_img_hdr_v1 g_boot_img_hdr = {};
+static boot_img_hdr_v2 g_boot_img_hdr = {};
 static std::string g_cmdline;
+static std::string g_dtb_path;
 
 static bool g_disable_verity = false;
 static bool g_disable_verification = false;
@@ -394,11 +395,13 @@
             "                            Download and boot kernel from RAM.\n"
             " flash:raw PARTITION KERNEL [RAMDISK [SECOND]]\n"
             "                            Create boot image and flash it.\n"
+            " --dtb DTB                  Specify path to DTB for boot image header version 2.\n"
             " --cmdline CMDLINE          Override kernel command line.\n"
             " --base ADDRESS             Set kernel base address (default: 0x10000000).\n"
             " --kernel-offset            Set kernel offset (default: 0x00008000).\n"
             " --ramdisk-offset           Set ramdisk offset (default: 0x01000000).\n"
             " --tags-offset              Set tags offset (default: 0x00000100).\n"
+            " --dtb-offset               Set dtb offset (default: 0x01100000).\n"
             " --page-size BYTES          Set flash page size (default: 2048).\n"
             " --header-version VERSION   Set boot image header version.\n"
             " --os-version MAJOR[.MINOR[.PATCH]]\n"
@@ -448,12 +451,12 @@
     }
 
     // Is this actually a boot image?
-    if (kernel_data.size() < sizeof(boot_img_hdr_v1)) {
+    if (kernel_data.size() < sizeof(boot_img_hdr_v2)) {
         die("cannot load '%s': too short", kernel.c_str());
     }
     if (!memcmp(kernel_data.data(), BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
         if (!g_cmdline.empty()) {
-            bootimg_set_cmdline(reinterpret_cast<boot_img_hdr_v1*>(kernel_data.data()), g_cmdline);
+            bootimg_set_cmdline(reinterpret_cast<boot_img_hdr_v2*>(kernel_data.data()), g_cmdline);
         }
 
         if (!ramdisk.empty()) die("cannot boot a boot.img *and* ramdisk");
@@ -474,15 +477,26 @@
             die("cannot load '%s': %s", second_stage.c_str(), strerror(errno));
         }
     }
+
+    std::vector<char> dtb_data;
+    if (!g_dtb_path.empty()) {
+        if (g_boot_img_hdr.header_version < 2) {
+                    die("Argument dtb not supported for boot image header version %d\n",
+                        g_boot_img_hdr.header_version);
+        }
+        if (!ReadFileToVector(g_dtb_path, &dtb_data)) {
+            die("cannot load '%s': %s", g_dtb_path.c_str(), strerror(errno));
+        }
+    }
+
     fprintf(stderr,"creating boot image...\n");
 
     std::vector<char> out;
-    boot_img_hdr_v1* boot_image_data = mkbootimg(kernel_data, ramdisk_data, second_stage_data,
-                                                 g_base_addr, g_boot_img_hdr, &out);
+    boot_img_hdr_v2* boot_image_data = mkbootimg(kernel_data, ramdisk_data, second_stage_data,
+                                                 dtb_data, g_base_addr, g_boot_img_hdr, &out);
 
     if (!g_cmdline.empty()) bootimg_set_cmdline(boot_image_data, g_cmdline);
     fprintf(stderr, "creating boot image - %zu bytes\n", out.size());
-
     return out;
 }
 
@@ -1586,6 +1600,7 @@
     g_boot_img_hdr.second_addr = 0x00f00000;
     g_boot_img_hdr.tags_addr = 0x00000100;
     g_boot_img_hdr.page_size = 2048;
+    g_boot_img_hdr.dtb_addr = 0x01100000;
 
     const struct option longopts[] = {
         {"base", required_argument, 0, 0},
@@ -1605,6 +1620,8 @@
         {"skip-secondary", no_argument, 0, 0},
         {"slot", required_argument, 0, 0},
         {"tags-offset", required_argument, 0, 0},
+        {"dtb", required_argument, 0, 0},
+        {"dtb-offset", required_argument, 0, 0},
         {"unbuffered", no_argument, 0, 0},
         {"verbose", no_argument, 0, 'v'},
         {"version", no_argument, 0, 0},
@@ -1632,6 +1649,8 @@
                 force_flash = true;
             } else if (name == "header-version") {
                 g_boot_img_hdr.header_version = strtoul(optarg, nullptr, 0);
+            } else if (name == "dtb") {
+                g_dtb_path = optarg;
             } else if (name == "kernel-offset") {
                 g_boot_img_hdr.kernel_addr = strtoul(optarg, 0, 16);
             } else if (name == "os-patch-level") {
@@ -1649,6 +1668,8 @@
                 skip_secondary = true;
             } else if (name == "slot") {
                 slot_override = optarg;
+            } else if (name == "dtb-offset") {
+                g_boot_img_hdr.dtb_addr = strtoul(optarg, 0, 16);
             } else if (name == "tags-offset") {
                 g_boot_img_hdr.tags_addr = strtoul(optarg, 0, 16);
             } else if (name == "unbuffered") {
@@ -1828,7 +1849,6 @@
             if (!args.empty()) ramdisk = next_arg(&args);
             std::string second_stage;
             if (!args.empty()) second_stage = next_arg(&args);
-
             auto data = LoadBootableImage(kernel, ramdisk, second_stage);
             fb->Download("boot.img", data);
             fb->Boot();
@@ -1928,11 +1948,10 @@
             std::string size = next_arg(&args);
             fb->ResizePartition(partition, size);
         } else if (command == "gsi") {
-            if (args.empty()) {
-                syntax_error("missing 'wipe' or 'disable' argument");
-            } else if (args.size() == 1 && args[0] == "wipe") {
+            std::string arg = next_arg(&args);
+            if (arg == "wipe") {
                 fb->RawCommand("gsi:wipe", "wiping GSI");
-            } else if (args.size() == 1 && args[0] == "disable") {
+            } else if (arg == "disable") {
                 fb->RawCommand("gsi:disable", "disabling GSI");
             } else {
                 syntax_error("expected 'wipe' or 'disable'");
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index f6cd396..e684293 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -90,9 +90,9 @@
 using android::base::unique_fd;
 using android::dm::DeviceMapper;
 using android::dm::DmDeviceState;
-using android::fs_mgr::AvbHandle;
-using android::fs_mgr::AvbHashtreeResult;
-using android::fs_mgr::AvbUniquePtr;
+
+// Realistically, this file should be part of the android::fs_mgr namespace;
+using namespace android::fs_mgr;
 
 using namespace std::literals;
 
@@ -378,7 +378,7 @@
 // Set the number of reserved filesystem blocks if needed.
 static void tune_reserved_size(const std::string& blk_device, const FstabEntry& entry,
                                const struct ext4_super_block* sb, int* fs_stat) {
-    if (!entry.fs_mgr_flags.reserved_size) {
+    if (entry.reserved_size != 0) {
         return;
     }
 
@@ -551,7 +551,7 @@
     }
 
     if (is_extfs(entry.fs_type) &&
-        (entry.fs_mgr_flags.reserved_size || entry.fs_mgr_flags.file_encryption ||
+        (entry.reserved_size != 0 || entry.fs_mgr_flags.file_encryption ||
          entry.fs_mgr_flags.fs_verity)) {
         struct ext4_super_block sb;
 
@@ -806,7 +806,7 @@
 }
 
 static bool should_use_metadata_encryption(const FstabEntry& entry) {
-    return entry.fs_mgr_flags.key_directory &&
+    return !entry.key_dir.empty() &&
            (entry.fs_mgr_flags.file_encryption || entry.fs_mgr_flags.force_fde_or_fbe);
 }
 
@@ -889,19 +889,6 @@
     return true;
 }
 
-bool fs_mgr_update_logical_partition(struct fstab_rec* rec) {
-    auto entry = FstabRecToFstabEntry(rec);
-
-    if (!fs_mgr_update_logical_partition(&entry)) {
-        return false;
-    }
-
-    free(rec->blk_device);
-    rec->blk_device = strdup(entry.blk_device.c_str());
-
-    return true;
-}
-
 class CheckpointManager {
   public:
     CheckpointManager(int needs_checkpoint = -1) : needs_checkpoint_(needs_checkpoint) {}
@@ -1011,9 +998,7 @@
     if (!ReadFstabFromFile("/proc/mounts", &fstab)) {
         return false;
     }
-    auto it = std::find_if(fstab.begin(), fstab.end(),
-                           [&](const auto& entry) { return entry.mount_point == mount_point; });
-    return it != fstab.end();
+    return GetEntryForMountPoint(&fstab, mount_point) != nullptr;
 }
 
 // When multiple fstab records share the same mount_point, it will try to mount each
@@ -1103,6 +1088,13 @@
                 // Skips mounting the device.
                 continue;
             }
+        } else if (!current_entry.avb_key.empty()) {
+            if (AvbHandle::SetUpStandaloneAvbHashtree(&current_entry) == AvbHashtreeResult::kFail) {
+                LERROR << "Failed to set up AVB on standalone partition: "
+                       << current_entry.mount_point << ", skipping!";
+                // Skips mounting the device.
+                continue;
+            }
         } else if ((current_entry.fs_mgr_flags.verify)) {
             int rc = fs_mgr_setup_verity(&current_entry, true);
             if (__android_log_is_debuggable() &&
@@ -1263,16 +1255,6 @@
     return ret;
 }
 
-int fs_mgr_do_mount_one(struct fstab_rec* rec) {
-    if (!rec) {
-        return FS_MGR_DOMNT_FAILED;
-    }
-
-    auto entry = FstabRecToFstabEntry(rec);
-
-    return fs_mgr_do_mount_one(entry);
-}
-
 // If tmp_mount_point is non-null, mount the filesystem there.  This is for the
 // tmp mount we do to check the user password
 // If multiple fstab entries are to be mounted on "n_name", it will try to mount each one
@@ -1339,6 +1321,13 @@
                 // Skips mounting the device.
                 continue;
             }
+        } else if (!fstab_entry.avb_key.empty()) {
+            if (AvbHandle::SetUpStandaloneAvbHashtree(&fstab_entry) == AvbHashtreeResult::kFail) {
+                LERROR << "Failed to set up AVB on standalone partition: "
+                       << fstab_entry.mount_point << ", skipping!";
+                // Skips mounting the device.
+                continue;
+            }
         } else if (fstab_entry.fs_mgr_flags.verify) {
             int rc = fs_mgr_setup_verity(&fstab_entry, true);
             if (__android_log_is_debuggable() &&
@@ -1385,16 +1374,13 @@
     return FS_MGR_DOMNT_FAILED;
 }
 
-int fs_mgr_do_mount(fstab* fstab, const char* n_name, char* n_blk_device, char* tmp_mount_point) {
-    auto new_fstab = LegacyFstabToFstab(fstab);
-    return fs_mgr_do_mount_helper(&new_fstab, n_name, n_blk_device, tmp_mount_point, -1);
+int fs_mgr_do_mount(Fstab* fstab, const char* n_name, char* n_blk_device, char* tmp_mount_point) {
+    return fs_mgr_do_mount_helper(fstab, n_name, n_blk_device, tmp_mount_point, -1);
 }
 
-int fs_mgr_do_mount(fstab* fstab, const char* n_name, char* n_blk_device, char* tmp_mount_point,
+int fs_mgr_do_mount(Fstab* fstab, const char* n_name, char* n_blk_device, char* tmp_mount_point,
                     bool needs_checkpoint) {
-    auto new_fstab = LegacyFstabToFstab(fstab);
-    return fs_mgr_do_mount_helper(&new_fstab, n_name, n_blk_device, tmp_mount_point,
-                                  needs_checkpoint);
+    return fs_mgr_do_mount_helper(fstab, n_name, n_blk_device, tmp_mount_point, needs_checkpoint);
 }
 
 /*
@@ -1558,48 +1544,6 @@
     return ret;
 }
 
-struct fstab_rec const* fs_mgr_get_crypt_entry(fstab const* fstab) {
-    int i;
-
-    if (!fstab) {
-        return NULL;
-    }
-
-    /* Look for the encryptable partition to find the data */
-    for (i = 0; i < fstab->num_entries; i++) {
-        /* Don't deal with vold managed enryptable partitions here */
-        if (!(fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) &&
-            (fstab->recs[i].fs_mgr_flags &
-             (MF_CRYPT | MF_FORCECRYPT | MF_FORCEFDEORFBE | MF_FILEENCRYPTION))) {
-            return &fstab->recs[i];
-        }
-    }
-    return NULL;
-}
-
-/*
- * key_loc must be at least PROPERTY_VALUE_MAX bytes long
- *
- * real_blk_device must be at least PROPERTY_VALUE_MAX bytes long
- */
-void fs_mgr_get_crypt_info(fstab* fstab, char* key_loc, char* real_blk_device, size_t size) {
-    struct fstab_rec const* rec = fs_mgr_get_crypt_entry(fstab);
-    if (key_loc) {
-        if (rec) {
-            strlcpy(key_loc, rec->key_loc, size);
-        } else {
-            *key_loc = '\0';
-        }
-    }
-    if (real_blk_device) {
-        if (rec) {
-            strlcpy(real_blk_device, rec->blk_device, size);
-        } else {
-            *real_blk_device = '\0';
-        }
-    }
-}
-
 bool fs_mgr_load_verity_state(int* mode) {
     /* return the default mode, unless any of the verified partitions are in
      * logging mode, in which case return that */
diff --git a/fs_mgr/fs_mgr_format.cpp b/fs_mgr/fs_mgr_format.cpp
index 1a0e7ab..1c6652a 100644
--- a/fs_mgr/fs_mgr_format.cpp
+++ b/fs_mgr/fs_mgr_format.cpp
@@ -37,6 +37,9 @@
 
 using android::base::unique_fd;
 
+// Realistically, this file should be part of the android::fs_mgr namespace;
+using namespace android::fs_mgr;
+
 static int get_dev_sz(const std::string& fs_blkdev, uint64_t* dev_sz) {
     unique_fd fd(TEMP_FAILURE_RETRY(open(fs_blkdev.c_str(), O_RDONLY | O_CLOEXEC)));
 
@@ -132,9 +135,3 @@
         return -EINVAL;
     }
 }
-
-int fs_mgr_do_format(struct fstab_rec* rec, bool crypt_footer) {
-    auto entry = FstabRecToFstabEntry(rec);
-
-    return fs_mgr_do_format(entry, crypt_footer);
-}
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 9d4f280..9a8ad56 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -24,6 +24,7 @@
 #include <unistd.h>
 
 #include <algorithm>
+#include <array>
 #include <utility>
 #include <vector>
 
@@ -35,146 +36,41 @@
 
 #include "fs_mgr_priv.h"
 
+using android::base::ParseByteCount;
+using android::base::ParseInt;
 using android::base::Split;
 using android::base::StartsWith;
 
+namespace android {
+namespace fs_mgr {
+namespace {
+
 const std::string kDefaultAndroidDtDir("/proc/device-tree/firmware/android");
 
-struct fs_mgr_flag_values {
-    std::string key_loc;
-    std::string key_dir;
-    std::string verity_loc;
-    std::string sysfs_path;
-    std::string zram_loopback_path;
-    uint64_t zram_loopback_size = 512 * 1024 * 1024; // 512MB by default
-    std::string zram_backing_dev_path;
-    off64_t part_length = 0;
-    std::string label;
-    int partnum = -1;
-    int swap_prio = -1;
-    int max_comp_streams = 0;
-    off64_t zram_size = 0;
-    off64_t reserved_size = 0;
-    int file_contents_mode = 0;
-    int file_names_mode = 0;
-    off64_t erase_blk_size = 0;
-    off64_t logical_blk_size = 0;
-    std::string vbmeta_partition;
-};
-
-struct flag_list {
+struct FlagList {
     const char *name;
     uint64_t flag;
 };
 
-static struct flag_list mount_flags[] = {
-    { "noatime",    MS_NOATIME },
-    { "noexec",     MS_NOEXEC },
-    { "nosuid",     MS_NOSUID },
-    { "nodev",      MS_NODEV },
-    { "nodiratime", MS_NODIRATIME },
-    { "ro",         MS_RDONLY },
-    { "rw",         0 },
-    { "remount",    MS_REMOUNT },
-    { "bind",       MS_BIND },
-    { "rec",        MS_REC },
-    { "unbindable", MS_UNBINDABLE },
-    { "private",    MS_PRIVATE },
-    { "slave",      MS_SLAVE },
-    { "shared",     MS_SHARED },
-    { "defaults",   0 },
-    { 0,            0 },
-};
-
-static struct flag_list fs_mgr_flags[] = {
-        {"wait", MF_WAIT},
-        {"check", MF_CHECK},
-        {"encryptable=", MF_CRYPT},
-        {"forceencrypt=", MF_FORCECRYPT},
-        {"fileencryption=", MF_FILEENCRYPTION},
-        {"forcefdeorfbe=", MF_FORCEFDEORFBE},
-        {"keydirectory=", MF_KEYDIRECTORY},
-        {"nonremovable", MF_NONREMOVABLE},
-        {"voldmanaged=", MF_VOLDMANAGED},
-        {"length=", MF_LENGTH},
-        {"recoveryonly", MF_RECOVERYONLY},
-        {"swapprio=", MF_SWAPPRIO},
-        {"zramsize=", MF_ZRAMSIZE},
-        {"max_comp_streams=", MF_MAX_COMP_STREAMS},
-        {"verifyatboot", MF_VERIFYATBOOT},
-        {"verify", MF_VERIFY},
-        {"avb", MF_AVB},
-        {"avb=", MF_AVB},
-        {"noemulatedsd", MF_NOEMULATEDSD},
-        {"notrim", MF_NOTRIM},
-        {"formattable", MF_FORMATTABLE},
-        {"slotselect", MF_SLOTSELECT},
-        {"nofail", MF_NOFAIL},
-        {"first_stage_mount", MF_FIRST_STAGE_MOUNT},
-        {"latemount", MF_LATEMOUNT},
-        {"reservedsize=", MF_RESERVEDSIZE},
-        {"quota", MF_QUOTA},
-        {"eraseblk=", MF_ERASEBLKSIZE},
-        {"logicalblk=", MF_LOGICALBLKSIZE},
-        {"sysfs_path=", MF_SYSFS},
+FlagList kMountFlagsList[] = {
+        {"noatime", MS_NOATIME},
+        {"noexec", MS_NOEXEC},
+        {"nosuid", MS_NOSUID},
+        {"nodev", MS_NODEV},
+        {"nodiratime", MS_NODIRATIME},
+        {"ro", MS_RDONLY},
+        {"rw", 0},
+        {"remount", MS_REMOUNT},
+        {"bind", MS_BIND},
+        {"rec", MS_REC},
+        {"unbindable", MS_UNBINDABLE},
+        {"private", MS_PRIVATE},
+        {"slave", MS_SLAVE},
+        {"shared", MS_SHARED},
         {"defaults", 0},
-        {"logical", MF_LOGICAL},
-        {"checkpoint=block", MF_CHECKPOINT_BLK},
-        {"checkpoint=fs", MF_CHECKPOINT_FS},
-        {"slotselect_other", MF_SLOTSELECT_OTHER},
-        {"zram_loopback_path=", MF_ZRAM_LOOPBACK_PATH},
-        {"zram_loopback_size=", MF_ZRAM_LOOPBACK_SIZE},
-        {"zram_backing_dev_path=", MF_ZRAM_BACKING_DEV_PATH},
-        {"fsverity", MF_FS_VERITY},
-        {0, 0},
 };
 
-#define EM_AES_256_XTS  1
-#define EM_ICE          2
-#define EM_AES_256_CTS  3
-#define EM_AES_256_HEH  4
-#define EM_ADIANTUM     5
-
-static const struct flag_list file_contents_encryption_modes[] = {
-    {"aes-256-xts", EM_AES_256_XTS},
-    {"adiantum", EM_ADIANTUM},
-    {"software", EM_AES_256_XTS}, /* alias for backwards compatibility */
-    {"ice", EM_ICE}, /* hardware-specific inline cryptographic engine */
-    {0, 0},
-};
-
-static const struct flag_list file_names_encryption_modes[] = {
-    {"aes-256-cts", EM_AES_256_CTS},
-    {"aes-256-heh", EM_AES_256_HEH},
-    {"adiantum", EM_ADIANTUM},
-    {0, 0},
-};
-
-static int encryption_mode_to_flag(const struct flag_list* list, const char* mode,
-                                   const char* type) {
-    const struct flag_list *j;
-
-    for (j = list; j->name; ++j) {
-        if (!strcmp(mode, j->name)) {
-            return j->flag;
-        }
-    }
-    LERROR << "Unknown " << type << " encryption mode: " << mode;
-    return 0;
-}
-
-static const char* flag_to_encryption_mode(const struct flag_list* list, uint64_t flag) {
-    const struct flag_list *j;
-
-    for (j = list; j->name; ++j) {
-        if (flag == j->flag) {
-            return j->name;
-        }
-    }
-    return nullptr;
-}
-
-static off64_t calculate_zram_size(unsigned int percentage) {
+off64_t CalculateZramSize(int percentage) {
     off64_t total;
 
     total  = sysconf(_SC_PHYS_PAGES);
@@ -186,29 +82,12 @@
     return total;
 }
 
-static off64_t parse_size(const char* arg) {
-    char *endptr;
-    off64_t size = strtoll(arg, &endptr, 10);
-    if (*endptr == 'k' || *endptr == 'K')
-        size *= 1024LL;
-    else if (*endptr == 'm' || *endptr == 'M')
-        size *= 1024LL * 1024LL;
-    else if (*endptr == 'g' || *endptr == 'G')
-        size *= 1024LL * 1024LL * 1024LL;
-
-    return size;
-}
-
-/* fills 'dt_value' with the underlying device tree value string without
- * the trailing '\0'. Returns true if 'dt_value' has a valid string, 'false'
- * otherwise.
- */
-static bool read_dt_file(const std::string& file_name, std::string* dt_value)
-{
+// Fills 'dt_value' with the underlying device tree value string without the trailing '\0'.
+// Returns true if 'dt_value' has a valid string, 'false' otherwise.
+bool ReadDtFile(const std::string& file_name, std::string* dt_value) {
     if (android::base::ReadFileToString(file_name, dt_value)) {
         if (!dt_value->empty()) {
-            // trim the trailing '\0' out, otherwise the comparison
-            // will produce false-negatives.
+            // Trim the trailing '\0' out, otherwise the comparison will produce false-negatives.
             dt_value->resize(dt_value->size() - 1);
             return true;
         }
@@ -217,177 +96,243 @@
     return false;
 }
 
-static uint64_t parse_flags(char* flags, struct flag_list* fl, struct fs_mgr_flag_values* flag_vals,
-                            std::string* fs_options) {
-    uint64_t f = 0;
-    int i;
-    char *p;
-    char *savep;
+const std::array<const char*, 3> kFileContentsEncryptionMode = {
+        "aes-256-xts",
+        "adiantum",
+        "ice",
+};
 
-    p = strtok_r(flags, ",", &savep);
-    while (p) {
-        /* Look for the flag "p" in the flag list "fl"
-         * If not found, the loop exits with fl[i].name being null.
-         */
-        for (i = 0; fl[i].name; i++) {
-            auto name = fl[i].name;
-            auto len = strlen(name);
-            auto end = len;
-            if (name[end - 1] == '=') --end;
-            if (!strncmp(p, name, len) && (p[end] == name[end])) {
-                f |= fl[i].flag;
-                if (!flag_vals) break;
-                if (p[end] != '=') break;
-                char* arg = p + end + 1;
-                auto flag = fl[i].flag;
-                if (flag == MF_CRYPT) {
-                    /* The encryptable flag is followed by an = and the
-                     * location of the keys.  Get it and return it.
-                     */
-                    flag_vals->key_loc = arg;
-                } else if (flag == MF_VERIFY) {
-                    /* If the verify flag is followed by an = and the
-                     * location for the verity state,  get it and return it.
-                     */
-                    flag_vals->verity_loc = arg;
-                } else if (flag == MF_FORCECRYPT) {
-                    /* The forceencrypt flag is followed by an = and the
-                     * location of the keys.  Get it and return it.
-                     */
-                    flag_vals->key_loc = arg;
-                } else if (flag == MF_FORCEFDEORFBE) {
-                    /* The forcefdeorfbe flag is followed by an = and the
-                     * location of the keys.  Get it and return it.
-                     */
-                    flag_vals->key_loc = arg;
-                    flag_vals->file_contents_mode = EM_AES_256_XTS;
-                    flag_vals->file_names_mode = EM_AES_256_CTS;
-                } else if (flag == MF_FILEENCRYPTION) {
-                    /* The fileencryption flag is followed by an = and
-                     * the mode of contents encryption, then optionally a
-                     * : and the mode of filenames encryption (defaults
-                     * to aes-256-cts).  Get it and return it.
-                     */
-                    auto mode = arg;
-                    auto colon = strchr(mode, ':');
-                    if (colon) {
-                        *colon = '\0';
-                    }
-                    flag_vals->file_contents_mode =
-                        encryption_mode_to_flag(file_contents_encryption_modes,
-                                                mode, "file contents");
-                    if (colon) {
-                        flag_vals->file_names_mode =
-                            encryption_mode_to_flag(file_names_encryption_modes,
-                                                    colon + 1, "file names");
-                    } else if (flag_vals->file_contents_mode == EM_ADIANTUM) {
-                        flag_vals->file_names_mode = EM_ADIANTUM;
-                    } else {
-                        flag_vals->file_names_mode = EM_AES_256_CTS;
-                    }
-                } else if (flag == MF_KEYDIRECTORY) {
-                    /* The metadata flag is followed by an = and the
-                     * directory for the keys.  Get it and return it.
-                     */
-                    flag_vals->key_dir = arg;
-                } else if (flag == MF_LENGTH) {
-                    /* The length flag is followed by an = and the
-                     * size of the partition.  Get it and return it.
-                     */
-                    flag_vals->part_length = strtoll(arg, NULL, 0);
-                } else if (flag == MF_VOLDMANAGED) {
-                    /* The voldmanaged flag is followed by an = and the
-                     * label, a colon and the partition number or the
-                     * word "auto", e.g.
-                     *   voldmanaged=sdcard:3
-                     * Get and return them.
-                     */
-                    auto label_start = arg;
-                    auto label_end = strchr(label_start, ':');
+const std::array<const char*, 3> kFileNamesEncryptionMode = {
+        "aes-256-cts",
+        "aes-256-heh",
+        "adiantum",
+};
 
-                    if (label_end) {
-                        flag_vals->label = std::string(label_start, (int)(label_end - label_start));
-                        auto part_start = label_end + 1;
-                        if (!strcmp(part_start, "auto")) {
-                            flag_vals->partnum = -1;
-                        } else {
-                            flag_vals->partnum = strtol(part_start, NULL, 0);
-                        }
-                    } else {
-                        LERROR << "Warning: voldmanaged= flag malformed";
-                    }
-                } else if (flag == MF_SWAPPRIO) {
-                    flag_vals->swap_prio = strtoll(arg, NULL, 0);
-                } else if (flag == MF_MAX_COMP_STREAMS) {
-                    flag_vals->max_comp_streams = strtoll(arg, NULL, 0);
-                } else if (flag == MF_AVB) {
-                    flag_vals->vbmeta_partition = arg;
-                } else if (flag == MF_ZRAMSIZE) {
-                    auto is_percent = !!strrchr(arg, '%');
-                    auto val = strtoll(arg, NULL, 0);
-                    if (is_percent)
-                        flag_vals->zram_size = calculate_zram_size(val);
-                    else
-                        flag_vals->zram_size = val;
-                } else if (flag == MF_RESERVEDSIZE) {
-                    /* The reserved flag is followed by an = and the
-                     * reserved size of the partition.  Get it and return it.
-                     */
-                    flag_vals->reserved_size = parse_size(arg);
-                } else if (flag == MF_ERASEBLKSIZE) {
-                    /* The erase block size flag is followed by an = and the flash
-                     * erase block size. Get it, check that it is a power of 2 and
-                     * at least 4096, and return it.
-                     */
-                    auto val = strtoll(arg, nullptr, 0);
-                    if (val >= 4096 && (val & (val - 1)) == 0)
-                        flag_vals->erase_blk_size = val;
-                } else if (flag == MF_LOGICALBLKSIZE) {
-                    /* The logical block size flag is followed by an = and the flash
-                     * logical block size. Get it, check that it is a power of 2 and
-                     * at least 4096, and return it.
-                     */
-                    auto val = strtoll(arg, nullptr, 0);
-                    if (val >= 4096 && (val & (val - 1)) == 0)
-                        flag_vals->logical_blk_size = val;
-                } else if (flag == MF_SYSFS) {
-                    /* The path to trigger device gc by idle-maint of vold. */
-                    flag_vals->sysfs_path = arg;
-                } else if (flag == MF_ZRAM_LOOPBACK_PATH) {
-                    /* The path to use loopback for zram. */
-                    flag_vals->zram_loopback_path = arg;
-                } else if (flag == MF_ZRAM_LOOPBACK_SIZE) {
-                    if (!android::base::ParseByteCount(arg, &flag_vals->zram_loopback_size)) {
-                        LERROR << "Warning: zram_loopback_size = flag malformed";
-                    }
-                } else if (flag == MF_ZRAM_BACKING_DEV_PATH) {
-                    /* The path to use loopback for zram. */
-                    flag_vals->zram_backing_dev_path = arg;
-                }
-                break;
-            }
-        }
+void ParseFileEncryption(const std::string& arg, FstabEntry* entry) {
+    // The fileencryption flag is followed by an = and the mode of contents encryption, then
+    // optionally a and the mode of filenames encryption (defaults to aes-256-cts).  Get it and
+    // return it.
+    entry->fs_mgr_flags.file_encryption = true;
 
-        if (!fl[i].name) {
-            if (fs_options) {
-                // It's not a known flag, so it must be a filesystem specific
-                // option.  Add it to fs_options if it was passed in.
-                if (!fs_options->empty()) {
-                    fs_options->append(",");  // appends a comma if not the first
-                }
-                fs_options->append(p);
-            } else {
-                // fs_options was not passed in, so if the flag is unknown it's an error.
-                LERROR << "Warning: unknown flag " << p;
-            }
-        }
-        p = strtok_r(NULL, ",", &savep);
+    auto parts = Split(arg, ":");
+    if (parts.empty() || parts.size() > 2) {
+        LWARNING << "Warning: fileencryption= flag malformed: " << arg;
+        return;
     }
 
-    return f;
+    // Alias for backwards compatibility.
+    if (parts[0] == "software") {
+        parts[0] = "aes-256-xts";
+    }
+
+    if (std::find(kFileContentsEncryptionMode.begin(), kFileContentsEncryptionMode.end(),
+                  parts[0]) == kFileContentsEncryptionMode.end()) {
+        LWARNING << "fileencryption= flag malformed, file contents encryption mode not found: "
+                 << arg;
+        return;
+    }
+
+    entry->file_contents_mode = parts[0];
+
+    if (parts.size() == 2) {
+        if (std::find(kFileNamesEncryptionMode.begin(), kFileNamesEncryptionMode.end(), parts[1]) ==
+            kFileNamesEncryptionMode.end()) {
+            LWARNING << "fileencryption= flag malformed, file names encryption mode not found: "
+                     << arg;
+            return;
+        }
+
+        entry->file_names_mode = parts[1];
+    } else if (entry->file_contents_mode == "adiantum") {
+        entry->file_names_mode = "adiantum";
+    } else {
+        entry->file_names_mode = "aes-256-cts";
+    }
 }
 
-static std::string init_android_dt_dir() {
+bool SetMountFlag(const std::string& flag, FstabEntry* entry) {
+    for (const auto& [name, value] : kMountFlagsList) {
+        if (flag == name) {
+            entry->flags |= value;
+            return true;
+        }
+    }
+    return false;
+}
+
+void ParseMountFlags(const std::string& flags, FstabEntry* entry) {
+    std::string fs_options;
+    for (const auto& flag : Split(flags, ",")) {
+        if (!SetMountFlag(flag, entry)) {
+            // Unknown flag, so it must be a filesystem specific option.
+            if (!fs_options.empty()) {
+                fs_options.append(",");  // appends a comma if not the first
+            }
+            fs_options.append(flag);
+        }
+    }
+    entry->fs_options = std::move(fs_options);
+}
+
+void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) {
+    for (const auto& flag : Split(flags, ",")) {
+        std::string arg;
+        if (auto equal_sign = flag.find('='); equal_sign != std::string::npos) {
+            arg = flag.substr(equal_sign + 1);
+        }
+
+        // First handle flags that simply set a boolean.
+#define CheckFlag(flag_name, value)       \
+    if (flag == flag_name) {              \
+        entry->fs_mgr_flags.value = true; \
+        continue;                         \
+    }
+
+        CheckFlag("wait", wait);
+        CheckFlag("check", check);
+        CheckFlag("nonremovable", nonremovable);
+        CheckFlag("recoveryonly", recovery_only);
+        CheckFlag("noemulatedsd", no_emulated_sd);
+        CheckFlag("notrim", no_trim);
+        CheckFlag("verify", verify);
+        CheckFlag("formattable", formattable);
+        CheckFlag("slotselect", slot_select);
+        CheckFlag("latemount", late_mount);
+        CheckFlag("nofail", no_fail);
+        CheckFlag("verifyatboot", verify_at_boot);
+        CheckFlag("quota", quota);
+        CheckFlag("avb", avb);
+        CheckFlag("logical", logical);
+        CheckFlag("checkpoint=block", checkpoint_blk);
+        CheckFlag("checkpoint=fs", checkpoint_fs);
+        CheckFlag("first_stage_mount", first_stage_mount);
+        CheckFlag("slotselect_other", slot_select_other);
+        CheckFlag("fsverity", fs_verity);
+
+#undef CheckFlag
+
+        // Then handle flags that take an argument.
+        if (StartsWith(flag, "encryptable=")) {
+            // The encryptable flag is followed by an = and the  location of the keys.
+            entry->fs_mgr_flags.crypt = true;
+            entry->key_loc = arg;
+        } else if (StartsWith(flag, "voldmanaged=")) {
+            // The voldmanaged flag is followed by an = and the label, a colon and the partition
+            // number or the word "auto", e.g. voldmanaged=sdcard:3
+            entry->fs_mgr_flags.vold_managed = true;
+            auto parts = Split(arg, ":");
+            if (parts.size() != 2) {
+                LWARNING << "Warning: voldmanaged= flag malformed: " << arg;
+                continue;
+            }
+
+            entry->label = std::move(parts[0]);
+            if (parts[1] == "auto") {
+                entry->partnum = -1;
+            } else {
+                if (!ParseInt(parts[1], &entry->partnum)) {
+                    entry->partnum = -1;
+                    LWARNING << "Warning: voldmanaged= flag malformed: " << arg;
+                    continue;
+                }
+            }
+        } else if (StartsWith(flag, "length=")) {
+            // The length flag is followed by an = and the size of the partition.
+            if (!ParseInt(arg, &entry->length)) {
+                LWARNING << "Warning: length= flag malformed: " << arg;
+            }
+        } else if (StartsWith(flag, "swapprio=")) {
+            if (!ParseInt(arg, &entry->swap_prio)) {
+                LWARNING << "Warning: length= flag malformed: " << arg;
+            }
+        } else if (StartsWith(flag, "zramsize=")) {
+            if (!arg.empty() && arg.back() == '%') {
+                arg.pop_back();
+                int val;
+                if (ParseInt(arg, &val, 0, 100)) {
+                    entry->zram_size = CalculateZramSize(val);
+                } else {
+                    LWARNING << "Warning: zramsize= flag malformed: " << arg;
+                }
+            } else {
+                if (!ParseInt(arg, &entry->zram_size)) {
+                    LWARNING << "Warning: zramsize= flag malformed: " << arg;
+                }
+            }
+        } else if (StartsWith(flag, "verify=")) {
+            // If the verify flag is followed by an = and the location for the verity state.
+            entry->fs_mgr_flags.verify = true;
+            entry->verity_loc = arg;
+        } else if (StartsWith(flag, "forceencrypt=")) {
+            // The forceencrypt flag is followed by an = and the location of the keys.
+            entry->fs_mgr_flags.force_crypt = true;
+            entry->key_loc = arg;
+        } else if (StartsWith(flag, "fileencryption=")) {
+            ParseFileEncryption(arg, entry);
+        } else if (StartsWith(flag, "forcefdeorfbe=")) {
+            // The forcefdeorfbe flag is followed by an = and the location of the keys.  Get it and
+            // return it.
+            entry->fs_mgr_flags.force_fde_or_fbe = true;
+            entry->key_loc = arg;
+            entry->file_contents_mode = "aes-256-xts";
+            entry->file_names_mode = "aes-256-cts";
+        } else if (StartsWith(flag, "max_comp_streams=")) {
+            if (!ParseInt(arg, &entry->max_comp_streams)) {
+                LWARNING << "Warning: max_comp_streams= flag malformed: " << arg;
+            }
+        } else if (StartsWith(flag, "reservedsize=")) {
+            // The reserved flag is followed by an = and the reserved size of the partition.
+            uint64_t size;
+            if (!ParseByteCount(arg, &size)) {
+                LWARNING << "Warning: reservedsize= flag malformed: " << arg;
+            } else {
+                entry->reserved_size = static_cast<off64_t>(size);
+            }
+        } else if (StartsWith(flag, "eraseblk=")) {
+            // The erase block size flag is followed by an = and the flash erase block size. Get it,
+            // check that it is a power of 2 and at least 4096, and return it.
+            off64_t val;
+            if (!ParseInt(arg, &val) || val < 4096 || (val & (val - 1)) != 0) {
+                LWARNING << "Warning: eraseblk= flag malformed: " << arg;
+            } else {
+                entry->erase_blk_size = val;
+            }
+        } else if (StartsWith(flag, "logicalblk=")) {
+            // The logical block size flag is followed by an = and the flash logical block size. Get
+            // it, check that it is a power of 2 and at least 4096, and return it.
+            off64_t val;
+            if (!ParseInt(arg, &val) || val < 4096 || (val & (val - 1)) != 0) {
+                LWARNING << "Warning: logicalblk= flag malformed: " << arg;
+            } else {
+                entry->logical_blk_size = val;
+            }
+        } else if (StartsWith(flag, "avb")) {
+            entry->fs_mgr_flags.avb = true;
+            entry->vbmeta_partition = arg;
+        } else if (StartsWith(flag, "keydirectory=")) {
+            // The metadata flag is followed by an = and the directory for the keys.
+            entry->key_dir = arg;
+        } else if (StartsWith(flag, "sysfs_path=")) {
+            // The path to trigger device gc by idle-maint of vold.
+            entry->sysfs_path = arg;
+        } else if (StartsWith(flag, "zram_loopback_path=")) {
+            // The path to use loopback for zram.
+            entry->zram_loopback_path = arg;
+        } else if (StartsWith(flag, "zram_loopback_size=")) {
+            if (!ParseByteCount(arg, &entry->zram_loopback_size)) {
+                LWARNING << "Warning: zram_loopback_size= flag malformed: " << arg;
+            }
+        } else if (StartsWith(flag, "zram_backing_dev_path=")) {
+            entry->zram_backing_dev_path = arg;
+        } else if (StartsWith(flag, "avb_key=")) {
+            entry->avb_key = arg;
+        } else {
+            LWARNING << "Warning: unknown flag: " << flag;
+        }
+    }
+}
+
+std::string InitAndroidDtDir() {
     std::string android_dt_dir;
     // The platform may specify a custom Android DT path in kernel cmdline
     if (!fs_mgr_get_boot_config_from_kernel_cmdline("android_dt_dir", &android_dt_dir)) {
@@ -397,30 +342,23 @@
     return android_dt_dir;
 }
 
-// FIXME: The same logic is duplicated in system/core/init/
-const std::string& get_android_dt_dir() {
-    // Set once and saves time for subsequent calls to this function
-    static const std::string kAndroidDtDir = init_android_dt_dir();
-    return kAndroidDtDir;
-}
-
-static bool is_dt_fstab_compatible() {
+bool IsDtFstabCompatible() {
     std::string dt_value;
     std::string file_name = get_android_dt_dir() + "/fstab/compatible";
 
-    if (read_dt_file(file_name, &dt_value) && dt_value == "android,fstab") {
+    if (ReadDtFile(file_name, &dt_value) && dt_value == "android,fstab") {
         // If there's no status property or its set to "ok" or "okay", then we use the DT fstab.
         std::string status_value;
         std::string status_file_name = get_android_dt_dir() + "/fstab/status";
-        return !read_dt_file(status_file_name, &status_value) || status_value == "ok" ||
+        return !ReadDtFile(status_file_name, &status_value) || status_value == "ok" ||
                status_value == "okay";
     }
 
     return false;
 }
 
-static std::string read_fstab_from_dt() {
-    if (!is_dt_compatible() || !is_dt_fstab_compatible()) {
+std::string ReadFstabFromDt() {
+    if (!is_dt_compatible() || !IsDtFstabCompatible()) {
         return {};
     }
 
@@ -441,7 +379,7 @@
         std::string value;
         // skip a partition entry if the status property is present and not set to ok
         file_name = android::base::StringPrintf("%s/%s/status", fstabdir_name.c_str(), dp->d_name);
-        if (read_dt_file(file_name, &value)) {
+        if (ReadDtFile(file_name, &value)) {
             if (value != "okay" && value != "ok") {
                 LINFO << "dt_fstab: Skip disabled entry for partition " << dp->d_name;
                 continue;
@@ -449,7 +387,7 @@
         }
 
         file_name = android::base::StringPrintf("%s/%s/dev", fstabdir_name.c_str(), dp->d_name);
-        if (!read_dt_file(file_name, &value)) {
+        if (!ReadDtFile(file_name, &value)) {
             LERROR << "dt_fstab: Failed to find device for partition " << dp->d_name;
             return {};
         }
@@ -458,7 +396,7 @@
         std::string mount_point;
         file_name =
             android::base::StringPrintf("%s/%s/mnt_point", fstabdir_name.c_str(), dp->d_name);
-        if (read_dt_file(file_name, &value)) {
+        if (ReadDtFile(file_name, &value)) {
             LINFO << "dt_fstab: Using a specified mount point " << value << " for " << dp->d_name;
             mount_point = value;
         } else {
@@ -467,21 +405,21 @@
         fstab_entry.push_back(mount_point);
 
         file_name = android::base::StringPrintf("%s/%s/type", fstabdir_name.c_str(), dp->d_name);
-        if (!read_dt_file(file_name, &value)) {
+        if (!ReadDtFile(file_name, &value)) {
             LERROR << "dt_fstab: Failed to find type for partition " << dp->d_name;
             return {};
         }
         fstab_entry.push_back(value);
 
         file_name = android::base::StringPrintf("%s/%s/mnt_flags", fstabdir_name.c_str(), dp->d_name);
-        if (!read_dt_file(file_name, &value)) {
+        if (!ReadDtFile(file_name, &value)) {
             LERROR << "dt_fstab: Failed to find type for partition " << dp->d_name;
             return {};
         }
         fstab_entry.push_back(value);
 
         file_name = android::base::StringPrintf("%s/%s/fsmgr_flags", fstabdir_name.c_str(), dp->d_name);
-        if (!read_dt_file(file_name, &value)) {
+        if (!ReadDtFile(file_name, &value)) {
             LERROR << "dt_fstab: Failed to find type for partition " << dp->d_name;
             return {};
         }
@@ -501,26 +439,32 @@
     return fstab_result;
 }
 
-bool is_dt_compatible() {
-    std::string file_name = get_android_dt_dir() + "/compatible";
-    std::string dt_value;
-    if (read_dt_file(file_name, &dt_value)) {
-        if (dt_value == "android,firmware") {
-            return true;
+// Identify path to fstab file. Lookup is based on pattern fstab.<hardware>,
+// fstab.<hardware.platform> in folders /odm/etc, vendor/etc, or /.
+std::string GetFstabPath() {
+    for (const char* prop : {"hardware", "hardware.platform"}) {
+        std::string hw;
+
+        if (!fs_mgr_get_boot_config(prop, &hw)) continue;
+
+        for (const char* prefix : {"/odm/etc/fstab.", "/vendor/etc/fstab.", "/fstab."}) {
+            std::string fstab_path = prefix + hw;
+            if (access(fstab_path.c_str(), F_OK) == 0) {
+                return fstab_path;
+            }
         }
     }
 
-    return false;
+    return "";
 }
 
-static bool fs_mgr_read_fstab_file(FILE* fstab_file, bool proc_mounts, Fstab* fstab_out) {
+bool ReadFstabFile(FILE* fstab_file, bool proc_mounts, Fstab* fstab_out) {
     ssize_t len;
     size_t alloc_len = 0;
     char *line = NULL;
     const char *delim = " \t";
     char *save_ptr, *p;
     Fstab fstab;
-    struct fs_mgr_flag_values flag_vals;
 
     while ((len = getline(&line, &alloc_len, fstab_file)) != -1) {
         /* if the last character is a newline, shorten the string by 1 byte */
@@ -561,7 +505,8 @@
             LERROR << "Error parsing mount_flags";
             goto err;
         }
-        entry.flags = parse_flags(p, mount_flags, nullptr, &entry.fs_options);
+
+        ParseMountFlags(p, &entry);
 
         // For /proc/mounts, ignore everything after mnt_freq and mnt_passno
         if (proc_mounts) {
@@ -570,27 +515,9 @@
             LERROR << "Error parsing fs_mgr_options";
             goto err;
         }
-        entry.fs_mgr_flags.val = parse_flags(p, fs_mgr_flags, &flag_vals, nullptr);
 
-        entry.key_loc = std::move(flag_vals.key_loc);
-        entry.key_dir = std::move(flag_vals.key_dir);
-        entry.verity_loc = std::move(flag_vals.verity_loc);
-        entry.length = flag_vals.part_length;
-        entry.label = std::move(flag_vals.label);
-        entry.partnum = flag_vals.partnum;
-        entry.swap_prio = flag_vals.swap_prio;
-        entry.max_comp_streams = flag_vals.max_comp_streams;
-        entry.zram_size = flag_vals.zram_size;
-        entry.reserved_size = flag_vals.reserved_size;
-        entry.file_contents_mode = flag_vals.file_contents_mode;
-        entry.file_names_mode = flag_vals.file_names_mode;
-        entry.erase_blk_size = flag_vals.erase_blk_size;
-        entry.logical_blk_size = flag_vals.logical_blk_size;
-        entry.sysfs_path = std::move(flag_vals.sysfs_path);
-        entry.vbmeta_partition = std::move(flag_vals.vbmeta_partition);
-        entry.zram_loopback_path = std::move(flag_vals.zram_loopback_path);
-        entry.zram_loopback_size = std::move(flag_vals.zram_loopback_size);
-        entry.zram_backing_dev_path = std::move(flag_vals.zram_backing_dev_path);
+        ParseFsMgrFlags(p, &entry);
+
         if (entry.fs_mgr_flags.logical) {
             entry.logical_partition_name = entry.blk_device;
         }
@@ -627,7 +554,7 @@
  *   /dev/block/pci/soc.0/f9824900.sdhci/by-name/vendor
  * it returns a set { "soc/1da4000.ufshc", "soc.0/f9824900.sdhci" }.
  */
-static std::set<std::string> extract_boot_devices(const Fstab& fstab) {
+std::set<std::string> ExtraBootDevices(const Fstab& fstab) {
     std::set<std::string> boot_devices;
 
     for (const auto& entry : fstab) {
@@ -660,13 +587,13 @@
     return boot_devices;
 }
 
-static void EraseFstabEntry(Fstab* fstab, const std::string& mount_point) {
+void EraseFstabEntry(Fstab* fstab, const std::string& mount_point) {
     auto iter = std::remove_if(fstab->begin(), fstab->end(),
                                [&](const auto& entry) { return entry.mount_point == mount_point; });
     fstab->erase(iter, fstab->end());
 }
 
-static void TransformFstabForGsi(Fstab* fstab) {
+void TransformFstabForGsi(Fstab* fstab) {
     EraseFstabEntry(fstab, "/system");
     EraseFstabEntry(fstab, "/data");
 
@@ -686,9 +613,12 @@
     userdata.fs_mgr_flags.logical = true;
     userdata.fs_mgr_flags.quota = true;
     userdata.fs_mgr_flags.late_mount = true;
+    userdata.fs_mgr_flags.formattable = true;
     fstab->emplace_back(userdata);
 }
 
+}  // namespace
+
 bool ReadFstabFromFile(const std::string& path, Fstab* fstab) {
     auto fstab_file = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
     if (!fstab_file) {
@@ -698,7 +628,7 @@
 
     bool is_proc_mounts = path == "/proc/mounts";
 
-    if (!fs_mgr_read_fstab_file(fstab_file.get(), is_proc_mounts, fstab)) {
+    if (!ReadFstabFile(fstab_file.get(), is_proc_mounts, fstab)) {
         LERROR << __FUNCTION__ << "(): failed to load fstab from : '" << path << "'";
         return false;
     }
@@ -709,20 +639,11 @@
     return true;
 }
 
-struct fstab* fs_mgr_read_fstab(const char* fstab_path) {
-    Fstab fstab;
-    if (!ReadFstabFromFile(fstab_path, &fstab)) {
-        return nullptr;
-    }
-
-    return FstabToLegacyFstab(fstab);
-}
-
 // Returns fstab entries parsed from the device tree if they exist
-bool ReadFstabFromDt(Fstab* fstab) {
-    std::string fstab_buf = read_fstab_from_dt();
+bool ReadFstabFromDt(Fstab* fstab, bool log) {
+    std::string fstab_buf = ReadFstabFromDt();
     if (fstab_buf.empty()) {
-        LINFO << __FUNCTION__ << "(): failed to read fstab from dt";
+        if (log) LINFO << __FUNCTION__ << "(): failed to read fstab from dt";
         return false;
     }
 
@@ -730,55 +651,25 @@
         fmemopen(static_cast<void*>(const_cast<char*>(fstab_buf.c_str())),
                  fstab_buf.length(), "r"), fclose);
     if (!fstab_file) {
-        PERROR << __FUNCTION__ << "(): failed to create a file stream for fstab dt";
+        if (log) PERROR << __FUNCTION__ << "(): failed to create a file stream for fstab dt";
         return false;
     }
 
-    if (!fs_mgr_read_fstab_file(fstab_file.get(), false, fstab)) {
-        LERROR << __FUNCTION__ << "(): failed to load fstab from kernel:"
-               << std::endl << fstab_buf;
+    if (!ReadFstabFile(fstab_file.get(), false, fstab)) {
+        if (log) {
+            LERROR << __FUNCTION__ << "(): failed to load fstab from kernel:" << std::endl
+                   << fstab_buf;
+        }
         return false;
     }
 
     return true;
 }
 
-struct fstab* fs_mgr_read_fstab_dt() {
-    Fstab fstab;
-    if (!ReadFstabFromDt(&fstab)) {
-        return nullptr;
-    }
-
-    return FstabToLegacyFstab(fstab);
-}
-
-/*
- * Identify path to fstab file. Lookup is based on pattern
- * fstab.<hardware>, fstab.<hardware.platform> in folders
-   /odm/etc, vendor/etc, or /.
- */
-static std::string get_fstab_path()
-{
-    for (const char* prop : {"hardware", "hardware.platform"}) {
-        std::string hw;
-
-        if (!fs_mgr_get_boot_config(prop, &hw)) continue;
-
-        for (const char* prefix : {"/odm/etc/fstab.", "/vendor/etc/fstab.", "/fstab."}) {
-            std::string fstab_path = prefix + hw;
-            if (access(fstab_path.c_str(), F_OK) == 0) {
-                return fstab_path;
-            }
-        }
-    }
-
-    return std::string();
-}
-
 // Loads the fstab file and combines with fstab entries passed in from device tree.
 bool ReadDefaultFstab(Fstab* fstab) {
     Fstab dt_fstab;
-    ReadFstabFromDt(&dt_fstab);
+    ReadFstabFromDt(&dt_fstab, false);
 
     *fstab = std::move(dt_fstab);
 
@@ -787,7 +678,7 @@
     if (access("/system/bin/recovery", F_OK) == 0) {
         default_fstab_path = "/etc/recovery.fstab";
     } else {  // normal boot
-        default_fstab_path = get_fstab_path();
+        default_fstab_path = GetFstabPath();
     }
 
     Fstab default_fstab;
@@ -804,96 +695,26 @@
     return !fstab->empty();
 }
 
-struct fstab* fs_mgr_read_fstab_default() {
-    Fstab fstab;
-    if (!ReadDefaultFstab(&fstab)) {
+FstabEntry* GetEntryForMountPoint(Fstab* fstab, const std::string& path) {
+    if (fstab == nullptr) {
         return nullptr;
     }
 
-    return FstabToLegacyFstab(fstab);
-}
-
-void fs_mgr_free_fstab(struct fstab *fstab)
-{
-    int i;
-
-    if (!fstab) {
-        return;
-    }
-
-    for (i = 0; i < fstab->num_entries; i++) {
-        /* Free the pointers return by strdup(3) */
-        free(fstab->recs[i].blk_device);
-        free(fstab->recs[i].logical_partition_name);
-        free(fstab->recs[i].mount_point);
-        free(fstab->recs[i].fs_type);
-        free(fstab->recs[i].fs_options);
-        free(fstab->recs[i].key_loc);
-        free(fstab->recs[i].key_dir);
-        free(fstab->recs[i].label);
-        free(fstab->recs[i].sysfs_path);
-        free(fstab->recs[i].zram_loopback_path);
-        free(fstab->recs[i].zram_backing_dev_path);
-    }
-
-    /* Free the fstab_recs array created by calloc(3) */
-    free(fstab->recs);
-
-    /* Free fstab */
-    free(fstab);
-}
-
-/* Add an entry to the fstab, and return 0 on success or -1 on error */
-int fs_mgr_add_entry(struct fstab *fstab,
-                     const char *mount_point, const char *fs_type,
-                     const char *blk_device)
-{
-    struct fstab_rec *new_fstab_recs;
-    int n = fstab->num_entries;
-
-    new_fstab_recs = (struct fstab_rec *)
-                     realloc(fstab->recs, sizeof(struct fstab_rec) * (n + 1));
-
-    if (!new_fstab_recs) {
-        return -1;
-    }
-
-    /* A new entry was added, so initialize it */
-     memset(&new_fstab_recs[n], 0, sizeof(struct fstab_rec));
-     new_fstab_recs[n].mount_point = strdup(mount_point);
-     new_fstab_recs[n].fs_type = strdup(fs_type);
-     new_fstab_recs[n].blk_device = strdup(blk_device);
-     new_fstab_recs[n].length = 0;
-
-     /* Update the fstab struct */
-     fstab->recs = new_fstab_recs;
-     fstab->num_entries++;
-
-     return 0;
-}
-
-/*
- * Returns the fstab_rec* whose mount_point is path.
- * Returns nullptr if not found.
- */
-struct fstab_rec* fs_mgr_get_entry_for_mount_point(struct fstab* fstab, const std::string& path) {
-    if (!fstab) {
-        return nullptr;
-    }
-    for (int i = 0; i < fstab->num_entries; i++) {
-        if (fstab->recs[i].mount_point && path == fstab->recs[i].mount_point) {
-            return &fstab->recs[i];
+    for (auto& entry : *fstab) {
+        if (entry.mount_point == path) {
+            return &entry;
         }
     }
+
     return nullptr;
 }
 
-std::set<std::string> fs_mgr_get_boot_devices() {
+std::set<std::string> GetBootDevices() {
     // First check the kernel commandline, then try the device tree otherwise
     std::string dt_file_name = get_android_dt_dir() + "/boot_devices";
     std::string value;
     if (fs_mgr_get_boot_config_from_kernel_cmdline("boot_devices", &value) ||
-        read_dt_file(dt_file_name, &value)) {
+        ReadDtFile(dt_file_name, &value)) {
         auto boot_devices = Split(value, ",");
         return std::set<std::string>(boot_devices.begin(), boot_devices.end());
     }
@@ -904,204 +725,42 @@
         return {};
     }
 
-    return extract_boot_devices(fstab);
-}
-
-FstabEntry FstabRecToFstabEntry(const fstab_rec* fstab_rec) {
-    FstabEntry entry;
-    entry.blk_device = fstab_rec->blk_device;
-    entry.logical_partition_name = fstab_rec->logical_partition_name;
-    entry.mount_point = fstab_rec->mount_point;
-    entry.fs_type = fstab_rec->fs_type;
-    entry.flags = fstab_rec->flags;
-    entry.fs_options = fstab_rec->fs_options;
-    entry.fs_mgr_flags.val = fstab_rec->fs_mgr_flags;
-    entry.key_loc = fstab_rec->key_loc;
-    entry.key_dir = fstab_rec->key_dir;
-    entry.verity_loc = fstab_rec->verity_loc;
-    entry.length = fstab_rec->length;
-    entry.label = fstab_rec->label;
-    entry.partnum = fstab_rec->partnum;
-    entry.swap_prio = fstab_rec->swap_prio;
-    entry.max_comp_streams = fstab_rec->max_comp_streams;
-    entry.zram_size = fstab_rec->zram_size;
-    entry.reserved_size = fstab_rec->reserved_size;
-    entry.file_contents_mode = fstab_rec->file_contents_mode;
-    entry.file_names_mode = fstab_rec->file_names_mode;
-    entry.erase_blk_size = fstab_rec->erase_blk_size;
-    entry.logical_blk_size = fstab_rec->logical_blk_size;
-    entry.sysfs_path = fstab_rec->sysfs_path;
-    entry.zram_loopback_path = fstab_rec->zram_loopback_path;
-    entry.zram_loopback_size = fstab_rec->zram_loopback_size;
-    entry.zram_backing_dev_path = fstab_rec->zram_backing_dev_path;
-
-    return entry;
-}
-
-Fstab LegacyFstabToFstab(const struct fstab* legacy_fstab) {
-    Fstab fstab;
-    for (int i = 0; i < legacy_fstab->num_entries; i++) {
-        fstab.emplace_back(FstabRecToFstabEntry(&legacy_fstab->recs[i]));
-    }
-
-    return fstab;
-}
-
-fstab* FstabToLegacyFstab(const Fstab& fstab) {
-    struct fstab* legacy_fstab = static_cast<struct fstab*>(calloc(1, sizeof(struct fstab)));
-    legacy_fstab->num_entries = fstab.size();
-    legacy_fstab->recs =
-            static_cast<fstab_rec*>(calloc(legacy_fstab->num_entries, sizeof(fstab_rec)));
-
-    for (int i = 0; i < legacy_fstab->num_entries; i++) {
-        legacy_fstab->recs[i].blk_device = strdup(fstab[i].blk_device.c_str());
-        legacy_fstab->recs[i].logical_partition_name =
-                strdup(fstab[i].logical_partition_name.c_str());
-        legacy_fstab->recs[i].mount_point = strdup(fstab[i].mount_point.c_str());
-        legacy_fstab->recs[i].fs_type = strdup(fstab[i].fs_type.c_str());
-        legacy_fstab->recs[i].flags = fstab[i].flags;
-        legacy_fstab->recs[i].fs_options = strdup(fstab[i].fs_options.c_str());
-        legacy_fstab->recs[i].fs_mgr_flags = fstab[i].fs_mgr_flags.val;
-        legacy_fstab->recs[i].key_loc = strdup(fstab[i].key_loc.c_str());
-        legacy_fstab->recs[i].key_dir = strdup(fstab[i].key_dir.c_str());
-        legacy_fstab->recs[i].verity_loc = strdup(fstab[i].verity_loc.c_str());
-        legacy_fstab->recs[i].length = fstab[i].length;
-        legacy_fstab->recs[i].label = strdup(fstab[i].label.c_str());
-        legacy_fstab->recs[i].partnum = fstab[i].partnum;
-        legacy_fstab->recs[i].swap_prio = fstab[i].swap_prio;
-        legacy_fstab->recs[i].max_comp_streams = fstab[i].max_comp_streams;
-        legacy_fstab->recs[i].zram_size = fstab[i].zram_size;
-        legacy_fstab->recs[i].reserved_size = fstab[i].reserved_size;
-        legacy_fstab->recs[i].file_contents_mode = fstab[i].file_contents_mode;
-        legacy_fstab->recs[i].file_names_mode = fstab[i].file_names_mode;
-        legacy_fstab->recs[i].erase_blk_size = fstab[i].erase_blk_size;
-        legacy_fstab->recs[i].logical_blk_size = fstab[i].logical_blk_size;
-        legacy_fstab->recs[i].sysfs_path = strdup(fstab[i].sysfs_path.c_str());
-        legacy_fstab->recs[i].zram_loopback_path = strdup(fstab[i].zram_loopback_path.c_str());
-        legacy_fstab->recs[i].zram_loopback_size = fstab[i].zram_loopback_size;
-        legacy_fstab->recs[i].zram_backing_dev_path = strdup(fstab[i].zram_backing_dev_path.c_str());
-    }
-    return legacy_fstab;
-}
-
-int fs_mgr_is_voldmanaged(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & MF_VOLDMANAGED;
-}
-
-int fs_mgr_is_nonremovable(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & MF_NONREMOVABLE;
-}
-
-int fs_mgr_is_verified(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & MF_VERIFY;
-}
-
-int fs_mgr_is_avb(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & MF_AVB;
-}
-
-int fs_mgr_is_verifyatboot(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & MF_VERIFYATBOOT;
-}
-
-int fs_mgr_is_encryptable(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT | MF_FORCEFDEORFBE);
-}
-
-int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & MF_FILEENCRYPTION;
-}
-
-void fs_mgr_get_file_encryption_modes(const struct fstab_rec *fstab,
-                                      const char **contents_mode_ret,
-                                      const char **filenames_mode_ret)
-{
-    *contents_mode_ret = flag_to_encryption_mode(file_contents_encryption_modes,
-                                                 fstab->file_contents_mode);
-    *filenames_mode_ret = flag_to_encryption_mode(file_names_encryption_modes,
-                                                  fstab->file_names_mode);
-}
-
-int fs_mgr_is_convertible_to_fbe(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & MF_FORCEFDEORFBE;
-}
-
-int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & MF_NOEMULATEDSD;
-}
-
-int fs_mgr_is_notrim(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_NOTRIM;
-}
-
-int fs_mgr_is_formattable(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & (MF_FORMATTABLE);
-}
-
-int fs_mgr_is_slotselect(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_SLOTSELECT;
-}
-
-int fs_mgr_is_nofail(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_NOFAIL;
-}
-
-int fs_mgr_is_first_stage_mount(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_FIRST_STAGE_MOUNT;
-}
-
-int fs_mgr_is_latemount(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_LATEMOUNT;
-}
-
-int fs_mgr_is_quota(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_QUOTA;
-}
-
-int fs_mgr_has_sysfs_path(const struct fstab_rec *fstab)
-{
-    return fstab->fs_mgr_flags & MF_SYSFS;
-}
-
-int fs_mgr_is_logical(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_LOGICAL;
-}
-
-int fs_mgr_is_checkpoint(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & (MF_CHECKPOINT_FS | MF_CHECKPOINT_BLK);
-}
-
-int fs_mgr_is_checkpoint_fs(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_CHECKPOINT_FS;
-}
-
-int fs_mgr_is_checkpoint_blk(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_CHECKPOINT_BLK;
-}
-
-int fs_mgr_is_fs_verity(const struct fstab_rec* fstab) {
-    return fstab->fs_mgr_flags & MF_FS_VERITY;
+    return ExtraBootDevices(fstab);
 }
 
 FstabEntry BuildGsiSystemFstabEntry() {
-    FstabEntry system = {
-            .blk_device = "system_gsi",
-            .mount_point = "/system",
-            .fs_type = "ext4",
-            .flags = MS_RDONLY,
-            .fs_options = "barrier=1",
-    };
+    // .logical_partition_name is required to look up AVB Hashtree descriptors.
+    FstabEntry system = {.blk_device = "system_gsi",
+                         .mount_point = "/system",
+                         .fs_type = "ext4",
+                         .flags = MS_RDONLY,
+                         .fs_options = "barrier=1",
+                         .avb_key = "/gsi.avbpubkey",
+                         .logical_partition_name = "system"};
     system.fs_mgr_flags.wait = true;
     system.fs_mgr_flags.logical = true;
     system.fs_mgr_flags.first_stage_mount = true;
     return system;
 }
+
+}  // namespace fs_mgr
+}  // namespace android
+
+// FIXME: The same logic is duplicated in system/core/init/
+const std::string& get_android_dt_dir() {
+    // Set once and saves time for subsequent calls to this function
+    static const std::string kAndroidDtDir = android::fs_mgr::InitAndroidDtDir();
+    return kAndroidDtDir;
+}
+
+bool is_dt_compatible() {
+    std::string file_name = get_android_dt_dir() + "/compatible";
+    std::string dt_value;
+    if (android::fs_mgr::ReadDtFile(file_name, &dt_value)) {
+        if (dt_value == "android,firmware") {
+            return true;
+        }
+    }
+
+    return false;
+}
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index 2c4299a..c7d2cb9 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -564,9 +564,8 @@
     if (std::find(verity.begin(), verity.end(), "system") != verity.end()) return mounts;
 
     // confirm that fstab is missing system
-    if (std::find_if(fstab->begin(), fstab->end(), [](const auto& entry) {
-            return entry.mount_point == "/" || entry.mount_point == "/system ";
-        }) != fstab->end()) {
+    if (GetEntryForMountPoint(fstab, "/") != nullptr ||
+        GetEntryForMountPoint(fstab, "/system") != nullptr) {
         return mounts;
     }
 
@@ -847,9 +846,7 @@
 std::vector<std::string> fs_mgr_overlayfs_required_devices(Fstab* fstab) {
     if (fs_mgr_overlayfs_invalid()) return {};
 
-    if (std::find_if(fstab->begin(), fstab->end(), [](const auto& entry) {
-            return entry.mount_point == kScratchMountPoint;
-        }) != fstab->end()) {
+    if (GetEntryForMountPoint(fstab, kScratchMountPoint) != nullptr) {
         return {};
     }
 
@@ -889,9 +886,7 @@
         if (overlay_mount_point == kScratchMountPoint) {
             if (!fs_mgr_overlayfs_setup_scratch(fstab, change)) continue;
         } else {
-            if (std::find_if(fstab.begin(), fstab.end(), [&overlay_mount_point](const auto& entry) {
-                    return entry.mount_point == overlay_mount_point;
-                }) == fstab.end()) {
+            if (GetEntryForMountPoint(&fstab, overlay_mount_point) == nullptr) {
                 continue;
             }
         }
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 3b9ddee..166c32b 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-#ifndef __CORE_FS_MGR_PRIV_H
-#define __CORE_FS_MGR_PRIV_H
+#pragma once
 
 #include <chrono>
 #include <string>
@@ -85,53 +84,6 @@
  *
  */
 
-// clang-format off
-#define MF_WAIT                  0x1
-#define MF_CHECK                 0x2
-#define MF_CRYPT                 0x4
-#define MF_NONREMOVABLE          0x8
-#define MF_VOLDMANAGED          0x10
-#define MF_LENGTH               0x20
-#define MF_RECOVERYONLY         0x40
-#define MF_SWAPPRIO             0x80
-#define MF_ZRAMSIZE            0x100
-#define MF_VERIFY              0x200
-#define MF_FORCECRYPT          0x400
-#define MF_NOEMULATEDSD        0x800 /* no emulated sdcard daemon, sd card is the only
-                                        external storage */
-#define MF_NOTRIM             0x1000
-#define MF_FILEENCRYPTION     0x2000
-#define MF_FORMATTABLE        0x4000
-#define MF_SLOTSELECT         0x8000
-#define MF_FORCEFDEORFBE     0x10000
-#define MF_LATEMOUNT         0x20000
-#define MF_NOFAIL            0x40000
-#define MF_VERIFYATBOOT      0x80000
-#define MF_MAX_COMP_STREAMS 0x100000
-#define MF_RESERVEDSIZE     0x200000
-#define MF_QUOTA            0x400000
-#define MF_ERASEBLKSIZE     0x800000
-#define MF_LOGICALBLKSIZE  0X1000000
-#define MF_AVB             0X2000000
-#define MF_KEYDIRECTORY    0X4000000
-#define MF_SYSFS           0X8000000
-#define MF_LOGICAL        0x10000000
-#define MF_CHECKPOINT_BLK 0x20000000
-#define MF_CHECKPOINT_FS  0x40000000
-#define MF_FIRST_STAGE_MOUNT \
-                          0x80000000
-#define MF_SLOTSELECT_OTHER  \
-                         0x100000000
-#define MF_ZRAM_LOOPBACK_PATH    \
-                         0x200000000
-#define MF_ZRAM_LOOPBACK_SIZE    \
-                         0x400000000
-#define MF_ZRAM_BACKING_DEV_PATH \
-                         0x800000000
-#define MF_FS_VERITY  \
-                         0x1000000000
-// clang-format on
-
 #define DM_BUF_SIZE 4096
 
 using namespace std::chrono_literals;
@@ -143,10 +95,8 @@
                           FileWaitMode wait_mode = FileWaitMode::Exists);
 
 bool fs_mgr_set_blk_ro(const std::string& blockdev, bool readonly = true);
-bool fs_mgr_update_for_slotselect(Fstab* fstab);
+bool fs_mgr_update_for_slotselect(android::fs_mgr::Fstab* fstab);
 bool fs_mgr_is_device_unlocked();
 const std::string& get_android_dt_dir();
 bool is_dt_compatible();
-int load_verity_state(const FstabEntry& entry, int* mode);
-
-#endif /* __CORE_FS_MGR_PRIV_H */
+int load_verity_state(const android::fs_mgr::FstabEntry& entry, int* mode);
diff --git a/fs_mgr/fs_mgr_roots.cpp b/fs_mgr/fs_mgr_roots.cpp
index 32a5d21..58ef9b6 100644
--- a/fs_mgr/fs_mgr_roots.cpp
+++ b/fs_mgr/fs_mgr_roots.cpp
@@ -37,9 +37,8 @@
     if (path.empty()) return nullptr;
     std::string str(path);
     while (true) {
-        auto it = std::find_if(fstab->begin(), fstab->end(),
-                               [&str](const auto& entry) { return entry.mount_point == str; });
-        if (it != fstab->end()) return &*it;
+        auto entry = GetEntryForMountPoint(fstab, str);
+        if (entry != nullptr) return entry;
         if (str == "/") break;
         auto slash = str.find_last_of('/');
         if (slash == std::string::npos) break;
@@ -65,10 +64,8 @@
         return MountState::ERROR;
     }
 
-    auto mv = std::find_if(
-            mounted_fstab.begin(), mounted_fstab.end(),
-            [&mount_point](const auto& entry) { return entry.mount_point == mount_point; });
-    if (mv != mounted_fstab.end()) {
+    auto mv = GetEntryForMountPoint(&mounted_fstab, mount_point);
+    if (mv != nullptr) {
         return MountState::MOUNTED;
     }
     return MountState::NOT_MOUNTED;
@@ -178,9 +175,8 @@
         return "";
     }
 
-    auto it = std::find_if(fstab.begin(), fstab.end(),
-                           [](const auto& entry) { return entry.mount_point == kSystemRoot; });
-    if (it == fstab.end()) {
+    auto entry = GetEntryForMountPoint(&fstab, kSystemRoot);
+    if (entry == nullptr) {
         return "/";
     }
 
diff --git a/fs_mgr/fs_mgr_slotselect.cpp b/fs_mgr/fs_mgr_slotselect.cpp
index 41cd7dd..09c1b7e 100644
--- a/fs_mgr/fs_mgr_slotselect.cpp
+++ b/fs_mgr/fs_mgr_slotselect.cpp
@@ -21,6 +21,9 @@
 #include "fs_mgr.h"
 #include "fs_mgr_priv.h"
 
+// Realistically, this file should be part of the android::fs_mgr namespace;
+using namespace android::fs_mgr;
+
 // https://source.android.com/devices/tech/ota/ab/ab_implement#partitions
 // All partitions that are A/B-ed should be named as follows (slots are always
 // named a, b, etc.): boot_a, boot_b, system_a, system_b, vendor_a, vendor_b.
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index 9adf8cc..c53e866 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -46,6 +46,9 @@
 #include "fs_mgr.h"
 #include "fs_mgr_priv.h"
 
+// Realistically, this file should be part of the android::fs_mgr namespace;
+using namespace android::fs_mgr;
+
 #define VERITY_TABLE_RSA_KEY "/verity_key"
 #define VERITY_TABLE_HASH_IDX 8
 #define VERITY_TABLE_SALT_IDX 9
diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h
index e87332f..8af80a7 100644
--- a/fs_mgr/include/fs_mgr.h
+++ b/fs_mgr/include/fs_mgr.h
@@ -60,35 +60,31 @@
 #define FS_MGR_MNTALL_DEV_NOT_ENCRYPTABLE 0
 #define FS_MGR_MNTALL_FAIL (-1)
 // fs_mgr_mount_all() updates fstab entries that reference device-mapper.
-int fs_mgr_mount_all(Fstab* fstab, int mount_mode);
+int fs_mgr_mount_all(android::fs_mgr::Fstab* fstab, int mount_mode);
 
 #define FS_MGR_DOMNT_FAILED (-1)
 #define FS_MGR_DOMNT_BUSY (-2)
 #define FS_MGR_DOMNT_SUCCESS 0
-
-int fs_mgr_do_mount(fstab* fstab, const char* n_name, char* n_blk_device, char* tmp_mount_point);
-int fs_mgr_do_mount(fstab* fstab, const char* n_name, char* n_blk_device, char* tmp_mount_point,
-                    bool need_cp);
-int fs_mgr_do_mount_one(const FstabEntry& entry, const std::string& mount_point = "");
-int fs_mgr_do_mount_one(fstab_rec* rec);
+int fs_mgr_do_mount(android::fs_mgr::Fstab* fstab, const char* n_name, char* n_blk_device,
+                    char* tmp_mount_point);
+int fs_mgr_do_mount(android::fs_mgr::Fstab* fstab, const char* n_name, char* n_blk_device,
+                    char* tmp_mount_point, bool need_cp);
+int fs_mgr_do_mount_one(const android::fs_mgr::FstabEntry& entry,
+                        const std::string& mount_point = "");
 int fs_mgr_do_tmpfs_mount(const char *n_name);
-fstab_rec const* fs_mgr_get_crypt_entry(fstab const* fstab);
-void fs_mgr_get_crypt_info(fstab* fstab, char* key_loc, char* real_blk_device, size_t size);
 bool fs_mgr_load_verity_state(int* mode);
 bool fs_mgr_update_verity_state(
         std::function<void(const std::string& mount_point, int mode)> callback);
-bool fs_mgr_swapon_all(const Fstab& fstab);
-bool fs_mgr_update_logical_partition(FstabEntry* entry);
-bool fs_mgr_update_logical_partition(struct fstab_rec* rec);
+bool fs_mgr_swapon_all(const android::fs_mgr::Fstab& fstab);
+bool fs_mgr_update_logical_partition(android::fs_mgr::FstabEntry* entry);
 
-int fs_mgr_do_format(const FstabEntry& entry, bool reserve_footer);
-int fs_mgr_do_format(fstab_rec* rec, bool reserve_footer);
+int fs_mgr_do_format(const android::fs_mgr::FstabEntry& entry, bool reserve_footer);
 
 #define FS_MGR_SETUP_VERITY_SKIPPED  (-3)
 #define FS_MGR_SETUP_VERITY_DISABLED (-2)
 #define FS_MGR_SETUP_VERITY_FAIL (-1)
 #define FS_MGR_SETUP_VERITY_SUCCESS 0
-int fs_mgr_setup_verity(FstabEntry* fstab, bool wait_for_verity_dev);
+int fs_mgr_setup_verity(android::fs_mgr::FstabEntry* fstab, bool wait_for_verity_dev);
 
 // Return the name of the super partition if it exists. If a slot number is
 // specified, the super partition for the corresponding metadata slot will be
diff --git a/fs_mgr/include/fs_mgr_overlayfs.h b/fs_mgr/include/fs_mgr_overlayfs.h
index 4bf2238..64682cc 100644
--- a/fs_mgr/include/fs_mgr_overlayfs.h
+++ b/fs_mgr/include/fs_mgr_overlayfs.h
@@ -21,8 +21,8 @@
 #include <string>
 #include <vector>
 
-bool fs_mgr_overlayfs_mount_all(Fstab* fstab);
-std::vector<std::string> fs_mgr_overlayfs_required_devices(Fstab* fstab);
+bool fs_mgr_overlayfs_mount_all(android::fs_mgr::Fstab* fstab);
+std::vector<std::string> fs_mgr_overlayfs_required_devices(android::fs_mgr::Fstab* fstab);
 bool fs_mgr_overlayfs_setup(const char* backing = nullptr, const char* mount_point = nullptr,
                             bool* change = nullptr);
 bool fs_mgr_overlayfs_teardown(const char* mount_point = nullptr, bool* change = nullptr);
diff --git a/fs_mgr/include_fstab/fstab/fstab.h b/fs_mgr/include_fstab/fstab/fstab.h
index 38f96c0..a3d9fdd 100644
--- a/fs_mgr/include_fstab/fstab/fstab.h
+++ b/fs_mgr/include_fstab/fstab/fstab.h
@@ -16,90 +16,18 @@
 
 #pragma once
 
-#include <linux/dm-ioctl.h>
-#include <stdbool.h>
 #include <stdint.h>
-#include <stdio.h>
 #include <sys/types.h>
 
 #include <set>
 #include <string>
 #include <vector>
 
-/*
- * The entries must be kept in the same order as they were seen in the fstab.
- * Unless explicitly requested, a lookup on mount point should always
- * return the 1st one.
- */
-struct fstab {
-    int num_entries;
-    struct fstab_rec* recs;
-};
-
-struct fstab_rec {
-    char* blk_device;
-    char* logical_partition_name;
-    char* mount_point;
-    char* fs_type;
-    unsigned long flags;
-    char* fs_options;
-    uint64_t fs_mgr_flags;
-    char* key_loc;
-    char* key_dir;
-    char* verity_loc;
-    off64_t length;
-    char* label;
-    int partnum;
-    int swap_prio;
-    int max_comp_streams;
-    off64_t zram_size;
-    off64_t reserved_size;
-    int file_contents_mode;
-    int file_names_mode;
-    off64_t erase_blk_size;
-    off64_t logical_blk_size;
-    char* sysfs_path;
-    char* zram_loopback_path;
-    uint64_t zram_loopback_size;
-    char* zram_backing_dev_path;
-};
-
-struct fstab* fs_mgr_read_fstab_default();
-struct fstab* fs_mgr_read_fstab_dt();
-struct fstab* fs_mgr_read_fstab(const char* fstab_path);
-void fs_mgr_free_fstab(struct fstab* fstab);
-
-int fs_mgr_add_entry(struct fstab* fstab, const char* mount_point, const char* fs_type,
-                     const char* blk_device);
-struct fstab_rec* fs_mgr_get_entry_for_mount_point(struct fstab* fstab, const std::string& path);
-int fs_mgr_is_voldmanaged(const struct fstab_rec* fstab);
-int fs_mgr_is_nonremovable(const struct fstab_rec* fstab);
-int fs_mgr_is_verified(const struct fstab_rec* fstab);
-int fs_mgr_is_verifyatboot(const struct fstab_rec* fstab);
-int fs_mgr_is_avb(const struct fstab_rec* fstab);
-int fs_mgr_is_encryptable(const struct fstab_rec* fstab);
-int fs_mgr_is_file_encrypted(const struct fstab_rec* fstab);
-void fs_mgr_get_file_encryption_modes(const struct fstab_rec* fstab, const char** contents_mode_ret,
-                                      const char** filenames_mode_ret);
-int fs_mgr_is_convertible_to_fbe(const struct fstab_rec* fstab);
-int fs_mgr_is_noemulatedsd(const struct fstab_rec* fstab);
-int fs_mgr_is_notrim(const struct fstab_rec* fstab);
-int fs_mgr_is_formattable(const struct fstab_rec* fstab);
-int fs_mgr_is_slotselect(const struct fstab_rec* fstab);
-int fs_mgr_is_nofail(const struct fstab_rec* fstab);
-int fs_mgr_is_first_stage_mount(const struct fstab_rec* fstab);
-int fs_mgr_is_latemount(const struct fstab_rec* fstab);
-int fs_mgr_is_quota(const struct fstab_rec* fstab);
-int fs_mgr_is_logical(const struct fstab_rec* fstab);
-int fs_mgr_is_checkpoint(const struct fstab_rec* fstab);
-int fs_mgr_is_checkpoint_fs(const struct fstab_rec* fstab);
-int fs_mgr_is_checkpoint_blk(const struct fstab_rec* fstab);
-int fs_mgr_has_sysfs_path(const struct fstab_rec* fstab);
-int fs_mgr_is_fs_verity(const struct fstab_rec* fstab);
-
 std::string fs_mgr_get_slot_suffix();
 std::string fs_mgr_get_other_slot_suffix();
-std::set<std::string> fs_mgr_get_boot_devices();
+
+namespace android {
+namespace fs_mgr {
 
 struct FstabEntry {
     std::string blk_device;
@@ -118,70 +46,45 @@
     int max_comp_streams = 0;
     off64_t zram_size = 0;
     off64_t reserved_size = 0;
-    int file_contents_mode = 0;
-    int file_names_mode = 0;
+    std::string file_contents_mode;
+    std::string file_names_mode;
     off64_t erase_blk_size = 0;
     off64_t logical_blk_size = 0;
     std::string sysfs_path;
     std::string vbmeta_partition;
     std::string zram_loopback_path;
-    uint64_t zram_loopback_size;
+    uint64_t zram_loopback_size = 512 * 1024 * 1024;  // 512MB by default;
     std::string zram_backing_dev_path;
+    std::string avb_key;
 
-    // TODO: Remove this union once fstab_rec is deprecated. It only serves as a
-    // convenient way to convert between fstab_rec::fs_mgr_flags and these bools.
-    union {
-        uint64_t val;
-        struct {
-            // bit 0
-            bool wait : 1;
-            bool check : 1;
-            bool crypt : 1;
-            bool nonremovable : 1;
-            bool vold_managed : 1;
-            bool length : 1;
-            bool recovery_only : 1;
-            bool swap_prio : 1;
-
-            // bit 8
-            bool zram_size : 1;
-            bool verify : 1;
-            bool force_crypt : 1;
-            bool no_emulated_sd : 1;  // No emulated sdcard daemon; sd card is the only external
-                                      // storage.
-            bool no_trim : 1;
-            bool file_encryption : 1;
-            bool formattable : 1;
-            bool slot_select : 1;
-
-            // bit 16
-            bool force_fde_or_fbe : 1;
-            bool late_mount : 1;
-            bool no_fail : 1;
-            bool verify_at_boot : 1;
-            bool max_comp_streams : 1;
-            bool reserved_size : 1;
-            bool quota : 1;
-            bool erase_blk_size : 1;
-
-            // bit 24
-            bool logical_blk_size : 1;
-            bool avb : 1;
-            bool key_directory : 1;
-            bool sysfs : 1;
-            bool logical : 1;
-            bool checkpoint_blk : 1;
-            bool checkpoint_fs : 1;
-            bool first_stage_mount : 1;
-
-            // bit 32
-            bool slot_select_other : 1;
-            bool zram_loopback_path : 1;
-            bool zram_loopback_size : 1;
-            bool zram_backing_dev_path : 1;
-            bool fs_verity : 1;
-        };
-    } fs_mgr_flags;
+    struct FsMgrFlags {
+        bool wait : 1;
+        bool check : 1;
+        bool crypt : 1;
+        bool nonremovable : 1;
+        bool vold_managed : 1;
+        bool recovery_only : 1;
+        bool verify : 1;
+        bool force_crypt : 1;
+        bool no_emulated_sd : 1;  // No emulated sdcard daemon; sd card is the only external
+                                  // storage.
+        bool no_trim : 1;
+        bool file_encryption : 1;
+        bool formattable : 1;
+        bool slot_select : 1;
+        bool force_fde_or_fbe : 1;
+        bool late_mount : 1;
+        bool no_fail : 1;
+        bool verify_at_boot : 1;
+        bool quota : 1;
+        bool avb : 1;
+        bool logical : 1;
+        bool checkpoint_blk : 1;
+        bool checkpoint_fs : 1;
+        bool first_stage_mount : 1;
+        bool slot_select_other : 1;
+        bool fs_verity : 1;
+    } fs_mgr_flags = {};
 
     bool is_encryptable() const {
         return fs_mgr_flags.crypt || fs_mgr_flags.force_crypt || fs_mgr_flags.force_fde_or_fbe;
@@ -189,16 +92,20 @@
 };
 
 // An Fstab is a collection of FstabEntry structs.
+// The entries must be kept in the same order as they were seen in the fstab.
+// Unless explicitly requested, a lookup on mount point should always return the 1st one.
 using Fstab = std::vector<FstabEntry>;
 
 bool ReadFstabFromFile(const std::string& path, Fstab* fstab);
-bool ReadFstabFromDt(Fstab* fstab);
+bool ReadFstabFromDt(Fstab* fstab, bool log = true);
 bool ReadDefaultFstab(Fstab* fstab);
 
-// Temporary conversion functions.
-FstabEntry FstabRecToFstabEntry(const fstab_rec* fstab_rec);
-Fstab LegacyFstabToFstab(const struct fstab* legacy_fstab);
-fstab* FstabToLegacyFstab(const Fstab& fstab);
+FstabEntry* GetEntryForMountPoint(Fstab* fstab, const std::string& path);
 
 // Helper method to build a GSI fstab entry for mounting /system.
 FstabEntry BuildGsiSystemFstabEntry();
+
+std::set<std::string> GetBootDevices();
+
+}  // namespace fs_mgr
+}  // namespace android
diff --git a/fs_mgr/libdm/dm.cpp b/fs_mgr/libdm/dm.cpp
index c6a9e0b..a4614d0 100644
--- a/fs_mgr/libdm/dm.cpp
+++ b/fs_mgr/libdm/dm.cpp
@@ -299,24 +299,25 @@
 // private methods of DeviceMapper
 bool DeviceMapper::GetTable(const std::string& name, uint32_t flags,
                             std::vector<TargetInfo>* table) {
-    char buffer[4096];
-    struct dm_ioctl* io = reinterpret_cast<struct dm_ioctl*>(buffer);
+    std::vector<char> buffer;
+    struct dm_ioctl* io = nullptr;
 
-    InitIo(io, name);
-    io->data_size = sizeof(buffer);
-    io->data_start = sizeof(*io);
-    io->flags = flags;
-    if (ioctl(fd_, DM_TABLE_STATUS, io) < 0) {
-        PLOG(ERROR) << "DM_TABLE_STATUS failed for " << name;
-        return false;
-    }
-    if (io->flags & DM_BUFFER_FULL_FLAG) {
-        PLOG(ERROR) << "DM_TABLE_STATUS result for " << name << " was too large";
-        return false;
+    for (buffer.resize(4096);; buffer.resize(buffer.size() * 2)) {
+        io = reinterpret_cast<struct dm_ioctl*>(&buffer[0]);
+
+        InitIo(io, name);
+        io->data_size = buffer.size();
+        io->data_start = sizeof(*io);
+        io->flags = flags;
+        if (ioctl(fd_, DM_TABLE_STATUS, io) < 0) {
+            PLOG(ERROR) << "DM_TABLE_STATUS failed for " << name;
+            return false;
+        }
+        if (!(io->flags & DM_BUFFER_FULL_FLAG)) break;
     }
 
     uint32_t cursor = io->data_start;
-    uint32_t data_end = std::min(io->data_size, uint32_t(sizeof(buffer)));
+    uint32_t data_end = std::min(io->data_size, uint32_t(buffer.size()));
     for (uint32_t i = 0; i < io->target_count; i++) {
         if (cursor + sizeof(struct dm_target_spec) > data_end) {
             break;
@@ -324,14 +325,14 @@
         // After each dm_target_spec is a status string. spec->next is an
         // offset from |io->data_start|, and we clamp it to the size of our
         // buffer.
-        struct dm_target_spec* spec = reinterpret_cast<struct dm_target_spec*>(buffer + cursor);
+        struct dm_target_spec* spec = reinterpret_cast<struct dm_target_spec*>(&buffer[cursor]);
         uint32_t data_offset = cursor + sizeof(dm_target_spec);
         uint32_t next_cursor = std::min(io->data_start + spec->next, data_end);
 
         std::string data;
         if (next_cursor > data_offset) {
             // Note: we use c_str() to eliminate any extra trailing 0s.
-            data = std::string(buffer + data_offset, next_cursor - data_offset).c_str();
+            data = std::string(&buffer[data_offset], next_cursor - data_offset).c_str();
         }
         table->emplace_back(*spec, data);
         cursor = next_cursor;
diff --git a/fs_mgr/libfiemap_writer/fiemap_writer.cpp b/fs_mgr/libfiemap_writer/fiemap_writer.cpp
index 6ccdb57..b9b75f8 100644
--- a/fs_mgr/libfiemap_writer/fiemap_writer.cpp
+++ b/fs_mgr/libfiemap_writer/fiemap_writer.cpp
@@ -374,14 +374,6 @@
     return IsFilePinned(fd, file_path, sfs.f_type);
 }
 
-static void LogExtent(uint32_t num, const struct fiemap_extent& ext) {
-    LOG(INFO) << "Extent #" << num;
-    LOG(INFO) << "  fe_logical:  " << ext.fe_logical;
-    LOG(INFO) << "  fe_physical: " << ext.fe_physical;
-    LOG(INFO) << "  fe_length:   " << ext.fe_length;
-    LOG(INFO) << "  fe_flags:    0x" << std::hex << ext.fe_flags;
-}
-
 static bool ReadFiemap(int file_fd, const std::string& file_path,
                        std::vector<struct fiemap_extent>* extents) {
     uint64_t fiemap_size =
@@ -473,7 +465,7 @@
     }
 
     ::android::base::unique_fd bdev_fd(
-            TEMP_FAILURE_RETRY(open(bdev_path.c_str(), O_RDWR | O_CLOEXEC)));
+            TEMP_FAILURE_RETRY(open(bdev_path.c_str(), O_RDONLY | O_CLOEXEC)));
     if (bdev_fd < 0) {
         PLOG(ERROR) << "Failed to open block device: " << bdev_path;
         cleanup(file_path, create);
@@ -530,7 +522,6 @@
     fmap->file_path_ = abs_path;
     fmap->bdev_path_ = bdev_path;
     fmap->file_fd_ = std::move(file_fd);
-    fmap->bdev_fd_ = std::move(bdev_fd);
     fmap->file_size_ = file_size;
     fmap->bdev_size_ = bdevsz;
     fmap->fs_type_ = fs_type;
@@ -541,120 +532,9 @@
     return fmap;
 }
 
-bool FiemapWriter::Flush() const {
-    if (fsync(bdev_fd_)) {
-        PLOG(ERROR) << "Failed to flush " << bdev_path_ << " with fsync";
-        return false;
-    }
-    return true;
-}
-
-// TODO: Test with fs block_size > bdev block_size
-bool FiemapWriter::Write(off64_t off, uint8_t* buffer, uint64_t size) {
-    if (!size || size > file_size_) {
-        LOG(ERROR) << "Failed write: size " << size << " is invalid for file's size " << file_size_;
-        return false;
-    }
-
-    if (off + size > file_size_) {
-        LOG(ERROR) << "Failed write: Invalid offset " << off << " or size " << size
-                   << " for file size " << file_size_;
-        return false;
-    }
-
-    if ((off & (block_size_ - 1)) || (size & (block_size_ - 1))) {
-        LOG(ERROR) << "Failed write: Unaligned offset " << off << " or size " << size
-                   << " for block size " << block_size_;
-        return false;
-    }
-
-    if (!IsFilePinned(file_fd_, file_path_, fs_type_)) {
-        LOG(ERROR) << "Failed write: file " << file_path_ << " is not pinned";
-        return false;
-    }
-
-    // find extents that must be written to and then write one at a time.
-    uint32_t num_extent = 1;
-    uint32_t buffer_offset = 0;
-    for (auto& extent : extents_) {
-        uint64_t e_start = extent.fe_logical;
-        uint64_t e_end = extent.fe_logical + extent.fe_length;
-        // Do we write in this extent ?
-        if (off >= e_start && off < e_end) {
-            uint64_t written = WriteExtent(extent, buffer + buffer_offset, off, size);
-            if (written == 0) {
-                return false;
-            }
-
-            buffer_offset += written;
-            off += written;
-            size -= written;
-
-            // Paranoid check to make sure we are done with this extent now
-            if (size && (off >= e_start && off < e_end)) {
-                LOG(ERROR) << "Failed to write extent fully";
-                LogExtent(num_extent, extent);
-                return false;
-            }
-
-            if (size == 0) {
-                // done
-                break;
-            }
-        }
-        num_extent++;
-    }
-
-    return true;
-}
-
 bool FiemapWriter::Read(off64_t off, uint8_t* buffer, uint64_t size) {
     return false;
 }
 
-// private helpers
-
-// WriteExtent() Returns the total number of bytes written. It will always be multiple of
-// block_size_. 0 is returned in one of the two cases.
-//  1. Any write failed between logical_off & logical_off + length.
-//  2. The logical_offset + length doesn't overlap with the extent passed.
-// The function can either partially for fully write the extent depending on the
-// logical_off + length. It is expected that alignment checks for size and offset are
-// performed before calling into this function.
-uint64_t FiemapWriter::WriteExtent(const struct fiemap_extent& ext, uint8_t* buffer,
-                                   off64_t logical_off, uint64_t length) {
-    uint64_t e_start = ext.fe_logical;
-    uint64_t e_end = ext.fe_logical + ext.fe_length;
-    if (logical_off < e_start || logical_off >= e_end) {
-        LOG(ERROR) << "Failed write extent, invalid offset " << logical_off << " and size "
-                   << length;
-        LogExtent(0, ext);
-        return 0;
-    }
-
-    off64_t bdev_offset = ext.fe_physical + (logical_off - e_start);
-    if (bdev_offset >= bdev_size_) {
-        LOG(ERROR) << "Failed write extent, invalid block # " << bdev_offset << " for block device "
-                   << bdev_path_ << " of size " << bdev_size_ << " bytes";
-        return 0;
-    }
-    if (TEMP_FAILURE_RETRY(lseek64(bdev_fd_, bdev_offset, SEEK_SET)) == -1) {
-        PLOG(ERROR) << "Failed write extent, seek offset for " << bdev_path_ << " offset "
-                    << bdev_offset;
-        return 0;
-    }
-
-    // Determine how much we want to write at once.
-    uint64_t logical_end = logical_off + length;
-    uint64_t write_size = (e_end <= logical_end) ? (e_end - logical_off) : length;
-    if (!android::base::WriteFully(bdev_fd_, buffer, write_size)) {
-        PLOG(ERROR) << "Failed write extent, write " << bdev_path_ << " at " << bdev_offset
-                    << " size " << write_size;
-        return 0;
-    }
-
-    return write_size;
-}
-
 }  // namespace fiemap_writer
 }  // namespace android
diff --git a/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp b/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp
index 3d20ff3..41fa959 100644
--- a/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp
+++ b/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp
@@ -138,36 +138,31 @@
     EXPECT_GT(fptr->extents().size(), 0);
 }
 
-TEST_F(FiemapWriterTest, CheckWriteError) {
-    FiemapUniquePtr fptr = FiemapWriter::Open(testfile, testfile_size);
-    ASSERT_NE(fptr, nullptr);
-
-    // prepare buffer for writing the pattern - 0xa0
-    uint64_t blocksize = fptr->block_size();
-    auto buffer = std::unique_ptr<void, decltype(&free)>(calloc(1, blocksize), free);
-    ASSERT_NE(buffer, nullptr);
-    memset(buffer.get(), 0xa0, blocksize);
-
-    uint8_t* p = static_cast<uint8_t*>(buffer.get());
-    for (off64_t off = 0; off < testfile_size; off += blocksize) {
-        ASSERT_TRUE(fptr->Write(off, p, blocksize));
-    }
-
-    EXPECT_TRUE(fptr->Flush());
-}
-
 class TestExistingFile : public ::testing::Test {
   protected:
     void SetUp() override {
         std::string exec_dir = ::android::base::GetExecutableDirectory();
-        std::string unaligned_file = exec_dir + "/testdata/unaligned_file";
-        std::string file_4k = exec_dir + "/testdata/file_4k";
-        std::string file_32k = exec_dir + "/testdata/file_32k";
-        fptr_unaligned = FiemapWriter::Open(unaligned_file, 4097, false);
-        fptr_4k = FiemapWriter::Open(file_4k, 4096, false);
-        fptr_32k = FiemapWriter::Open(file_32k, 32768, false);
+        unaligned_file_ = exec_dir + "/testdata/unaligned_file";
+        file_4k_ = exec_dir + "/testdata/file_4k";
+        file_32k_ = exec_dir + "/testdata/file_32k";
+
+        CleanupFiles();
+        fptr_unaligned = FiemapWriter::Open(unaligned_file_, 4097);
+        fptr_4k = FiemapWriter::Open(file_4k_, 4096);
+        fptr_32k = FiemapWriter::Open(file_32k_, 32768);
     }
 
+    void TearDown() { CleanupFiles(); }
+
+    void CleanupFiles() {
+        unlink(unaligned_file_.c_str());
+        unlink(file_4k_.c_str());
+        unlink(file_32k_.c_str());
+    }
+
+    std::string unaligned_file_;
+    std::string file_4k_;
+    std::string file_32k_;
     FiemapUniquePtr fptr_unaligned;
     FiemapUniquePtr fptr_4k;
     FiemapUniquePtr fptr_32k;
@@ -184,33 +179,6 @@
     EXPECT_GT(fptr_32k->extents().size(), 0);
 }
 
-TEST_F(TestExistingFile, CheckWriteError) {
-    ASSERT_NE(fptr_4k, nullptr);
-    // prepare buffer for writing the pattern - 0xa0
-    uint64_t blocksize = fptr_4k->block_size();
-    auto buff_4k = std::unique_ptr<void, decltype(&free)>(calloc(1, blocksize), free);
-    ASSERT_NE(buff_4k, nullptr);
-    memset(buff_4k.get(), 0xa0, blocksize);
-
-    uint8_t* p = static_cast<uint8_t*>(buff_4k.get());
-    for (off64_t off = 0; off < 4096; off += blocksize) {
-        ASSERT_TRUE(fptr_4k->Write(off, p, blocksize));
-    }
-    EXPECT_TRUE(fptr_4k->Flush());
-
-    ASSERT_NE(fptr_32k, nullptr);
-    // prepare buffer for writing the pattern - 0xa0
-    blocksize = fptr_32k->block_size();
-    auto buff_32k = std::unique_ptr<void, decltype(&free)>(calloc(1, blocksize), free);
-    ASSERT_NE(buff_32k, nullptr);
-    memset(buff_32k.get(), 0xa0, blocksize);
-    p = static_cast<uint8_t*>(buff_32k.get());
-    for (off64_t off = 0; off < 4096; off += blocksize) {
-        ASSERT_TRUE(fptr_32k->Write(off, p, blocksize));
-    }
-    EXPECT_TRUE(fptr_32k->Flush());
-}
-
 class VerifyBlockWritesExt4 : public ::testing::Test {
     // 2GB Filesystem and 4k block size by default
     static constexpr uint64_t block_size = 4096;
@@ -253,46 +221,6 @@
     std::string fs_path;
 };
 
-TEST_F(VerifyBlockWritesExt4, CheckWrites) {
-    EXPECT_EQ(access(fs_path.c_str(), F_OK), 0);
-
-    std::string file_path = mntpoint + "/testfile";
-    uint64_t file_size = 100 * 1024 * 1024;
-    auto buffer = std::unique_ptr<void, decltype(&free)>(calloc(1, getpagesize()), free);
-    ASSERT_NE(buffer, nullptr);
-    memset(buffer.get(), 0xa0, getpagesize());
-    {
-        // scoped fiemap writer
-        FiemapUniquePtr fptr = FiemapWriter::Open(file_path, file_size);
-        ASSERT_NE(fptr, nullptr);
-        uint8_t* p = static_cast<uint8_t*>(buffer.get());
-        for (off64_t off = 0; off < file_size / getpagesize(); off += getpagesize()) {
-            ASSERT_TRUE(fptr->Write(off, p, getpagesize()));
-        }
-        EXPECT_TRUE(fptr->Flush());
-    }
-    // unmount file system here to make sure we invalidated all page cache and
-    // remount the filesystem again for verification
-    ASSERT_EQ(umount(mntpoint.c_str()), 0);
-
-    LoopDevice loop_dev(fs_path);
-    ASSERT_TRUE(loop_dev.valid());
-    ASSERT_EQ(mount(loop_dev.device().c_str(), mntpoint.c_str(), "ext4", 0, nullptr), 0)
-            << "failed to mount: " << loop_dev.device() << " on " << mntpoint << ": "
-            << strerror(errno);
-
-    ::android::base::unique_fd fd(open(file_path.c_str(), O_RDONLY | O_SYNC));
-    ASSERT_NE(fd, -1);
-    auto filebuf = std::unique_ptr<void, decltype(&free)>(calloc(1, getpagesize()), free);
-    ASSERT_NE(filebuf, nullptr);
-    for (off64_t off = 0; off < file_size / getpagesize(); off += getpagesize()) {
-        memset(filebuf.get(), 0x00, getpagesize());
-        ASSERT_EQ(pread64(fd, filebuf.get(), getpagesize(), off), getpagesize());
-        ASSERT_EQ(memcmp(filebuf.get(), buffer.get(), getpagesize()), 0)
-                << "Invalid pattern at offset: " << off << " size " << getpagesize();
-    }
-}
-
 class VerifyBlockWritesF2fs : public ::testing::Test {
     // 2GB Filesystem and 4k block size by default
     static constexpr uint64_t block_size = 4096;
@@ -335,46 +263,6 @@
     std::string fs_path;
 };
 
-TEST_F(VerifyBlockWritesF2fs, CheckWrites) {
-    EXPECT_EQ(access(fs_path.c_str(), F_OK), 0);
-
-    std::string file_path = mntpoint + "/testfile";
-    uint64_t file_size = 100 * 1024 * 1024;
-    auto buffer = std::unique_ptr<void, decltype(&free)>(calloc(1, getpagesize()), free);
-    ASSERT_NE(buffer, nullptr);
-    memset(buffer.get(), 0xa0, getpagesize());
-    {
-        // scoped fiemap writer
-        FiemapUniquePtr fptr = FiemapWriter::Open(file_path, file_size);
-        ASSERT_NE(fptr, nullptr);
-        uint8_t* p = static_cast<uint8_t*>(buffer.get());
-        for (off64_t off = 0; off < file_size / getpagesize(); off += getpagesize()) {
-            ASSERT_TRUE(fptr->Write(off, p, getpagesize()));
-        }
-        EXPECT_TRUE(fptr->Flush());
-    }
-    // unmount file system here to make sure we invalidated all page cache and
-    // remount the filesystem again for verification
-    ASSERT_EQ(umount(mntpoint.c_str()), 0);
-
-    LoopDevice loop_dev(fs_path);
-    ASSERT_TRUE(loop_dev.valid());
-    ASSERT_EQ(mount(loop_dev.device().c_str(), mntpoint.c_str(), "f2fs", 0, nullptr), 0)
-            << "failed to mount: " << loop_dev.device() << " on " << mntpoint << ": "
-            << strerror(errno);
-
-    ::android::base::unique_fd fd(open(file_path.c_str(), O_RDONLY | O_SYNC));
-    ASSERT_NE(fd, -1);
-    auto filebuf = std::unique_ptr<void, decltype(&free)>(calloc(1, getpagesize()), free);
-    ASSERT_NE(filebuf, nullptr);
-    for (off64_t off = 0; off < file_size / getpagesize(); off += getpagesize()) {
-        memset(filebuf.get(), 0x00, getpagesize());
-        ASSERT_EQ(pread64(fd, filebuf.get(), getpagesize(), off), getpagesize());
-        ASSERT_EQ(memcmp(filebuf.get(), buffer.get(), getpagesize()), 0)
-                << "Invalid pattern at offset: " << off << " size " << getpagesize();
-    }
-}
-
 int main(int argc, char** argv) {
     ::testing::InitGoogleTest(&argc, argv);
     if (argc <= 1) {
diff --git a/fs_mgr/libfiemap_writer/include/libfiemap_writer/fiemap_writer.h b/fs_mgr/libfiemap_writer/include/libfiemap_writer/fiemap_writer.h
index a0085cf..edbae77 100644
--- a/fs_mgr/libfiemap_writer/include/libfiemap_writer/fiemap_writer.h
+++ b/fs_mgr/libfiemap_writer/include/libfiemap_writer/fiemap_writer.h
@@ -57,15 +57,6 @@
     // FiemapWriter::Open).
     static bool HasPinnedExtents(const std::string& file_path);
 
-    // Syncs block device writes.
-    bool Flush() const;
-
-    // Writes the file by using its FIEMAP and performing i/o on the raw block device.
-    // The return value is success / failure. This will happen in particular if the
-    // kernel write returns errors, extents are not writeable or more importantly, if the 'size' is
-    // not aligned to the block device's block size.
-    bool Write(off64_t off, uint8_t* buffer, uint64_t size);
-
     // The counter part of Write(). It is an error for the offset to be unaligned with
     // the block device's block size.
     // In case of error, the contents of buffer MUST be discarded.
@@ -93,7 +84,6 @@
 
     // File descriptors for the file and block device
     ::android::base::unique_fd file_fd_;
-    ::android::base::unique_fd bdev_fd_;
 
     // Size in bytes of the file this class is writing
     uint64_t file_size_;
@@ -112,9 +102,6 @@
     std::vector<struct fiemap_extent> extents_;
 
     FiemapWriter() = default;
-
-    uint64_t WriteExtent(const struct fiemap_extent& ext, uint8_t* buffer, off64_t logical_off,
-                         uint64_t length);
 };
 
 }  // namespace fiemap_writer
diff --git a/fs_mgr/libfs_avb/Android.bp b/fs_mgr/libfs_avb/Android.bp
index 191e803..3e93265 100644
--- a/fs_mgr/libfs_avb/Android.bp
+++ b/fs_mgr/libfs_avb/Android.bp
@@ -88,6 +88,7 @@
 cc_test_host {
     name: "libfs_avb_test",
     defaults: ["libfs_avb_host_test_defaults"],
+    test_suites: ["general-tests"],
     static_libs: [
         "libfs_avb_test_util",
     ],
@@ -103,6 +104,7 @@
 cc_test_host {
     name: "libfs_avb_internal_test",
     defaults: ["libfs_avb_host_test_defaults"],
+    test_suites: ["general-tests"],
     static_libs: [
         "libfs_avb_test_util",
     ],
diff --git a/fs_mgr/libfs_avb/TEST_MAPPING b/fs_mgr/libfs_avb/TEST_MAPPING
new file mode 100644
index 0000000..b0f36d4
--- /dev/null
+++ b/fs_mgr/libfs_avb/TEST_MAPPING
@@ -0,0 +1,12 @@
+{
+  "postsubmit": [
+    {
+      "name": "libfs_avb_test",
+      "host": true
+    },
+    {
+      "name": "libfs_avb_internal_test",
+      "host": true
+    }
+  ]
+}
diff --git a/fs_mgr/libfs_avb/avb_util.cpp b/fs_mgr/libfs_avb/avb_util.cpp
index f57c9d6..08f87b4 100644
--- a/fs_mgr/libfs_avb/avb_util.cpp
+++ b/fs_mgr/libfs_avb/avb_util.cpp
@@ -27,6 +27,7 @@
 
 #include "util.h"
 
+using android::base::Basename;
 using android::base::StartsWith;
 using android::base::unique_fd;
 
@@ -61,7 +62,7 @@
 // class VBMetaData
 // ----------------
 std::unique_ptr<AvbVBMetaImageHeader> VBMetaData::GetVBMetaHeader(bool update_vbmeta_size) {
-    auto vbmeta_header(std::make_unique<AvbVBMetaImageHeader>());
+    auto vbmeta_header = std::make_unique<AvbVBMetaImageHeader>();
 
     if (!vbmeta_header) return nullptr;
 
@@ -136,7 +137,7 @@
     }
     table.set_readonly(true);
 
-    const std::string mount_point(basename(fstab_entry->mount_point.c_str()));
+    const std::string mount_point(Basename(fstab_entry->mount_point));
     android::dm::DeviceMapper& dm = android::dm::DeviceMapper::Instance();
     if (!dm.CreateDevice(mount_point, table)) {
         LERROR << "Couldn't create verity device!";
@@ -163,12 +164,12 @@
     return true;
 }
 
-bool GetHashtreeDescriptor(const std::string& partition_name,
-                           const std::vector<VBMetaData>& vbmeta_images,
-                           AvbHashtreeDescriptor* out_hashtree_desc, std::string* out_salt,
-                           std::string* out_digest) {
+std::unique_ptr<AvbHashtreeDescriptor> GetHashtreeDescriptor(
+    const std::string& partition_name, const std::vector<VBMetaData>& vbmeta_images,
+    std::string* out_salt, std::string* out_digest) {
     bool found = false;
     const uint8_t* desc_partition_name;
+    auto hashtree_desc = std::make_unique<AvbHashtreeDescriptor>();
 
     for (const auto& vbmeta : vbmeta_images) {
         size_t num_descriptors;
@@ -189,15 +190,15 @@
                 desc_partition_name =
                         (const uint8_t*)descriptors[n] + sizeof(AvbHashtreeDescriptor);
                 if (!avb_hashtree_descriptor_validate_and_byteswap(
-                            (AvbHashtreeDescriptor*)descriptors[n], out_hashtree_desc)) {
+                        (AvbHashtreeDescriptor*)descriptors[n], hashtree_desc.get())) {
                     continue;
                 }
-                if (out_hashtree_desc->partition_name_len != partition_name.length()) {
+                if (hashtree_desc->partition_name_len != partition_name.length()) {
                     continue;
                 }
                 // Notes that desc_partition_name is not NUL-terminated.
                 std::string hashtree_partition_name((const char*)desc_partition_name,
-                                                    out_hashtree_desc->partition_name_len);
+                                                    hashtree_desc->partition_name_len);
                 if (hashtree_partition_name == partition_name) {
                     found = true;
                 }
@@ -209,16 +210,43 @@
 
     if (!found) {
         LERROR << "Partition descriptor not found: " << partition_name.c_str();
+        return nullptr;
+    }
+
+    const uint8_t* desc_salt = desc_partition_name + hashtree_desc->partition_name_len;
+    *out_salt = BytesToHex(desc_salt, hashtree_desc->salt_len);
+
+    const uint8_t* desc_digest = desc_salt + hashtree_desc->salt_len;
+    *out_digest = BytesToHex(desc_digest, hashtree_desc->root_digest_len);
+
+    return hashtree_desc;
+}
+
+bool LoadAvbHashtreeToEnableVerity(FstabEntry* fstab_entry, bool wait_for_verity_dev,
+                                   const std::vector<VBMetaData>& vbmeta_images,
+                                   const std::string& ab_suffix,
+                                   const std::string& ab_other_suffix) {
+    // Derives partition_name from blk_device to query the corresponding AVB HASHTREE descriptor
+    // to setup dm-verity. The partition_names in AVB descriptors are without A/B suffix.
+    std::string partition_name = DeriveAvbPartitionName(*fstab_entry, ab_suffix, ab_other_suffix);
+
+    if (partition_name.empty()) {
+        LERROR << "partition name is empty, cannot lookup AVB descriptors";
         return false;
     }
 
-    const uint8_t* desc_salt = desc_partition_name + out_hashtree_desc->partition_name_len;
-    *out_salt = BytesToHex(desc_salt, out_hashtree_desc->salt_len);
+    std::string salt;
+    std::string root_digest;
+    std::unique_ptr<AvbHashtreeDescriptor> hashtree_descriptor =
+        GetHashtreeDescriptor(partition_name, vbmeta_images, &salt, &root_digest);
+    if (!hashtree_descriptor) {
+        return false;
+    }
 
-    const uint8_t* desc_digest = desc_salt + out_hashtree_desc->salt_len;
-    *out_digest = BytesToHex(desc_digest, out_hashtree_desc->root_digest_len);
-
-    return true;
+    // Converts HASHTREE descriptor to verity table to load into kernel.
+    // When success, the new device path will be returned, e.g., /dev/block/dm-2.
+    return HashtreeDmVeritySetup(fstab_entry, *hashtree_descriptor, salt, root_digest,
+                                 wait_for_verity_dev);
 }
 
 // Converts a AVB partition_name (without A/B suffix) to a device partition name.
@@ -244,6 +272,38 @@
     return sanitized_partition_name + append_suffix;
 }
 
+// Converts fstab_entry.blk_device (with ab_suffix) to a AVB partition name.
+// e.g., "/dev/block/by-name/system_a", slot_select       => "system",
+//       "/dev/block/by-name/system_b", slot_select_other => "system_other".
+//
+// Or for a logical partition (with ab_suffix):
+// e.g., "system_a", slot_select       => "system",
+//       "system_b", slot_select_other => "system_other".
+std::string DeriveAvbPartitionName(const FstabEntry& fstab_entry, const std::string& ab_suffix,
+                                   const std::string& ab_other_suffix) {
+    std::string partition_name;
+    if (fstab_entry.fs_mgr_flags.logical) {
+        partition_name = fstab_entry.logical_partition_name;
+    } else {
+        partition_name = Basename(fstab_entry.blk_device);
+    }
+
+    if (fstab_entry.fs_mgr_flags.slot_select) {
+        auto found = partition_name.rfind(ab_suffix);
+        if (found != std::string::npos) {
+            partition_name.erase(found);  // converts system_a => system
+        }
+    } else if (fstab_entry.fs_mgr_flags.slot_select_other) {
+        auto found = partition_name.rfind(ab_other_suffix);
+        if (found != std::string::npos) {
+            partition_name.erase(found);  // converts system_b => system
+        }
+        partition_name += "_other";  // converts system => system_other
+    }
+
+    return partition_name;
+}
+
 off64_t GetTotalSize(int fd) {
     off64_t saved_current = lseek64(fd, 0, SEEK_CUR);
     if (saved_current == -1) {
@@ -268,19 +328,19 @@
 
 std::unique_ptr<AvbFooter> GetAvbFooter(int fd) {
     std::array<uint8_t, AVB_FOOTER_SIZE> footer_buf;
-    auto footer(std::make_unique<AvbFooter>());
+    auto footer = std::make_unique<AvbFooter>();
 
     off64_t footer_offset = GetTotalSize(fd) - AVB_FOOTER_SIZE;
 
     ssize_t num_read =
             TEMP_FAILURE_RETRY(pread64(fd, footer_buf.data(), AVB_FOOTER_SIZE, footer_offset));
     if (num_read < 0 || num_read != AVB_FOOTER_SIZE) {
-        PERROR << "Failed to read AVB footer";
+        PERROR << "Failed to read AVB footer at offset: " << footer_offset;
         return nullptr;
     }
 
     if (!avb_footer_validate_and_byteswap((const AvbFooter*)footer_buf.data(), footer.get())) {
-        PERROR << "AVB footer verification failed.";
+        PERROR << "AVB footer verification failed at offset " << footer_offset;
         return nullptr;
     }
 
@@ -301,13 +361,21 @@
 }
 
 VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta,
-                                         const std::string& expected_public_key_blob) {
+                                         const std::string& expected_public_key_blob,
+                                         std::string* out_public_key_data) {
     const uint8_t* pk_data;
     size_t pk_len;
     ::AvbVBMetaVerifyResult vbmeta_ret;
 
     vbmeta_ret = avb_vbmeta_image_verify(vbmeta.data(), vbmeta.size(), &pk_data, &pk_len);
 
+    if (out_public_key_data != nullptr) {
+        out_public_key_data->clear();
+        if (pk_len > 0) {
+            out_public_key_data->append(reinterpret_cast<const char*>(pk_data), pk_len);
+        }
+    }
+
     switch (vbmeta_ret) {
         case AVB_VBMETA_VERIFY_RESULT_OK:
             if (pk_data == nullptr || pk_len <= 0) {
@@ -346,6 +414,7 @@
 
 std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name,
                                              const std::string& expected_public_key_blob,
+                                             std::string* out_public_key_data,
                                              VBMetaVerifyResult* out_verify_result) {
     uint64_t vbmeta_offset = 0;
     uint64_t vbmeta_size = VBMetaData::kMaxVBMetaSize;
@@ -374,7 +443,8 @@
         return nullptr;
     }
 
-    auto verify_result = VerifyVBMetaSignature(*vbmeta, expected_public_key_blob);
+    auto verify_result =
+            VerifyVBMetaSignature(*vbmeta, expected_public_key_blob, out_public_key_data);
     if (out_verify_result != nullptr) *out_verify_result = verify_result;
 
     if (verify_result == VBMetaVerifyResult::kSuccess ||
@@ -432,78 +502,108 @@
     return chain_partitions;
 }
 
-VBMetaVerifyResult LoadAndVerifyVbmetaImpl(
-        const std::string& partition_name, const std::string& ab_suffix,
-        const std::string& ab_other_suffix, const std::string& expected_public_key_blob,
-        bool allow_verification_error, bool load_chained_vbmeta, bool rollback_protection,
-        std::function<std::string(const std::string&)> device_path_constructor,
-        bool is_chained_vbmeta, std::vector<VBMetaData>* out_vbmeta_images) {
+// Loads the vbmeta from a given path.
+std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath(
+        const std::string& image_path, const std::string& partition_name,
+        const std::string& expected_public_key_blob, bool allow_verification_error,
+        bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data,
+        bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result) {
     // Ensures the device path (might be a symlink created by init) is ready to access.
-    auto device_path = device_path_constructor(
-            AvbPartitionToDevicePatition(partition_name, ab_suffix, ab_other_suffix));
-    if (!WaitForFile(device_path, 1s)) {
-        PERROR << "No such partition: " << device_path;
-        return VBMetaVerifyResult::kError;
+    if (!WaitForFile(image_path, 1s)) {
+        PERROR << "No such path: " << image_path;
+        return nullptr;
     }
 
-    unique_fd fd(TEMP_FAILURE_RETRY(open(device_path.c_str(), O_RDONLY | O_CLOEXEC)));
+    unique_fd fd(TEMP_FAILURE_RETRY(open(image_path.c_str(), O_RDONLY | O_CLOEXEC)));
     if (fd < 0) {
-        PERROR << "Failed to open: " << device_path;
-        return VBMetaVerifyResult::kError;
+        PERROR << "Failed to open: " << image_path;
+        return nullptr;
     }
 
     VBMetaVerifyResult verify_result;
-    std::unique_ptr<VBMetaData> vbmeta =
-            VerifyVBMetaData(fd, partition_name, expected_public_key_blob, &verify_result);
+    std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(
+            fd, partition_name, expected_public_key_blob, out_public_key_data, &verify_result);
     if (!vbmeta) {
         LERROR << partition_name << ": Failed to load vbmeta, result: " << verify_result;
-        return VBMetaVerifyResult::kError;
+        return nullptr;
     }
+    vbmeta->set_vbmeta_path(image_path);
 
     if (!allow_verification_error && verify_result == VBMetaVerifyResult::kErrorVerification) {
         LERROR << partition_name << ": allow verification error is not allowed";
-        return VBMetaVerifyResult::kError;
+        return nullptr;
     }
 
     std::unique_ptr<AvbVBMetaImageHeader> vbmeta_header =
             vbmeta->GetVBMetaHeader(true /* update_vbmeta_size */);
     if (!vbmeta_header) {
         LERROR << partition_name << ": Failed to get vbmeta header";
-        return VBMetaVerifyResult::kError;
+        return nullptr;
     }
 
     if (rollback_protection && RollbackDetected(partition_name, vbmeta_header->rollback_index)) {
-        return VBMetaVerifyResult::kError;
+        return nullptr;
     }
 
     // vbmeta flags can only be set by the top-level vbmeta image.
     if (is_chained_vbmeta && vbmeta_header->flags != 0) {
         LERROR << partition_name << ": chained vbmeta image has non-zero flags";
-        return VBMetaVerifyResult::kError;
+        return nullptr;
     }
 
+    // Checks if verification has been disabled by setting a bit in the image.
+    if (out_verification_disabled) {
+        if (vbmeta_header->flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED) {
+            LWARNING << "VERIFICATION_DISABLED bit is set for partition: " << partition_name;
+            *out_verification_disabled = true;
+        } else {
+            *out_verification_disabled = false;
+        }
+    }
+
+    if (out_verify_result) {
+        *out_verify_result = verify_result;
+    }
+
+    return vbmeta;
+}
+
+VBMetaVerifyResult LoadAndVerifyVbmetaByPartition(
+    const std::string& partition_name, const std::string& ab_suffix,
+    const std::string& ab_other_suffix, const std::string& expected_public_key_blob,
+    bool allow_verification_error, bool load_chained_vbmeta, bool rollback_protection,
+    std::function<std::string(const std::string&)> device_path_constructor, bool is_chained_vbmeta,
+    std::vector<VBMetaData>* out_vbmeta_images) {
+    auto image_path = device_path_constructor(
+        AvbPartitionToDevicePatition(partition_name, ab_suffix, ab_other_suffix));
+
+    bool verification_disabled = false;
+    VBMetaVerifyResult verify_result;
+    auto vbmeta = LoadAndVerifyVbmetaByPath(image_path, partition_name, expected_public_key_blob,
+                                            allow_verification_error, rollback_protection,
+                                            is_chained_vbmeta, nullptr /* out_public_key_data */,
+                                            &verification_disabled, &verify_result);
+
+    if (!vbmeta) {
+        return VBMetaVerifyResult::kError;
+    }
     if (out_vbmeta_images) {
         out_vbmeta_images->emplace_back(std::move(*vbmeta));
     }
 
-    // If verification has been disabled by setting a bit in the image, we're done.
-    if (vbmeta_header->flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED) {
-        LWARNING << "VERIFICATION_DISABLED bit is set for partition: " << partition_name;
-        return verify_result;
-    }
-
-    if (load_chained_vbmeta) {
+    // Only loads chained vbmeta if AVB verification is NOT disabled.
+    if (!verification_disabled && load_chained_vbmeta) {
         bool fatal_error = false;
         auto chain_partitions = GetChainPartitionInfo(*out_vbmeta_images->rbegin(), &fatal_error);
         if (fatal_error) {
             return VBMetaVerifyResult::kError;
         }
         for (auto& chain : chain_partitions) {
-            auto sub_ret = LoadAndVerifyVbmetaImpl(
-                    chain.partition_name, ab_suffix, ab_other_suffix, chain.public_key_blob,
-                    allow_verification_error, load_chained_vbmeta, rollback_protection,
-                    device_path_constructor, true, /* is_chained_vbmeta */
-                    out_vbmeta_images);
+            auto sub_ret = LoadAndVerifyVbmetaByPartition(
+                chain.partition_name, ab_suffix, ab_other_suffix, chain.public_key_blob,
+                allow_verification_error, load_chained_vbmeta, rollback_protection,
+                device_path_constructor, true, /* is_chained_vbmeta */
+                out_vbmeta_images);
             if (sub_ret != VBMetaVerifyResult::kSuccess) {
                 verify_result = sub_ret;  // might be 'ERROR' or 'ERROR VERIFICATION'.
                 if (verify_result == VBMetaVerifyResult::kError) {
diff --git a/fs_mgr/libfs_avb/avb_util.h b/fs_mgr/libfs_avb/avb_util.h
index babbfef..4b54e27 100644
--- a/fs_mgr/libfs_avb/avb_util.h
+++ b/fs_mgr/libfs_avb/avb_util.h
@@ -46,10 +46,9 @@
 };
 
 // AvbHashtreeDescriptor to dm-verity table setup.
-bool GetHashtreeDescriptor(const std::string& partition_name,
-                           const std::vector<VBMetaData>& vbmeta_images,
-                           AvbHashtreeDescriptor* out_hashtree_desc, std::string* out_salt,
-                           std::string* out_digest);
+std::unique_ptr<AvbHashtreeDescriptor> GetHashtreeDescriptor(
+    const std::string& partition_name, const std::vector<VBMetaData>& vbmeta_images,
+    std::string* out_salt, std::string* out_digest);
 
 bool ConstructVerityTable(const AvbHashtreeDescriptor& hashtree_desc, const std::string& salt,
                           const std::string& root_digest, const std::string& blk_device,
@@ -59,11 +58,20 @@
                            const std::string& salt, const std::string& root_digest,
                            bool wait_for_verity_dev);
 
-// Maps AVB partition name to a device partition name.
+// Searches a Avb hashtree descriptor in vbmeta_images for fstab_entry, to enable dm-verity.
+bool LoadAvbHashtreeToEnableVerity(FstabEntry* fstab_entry, bool wait_for_verity_dev,
+                                   const std::vector<VBMetaData>& vbmeta_images,
+                                   const std::string& ab_suffix, const std::string& ab_other_suffix);
+
+// Converts AVB partition name to a device partition name.
 std::string AvbPartitionToDevicePatition(const std::string& avb_partition_name,
                                          const std::string& ab_suffix,
                                          const std::string& ab_other_suffix);
 
+// Converts by-name symlink to AVB partition name.
+std::string DeriveAvbPartitionName(const FstabEntry& fstab_entry, const std::string& ab_suffix,
+                                   const std::string& ab_other_suffix);
+
 // AvbFooter and AvbMetaImage maninpulations.
 off64_t GetTotalSize(int fd);
 
@@ -71,10 +79,12 @@
 
 std::unique_ptr<VBMetaData> VerifyVBMetaData(int fd, const std::string& partition_name,
                                              const std::string& expected_public_key_blob,
+                                             std::string* out_public_key_data,
                                              VBMetaVerifyResult* out_verify_result);
 
 VBMetaVerifyResult VerifyVBMetaSignature(const VBMetaData& vbmeta,
-                                         const std::string& expected_public_key_blob);
+                                         const std::string& expected_public_key_blob,
+                                         std::string* out_public_key_data);
 
 bool VerifyPublicKeyBlob(const uint8_t* key, size_t length, const std::string& expected_key_blob);
 
@@ -84,12 +94,22 @@
 // Extracts chain partition info.
 std::vector<ChainInfo> GetChainPartitionInfo(const VBMetaData& vbmeta, bool* fatal_error);
 
-VBMetaVerifyResult LoadAndVerifyVbmetaImpl(
-        const std::string& partition_name, const std::string& ab_suffix,
-        const std::string& ab_other_suffix, const std::string& expected_public_key_blob,
-        bool allow_verification_error, bool load_chained_vbmeta, bool rollback_protection,
-        std::function<std::string(const std::string&)> device_path_constructor,
-        bool is_chained_vbmeta, std::vector<VBMetaData>* out_vbmeta_images);
+// Loads the single vbmeta from a given path.
+std::unique_ptr<VBMetaData> LoadAndVerifyVbmetaByPath(
+        const std::string& image_path, const std::string& partition_name,
+        const std::string& expected_public_key_blob, bool allow_verification_error,
+        bool rollback_protection, bool is_chained_vbmeta, std::string* out_public_key_data,
+        bool* out_verification_disabled, VBMetaVerifyResult* out_verify_result);
+
+// Loads the top-level vbmeta and all its chained vbmeta images.
+// The actual device path is constructed at runtime by:
+// partition_name, ab_suffix, ab_other_suffix, and device_path_constructor.
+VBMetaVerifyResult LoadAndVerifyVbmetaByPartition(
+    const std::string& partition_name, const std::string& ab_suffix,
+    const std::string& ab_other_suffix, const std::string& expected_public_key_blob,
+    bool allow_verification_error, bool load_chained_vbmeta, bool rollback_protection,
+    std::function<std::string(const std::string&)> device_path_constructor, bool is_chained_vbmeta,
+    std::vector<VBMetaData>* out_vbmeta_images);
 
 }  // namespace fs_mgr
 }  // namespace android
diff --git a/fs_mgr/libfs_avb/fs_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp
index 9f8ad53..1af3b33 100644
--- a/fs_mgr/libfs_avb/fs_avb.cpp
+++ b/fs_mgr/libfs_avb/fs_avb.cpp
@@ -233,10 +233,10 @@
 
     auto device_path = custom_device_path ? custom_device_path : android_by_name_symlink;
 
-    auto verify_result = LoadAndVerifyVbmetaImpl(
-            partition_name, ab_suffix, ab_other_suffix, expected_key_blob, allow_verification_error,
-            load_chained_vbmeta, rollback_protection, device_path, false,
-            /* is_chained_vbmeta */ &avb_handle->vbmeta_images_);
+    auto verify_result = LoadAndVerifyVbmetaByPartition(
+        partition_name, ab_suffix, ab_other_suffix, expected_key_blob, allow_verification_error,
+        load_chained_vbmeta, rollback_protection, device_path, false,
+        /* is_chained_vbmeta */ &avb_handle->vbmeta_images_);
     switch (verify_result) {
         case VBMetaVerifyResult::kSuccess:
             avb_handle->status_ = AvbHandleStatus::kSuccess;
@@ -245,10 +245,16 @@
             avb_handle->status_ = AvbHandleStatus::kVerificationError;
             break;
         default:
-            LERROR << "LoadAndVerifyVbmetaImpl failed, result: " << verify_result;
+            LERROR << "LoadAndVerifyVbmetaByPartition failed, result: " << verify_result;
             return nullptr;
     }
 
+    // Sanity check here because we have to use vbmeta_images_[0] below.
+    if (avb_handle->vbmeta_images_.size() < 1) {
+        LERROR << "LoadAndVerifyVbmetaByPartition failed, no vbmeta loaded";
+        return nullptr;
+    }
+
     // Sets the MAJOR.MINOR for init to set it into "ro.boot.avb_version".
     avb_handle->avb_version_ = StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR);
 
@@ -377,6 +383,56 @@
     return avb_handle;
 }
 
+AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry,
+                                                        bool wait_for_verity_dev) {
+    if (fstab_entry->avb_key.empty()) {
+        LERROR << "avb_key=/path/to/key is missing for " << fstab_entry->mount_point;
+        return AvbHashtreeResult::kFail;
+    }
+
+    // Binds allow_verification_error and rollback_protection to device unlock state.
+    bool allow_verification_error = IsDeviceUnlocked();
+    bool rollback_protection = !allow_verification_error;
+
+    std::string expected_key_blob;
+    if (!ReadFileToString(fstab_entry->avb_key, &expected_key_blob)) {
+        if (!allow_verification_error) {
+            LERROR << "Failed to load avb_key: " << fstab_entry->avb_key
+                   << " for mount point: " << fstab_entry->mount_point;
+            return AvbHashtreeResult::kFail;
+        }
+        LWARNING << "Allowing no expected key blob when verification error is permitted";
+        expected_key_blob.clear();
+    }
+
+    bool verification_disabled = false;
+    std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
+            fstab_entry->blk_device, "" /* partition_name, no need for a standalone path */,
+            expected_key_blob, allow_verification_error, rollback_protection,
+            false /* not is_chained_vbmeta */, nullptr /* out_public_key_data */,
+            &verification_disabled, nullptr /* out_verify_result */);
+
+    if (!vbmeta) {
+        LERROR << "Failed to load vbmeta: " << fstab_entry->blk_device;
+        return AvbHashtreeResult::kFail;
+    }
+
+    if (verification_disabled) {
+        LINFO << "AVB verification disabled on: " << fstab_entry->mount_point;
+        return AvbHashtreeResult::kDisabled;
+    }
+
+    // Puts the vbmeta into a vector, for LoadAvbHashtreeToEnableVerity() to use.
+    std::vector<VBMetaData> vbmeta_images;
+    vbmeta_images.emplace_back(std::move(*vbmeta));
+    if (!LoadAvbHashtreeToEnableVerity(fstab_entry, wait_for_verity_dev, vbmeta_images,
+                                       fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix())) {
+        return AvbHashtreeResult::kFail;
+    }
+
+    return AvbHashtreeResult::kSuccess;
+}
+
 AvbHashtreeResult AvbHandle::SetUpAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev) {
     if (!fstab_entry || status_ == AvbHandleStatus::kUninitialized || vbmeta_images_.size() < 1) {
         return AvbHashtreeResult::kFail;
@@ -388,33 +444,8 @@
         return AvbHashtreeResult::kDisabled;
     }
 
-    // Derives partition_name from blk_device to query the corresponding AVB HASHTREE descriptor
-    // to setup dm-verity. The partition_names in AVB descriptors are without A/B suffix.
-    std::string partition_name;
-    if (fstab_entry->fs_mgr_flags.logical) {
-        partition_name = fstab_entry->logical_partition_name;
-    } else {
-        partition_name = Basename(fstab_entry->blk_device);
-    }
-
-    if (fstab_entry->fs_mgr_flags.slot_select) {
-        auto ab_suffix = partition_name.rfind(fs_mgr_get_slot_suffix());
-        if (ab_suffix != std::string::npos) {
-            partition_name.erase(ab_suffix);
-        }
-    }
-
-    AvbHashtreeDescriptor hashtree_descriptor;
-    std::string salt;
-    std::string root_digest;
-    if (!GetHashtreeDescriptor(partition_name, vbmeta_images_, &hashtree_descriptor, &salt,
-                               &root_digest)) {
-        return AvbHashtreeResult::kFail;
-    }
-
-    // Converts HASHTREE descriptor to verity_table_params.
-    if (!HashtreeDmVeritySetup(fstab_entry, hashtree_descriptor, salt, root_digest,
-                               wait_for_verity_dev)) {
+    if (!LoadAvbHashtreeToEnableVerity(fstab_entry, wait_for_verity_dev, vbmeta_images_,
+                                       fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix())) {
         return AvbHashtreeResult::kFail;
     }
 
diff --git a/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h b/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
index 7af3c7e..d4e3a6e 100644
--- a/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
+++ b/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
@@ -81,8 +81,15 @@
     // true to update vbmeta_size_ to the actual size with valid content.
     std::unique_ptr<AvbVBMetaImageHeader> GetVBMetaHeader(bool update_vbmeta_size = false);
 
+    // Sets the vbmeta_path where we load the vbmeta data. Could be a partition or a file.
+    // e.g.,
+    // - /dev/block/by-name/system_a
+    // - /path/to/system_other.img.
+    void set_vbmeta_path(std::string vbmeta_path) { vbmeta_path_ = std::move(vbmeta_path); }
+
     // Get methods for each data member.
     const std::string& partition() const { return partition_name_; }
+    const std::string& vbmeta_path() const { return vbmeta_path_; }
     uint8_t* data() const { return vbmeta_ptr_.get(); }
     const size_t& size() const { return vbmeta_size_; }
 
@@ -93,6 +100,7 @@
     std::unique_ptr<uint8_t[]> vbmeta_ptr_;
     size_t vbmeta_size_;
     std::string partition_name_;
+    std::string vbmeta_path_;
 };
 
 class FsManagerAvbOps;
@@ -160,6 +168,10 @@
     //   - kDisabled: hashtree is disabled.
     AvbHashtreeResult SetUpAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev);
 
+    // Similar to above, but loads the offline vbmeta from the end of fstab_entry->blk_device.
+    static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry,
+                                                        bool wait_for_verity_dev = true);
+
     const std::string& avb_version() const { return avb_version_; }
     const VBMetaInfo& vbmeta_info() const { return vbmeta_info_; }
     AvbHandleStatus status() const { return status_; }
diff --git a/fs_mgr/libfs_avb/tests/avb_util_test.cpp b/fs_mgr/libfs_avb/tests/avb_util_test.cpp
index 26b3294..835410f 100644
--- a/fs_mgr/libfs_avb/tests/avb_util_test.cpp
+++ b/fs_mgr/libfs_avb/tests/avb_util_test.cpp
@@ -14,20 +14,26 @@
  * limitations under the License.
  */
 
+#include <endian.h>
+
 #include <android-base/unique_fd.h>
 #include <base/files/file_util.h>
 #include <base/rand_util.h>
 #include <base/strings/string_util.h>
+#include <libavb/libavb.h>
 
 #include "avb_util.h"
 #include "fs_avb_test_util.h"
 
 // Target classes or functions to test:
 using android::fs_mgr::AvbPartitionToDevicePatition;
+using android::fs_mgr::DeriveAvbPartitionName;
+using android::fs_mgr::FstabEntry;
 using android::fs_mgr::GetAvbFooter;
 using android::fs_mgr::GetChainPartitionInfo;
 using android::fs_mgr::GetTotalSize;
-using android::fs_mgr::LoadAndVerifyVbmetaImpl;
+using android::fs_mgr::LoadAndVerifyVbmetaByPartition;
+using android::fs_mgr::LoadAndVerifyVbmetaByPath;
 using android::fs_mgr::VBMetaData;
 using android::fs_mgr::VBMetaVerifyResult;
 using android::fs_mgr::VerifyPublicKeyBlob;
@@ -52,8 +58,34 @@
 
     // Loads the content of avb_image_path and comparies it with the content of vbmeta.
     bool CompareVBMeta(const base::FilePath& avb_image_path, const VBMetaData& expected_vbmeta);
+
+    // Sets the flas in vbmeta header, the image_path could be a vbmeta.img or a system.img.
+    void SetVBMetaFlags(const base::FilePath& image_path, uint32_t flags);
 };
 
+void AvbUtilTest::SetVBMetaFlags(const base::FilePath& image_path, uint32_t flags) {
+    if (!base::PathExists(image_path)) return;
+
+    std::string image_file_name = image_path.RemoveExtension().BaseName().value();
+    bool is_vbmeta_partition =
+        base::StartsWith(image_file_name, "vbmeta", base::CompareCase::INSENSITIVE_ASCII);
+
+    android::base::unique_fd fd(open(image_path.value().c_str(), O_RDWR | O_CLOEXEC));
+    EXPECT_TRUE(fd > 0);
+
+    uint64_t vbmeta_offset = 0;  // for vbmeta.img
+    if (!is_vbmeta_partition) {
+        std::unique_ptr<AvbFooter> footer = GetAvbFooter(fd);
+        EXPECT_NE(nullptr, footer);
+        vbmeta_offset = footer->vbmeta_offset;
+    }
+
+    auto flags_offset = vbmeta_offset + offsetof(AvbVBMetaImageHeader, flags);
+    uint32_t flags_data = htobe32(flags);
+    EXPECT_EQ(flags_offset, lseek64(fd, flags_offset, SEEK_SET));
+    EXPECT_EQ(sizeof flags_data, write(fd, &flags_data, sizeof flags_data));
+}
+
 TEST_F(AvbUtilTest, AvbPartitionToDevicePatition) {
     EXPECT_EQ("system", AvbPartitionToDevicePatition("system", "", ""));
     EXPECT_EQ("system", AvbPartitionToDevicePatition("system", "", "_b"));
@@ -65,6 +97,63 @@
     EXPECT_EQ("system_b", AvbPartitionToDevicePatition("system_other", "_a", "_b"));
 }
 
+TEST_F(AvbUtilTest, DeriveAvbPartitionName) {
+    // The fstab_entry to test.
+    FstabEntry fstab_entry = {
+        .blk_device = "/dev/block/dm-1",  // a dm-linear device (logical)
+        .mount_point = "/system",
+        .fs_type = "ext4",
+        .logical_partition_name = "system",
+    };
+
+    // Logical partitions.
+    // non-A/B
+    fstab_entry.fs_mgr_flags.logical = true;
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_dont_care", "_dont_care"));
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_a", "_b"));
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "", ""));
+    // Active slot.
+    fstab_entry.fs_mgr_flags.slot_select = true;
+    fstab_entry.logical_partition_name = "system_a";
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_a", "_dont_care"));
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_a", "_b"));
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_a", ""));
+    EXPECT_EQ("system_a", DeriveAvbPartitionName(fstab_entry, "_wont_erase_a", "_dont_care"));
+    // The other slot.
+    fstab_entry.fs_mgr_flags.slot_select = false;
+    fstab_entry.fs_mgr_flags.slot_select_other = true;
+    fstab_entry.logical_partition_name = "system_b";
+    EXPECT_EQ("system_other", DeriveAvbPartitionName(fstab_entry, "_dont_care", "_b"));
+    EXPECT_EQ("system_other", DeriveAvbPartitionName(fstab_entry, "_a", "_b"));
+    EXPECT_EQ("system_other", DeriveAvbPartitionName(fstab_entry, "", "_b"));
+    EXPECT_EQ("system_b_other", DeriveAvbPartitionName(fstab_entry, "_dont_care", "_wont_erase_b"));
+
+    // Non-logical partitions.
+    // non-A/B.
+    fstab_entry.fs_mgr_flags.logical = false;
+    fstab_entry.fs_mgr_flags.slot_select = false;
+    fstab_entry.fs_mgr_flags.slot_select_other = false;
+    fstab_entry.blk_device = "/dev/block/by-name/system";
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_dont_care", "_dont_care"));
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_a", "_b"));
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "", ""));
+    // Active slot _a.
+    fstab_entry.fs_mgr_flags.slot_select = true;
+    fstab_entry.blk_device = "/dev/block/by-name/system_a";
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_a", "_dont_care"));
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_a", "_b"));
+    EXPECT_EQ("system", DeriveAvbPartitionName(fstab_entry, "_a", ""));
+    EXPECT_EQ("system_a", DeriveAvbPartitionName(fstab_entry, "_wont_erase_a", "_dont_care"));
+    // Inactive slot _b.
+    fstab_entry.fs_mgr_flags.slot_select = false;
+    fstab_entry.fs_mgr_flags.slot_select_other = true;
+    fstab_entry.blk_device = "/dev/block/by-name/system_b";
+    EXPECT_EQ("system_other", DeriveAvbPartitionName(fstab_entry, "dont_care", "_b"));
+    EXPECT_EQ("system_other", DeriveAvbPartitionName(fstab_entry, "_a", "_b"));
+    EXPECT_EQ("system_other", DeriveAvbPartitionName(fstab_entry, "", "_b"));
+    EXPECT_EQ("system_b_other", DeriveAvbPartitionName(fstab_entry, "dont_care", "_wont_erase_b"));
+}
+
 TEST_F(AvbUtilTest, GetFdTotalSize) {
     // Generates a raw test.img via BaseFsAvbTest.
     const size_t image_size = 5 * 1024 * 1024;
@@ -302,13 +391,36 @@
                                                     "hashtree", signing_key, "SHA256_RSA4096",
                                                     10 /* rollback_index */);
 
-    auto expected_public_key = ExtractPublicKeyAvbBlob(signing_key);
-    EXPECT_EQ(VBMetaVerifyResult::kSuccess, VerifyVBMetaSignature(vbmeta, expected_public_key));
+    auto expected_public_key_blob = ExtractPublicKeyAvbBlob(signing_key);
+    EXPECT_EQ(VBMetaVerifyResult::kSuccess,
+              VerifyVBMetaSignature(vbmeta, expected_public_key_blob,
+                                    nullptr /* out_public_key_data */));
 
     // Converts the expected key into an 'unexpected' key.
-    expected_public_key[10] ^= 0x80;
+    expected_public_key_blob[10] ^= 0x80;
     EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
-              VerifyVBMetaSignature(vbmeta, expected_public_key));
+              VerifyVBMetaSignature(vbmeta, expected_public_key_blob,
+                                    nullptr /* out_public_key_data */));
+}
+
+TEST_F(AvbUtilTest, VerifyVBMetaSignatureOutputPublicKeyData) {
+    const size_t image_size = 10 * 1024 * 1024;
+    const size_t partition_size = 15 * 1024 * 1024;
+    auto signing_key = data_dir_.Append("testkey_rsa4096.pem");
+    auto vbmeta = GenerateImageAndExtractVBMetaData("system", image_size, partition_size,
+                                                    "hashtree", signing_key, "SHA256_RSA4096",
+                                                    10 /* rollback_index */);
+    std::string out_public_key_data;
+    auto expected_public_key_blob = ExtractPublicKeyAvbBlob(signing_key);
+    EXPECT_EQ(VBMetaVerifyResult::kSuccess,
+              VerifyVBMetaSignature(vbmeta, expected_public_key_blob, &out_public_key_data));
+    EXPECT_EQ(out_public_key_data, expected_public_key_blob);
+
+    // Converts the expected key into an 'unexpected' key.
+    expected_public_key_blob[10] ^= 0x80;
+    EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
+              VerifyVBMetaSignature(vbmeta, expected_public_key_blob, &out_public_key_data));
+    EXPECT_NE(out_public_key_data, expected_public_key_blob);
 }
 
 bool AvbUtilTest::TestVBMetaModification(VBMetaVerifyResult expected_result,
@@ -321,7 +433,8 @@
     for (int n = 0; n <= kNumCheckIntervals; n++) {
         size_t o = std::min(length * n / kNumCheckIntervals, length - 1) + offset;
         d[o] ^= 0x80;
-        VBMetaVerifyResult result = VerifyVBMetaSignature(vbmeta, "" /* expected_public_key */);
+        VBMetaVerifyResult result = VerifyVBMetaSignature(vbmeta, "" /* expected_public_key_blob */,
+                                                          nullptr /* out_public_key_data */);
         d[o] ^= 0x80;
         if (result != expected_result) {
             return false;
@@ -367,7 +480,9 @@
             "system", image_size, partition_size, "hashtree", {} /* avb_signing_key */,
             "" /* avb_algorithm */, 10 /* rollback_index */);
 
-    EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, VerifyVBMetaSignature(vbmeta, ""));
+    EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
+              VerifyVBMetaSignature(vbmeta, "" /* expected_public_key_blob */,
+                                    nullptr /* out_public_key_data */));
 }
 
 TEST_F(AvbUtilTest, VerifyVBMetaSignatureInvalidVBMeta) {
@@ -379,7 +494,9 @@
 
     VBMetaData invalid_vbmeta((const uint8_t*)vbmeta_buffer.data(), vbmeta_buffer.size(),
                               "invalid_vbmeta");
-    EXPECT_EQ(VBMetaVerifyResult::kError, VerifyVBMetaSignature(invalid_vbmeta, ""));
+    EXPECT_EQ(VBMetaVerifyResult::kError,
+              VerifyVBMetaSignature(invalid_vbmeta, "" /* expected_public_key_blob */,
+                                    nullptr /* out_public_Key_data */));
 }
 
 bool AvbUtilTest::CompareVBMeta(const base::FilePath& avb_image_path,
@@ -449,11 +566,15 @@
     ASSERT_TRUE(fd > 0);
 
     VBMetaVerifyResult verify_result;
-    std::unique_ptr<VBMetaData> vbmeta =
-            VerifyVBMetaData(fd, "vbmeta", "" /*expected_public_key_blob */, &verify_result);
+    std::string out_public_key_data;
+    std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(
+            fd, "vbmeta", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result);
     EXPECT_TRUE(vbmeta != nullptr);
     EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
 
+    auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem"));
+    EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data);
+
     // Checkes the returned vbmeta content is the same as that extracted via avbtool.
     vbmeta->GetVBMetaHeader(true /* update_vbmeta_size */);
     EXPECT_TRUE(CompareVBMeta(vbmeta_path, *vbmeta));
@@ -473,11 +594,15 @@
     ASSERT_TRUE(fd > 0);
 
     VBMetaVerifyResult verify_result;
-    std::unique_ptr<VBMetaData> vbmeta =
-            VerifyVBMetaData(fd, "system", "" /*expected_public_key_blob */, &verify_result);
+    std::string out_public_key_data;
+    std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(
+            fd, "system", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result);
     EXPECT_TRUE(vbmeta != nullptr);
     EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
 
+    auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem"));
+    EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data);
+
     // Checkes the returned vbmeta content is the same as that extracted via avbtool.
     EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
 }
@@ -529,11 +654,15 @@
     EXPECT_TRUE(footer != nullptr);
 
     VBMetaVerifyResult verify_result;
-    std::unique_ptr<VBMetaData> vbmeta =
-            VerifyVBMetaData(fd, "system", "" /*expected_public_key_blob */, &verify_result);
+    std::string out_public_key_data;
+    std::unique_ptr<VBMetaData> vbmeta = VerifyVBMetaData(
+            fd, "system", "" /*expected_public_key_blob */, &out_public_key_data, &verify_result);
     EXPECT_NE(nullptr, vbmeta);
     EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
 
+    auto rsa8192_public_key_blob = ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa8192.pem"));
+    EXPECT_EQ(rsa8192_public_key_blob, out_public_key_data);
+
     // Modifies hash and signature, checks there is verification error.
     auto header = vbmeta->GetVBMetaHeader(true /* update_vbmeta_size */);
     size_t header_block_offset = 0;
@@ -548,7 +677,7 @@
     ASSERT_TRUE(hash_modified_fd > 0);
     // Should return ErrorVerification.
     vbmeta = VerifyVBMetaData(hash_modified_fd, "system", "" /*expected_public_key_blob */,
-                              &verify_result);
+                              nullptr /* out_public_key_data */, &verify_result);
     EXPECT_NE(nullptr, vbmeta);
     EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
     EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
@@ -563,7 +692,7 @@
     ASSERT_TRUE(aux_modified_fd > 0);
     // Should return ErrorVerification.
     vbmeta = VerifyVBMetaData(aux_modified_fd, "system", "" /*expected_public_key_blob */,
-                              &verify_result);
+                              nullptr /* out_public_key_data */, &verify_result);
     EXPECT_NE(nullptr, vbmeta);
     EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
     EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
@@ -573,7 +702,8 @@
     android::base::unique_fd ok_fd(open(system_path.value().c_str(), O_RDONLY | O_CLOEXEC));
     ASSERT_TRUE(ok_fd > 0);
     // Should return ResultOK..
-    vbmeta = VerifyVBMetaData(ok_fd, "system", "" /*expected_public_key_blob */, &verify_result);
+    vbmeta = VerifyVBMetaData(ok_fd, "system", "" /*expected_public_key_blob */,
+                              nullptr /* out_public_key_data */, &verify_result);
     EXPECT_NE(nullptr, vbmeta);
     EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
     EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
@@ -751,7 +881,221 @@
     EXPECT_EQ(false, fatal_error);
 }
 
-TEST_F(AvbUtilTest, LoadAndVerifyVbmetaImpl) {
+TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPath) {
+    // Generates a raw system_other.img, use a smaller size to speed-up unit test.
+    const size_t system_image_size = 10 * 1024 * 1024;
+    const size_t system_partition_size = 15 * 1024 * 1024;
+    base::FilePath system_path = GenerateImage("system_other.img", system_image_size);
+
+    // Adds AVB Hashtree Footer.
+    AddAvbFooter(system_path, "hashtree", "system_other", system_partition_size, "SHA512_RSA4096",
+                 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d",
+                 "--internal_release_string \"unit test\"");
+
+    std::string expected_key_blob_4096 =
+            ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem"));
+
+    bool verification_disabled;
+    VBMetaVerifyResult verify_result;
+    std::string out_public_key_data;
+    std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", expected_key_blob_4096,
+            false /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, &out_public_key_data, &verification_disabled,
+            &verify_result);
+
+    EXPECT_NE(nullptr, vbmeta);
+    EXPECT_EQ(VBMetaVerifyResult::kSuccess, verify_result);
+    EXPECT_EQ(false, verification_disabled);
+    EXPECT_EQ(expected_key_blob_4096, out_public_key_data);
+
+    EXPECT_EQ(2112UL, vbmeta->size());
+    EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path());
+    EXPECT_EQ("system_other", vbmeta->partition());
+    EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
+}
+
+TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathErrorVerification) {
+    // Generates a raw system_other.img, use a smaller size to speed-up unit test.
+    const size_t system_image_size = 10 * 1024 * 1024;
+    const size_t system_partition_size = 15 * 1024 * 1024;
+    base::FilePath system_path = GenerateImage("system_other.img", system_image_size);
+
+    // Adds AVB Hashtree Footer.
+    AddAvbFooter(system_path, "hashtree", "system_other", system_partition_size, "SHA512_RSA4096",
+                 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d",
+                 "--internal_release_string \"unit test\"");
+
+    std::string expected_key_blob_4096 =
+            ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem"));
+
+    // Modifies the auxiliary data of system_other.img
+    auto fd = OpenUniqueReadFd(system_path);
+    auto system_footer = GetAvbFooter(fd);
+    auto system_vbmeta = ExtractAndLoadVBMetaData(system_path, "system_other-vbmeta.img");
+    auto system_header = system_vbmeta.GetVBMetaHeader(true /* update_vbmeta_size */);
+    size_t header_block_offset = 0;
+    size_t authentication_block_offset = header_block_offset + sizeof(AvbVBMetaImageHeader);
+    size_t auxiliary_block_offset =
+        authentication_block_offset + system_header->authentication_data_block_size;
+
+    // Modifies the hash.
+    ModifyFile(
+        system_path,
+        (system_footer->vbmeta_offset + authentication_block_offset + system_header->hash_offset),
+        system_header->hash_size);
+
+    VBMetaVerifyResult verify_result;
+    // Not allow verification error.
+    std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", expected_key_blob_4096,
+            false /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
+            nullptr /* verification_disabled */, &verify_result);
+    EXPECT_EQ(nullptr, vbmeta);
+
+    // Allow verification error.
+    vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", expected_key_blob_4096,
+            true /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
+            nullptr /* verification_disabled */, &verify_result);
+    EXPECT_NE(nullptr, vbmeta);
+    EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
+
+    EXPECT_EQ(2112UL, vbmeta->size());
+    EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path());
+    EXPECT_EQ("system_other", vbmeta->partition());
+    EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
+
+    // Modifies the auxiliary data block.
+    ModifyFile(system_path, system_footer->vbmeta_offset + auxiliary_block_offset,
+               system_header->auxiliary_data_block_size);
+
+    // Not allow verification error.
+    vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", expected_key_blob_4096,
+            false /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
+            nullptr /* verification_disabled */, &verify_result);
+    EXPECT_EQ(nullptr, vbmeta);
+
+    // Allow verification error.
+    vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", expected_key_blob_4096,
+            true /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
+            nullptr /* verification_disabled */, &verify_result);
+    EXPECT_NE(nullptr, vbmeta);
+    EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
+}
+
+TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathUnexpectedPublicKey) {
+    // Generates a raw system_other.img, use a smaller size to speed-up unit test.
+    const size_t system_image_size = 10 * 1024 * 1024;
+    const size_t system_partition_size = 15 * 1024 * 1024;
+    base::FilePath system_path = GenerateImage("system_other.img", system_image_size);
+
+    // Adds AVB Hashtree Footer.
+    AddAvbFooter(system_path, "hashtree", "system_other", system_partition_size, "SHA512_RSA4096",
+                 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d",
+                 "--internal_release_string \"unit test\"");
+
+    std::string unexpected_key_blob_2048 =
+            ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa2048.pem"));
+    std::string expected_key_blob_4096 =
+            ExtractPublicKeyAvbBlob(data_dir_.Append("testkey_rsa4096.pem"));
+
+    // Uses the correct expected public key.
+    VBMetaVerifyResult verify_result;
+    std::string out_public_key_data;
+    std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", expected_key_blob_4096,
+            false /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, &out_public_key_data,
+            nullptr /* verification_disabled */, &verify_result);
+    EXPECT_NE(nullptr, vbmeta);
+    EXPECT_EQ(verify_result, VBMetaVerifyResult::kSuccess);
+    EXPECT_EQ(expected_key_blob_4096, out_public_key_data);
+    EXPECT_EQ(2112UL, vbmeta->size());
+    EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path());
+    EXPECT_EQ("system_other", vbmeta->partition());
+    EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
+
+    // Uses the wrong expected public key with allow_verification_error set to false.
+    vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", unexpected_key_blob_2048,
+            false /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, &out_public_key_data,
+            nullptr /* verification_disabled */, &verify_result);
+    EXPECT_EQ(nullptr, vbmeta);
+    // Checks out_public_key_data is still loaded properly, if the error is due
+    // to an unexpected public key instead of vbmeta image verification error.
+    EXPECT_EQ(expected_key_blob_4096, out_public_key_data);
+
+    // Uses the wrong expected public key with allow_verification_error set to true.
+    vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", unexpected_key_blob_2048,
+            true /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, &out_public_key_data,
+            nullptr /* verification_disabled */, &verify_result);
+    EXPECT_NE(nullptr, vbmeta);
+    EXPECT_EQ(expected_key_blob_4096, out_public_key_data);
+    EXPECT_EQ(verify_result, VBMetaVerifyResult::kErrorVerification);
+    EXPECT_EQ(2112UL, vbmeta->size());
+    EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path());
+    EXPECT_EQ("system_other", vbmeta->partition());
+    EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
+}
+
+TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPathVerificationDisabled) {
+    // Generates a raw system_other.img, use a smaller size to speed-up unit test.
+    const size_t system_image_size = 10 * 1024 * 1024;
+    const size_t system_partition_size = 15 * 1024 * 1024;
+    base::FilePath system_path = GenerateImage("system_other.img", system_image_size);
+
+    // Adds AVB Hashtree Footer.
+    AddAvbFooter(system_path, "hashtree", "system_other", system_partition_size, "SHA512_RSA4096",
+                 20, data_dir_.Append("testkey_rsa4096.pem"), "d00df00d",
+                 "--internal_release_string \"unit test\"");
+
+    base::FilePath rsa4096_public_key =
+        ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem"));
+
+    std::string expected_key_blob_4096;
+    EXPECT_TRUE(base::ReadFileToString(rsa4096_public_key, &expected_key_blob_4096));
+
+    // Sets disabled flag and expect the returned verification_disabled is true.
+    SetVBMetaFlags(system_path, AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED);
+    bool verification_disabled;
+    VBMetaVerifyResult verify_result;
+    std::string out_public_key_data;
+    std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", expected_key_blob_4096,
+            true /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
+            &verification_disabled, &verify_result);
+
+    EXPECT_NE(nullptr, vbmeta);
+    EXPECT_EQ(VBMetaVerifyResult::kErrorVerification, verify_result);
+    EXPECT_EQ(true, verification_disabled);  // should be true.
+
+    EXPECT_EQ(2112UL, vbmeta->size());
+    EXPECT_EQ(system_path.value(), vbmeta->vbmeta_path());
+    EXPECT_EQ("system_other", vbmeta->partition());
+    EXPECT_TRUE(CompareVBMeta(system_path, *vbmeta));
+
+    // Since the vbmeta flags is modified, vbmeta will be nullptr
+    // if verification error isn't allowed.
+    vbmeta = LoadAndVerifyVbmetaByPath(
+            system_path.value(), "system_other", expected_key_blob_4096,
+            false /* allow_verification_error */, false /* rollback_protection */,
+            false /* is_chained_vbmeta */, nullptr /* out_public_key_data */,
+            &verification_disabled, &verify_result);
+    EXPECT_EQ(nullptr, vbmeta);
+}
+
+TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPartition) {
     // Generates a raw boot.img
     const size_t boot_image_size = 5 * 1024 * 1024;
     const size_t boot_partition_size = 10 * 1024 * 1024;
@@ -795,18 +1139,18 @@
     EXPECT_EQ("6f4bf815a651aa35ec7102a88b7906b91aef284bc5e20d0bf527c7d460da3266",
               CalcVBMetaDigest("vbmeta.img", "sha256"));
 
-    // Starts to test LoadAndVerifyVbmetaImpl.
+    // Starts to test LoadAndVerifyVbmetaByPartition.
     std::vector<VBMetaData> vbmeta_images;
     auto vbmeta_image_path = [this](const std::string& partition_name) {
         return test_dir_.Append(partition_name + ".img").value();
     };
 
     EXPECT_EQ(VBMetaVerifyResult::kSuccess,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
-                      "" /* expected_public_key_blob*/, false /* allow_verification_error */,
-                      true /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, false /* allow_verification_error */,
+                  true /* load_chained_vbmeta */, true /* rollback_protection */, vbmeta_image_path,
+                  false /* is_chained_vbmeta*/, &vbmeta_images));
 
     EXPECT_EQ(4UL, vbmeta_images.size());  // vbmeta, boot, vbmeta_system and system
     // Binary comparison for each vbmeta image.
@@ -818,17 +1162,17 @@
     // Skip loading chained vbmeta images.
     vbmeta_images.clear();
     EXPECT_EQ(VBMetaVerifyResult::kSuccess,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
-                      "" /* expected_public_key_blob*/, false /* allow_verification_error */,
-                      false /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, false /* allow_verification_error */,
+                  false /* load_chained_vbmeta */, true /* rollback_protection */,
+                  vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
     // Only vbmeta is loaded.
     EXPECT_EQ(1UL, vbmeta_images.size());
     EXPECT_TRUE(CompareVBMeta(vbmeta_path, vbmeta_images[0]));
 }
 
-TEST_F(AvbUtilTest, LoadAndVerifyVbmetaImplWithSuffixes) {
+TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPartitionWithSuffixes) {
     // Tests the following chained partitions.
     // vbmeta_a.img
     // |--> boot_b.img (boot_other)
@@ -874,18 +1218,18 @@
              {"vbmeta_system_other", 2, rsa4096_public_key}},
             "--internal_release_string \"unit test\"");
 
-    // Starts to test LoadAndVerifyVbmetaImpl with ab_suffix and ab_other_suffix.
+    // Starts to test LoadAndVerifyVbmetaByPartition with ab_suffix and ab_other_suffix.
     auto vbmeta_image_path = [this](const std::string& partition_name) {
         return test_dir_.Append(partition_name + ".img").value();
     };
 
     std::vector<VBMetaData> vbmeta_images;
     EXPECT_EQ(VBMetaVerifyResult::kSuccess,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "_a" /* ab_suffix */, "_b" /* other_suffix */,
-                      "" /* expected_public_key_blob*/, false /* allow_verification_error */,
-                      true /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "_a" /* ab_suffix */, "_b" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, false /* allow_verification_error */,
+                  true /* load_chained_vbmeta */, true /* rollback_protection */, vbmeta_image_path,
+                  false /* is_chained_vbmeta*/, &vbmeta_images));
 
     EXPECT_EQ(4UL, vbmeta_images.size());  // vbmeta, boot_other, vbmeta_system_other and system
     // Binary comparison for each vbmeta image.
@@ -897,26 +1241,26 @@
     // Skips loading chained vbmeta images.
     vbmeta_images.clear();
     EXPECT_EQ(VBMetaVerifyResult::kSuccess,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "_a" /* ab_suffix */, "_b" /* other_suffix */,
-                      "" /* expected_public_key_blob*/, false /* allow_verification_error */,
-                      false /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "_a" /* ab_suffix */, "_b" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, false /* allow_verification_error */,
+                  false /* load_chained_vbmeta */, true /* rollback_protection */,
+                  vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
     // Only vbmeta is loaded.
     EXPECT_EQ(1UL, vbmeta_images.size());
     EXPECT_TRUE(CompareVBMeta(vbmeta_path, vbmeta_images[0]));
 
     // Using an invalid suffix for 'other' slot, checks it returns error.
     EXPECT_EQ(VBMetaVerifyResult::kError,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "_a" /* ab_suffix */,
-                      "_invalid_suffix" /* other_suffix */, "" /* expected_public_key_blob*/,
-                      false /* allow_verification_error */, true /* load_chained_vbmeta */,
-                      true /* rollback_protection */, vbmeta_image_path,
-                      false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "_a" /* ab_suffix */,
+                  "_invalid_suffix" /* other_suffix */, "" /* expected_public_key_blob*/,
+                  false /* allow_verification_error */, true /* load_chained_vbmeta */,
+                  true /* rollback_protection */, vbmeta_image_path, false /* is_chained_vbmeta*/,
+                  &vbmeta_images));
 }
 
-TEST_F(AvbUtilTest, LoadAndVerifyVbmetaImplErrorVerification) {
+TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPartitionErrorVerification) {
     // Generates a raw boot.img
     const size_t boot_image_size = 5 * 1024 * 1024;
     const size_t boot_partition_size = 10 * 1024 * 1024;
@@ -964,27 +1308,27 @@
     // Modifies the hash.
     ModifyFile(vbmeta_path, authentication_block_offset + header->hash_offset, header->hash_size);
 
-    // Starts to test LoadAndVerifyVbmetaImpl.
+    // Starts to test LoadAndVerifyVbmetaByPartition.
     std::vector<VBMetaData> vbmeta_images;
     auto vbmeta_image_path = [this](const std::string& partition_name) {
         return test_dir_.Append(partition_name + ".img").value();
     };
     EXPECT_EQ(VBMetaVerifyResult::kError,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
-                      "" /* expected_public_key_blob*/, false /* allow_verification_error */,
-                      true /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, false /* allow_verification_error */,
+                  true /* load_chained_vbmeta */, true /* rollback_protection */, vbmeta_image_path,
+                  false /* is_chained_vbmeta*/, &vbmeta_images));
     // Stops to load vbmeta because the top-level vbmeta has verification error.
     EXPECT_EQ(0UL, vbmeta_images.size());
 
     // Tries again with verification error allowed.
     EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "" /* ab_suffix */, "", /* other_suffix */
-                      "" /* expected_public_key_blob*/, true /* allow_verification_error */,
-                      true /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "", /* other_suffix */
+                  "" /* expected_public_key_blob*/, true /* allow_verification_error */,
+                  true /* load_chained_vbmeta */, true /* rollback_protection */, vbmeta_image_path,
+                  false /* is_chained_vbmeta*/, &vbmeta_images));
 
     EXPECT_EQ(3UL, vbmeta_images.size());  // vbmeta, boot, and system
     // Binary comparison for each vbmeta image.
@@ -1008,11 +1352,11 @@
                system_header->auxiliary_data_block_size);
     vbmeta_images.clear();
     EXPECT_EQ(VBMetaVerifyResult::kError,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
-                      "" /* expected_public_key_blob*/, false /* allow_verification_error */,
-                      true /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, false /* allow_verification_error */,
+                  true /* load_chained_vbmeta */, true /* rollback_protection */, vbmeta_image_path,
+                  false /* is_chained_vbmeta*/, &vbmeta_images));
     // 'vbmeta', 'boot' but no 'system', because of verification error.
     EXPECT_EQ(2UL, vbmeta_images.size());
     // Binary comparison for the loaded 'vbmeta' and 'boot'.
@@ -1020,20 +1364,113 @@
     EXPECT_TRUE(CompareVBMeta(boot_path, vbmeta_images[1]));
 
     // Resets the modification of the auxiliary data.
-    ModifyFile(vbmeta_path, 0 /* offset */, -1 /* length */);
+    ModifyFile(system_path, 0 /* offset */, -1 /* length */);
 
     // Sets the vbmeta header flags on a chained partition, which introduces an error.
     ModifyFile(system_path, system_footer->vbmeta_offset + offsetof(AvbVBMetaImageHeader, flags),
                sizeof(uint32_t));
     EXPECT_EQ(VBMetaVerifyResult::kError,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
-                      "" /* expected_public_key_blob*/, true /* allow_verification_error */,
-                      true /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, true /* allow_verification_error */,
+                  true /* load_chained_vbmeta */, true /* rollback_protection */, vbmeta_image_path,
+                  false /* is_chained_vbmeta*/, &vbmeta_images));
 }
 
-TEST_F(AvbUtilTest, LoadAndVerifyVbmetaImplUnexpectedPublicKey) {
+TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPartitionVerificationDisabled) {
+    // Generates a raw boot.img
+    const size_t boot_image_size = 5 * 1024 * 1024;
+    const size_t boot_partition_size = 10 * 1024 * 1024;
+    base::FilePath boot_path = GenerateImage("boot.img", boot_image_size);
+
+    // Adds AVB Hash Footer.
+    AddAvbFooter(boot_path, "hash", "boot", boot_partition_size, "SHA256_RSA2048", 10,
+                 data_dir_.Append("testkey_rsa2048.pem"), "d00df00d",
+                 "--internal_release_string \"unit test\"");
+
+    // Generates a raw system.img, use a smaller size to speed-up unit test.
+    const size_t system_image_size = 10 * 1024 * 1024;
+    const size_t system_partition_size = 15 * 1024 * 1024;
+    base::FilePath system_path = GenerateImage("system.img", system_image_size);
+    // Adds AVB Hashtree Footer.
+    AddAvbFooter(system_path, "hashtree", "system", system_partition_size, "SHA512_RSA4096", 20,
+                 data_dir_.Append("testkey_rsa4096.pem"), "d00df00d",
+                 "--internal_release_string \"unit test\"");
+
+    // Generates chain partition descriptors.
+    base::FilePath rsa2048_public_key =
+        ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa2048.pem"));
+    base::FilePath rsa4096_public_key =
+        ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem"));
+    // Makes a vbmeta_system.img including the 'system' chained descriptor.
+    auto vbmeta_system_path = GenerateVBMetaImage(
+        "vbmeta_system.img", "SHA256_RSA4096", 0, data_dir_.Append("testkey_rsa4096.pem"),
+        {},                                  /* include_descriptor_image_paths */
+        {{"system", 3, rsa4096_public_key}}, /* chain_partitions */
+        "--internal_release_string \"unit test\"");
+
+    // Makes a vbmeta image includeing 'boot' and 'vbmeta_system' chained descriptors.
+    auto vbmeta_path = GenerateVBMetaImage("vbmeta.img", "SHA256_RSA8192", 0,
+                                           data_dir_.Append("testkey_rsa8192.pem"),
+                                           {}, /* include_descriptor_image_paths */
+                                           {{"boot", 1, rsa2048_public_key}, /* chain_partitions */
+                                            {"vbmeta_system", 2, rsa4096_public_key}},
+                                           "--internal_release_string \"unit test\"");
+
+    // Calculates the digest of all chained partitions, to ensure the chained is formed properly.
+    EXPECT_EQ("6f4bf815a651aa35ec7102a88b7906b91aef284bc5e20d0bf527c7d460da3266",
+              CalcVBMetaDigest("vbmeta.img", "sha256"));
+
+    // Starts to test LoadAndVerifyVbmetaByPartition.
+    std::vector<VBMetaData> vbmeta_images;
+    auto vbmeta_image_path = [this](const std::string& partition_name) {
+        return test_dir_.Append(partition_name + ".img").value();
+    };
+
+    EXPECT_EQ(VBMetaVerifyResult::kSuccess,
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, false /* allow_verification_error */,
+                  true /* load_chained_vbmeta */, true /* rollback_protection */, vbmeta_image_path,
+                  false /* is_chained_vbmeta*/, &vbmeta_images));
+
+    EXPECT_EQ(4UL, vbmeta_images.size());  // vbmeta, boot, vbmeta_system and system
+    // Binary comparison for each vbmeta image.
+    EXPECT_TRUE(CompareVBMeta(vbmeta_path, vbmeta_images[0]));
+    EXPECT_TRUE(CompareVBMeta(boot_path, vbmeta_images[1]));
+    EXPECT_TRUE(CompareVBMeta(vbmeta_system_path, vbmeta_images[2]));
+    EXPECT_TRUE(CompareVBMeta(system_path, vbmeta_images[3]));
+
+    // Sets VERIFICATION_DISABLED to the top-level vbmeta.img
+    SetVBMetaFlags(vbmeta_path, AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED);
+    vbmeta_images.clear();
+    EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, true /* allow_verification_error */,
+                  true /* load_chained_vbmeta */, true /* rollback_protection */, vbmeta_image_path,
+                  false /* is_chained_vbmeta*/, &vbmeta_images));
+    EXPECT_EQ(1UL, vbmeta_images.size());  // Only vbmeta is loaded
+    EXPECT_TRUE(CompareVBMeta(vbmeta_path, vbmeta_images[0]));
+
+    // HASHTREE_DISABLED still loads the chained vbmeta.
+    SetVBMetaFlags(vbmeta_path, AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED);
+    vbmeta_images.clear();
+    EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  "" /* expected_public_key_blob*/, true /* allow_verification_error */,
+                  true /* load_chained_vbmeta */, true /* rollback_protection */, vbmeta_image_path,
+                  false /* is_chained_vbmeta*/, &vbmeta_images));
+    EXPECT_EQ(4UL, vbmeta_images.size());  // vbmeta, boot, vbmeta_system and system
+    // Binary comparison for each vbmeta image.
+    EXPECT_TRUE(CompareVBMeta(vbmeta_path, vbmeta_images[0]));
+    EXPECT_TRUE(CompareVBMeta(boot_path, vbmeta_images[1]));
+    EXPECT_TRUE(CompareVBMeta(vbmeta_system_path, vbmeta_images[2]));
+    EXPECT_TRUE(CompareVBMeta(system_path, vbmeta_images[3]));
+}
+
+TEST_F(AvbUtilTest, LoadAndVerifyVbmetaByPartitionUnexpectedPublicKey) {
     // Generates chain partition descriptors.
     base::FilePath rsa2048_public_key =
             ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa2048.pem"));
@@ -1060,29 +1497,29 @@
     std::vector<VBMetaData> vbmeta_images;
     // Uses the correct expected public key.
     EXPECT_EQ(VBMetaVerifyResult::kSuccess,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
-                      expected_key_blob_8192, true /* allow_verification_error */,
-                      false /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  expected_key_blob_8192, true /* allow_verification_error */,
+                  false /* load_chained_vbmeta */, true /* rollback_protection */,
+                  vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
 
     // Uses the wrong expected public key with allow_verification_error set to true.
     vbmeta_images.clear();
     EXPECT_EQ(VBMetaVerifyResult::kErrorVerification,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
-                      expected_key_blob_4096, true /* allow_verification_error */,
-                      false /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  expected_key_blob_4096, true /* allow_verification_error */,
+                  false /* load_chained_vbmeta */, true /* rollback_protection */,
+                  vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
 
     // Uses the wrong expected public key with allow_verification_error set to false.
     vbmeta_images.clear();
     EXPECT_EQ(VBMetaVerifyResult::kError,
-              LoadAndVerifyVbmetaImpl(
-                      "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
-                      expected_key_blob_4096, false /* allow_verification_error */,
-                      false /* load_chained_vbmeta */, true /* rollback_protection */,
-                      vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
+              LoadAndVerifyVbmetaByPartition(
+                  "vbmeta" /* partition_name */, "" /* ab_suffix */, "" /* other_suffix */,
+                  expected_key_blob_4096, false /* allow_verification_error */,
+                  false /* load_chained_vbmeta */, true /* rollback_protection */,
+                  vbmeta_image_path, false /* is_chained_vbmeta*/, &vbmeta_images));
 }
 
 }  // namespace fs_avb_host_test
diff --git a/fs_mgr/liblp/builder_test.cpp b/fs_mgr/liblp/builder_test.cpp
index 8f08169..69724f8 100644
--- a/fs_mgr/liblp/builder_test.cpp
+++ b/fs_mgr/liblp/builder_test.cpp
@@ -442,10 +442,6 @@
 }
 
 TEST_F(BuilderTest, block_device_info) {
-    std::unique_ptr<fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(),
-                                                               fs_mgr_free_fstab);
-    ASSERT_NE(fstab, nullptr);
-
     PartitionOpener opener;
 
     BlockDeviceInfo device_info;
diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh
index ede0122..4d9bc61 100755
--- a/fs_mgr/tests/adb-remount-test.sh
+++ b/fs_mgr/tests/adb-remount-test.sh
@@ -569,6 +569,18 @@
   die "vendor hello"
 check_eq "${A}" "${B}" /vendor before reboot
 
+# download libc.so, append some gargage, push back, and check if the file is updated.
+tempdir="`mktemp -d`"
+cleanup() {
+  rm -rf ${tempdir}
+}
+adb pull /system/lib/bootstrap/libc.so ${tempdir} || die "pull libc.so from device"
+garbage="`hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/random`"
+echo ${garbage} >> ${tempdir}/libc.so
+adb push ${tempdir}/libc.so /system/lib/bootstrap/libc.so || die "push libc.so to device"
+adb pull /system/lib/bootstrap/libc.so ${tempdir}/libc.so.fromdevice || die "pull libc.so from device"
+diff ${tempdir}/libc.so ${tempdir}/libc.so.fromdevice > /dev/null || die "libc.so differ"
+
 echo "${GREEN}[ RUN      ]${NORMAL} reboot to confirm content persistent" >&2
 
 adb_reboot &&
@@ -607,6 +619,14 @@
 check_eq "${A}" "${B}" vendor after reboot
 echo "${GREEN}[       OK ]${NORMAL} /vendor content remains after reboot" >&2
 
+# check if the updated libc.so is persistent after reboot
+adb_root &&
+  adb pull /system/lib/bootstrap/libc.so ${tempdir}/libc.so.fromdevice ||
+  die "pull libc.so from device"
+diff ${tempdir}/libc.so ${tempdir}/libc.so.fromdevice > /dev/null || die "libc.so differ"
+rm -r ${tempdir}
+echo "${GREEN}[       OK ]${NORMAL} /system/lib/bootstrap/libc.so content remains after reboot" >&2
+
 echo "${GREEN}[ RUN      ]${NORMAL} flash vendor, confirm its content disappears" >&2
 
 H=`adb_sh echo '${HOSTNAME}' </dev/null 2>/dev/null`
diff --git a/fs_mgr/tests/data/fstab.example b/fs_mgr/tests/data/fstab.example
index 1a3dfa1..aebce32 100644
--- a/fs_mgr/tests/data/fstab.example
+++ b/fs_mgr/tests/data/fstab.example
@@ -9,3 +9,7 @@
 /dev/block/bootdevice/by-name/modem                 /vendor/firmware_mnt          vfat        ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337,context=u:object_r:firmware_file:s0   wait,slotselect
 /devices/platform/soc/a600000.ssusb/a600000.dwc3*   auto               vfat        defaults                                              voldmanaged=usb:auto
 /dev/block/zram0                                    none               swap        defaults                                              zramsize=1073741824,max_comp_streams=8
+/dev/block/zram0                                    none2              swap        nodiratime,remount,bind                               zramsize=1073741824,max_comp_streams=8
+/dev/block/zram0                                    none3              swap        unbindable,private,slave                              zramsize=1073741824,max_comp_streams=8
+/dev/block/zram0                                    none4              swap        noexec,shared,rec                                     zramsize=1073741824,max_comp_streams=8
+/dev/block/zram0                                    none5              swap        rw                                                    zramsize=1073741824,max_comp_streams=8
diff --git a/fs_mgr/tests/fs_mgr_test.cpp b/fs_mgr/tests/fs_mgr_test.cpp
index 4582401..1815a38 100644
--- a/fs_mgr/tests/fs_mgr_test.cpp
+++ b/fs_mgr/tests/fs_mgr_test.cpp
@@ -32,6 +32,8 @@
 
 #include "../fs_mgr_priv_boot_config.h"
 
+using namespace android::fs_mgr;
+
 namespace {
 
 const std::string cmdline =
@@ -201,32 +203,832 @@
     EXPECT_EQ(i, fstab.size());
 }
 
-TEST(fs_mgr, ReadFstabFromFile_FsOptions) {
+TEST(fs_mgr, ReadFstabFromFile_MountOptions) {
     Fstab fstab;
     std::string fstab_file = android::base::GetExecutableDirectory() + "/data/fstab.example";
     EXPECT_TRUE(ReadFstabFromFile(fstab_file, &fstab));
 
     EXPECT_EQ("/", fstab[0].mount_point);
+    EXPECT_EQ(static_cast<unsigned long>(MS_RDONLY), fstab[0].flags);
     EXPECT_EQ("barrier=1", fstab[0].fs_options);
 
     EXPECT_EQ("/metadata", fstab[1].mount_point);
+    EXPECT_EQ(static_cast<unsigned long>(MS_NOATIME | MS_NOSUID | MS_NODEV), fstab[1].flags);
     EXPECT_EQ("discard", fstab[1].fs_options);
 
     EXPECT_EQ("/data", fstab[2].mount_point);
+    EXPECT_EQ(static_cast<unsigned long>(MS_NOATIME | MS_NOSUID | MS_NODEV), fstab[2].flags);
     EXPECT_EQ("discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier", fstab[2].fs_options);
 
     EXPECT_EQ("/misc", fstab[3].mount_point);
+    EXPECT_EQ(0U, fstab[3].flags);
     EXPECT_EQ("", fstab[3].fs_options);
 
     EXPECT_EQ("/vendor/firmware_mnt", fstab[4].mount_point);
+    EXPECT_EQ(static_cast<unsigned long>(MS_RDONLY), fstab[4].flags);
     EXPECT_EQ(
             "shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337,"
             "context=u:object_r:firmware_file:s0",
             fstab[4].fs_options);
 
     EXPECT_EQ("auto", fstab[5].mount_point);
+    EXPECT_EQ(0U, fstab[5].flags);
     EXPECT_EQ("", fstab[5].fs_options);
 
     EXPECT_EQ("none", fstab[6].mount_point);
+    EXPECT_EQ(0U, fstab[6].flags);
     EXPECT_EQ("", fstab[6].fs_options);
+
+    EXPECT_EQ("none2", fstab[7].mount_point);
+    EXPECT_EQ(static_cast<unsigned long>(MS_NODIRATIME | MS_REMOUNT | MS_BIND), fstab[7].flags);
+    EXPECT_EQ("", fstab[7].fs_options);
+
+    EXPECT_EQ("none3", fstab[8].mount_point);
+    EXPECT_EQ(static_cast<unsigned long>(MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE), fstab[8].flags);
+    EXPECT_EQ("", fstab[8].fs_options);
+
+    EXPECT_EQ("none4", fstab[9].mount_point);
+    EXPECT_EQ(static_cast<unsigned long>(MS_NOEXEC | MS_SHARED | MS_REC), fstab[9].flags);
+    EXPECT_EQ("", fstab[9].fs_options);
+
+    EXPECT_EQ("none5", fstab[10].mount_point);
+    EXPECT_EQ(0U, fstab[10].flags);  // rw is the same as defaults
+    EXPECT_EQ("", fstab[10].fs_options);
+}
+
+static bool CompareFlags(FstabEntry::FsMgrFlags& lhs, FstabEntry::FsMgrFlags& rhs) {
+    // clang-format off
+    return lhs.wait == rhs.wait &&
+           lhs.check == rhs.check &&
+           lhs.crypt == rhs.crypt &&
+           lhs.nonremovable == rhs.nonremovable &&
+           lhs.vold_managed == rhs.vold_managed &&
+           lhs.recovery_only == rhs.recovery_only &&
+           lhs.verify == rhs.verify &&
+           lhs.force_crypt == rhs.force_crypt &&
+           lhs.no_emulated_sd == rhs.no_emulated_sd &&
+           lhs.no_trim == rhs.no_trim &&
+           lhs.file_encryption == rhs.file_encryption &&
+           lhs.formattable == rhs.formattable &&
+           lhs.slot_select == rhs.slot_select &&
+           lhs.force_fde_or_fbe == rhs.force_fde_or_fbe &&
+           lhs.late_mount == rhs.late_mount &&
+           lhs.no_fail == rhs.no_fail &&
+           lhs.verify_at_boot == rhs.verify_at_boot &&
+           lhs.quota == rhs.quota &&
+           lhs.avb == rhs.avb &&
+           lhs.logical == rhs.logical &&
+           lhs.checkpoint_blk == rhs.checkpoint_blk &&
+           lhs.checkpoint_fs == rhs.checkpoint_fs &&
+           lhs.first_stage_mount == rhs.first_stage_mount &&
+           lhs.slot_select_other == rhs.slot_select_other &&
+           lhs.fs_verity == rhs.fs_verity;
+    // clang-format on
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrFlags) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      wait,check,nonremovable,recoveryonly,verifyatboot,verify
+source none1       swap   defaults      avb,noemulatedsd,notrim,formattable,slotselect,nofail
+source none2       swap   defaults      first_stage_mount,latemount,quota,logical,slotselect_other
+source none3       swap   defaults      checkpoint=block
+source none4       swap   defaults      checkpoint=fs
+source none5       swap   defaults      defaults
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(6U, fstab.size());
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    {
+        FstabEntry::FsMgrFlags flags = {};
+        flags.wait = true;
+        flags.check = true;
+        flags.nonremovable = true;
+        flags.recovery_only = true;
+        flags.verify_at_boot = true;
+        flags.verify = true;
+        EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    }
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    {
+        FstabEntry::FsMgrFlags flags = {};
+        flags.avb = true;
+        flags.no_emulated_sd = true;
+        flags.no_trim = true;
+        flags.formattable = true;
+        flags.slot_select = true;
+        flags.no_fail = true;
+        EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    }
+    entry++;
+
+    EXPECT_EQ("none2", entry->mount_point);
+    {
+        FstabEntry::FsMgrFlags flags = {};
+        flags.first_stage_mount = true;
+        flags.late_mount = true;
+        flags.quota = true;
+        flags.logical = true;
+        flags.slot_select_other = true;
+        EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    }
+    entry++;
+
+    EXPECT_EQ("none3", entry->mount_point);
+    {
+        FstabEntry::FsMgrFlags flags = {};
+        flags.checkpoint_blk = true;
+        EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    }
+    entry++;
+
+    EXPECT_EQ("none4", entry->mount_point);
+    {
+        FstabEntry::FsMgrFlags flags = {};
+        flags.checkpoint_fs = true;
+        EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    }
+    entry++;
+
+    EXPECT_EQ("none5", entry->mount_point);
+    {
+        FstabEntry::FsMgrFlags flags = {};
+        EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    }
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_AllBad) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      encryptable,forceencrypt,fileencryption,forcefdeorfbe,keydirectory,length,swapprio,zramsize,max_comp_streams,reservedsize,eraseblk,logicalblk,sysfs_path,zram_loopback_path,zram_loopback_size,zram_backing_dev_path
+
+source none1       swap   defaults      encryptable=,forceencrypt=,fileencryption=,keydirectory=,length=,swapprio=,zramsize=,max_comp_streams=,verify=,avb=,reservedsize=,eraseblk=,logicalblk=,sysfs_path=,zram_loopback_path=,zram_loopback_size=,zram_backing_dev_path=
+
+source none2       swap   defaults      forcefdeorfbe=
+
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(3U, fstab.size());
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    {
+        FstabEntry::FsMgrFlags flags = {};
+        EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    }
+    EXPECT_EQ("", entry->key_loc);
+    EXPECT_EQ("", entry->key_dir);
+    EXPECT_EQ("", entry->verity_loc);
+    EXPECT_EQ(0, entry->length);
+    EXPECT_EQ("", entry->label);
+    EXPECT_EQ(-1, entry->partnum);
+    EXPECT_EQ(-1, entry->swap_prio);
+    EXPECT_EQ(0, entry->max_comp_streams);
+    EXPECT_EQ(0, entry->zram_size);
+    EXPECT_EQ(0, entry->reserved_size);
+    EXPECT_EQ("", entry->file_contents_mode);
+    EXPECT_EQ("", entry->file_names_mode);
+    EXPECT_EQ(0, entry->erase_blk_size);
+    EXPECT_EQ(0, entry->logical_blk_size);
+    EXPECT_EQ("", entry->sysfs_path);
+    EXPECT_EQ("", entry->zram_loopback_path);
+    EXPECT_EQ(512U * 1024U * 1024U, entry->zram_loopback_size);
+    EXPECT_EQ("", entry->zram_backing_dev_path);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    {
+        FstabEntry::FsMgrFlags flags = {};
+        flags.crypt = true;
+        flags.force_crypt = true;
+        flags.file_encryption = true;
+        flags.verify = true;
+        flags.avb = true;
+        EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    }
+    EXPECT_EQ("", entry->key_loc);
+    EXPECT_EQ("", entry->key_dir);
+    EXPECT_EQ("", entry->verity_loc);
+    EXPECT_EQ(0, entry->length);
+    EXPECT_EQ("", entry->label);
+    EXPECT_EQ(-1, entry->partnum);
+    EXPECT_EQ(-1, entry->swap_prio);
+    EXPECT_EQ(0, entry->max_comp_streams);
+    EXPECT_EQ(0, entry->zram_size);
+    EXPECT_EQ(0, entry->reserved_size);
+    EXPECT_EQ("", entry->file_contents_mode);
+    EXPECT_EQ("", entry->file_names_mode);
+    EXPECT_EQ(0, entry->erase_blk_size);
+    EXPECT_EQ(0, entry->logical_blk_size);
+    EXPECT_EQ("", entry->sysfs_path);
+    EXPECT_EQ("", entry->zram_loopback_path);
+    EXPECT_EQ(512U * 1024U * 1024U, entry->zram_loopback_size);
+    EXPECT_EQ("", entry->zram_backing_dev_path);
+    entry++;
+
+    // forcefdeorfbe sets file_contents_mode and file_names_mode by default, so test it separately.
+    EXPECT_EQ("none2", entry->mount_point);
+    {
+        FstabEntry::FsMgrFlags flags = {};
+        flags.force_fde_or_fbe = true;
+        EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    }
+    EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
+    EXPECT_EQ("aes-256-cts", entry->file_names_mode);
+    EXPECT_EQ("", entry->key_loc);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_Encryptable) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      encryptable=/dir/key
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(1U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+    flags.crypt = true;
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("/dir/key", entry->key_loc);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_VoldManaged) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      voldmanaged=:
+source none1       swap   defaults      voldmanaged=sdcard
+source none2       swap   defaults      voldmanaged=sdcard:3
+source none3       swap   defaults      voldmanaged=sdcard:auto
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(4U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+    flags.vold_managed = true;
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_TRUE(entry->label.empty());
+    EXPECT_EQ(-1, entry->partnum);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_TRUE(entry->label.empty());
+    EXPECT_EQ(-1, entry->partnum);
+    entry++;
+
+    EXPECT_EQ("none2", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("sdcard", entry->label);
+    EXPECT_EQ(3, entry->partnum);
+    entry++;
+
+    EXPECT_EQ("none3", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("sdcard", entry->label);
+    EXPECT_EQ(-1, entry->partnum);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_Length) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      length=blah
+source none1       swap   defaults      length=123456
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(2U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->length);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(123456, entry->length);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_Swapprio) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      swapprio=blah
+source none1       swap   defaults      swapprio=123456
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(2U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(-1, entry->swap_prio);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(123456, entry->swap_prio);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_ZramSize) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      zramsize=blah
+source none1       swap   defaults      zramsize=123456
+source none2       swap   defaults      zramsize=blah%
+source none3       swap   defaults      zramsize=5%
+source none4       swap   defaults      zramsize=105%
+source none5       swap   defaults      zramsize=%
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(6U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->zram_size);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(123456, entry->zram_size);
+    entry++;
+
+    EXPECT_EQ("none2", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->zram_size);
+    entry++;
+
+    EXPECT_EQ("none3", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_NE(0, entry->zram_size);
+    entry++;
+
+    EXPECT_EQ("none4", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->zram_size);
+    entry++;
+
+    EXPECT_EQ("none5", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->zram_size);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_Verify) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      verify=/dir/key
+)fs";
+
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(1U, fstab.size());
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+
+    FstabEntry::FsMgrFlags flags = {};
+    flags.verify = true;
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+
+    EXPECT_EQ("/dir/key", entry->verity_loc);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_ForceEncrypt) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      forceencrypt=/dir/key
+)fs";
+
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(1U, fstab.size());
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+
+    FstabEntry::FsMgrFlags flags = {};
+    flags.force_crypt = true;
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+
+    EXPECT_EQ("/dir/key", entry->key_loc);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_ForceFdeOrFbe) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      forcefdeorfbe=/dir/key
+)fs";
+
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(1U, fstab.size());
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+
+    FstabEntry::FsMgrFlags flags = {};
+    flags.force_fde_or_fbe = true;
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+
+    EXPECT_EQ("/dir/key", entry->key_loc);
+    EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
+    EXPECT_EQ("aes-256-cts", entry->file_names_mode);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_FileEncryption) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      fileencryption=blah
+source none1       swap   defaults      fileencryption=software
+source none2       swap   defaults      fileencryption=aes-256-xts
+source none3       swap   defaults      fileencryption=adiantum
+source none4       swap   defaults      fileencryption=adiantum:aes-256-heh
+source none5       swap   defaults      fileencryption=ice
+source none6       swap   defaults      fileencryption=ice:blah
+source none7       swap   defaults      fileencryption=ice:aes-256-cts
+source none8       swap   defaults      fileencryption=ice:aes-256-heh
+source none9       swap   defaults      fileencryption=ice:adiantum
+source none10      swap   defaults      fileencryption=ice:adiantum:
+)fs";
+
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(11U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+    flags.file_encryption = true;
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("", entry->file_contents_mode);
+    EXPECT_EQ("", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
+    EXPECT_EQ("aes-256-cts", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none2", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
+    EXPECT_EQ("aes-256-cts", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none3", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("adiantum", entry->file_contents_mode);
+    EXPECT_EQ("adiantum", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none4", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("adiantum", entry->file_contents_mode);
+    EXPECT_EQ("aes-256-heh", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none5", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("ice", entry->file_contents_mode);
+    EXPECT_EQ("aes-256-cts", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none6", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("ice", entry->file_contents_mode);
+    EXPECT_EQ("", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none7", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("ice", entry->file_contents_mode);
+    EXPECT_EQ("aes-256-cts", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none8", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("ice", entry->file_contents_mode);
+    EXPECT_EQ("aes-256-heh", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none9", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("ice", entry->file_contents_mode);
+    EXPECT_EQ("adiantum", entry->file_names_mode);
+
+    entry++;
+    EXPECT_EQ("none10", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ("", entry->file_contents_mode);
+    EXPECT_EQ("", entry->file_names_mode);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_MaxCompStreams) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      max_comp_streams=blah
+source none1       swap   defaults      max_comp_streams=123456
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(2U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->max_comp_streams);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(123456, entry->max_comp_streams);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_ReservedSize) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      reservedsize=blah
+source none1       swap   defaults      reservedsize=2
+source none2       swap   defaults      reservedsize=1K
+source none3       swap   defaults      reservedsize=2m
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(4U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->reserved_size);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(2, entry->reserved_size);
+    entry++;
+
+    EXPECT_EQ("none2", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(1024, entry->reserved_size);
+    entry++;
+
+    EXPECT_EQ("none3", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(2 * 1024 * 1024, entry->reserved_size);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_EraseBlk) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      eraseblk=blah
+source none1       swap   defaults      eraseblk=4000
+source none2       swap   defaults      eraseblk=5000
+source none3       swap   defaults      eraseblk=8192
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(4U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->erase_blk_size);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->erase_blk_size);
+    entry++;
+
+    EXPECT_EQ("none2", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->erase_blk_size);
+    entry++;
+
+    EXPECT_EQ("none3", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(8192, entry->erase_blk_size);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_Logicalblk) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      logicalblk=blah
+source none1       swap   defaults      logicalblk=4000
+source none2       swap   defaults      logicalblk=5000
+source none3       swap   defaults      logicalblk=8192
+)fs";
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(4U, fstab.size());
+
+    FstabEntry::FsMgrFlags flags = {};
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->logical_blk_size);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->logical_blk_size);
+    entry++;
+
+    EXPECT_EQ("none2", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(0, entry->logical_blk_size);
+    entry++;
+
+    EXPECT_EQ("none3", entry->mount_point);
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+    EXPECT_EQ(8192, entry->logical_blk_size);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_Avb) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      avb=vbmeta_partition
+)fs";
+
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(1U, fstab.size());
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+
+    FstabEntry::FsMgrFlags flags = {};
+    flags.avb = true;
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+
+    EXPECT_EQ("vbmeta_partition", entry->vbmeta_partition);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_KeyDirectory) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      keydirectory=/dir/key
+)fs";
+
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(1U, fstab.size());
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+
+    FstabEntry::FsMgrFlags flags = {};
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+
+    EXPECT_EQ("/dir/key", entry->key_dir);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_SysfsPath) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      sysfs_path=/sys/device
+)fs";
+
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(1U, fstab.size());
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+
+    FstabEntry::FsMgrFlags flags = {};
+    EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
+
+    EXPECT_EQ("/sys/device", entry->sysfs_path);
+}
+
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_Zram) {
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    std::string fstab_contents = R"fs(
+source none0       swap   defaults      zram_loopback_path=/dev/path
+
+source none1       swap   defaults      zram_loopback_size=blah
+source none2       swap   defaults      zram_loopback_size=2
+source none3       swap   defaults      zram_loopback_size=1K
+source none4       swap   defaults      zram_loopback_size=2m
+
+source none5       swap   defaults      zram_backing_dev_path=/dev/path2
+
+)fs";
+
+    ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+
+    Fstab fstab;
+    EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+    ASSERT_EQ(6U, fstab.size());
+
+    auto entry = fstab.begin();
+    EXPECT_EQ("none0", entry->mount_point);
+    EXPECT_EQ("/dev/path", entry->zram_loopback_path);
+    entry++;
+
+    EXPECT_EQ("none1", entry->mount_point);
+    EXPECT_EQ(512U * 1024U * 1024U, entry->zram_loopback_size);
+    entry++;
+
+    EXPECT_EQ("none2", entry->mount_point);
+    EXPECT_EQ(2U, entry->zram_loopback_size);
+    entry++;
+
+    EXPECT_EQ("none3", entry->mount_point);
+    EXPECT_EQ(1024U, entry->zram_loopback_size);
+    entry++;
+
+    EXPECT_EQ("none4", entry->mount_point);
+    EXPECT_EQ(2U * 1024U * 1024U, entry->zram_loopback_size);
+    entry++;
+
+    EXPECT_EQ("none5", entry->mount_point);
+    EXPECT_EQ("/dev/path2", entry->zram_backing_dev_path);
 }
diff --git a/fs_mgr/tools/dmctl.cpp b/fs_mgr/tools/dmctl.cpp
index 3b6ff9b..63661f0 100644
--- a/fs_mgr/tools/dmctl.cpp
+++ b/fs_mgr/tools/dmctl.cpp
@@ -27,6 +27,7 @@
 #include <android-base/unique_fd.h>
 #include <libdm/dm.h>
 
+#include <fstream>
 #include <functional>
 #include <iomanip>
 #include <ios>
@@ -50,6 +51,7 @@
 
 static int Usage(void) {
     std::cerr << "usage: dmctl <command> [command options]" << std::endl;
+    std::cerr << "       dmctl -f file" << std::endl;
     std::cerr << "commands:" << std::endl;
     std::cerr << "  create <dm-name> [-ro] <targets...>" << std::endl;
     std::cerr << "  delete <dm-name>" << std::endl;
@@ -58,6 +60,8 @@
     std::cerr << "  table <dm-name>" << std::endl;
     std::cerr << "  help" << std::endl;
     std::cerr << std::endl;
+    std::cerr << "-f file reads command and all parameters from named file" << std::endl;
+    std::cerr << std::endl;
     std::cerr << "Target syntax:" << std::endl;
     std::cerr << "  <target_type> <start_sector> <num_sectors> [target_data]" << std::endl;
     return -EINVAL;
@@ -340,12 +344,40 @@
         // clang-format on
 };
 
+static bool ReadFile(const char* filename, std::vector<std::string>* args,
+                     std::vector<char*>* arg_ptrs) {
+    std::ifstream file(filename);
+    if (!file) return false;
+
+    std::string arg;
+    while (file >> arg) args->push_back(arg);
+
+    for (auto const& i : *args) arg_ptrs->push_back(const_cast<char*>(i.c_str()));
+    return true;
+}
+
 int main(int argc, char** argv) {
     android::base::InitLogging(argv, &android::base::StderrLogger);
     if (argc < 2) {
         return Usage();
     }
 
+    std::vector<std::string> args;
+    std::vector<char*> arg_ptrs;
+    if (std::string("-f") == argv[1]) {
+        if (argc != 3) {
+            return Usage();
+        }
+
+        args.push_back(argv[0]);
+        if (!ReadFile(argv[2], &args, &arg_ptrs)) {
+            return Usage();
+        }
+
+        argc = arg_ptrs.size();
+        argv = &arg_ptrs[0];
+    }
+
     for (const auto& cmd : cmdmap) {
         if (cmd.first == argv[1]) {
             return cmd.second(argc - 2, argv + 2);
diff --git a/healthd/Android.mk b/healthd/Android.mk
index 2127b96..823ed06 100644
--- a/healthd/Android.mk
+++ b/healthd/Android.mk
@@ -109,6 +109,7 @@
     libbase \
     libutils \
     libcutils \
+    libjsoncpp \
     libprocessgroup \
     liblog \
     libm \
diff --git a/healthd/OWNERS b/healthd/OWNERS
index 00df08a..d3f8758 100644
--- a/healthd/OWNERS
+++ b/healthd/OWNERS
@@ -1,2 +1,2 @@
 elsk@google.com
-toddpoynor@google.com
+hridya@google.com
diff --git a/healthd/animation.h b/healthd/animation.h
index f59fb38..9476c91 100644
--- a/healthd/animation.h
+++ b/healthd/animation.h
@@ -48,6 +48,25 @@
         GRFont* font;
     };
 
+    // When libminui loads PNG images:
+    // - When treating paths as relative paths, it adds ".png" suffix.
+    // - When treating paths as absolute paths, it doesn't add the suffix. Hence, the suffix
+    //   is added here.
+    void set_resource_root(const std::string& root) {
+        if (!animation_file.empty()) {
+            animation_file = root + animation_file + ".png";
+        }
+        if (!fail_file.empty()) {
+            fail_file = root + fail_file + ".png";
+        }
+        if (!text_clock.font_file.empty()) {
+            text_clock.font_file = root + text_clock.font_file + ".png";
+        }
+        if (!text_percent.font_file.empty()) {
+            text_percent.font_file = root + text_percent.font_file + ".png";
+        }
+    }
+
     std::string animation_file;
     std::string fail_file;
 
diff --git a/healthd/healthd_mode_charger.cpp b/healthd/healthd_mode_charger.cpp
index 2eb5497..8f2f727 100644
--- a/healthd/healthd_mode_charger.cpp
+++ b/healthd/healthd_mode_charger.cpp
@@ -80,8 +80,13 @@
 #define LOGW(x...) KLOG_WARNING("charger", x);
 #define LOGV(x...) KLOG_DEBUG("charger", x);
 
-static constexpr const char* animation_desc_path =
-    "/res/values/charger/animation.txt";
+// Resources in /product/etc/res overrides resources in /res.
+// If the device is using the Generic System Image (GSI), resources may exist in
+// both paths.
+static constexpr const char* product_animation_desc_path =
+        "/product/etc/res/values/charger/animation.txt";
+static constexpr const char* product_animation_root = "/product/etc/res/images/";
+static constexpr const char* animation_desc_path = "/res/values/charger/animation.txt";
 
 struct key_state {
     bool pending;
@@ -600,7 +605,10 @@
     bool parse_success;
 
     std::string content;
-    if (base::ReadFileToString(animation_desc_path, &content)) {
+    if (base::ReadFileToString(product_animation_desc_path, &content)) {
+        parse_success = parse_animation_desc(content, &battery_animation);
+        battery_animation.set_resource_root(product_animation_root);
+    } else if (base::ReadFileToString(animation_desc_path, &content)) {
         parse_success = parse_animation_desc(content, &battery_animation);
     } else {
         LOGW("Could not open animation description at %s\n", animation_desc_path);
diff --git a/init/Android.bp b/init/Android.bp
index 9f5d17d..639d8d1 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -60,7 +60,6 @@
     },
     static_libs: [
         "libseccomp_policy",
-        "libprocessgroup",
         "libavb",
         "libprotobuf-cpp-lite",
         "libpropertyinfoserializer",
@@ -82,6 +81,7 @@
         "liblog",
         "liblogwrap",
         "liblp",
+        "libprocessgroup",
         "libselinux",
         "libutils",
     ],
@@ -110,6 +110,7 @@
         "init.cpp",
         "keychords.cpp",
         "modalias_handler.cpp",
+        "mount_namespace.cpp",
         "parser.cpp",
         "persistent_properties.cpp",
         "persistent_properties.proto",
@@ -166,6 +167,7 @@
             exclude_shared_libs: ["libbinder", "libutils"],
         },
     },
+    ldflags: ["-Wl,--rpath,/system/${LIB}/bootstrap"],
 }
 
 // Tests
diff --git a/init/Android.mk b/init/Android.mk
index 69c63e1..59d7f11 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -47,6 +47,7 @@
     first_stage_init.cpp \
     first_stage_main.cpp \
     first_stage_mount.cpp \
+    mount_namespace.cpp \
     reboot_utils.cpp \
     selinux.cpp \
     switch_root.cpp \
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 169edbe..c8ceb0c 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -63,6 +63,7 @@
 #include "action_manager.h"
 #include "bootchart.h"
 #include "init.h"
+#include "mount_namespace.h"
 #include "parser.h"
 #include "property_service.h"
 #include "reboot.h"
@@ -75,6 +76,8 @@
 using namespace std::literals::string_literals;
 
 using android::base::unique_fd;
+using android::fs_mgr::Fstab;
+using android::fs_mgr::ReadFstabFromFile;
 
 #define chmod DO_NOT_USE_CHMOD_USE_FCHMODAT_SYMLINK_NOFOLLOW
 
@@ -1098,6 +1101,14 @@
     }
 }
 
+static Result<Success> do_setup_runtime_bionic(const BuiltinArguments& args) {
+    if (SwitchToDefaultMountNamespace()) {
+        return Success();
+    } else {
+        return Error() << "Failed to setup runtime bionic";
+    }
+}
+
 // Builtin-function-map start
 const BuiltinFunctionMap::Map& BuiltinFunctionMap::map() const {
     constexpr std::size_t kMax = std::numeric_limits<std::size_t>::max();
@@ -1145,6 +1156,7 @@
         {"rmdir",                   {1,     1,    {true,   do_rmdir}}},
         {"setprop",                 {2,     2,    {true,   do_setprop}}},
         {"setrlimit",               {3,     3,    {false,  do_setrlimit}}},
+        {"setup_runtime_bionic",    {0,     0,    {false,  do_setup_runtime_bionic}}},
         {"start",                   {1,     1,    {false,  do_start}}},
         {"stop",                    {1,     1,    {false,  do_stop}}},
         {"swapon_all",              {1,     1,    {false,  do_swapon_all}}},
diff --git a/init/first_stage_mount.cpp b/init/first_stage_mount.cpp
index 153b857..7d5bf57 100644
--- a/init/first_stage_mount.cpp
+++ b/init/first_stage_mount.cpp
@@ -49,6 +49,11 @@
 using android::fs_mgr::AvbHandle;
 using android::fs_mgr::AvbHashtreeResult;
 using android::fs_mgr::AvbUniquePtr;
+using android::fs_mgr::BuildGsiSystemFstabEntry;
+using android::fs_mgr::Fstab;
+using android::fs_mgr::FstabEntry;
+using android::fs_mgr::ReadDefaultFstab;
+using android::fs_mgr::ReadFstabFromDt;
 
 using namespace std::literals;
 
@@ -136,10 +141,6 @@
     return is_android_dt_value_expected("vbmeta/compatible", "android,vbmeta");
 }
 
-static bool IsRecoveryMode() {
-    return access("/system/bin/recovery", F_OK) == 0;
-}
-
 static Fstab ReadFirstStageFstab() {
     Fstab fstab;
     if (!ReadFstabFromDt(&fstab)) {
@@ -160,7 +161,7 @@
 // -----------------
 FirstStageMount::FirstStageMount(Fstab fstab)
     : need_dm_verity_(false), fstab_(std::move(fstab)), uevent_listener_(16 * 1024 * 1024) {
-    auto boot_devices = fs_mgr_get_boot_devices();
+    auto boot_devices = android::fs_mgr::GetBootDevices();
     device_handler_ = std::make_unique<DeviceHandler>(
             std::vector<Permissions>{}, std::vector<SysfsPermissions>{}, std::vector<Subsystem>{},
             std::move(boot_devices), false);
@@ -683,22 +684,31 @@
 }
 
 bool FirstStageMountVBootV2::SetUpDmVerity(FstabEntry* fstab_entry) {
+    AvbHashtreeResult hashtree_result;
+
     if (fstab_entry->fs_mgr_flags.avb) {
         if (!InitAvbHandle()) return false;
-        AvbHashtreeResult hashtree_result =
+        hashtree_result =
                 avb_handle_->SetUpAvbHashtree(fstab_entry, false /* wait_for_verity_dev */);
-        switch (hashtree_result) {
-            case AvbHashtreeResult::kDisabled:
-                return true;  // Returns true to mount the partition.
-            case AvbHashtreeResult::kSuccess:
-                // The exact block device name (fstab_rec->blk_device) is changed to
-                // "/dev/block/dm-XX". Needs to create it because ueventd isn't started in init
-                // first stage.
-                return InitMappedDevice(fstab_entry->blk_device);
-            default:
-                return false;
-        }
+    } else if (!fstab_entry->avb_key.empty()) {
+        hashtree_result =
+                AvbHandle::SetUpStandaloneAvbHashtree(fstab_entry, false /* wait_for_verity_dev */);
+    } else {
+        return true;  // No need AVB, returns true to mount the partition directly.
     }
+
+    switch (hashtree_result) {
+        case AvbHashtreeResult::kDisabled:
+            return true;  // Returns true to mount the partition.
+        case AvbHashtreeResult::kSuccess:
+            // The exact block device name (fstab_rec->blk_device) is changed to
+            // "/dev/block/dm-XX". Needs to create it because ueventd isn't started in init
+            // first stage.
+            return InitMappedDevice(fstab_entry->blk_device);
+        default:
+            return false;
+    }
+
     return true;  // Returns true to mount the partition.
 }
 
diff --git a/init/init.cpp b/init/init.cpp
index 990ea88..a8924f2 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -42,6 +42,7 @@
 #include <fs_mgr_vendor_overlay.h>
 #include <keyutils.h>
 #include <libavb/libavb.h>
+#include <processgroup/processgroup.h>
 #include <selinux/android.h>
 
 #ifndef RECOVERY
@@ -54,6 +55,7 @@
 #include "first_stage_mount.h"
 #include "import_parser.h"
 #include "keychords.h"
+#include "mount_namespace.h"
 #include "property_service.h"
 #include "reboot.h"
 #include "reboot_utils.h"
@@ -347,6 +349,17 @@
     return Success();
 }
 
+static Result<Success> SetupCgroupsAction(const BuiltinArguments&) {
+    // Have to create <CGROUPS_RC_DIR> using make_dir function
+    // for appropriate sepolicy to be set for it
+    make_dir(CGROUPS_RC_DIR, 0711);
+    if (!CgroupSetupCgroups()) {
+        return ErrnoError() << "Failed to setup cgroups";
+    }
+
+    return Success();
+}
+
 static void import_kernel_nv(const std::string& key, const std::string& value, bool for_emulator) {
     if (key.empty()) return;
 
@@ -667,6 +680,10 @@
     const BuiltinFunctionMap function_map;
     Action::set_function_map(&function_map);
 
+    if (!SetupMountNamespaces()) {
+        PLOG(FATAL) << "SetupMountNamespaces failed";
+    }
+
     subcontexts = InitializeSubcontexts();
 
     ActionManager& am = ActionManager::GetInstance();
@@ -678,6 +695,8 @@
     // Nexus 9 boot time, so it's disabled by default.
     if (false) DumpState();
 
+    am.QueueBuiltinAction(SetupCgroupsAction, "SetupCgroups");
+
     am.QueueEventTrigger("early-init");
 
     // Queue an action that waits for coldboot done so we know ueventd has set up all of /dev...
diff --git a/init/mount_namespace.cpp b/init/mount_namespace.cpp
new file mode 100644
index 0000000..413fe8f
--- /dev/null
+++ b/init/mount_namespace.cpp
@@ -0,0 +1,261 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "mount_namespace.h"
+
+#include <sys/mount.h>
+
+#include <string>
+#include <vector>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/properties.h>
+#include <android-base/unique_fd.h>
+
+#include "util.h"
+
+namespace android {
+namespace init {
+namespace {
+
+static constexpr const char* kLinkerMountPoint = "/bionic/bin/linker";
+static constexpr const char* kBootstrapLinkerPath = "/system/bin/bootstrap/linker";
+static constexpr const char* kRuntimeLinkerPath = "/apex/com.android.runtime/bin/linker";
+
+static constexpr const char* kBionicLibsMountPointDir = "/bionic/lib/";
+static constexpr const char* kBootstrapBionicLibsDir = "/system/lib/bootstrap/";
+static constexpr const char* kRuntimeBionicLibsDir = "/apex/com.android.runtime/lib/bionic/";
+
+static constexpr const char* kLinkerMountPoint64 = "/bionic/bin/linker64";
+static constexpr const char* kBootstrapLinkerPath64 = "/system/bin/bootstrap/linker64";
+static constexpr const char* kRuntimeLinkerPath64 = "/apex/com.android.runtime/bin/linker64";
+
+static constexpr const char* kBionicLibsMountPointDir64 = "/bionic/lib64/";
+static constexpr const char* kBootstrapBionicLibsDir64 = "/system/lib64/bootstrap/";
+static constexpr const char* kRuntimeBionicLibsDir64 = "/apex/com.android.runtime/lib64/bionic/";
+
+static const std::vector<std::string> kBionicLibFileNames = {"libc.so", "libm.so", "libdl.so"};
+
+static bool BindMount(const std::string& source, const std::string& mount_point,
+                      bool recursive = false) {
+    unsigned long mountflags = MS_BIND;
+    if (recursive) {
+        mountflags |= MS_REC;
+    }
+    if (mount(source.c_str(), mount_point.c_str(), nullptr, mountflags, nullptr) == -1) {
+        PLOG(ERROR) << "Could not bind-mount " << source << " to " << mount_point;
+        return false;
+    }
+    return true;
+}
+
+static bool MakeShared(const std::string& mount_point, bool recursive = false) {
+    unsigned long mountflags = MS_SHARED;
+    if (recursive) {
+        mountflags |= MS_REC;
+    }
+    if (mount(nullptr, mount_point.c_str(), nullptr, mountflags, nullptr) == -1) {
+        PLOG(ERROR) << "Failed to change propagation type to shared";
+        return false;
+    }
+    return true;
+}
+
+static bool MakePrivate(const std::string& mount_point, bool recursive = false) {
+    unsigned long mountflags = MS_PRIVATE;
+    if (recursive) {
+        mountflags |= MS_REC;
+    }
+    if (mount(nullptr, mount_point.c_str(), nullptr, mountflags, nullptr) == -1) {
+        PLOG(ERROR) << "Failed to change propagation type to private";
+        return false;
+    }
+    return true;
+}
+
+static int OpenMountNamespace() {
+    int fd = open("/proc/self/ns/mnt", O_RDONLY | O_CLOEXEC);
+    if (fd < 0) {
+        PLOG(ERROR) << "Cannot open fd for current mount namespace";
+    }
+    return fd;
+}
+
+static std::string GetMountNamespaceId() {
+    std::string ret;
+    if (!android::base::Readlink("/proc/self/ns/mnt", &ret)) {
+        PLOG(ERROR) << "Failed to read namespace ID";
+        return "";
+    }
+    return ret;
+}
+
+static bool BindMountBionic(const std::string& linker_source, const std::string& lib_dir_source,
+                            const std::string& linker_mount_point,
+                            const std::string& lib_mount_dir) {
+    if (access(linker_source.c_str(), F_OK) != 0) {
+        PLOG(INFO) << linker_source << " does not exist. skipping mounting bionic there.";
+        // This can happen for 64-bit bionic in 32-bit only device.
+        // It is okay to skip mounting the 64-bit bionic.
+        return true;
+    }
+    if (!BindMount(linker_source, linker_mount_point)) {
+        return false;
+    }
+    if (!MakePrivate(linker_mount_point)) {
+        return false;
+    }
+    for (const auto& libname : kBionicLibFileNames) {
+        std::string mount_point = lib_mount_dir + libname;
+        std::string source = lib_dir_source + libname;
+        if (!BindMount(source, mount_point)) {
+            return false;
+        }
+        if (!MakePrivate(mount_point)) {
+            return false;
+        }
+    }
+    return true;
+}
+
+static bool IsBionicUpdatable() {
+    static bool result = android::base::GetBoolProperty("ro.apex.IsBionicUpdatable", false);
+    return result;
+}
+
+static android::base::unique_fd bootstrap_ns_fd;
+static android::base::unique_fd default_ns_fd;
+
+static std::string bootstrap_ns_id;
+static std::string default_ns_id;
+
+}  // namespace
+
+bool SetupMountNamespaces() {
+    // Set the propagation type of / as shared so that any mounting event (e.g.
+    // /data) is by default visible to all processes. When private mounting is
+    // needed for /foo/bar, then we will make /foo/bar as a mount point (by
+    // bind-mounting by to itself) and set the propagation type of the mount
+    // point to private.
+    if (!MakeShared("/", true /*recursive*/)) return false;
+
+    // Since different files (bootstrap or runtime APEX) should be mounted to
+    // the same mount point paths (e.g. /bionic/bin/linker, /bionic/lib/libc.so,
+    // etc.) across the two mount namespaces, we create a private mount point at
+    // /bionic so that a mount event for the bootstrap bionic in the mount
+    // namespace for pre-apexd processes is not propagated to the other mount
+    // namespace for post-apexd process, and vice versa.
+    //
+    // Other mount points other than /bionic, however, are all still shared.
+    if (!BindMount("/bionic", "/bionic", true /*recursive*/)) return false;
+    if (!MakePrivate("/bionic")) return false;
+
+    // Bind-mount bootstrap bionic.
+    if (!BindMountBionic(kBootstrapLinkerPath, kBootstrapBionicLibsDir, kLinkerMountPoint,
+                         kBionicLibsMountPointDir))
+        return false;
+    if (!BindMountBionic(kBootstrapLinkerPath64, kBootstrapBionicLibsDir64, kLinkerMountPoint64,
+                         kBionicLibsMountPointDir64))
+        return false;
+
+    bootstrap_ns_fd.reset(OpenMountNamespace());
+    bootstrap_ns_id = GetMountNamespaceId();
+
+    // When bionic is updatable via the runtime APEX, we create separate mount
+    // namespaces for processes that are started before and after the APEX is
+    // activated by apexd. In the namespace for pre-apexd processes, the bionic
+    // from the /system partition (that we call bootstrap bionic) is
+    // bind-mounted. In the namespace for post-apexd processes, the bionic from
+    // the runtime APEX is bind-mounted.
+    bool success = true;
+    if (IsBionicUpdatable() && !IsRecoveryMode()) {
+        // Creating a new namespace by cloning, saving, and switching back to
+        // the original namespace.
+        if (unshare(CLONE_NEWNS) == -1) {
+            PLOG(ERROR) << "Cannot create mount namespace";
+            return false;
+        }
+        default_ns_fd.reset(OpenMountNamespace());
+        default_ns_id = GetMountNamespaceId();
+
+        // By this unmount, the bootstrap bionic are not mounted in the default
+        // mount namespace.
+        if (umount2("/bionic", MNT_DETACH) == -1) {
+            PLOG(ERROR) << "Cannot unmount /bionic";
+            // Don't return here. We have to switch back to the bootstrap
+            // namespace.
+            success = false;
+        }
+
+        if (setns(bootstrap_ns_fd.get(), CLONE_NEWNS) == -1) {
+            PLOG(ERROR) << "Cannot switch back to bootstrap mount namespace";
+            return false;
+        }
+    } else {
+        // Otherwise, default == bootstrap
+        default_ns_fd.reset(OpenMountNamespace());
+        default_ns_id = GetMountNamespaceId();
+    }
+
+    LOG(INFO) << "SetupMountNamespaces done";
+    return success;
+}
+
+bool SwitchToDefaultMountNamespace() {
+    if (IsRecoveryMode()) {
+        // we don't have multiple namespaces in recovery mode
+        return true;
+    }
+    if (default_ns_id != GetMountNamespaceId()) {
+        if (setns(default_ns_fd.get(), CLONE_NEWNS) == -1) {
+            PLOG(ERROR) << "Failed to switch back to the default mount namespace.";
+            return false;
+        }
+    }
+
+    // Bind-mount bionic from the runtime APEX since it is now available. Note
+    // that in case of IsBionicUpdatable() == false, these mounts are over the
+    // existing existing bind mounts for the bootstrap bionic, which effectively
+    // becomes hidden.
+    if (!BindMountBionic(kRuntimeLinkerPath, kRuntimeBionicLibsDir, kLinkerMountPoint,
+                         kBionicLibsMountPointDir))
+        return false;
+    if (!BindMountBionic(kRuntimeLinkerPath64, kRuntimeBionicLibsDir64, kLinkerMountPoint64,
+                         kBionicLibsMountPointDir64))
+        return false;
+
+    LOG(INFO) << "Switched to default mount namespace";
+    return true;
+}
+
+bool SwitchToBootstrapMountNamespaceIfNeeded() {
+    if (IsRecoveryMode()) {
+        // we don't have multiple namespaces in recovery mode
+        return true;
+    }
+    if (bootstrap_ns_id != GetMountNamespaceId() && bootstrap_ns_fd.get() != -1 &&
+        IsBionicUpdatable()) {
+        if (setns(bootstrap_ns_fd.get(), CLONE_NEWNS) == -1) {
+            PLOG(ERROR) << "Failed to switch to bootstrap mount namespace.";
+            return false;
+        }
+    }
+    return true;
+}
+
+}  // namespace init
+}  // namespace android
diff --git a/debuggerd/libdebuggerd/include/libdebuggerd/elf_utils.h b/init/mount_namespace.h
similarity index 65%
rename from debuggerd/libdebuggerd/include/libdebuggerd/elf_utils.h
rename to init/mount_namespace.h
index 5d0d924..c41a449 100644
--- a/debuggerd/libdebuggerd/include/libdebuggerd/elf_utils.h
+++ b/init/mount_namespace.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015 The Android Open Source Project
+ * Copyright (C) 2019 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,16 +14,14 @@
  * limitations under the License.
  */
 
-#ifndef _DEBUGGERD_ELF_UTILS_H
-#define _DEBUGGERD_ELF_UTILS_H
+#pragma once
 
-#include <stdint.h>
-#include <string>
+namespace android {
+namespace init {
 
-namespace unwindstack {
-class Memory;
-}
+bool SetupMountNamespaces();
+bool SwitchToDefaultMountNamespace();
+bool SwitchToBootstrapMountNamespaceIfNeeded();
 
-bool elf_get_build_id(unwindstack::Memory*, uintptr_t, std::string*);
-
-#endif // _DEBUGGERD_ELF_UTILS_H
+}  // namespace init
+}  // namespace android
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 3199d45..91b7ddd 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -49,8 +49,6 @@
 #include <android-base/properties.h>
 #include <android-base/stringprintf.h>
 #include <android-base/strings.h>
-#include <bootimg.h>
-#include <fs_mgr.h>
 #include <property_info_parser/property_info_parser.h>
 #include <property_info_serializer/property_info_serializer.h>
 #include <selinux/android.h>
@@ -79,8 +77,6 @@
 using android::properties::PropertyInfoAreaFile;
 using android::properties::PropertyInfoEntry;
 
-#define RECOVERY_MOUNT_POINT "/recovery"
-
 namespace android {
 namespace init {
 
@@ -732,37 +728,6 @@
     property_set("ro.persistent_properties.ready", "true");
 }
 
-void load_recovery_id_prop() {
-    std::unique_ptr<fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(),
-                                                               fs_mgr_free_fstab);
-    if (!fstab) {
-        PLOG(ERROR) << "unable to read default fstab";
-        return;
-    }
-
-    fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab.get(), RECOVERY_MOUNT_POINT);
-    if (rec == NULL) {
-        LOG(ERROR) << "/recovery not specified in fstab";
-        return;
-    }
-
-    int fd = open(rec->blk_device, O_RDONLY | O_CLOEXEC);
-    if (fd == -1) {
-        PLOG(ERROR) << "error opening block device " << rec->blk_device;
-        return;
-    }
-
-    boot_img_hdr hdr;
-    if (android::base::ReadFully(fd, &hdr, sizeof(hdr))) {
-        std::string hex = bytes_to_hex(reinterpret_cast<uint8_t*>(hdr.id), sizeof(hdr.id));
-        property_set("ro.recovery_id", hex);
-    } else {
-        PLOG(ERROR) << "error reading /recovery";
-    }
-
-    close(fd);
-}
-
 void property_load_boot_defaults() {
     // TODO(b/117892318): merge prop.default and build.prop files into one
     // TODO(b/122864654): read the prop files from all partitions and then
@@ -783,7 +748,6 @@
     load_properties_from_file("/odm/build.prop", NULL);
     load_properties_from_file("/vendor/build.prop", NULL);
     load_properties_from_file("/factory/factory.prop", "ro.*");
-    load_recovery_id_prop();
 
     update_sys_usb_config();
 }
diff --git a/init/service.cpp b/init/service.cpp
index 272809f..d64f2f3 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -50,6 +50,7 @@
 #include <sys/system_properties.h>
 
 #include "init.h"
+#include "mount_namespace.h"
 #include "property_service.h"
 #include "selinux.h"
 #else
@@ -207,6 +208,11 @@
     return execv(c_strings[0], c_strings.data()) == 0;
 }
 
+static bool IsRuntimeApexReady() {
+    struct stat buf;
+    return stat("/apex/com.android.runtime/", &buf) == 0;
+}
+
 unsigned long Service::next_start_order_ = 1;
 bool Service::is_exec_service_running_ = false;
 
@@ -369,7 +375,7 @@
 
     // If we crash > 4 times in 4 minutes, reboot into bootloader or set crashing property
     boot_clock::time_point now = boot_clock::now();
-    if (((flags_ & SVC_CRITICAL) || classnames_.count("updatable")) && !(flags_ & SVC_RESTART)) {
+    if (((flags_ & SVC_CRITICAL) || !pre_apexd_) && !(flags_ & SVC_RESTART)) {
         if (now < time_crashed_ + 4min) {
             if (++crash_count_ > 4) {
                 if (flags_ & SVC_CRITICAL) {
@@ -929,6 +935,14 @@
         scon = *result;
     }
 
+    if (!IsRuntimeApexReady() && !pre_apexd_) {
+        // If this service is started before the runtime APEX gets available,
+        // mark it as pre-apexd one. Note that this marking is permanent. So
+        // for example, if the service is re-launched (e.g., due to crash),
+        // it is still recognized as pre-apexd... for consistency.
+        pre_apexd_ = true;
+    }
+
     LOG(INFO) << "starting service '" << name_ << "'...";
 
     pid_t pid = -1;
@@ -945,6 +959,15 @@
             LOG(FATAL) << "Service '" << name_ << "' could not enter namespaces: " << result.error();
         }
 
+#if defined(__ANDROID__)
+        if (pre_apexd_) {
+            if (!SwitchToBootstrapMountNamespaceIfNeeded()) {
+                LOG(FATAL) << "Service '" << name_ << "' could not enter "
+                           << "into the bootstrap mount namespace";
+            }
+        }
+#endif
+
         if (namespace_flags_ & CLONE_NEWNS) {
             if (auto result = SetUpMountNamespace(); !result) {
                 LOG(FATAL) << "Service '" << name_
@@ -968,27 +991,33 @@
         std::for_each(descriptors_.begin(), descriptors_.end(),
                       std::bind(&DescriptorInfo::CreateAndPublish, std::placeholders::_1, scon));
 
-        // See if there were "writepid" instructions to write to files under /dev/cpuset/.
-        auto cpuset_predicate = [](const std::string& path) {
-            return StartsWith(path, "/dev/cpuset/");
-        };
-        auto iter = std::find_if(writepid_files_.begin(), writepid_files_.end(), cpuset_predicate);
-        if (iter == writepid_files_.end()) {
-            // There were no "writepid" instructions for cpusets, check if the system default
-            // cpuset is specified to be used for the process.
-            std::string default_cpuset = GetProperty("ro.cpuset.default", "");
-            if (!default_cpuset.empty()) {
-                // Make sure the cpuset name starts and ends with '/'.
-                // A single '/' means the 'root' cpuset.
-                if (default_cpuset.front() != '/') {
-                    default_cpuset.insert(0, 1, '/');
+        // See if there were "writepid" instructions to write to files under cpuset path.
+        std::string cpuset_path;
+        if (CgroupGetControllerPath("cpuset", &cpuset_path)) {
+            auto cpuset_predicate = [&cpuset_path](const std::string& path) {
+                return StartsWith(path, cpuset_path + "/");
+            };
+            auto iter =
+                    std::find_if(writepid_files_.begin(), writepid_files_.end(), cpuset_predicate);
+            if (iter == writepid_files_.end()) {
+                // There were no "writepid" instructions for cpusets, check if the system default
+                // cpuset is specified to be used for the process.
+                std::string default_cpuset = GetProperty("ro.cpuset.default", "");
+                if (!default_cpuset.empty()) {
+                    // Make sure the cpuset name starts and ends with '/'.
+                    // A single '/' means the 'root' cpuset.
+                    if (default_cpuset.front() != '/') {
+                        default_cpuset.insert(0, 1, '/');
+                    }
+                    if (default_cpuset.back() != '/') {
+                        default_cpuset.push_back('/');
+                    }
+                    writepid_files_.push_back(
+                            StringPrintf("%s%stasks", cpuset_path.c_str(), default_cpuset.c_str()));
                 }
-                if (default_cpuset.back() != '/') {
-                    default_cpuset.push_back('/');
-                }
-                writepid_files_.push_back(
-                    StringPrintf("/dev/cpuset%stasks", default_cpuset.c_str()));
             }
+        } else {
+            LOG(ERROR) << "cpuset cgroup controller is not mounted!";
         }
         std::string pid_str = std::to_string(getpid());
         for (const auto& file : writepid_files_) {
diff --git a/init/service.h b/init/service.h
index 56e75b0..c29723a 100644
--- a/init/service.h
+++ b/init/service.h
@@ -242,6 +242,8 @@
     std::vector<std::string> args_;
 
     std::vector<std::function<void(const siginfo_t& siginfo)>> reap_callbacks_;
+
+    bool pre_apexd_ = false;
 };
 
 class ServiceList {
diff --git a/init/ueventd.cpp b/init/ueventd.cpp
index 7545d53..399ea4c 100644
--- a/init/ueventd.cpp
+++ b/init/ueventd.cpp
@@ -245,7 +245,7 @@
     uevent_handlers.emplace_back(std::make_unique<DeviceHandler>(
             std::move(ueventd_configuration.dev_permissions),
             std::move(ueventd_configuration.sysfs_permissions),
-            std::move(ueventd_configuration.subsystems), fs_mgr_get_boot_devices(), true));
+            std::move(ueventd_configuration.subsystems), android::fs_mgr::GetBootDevices(), true));
     uevent_handlers.emplace_back(std::make_unique<FirmwareHandler>(
             std::move(ueventd_configuration.firmware_directories)));
 
diff --git a/init/util.cpp b/init/util.cpp
index 3781141..29d7a76 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -34,7 +34,6 @@
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/properties.h>
-#include <android-base/stringprintf.h>
 #include <android-base/strings.h>
 #include <android-base/unique_fd.h>
 #include <cutils/sockets.h>
@@ -269,16 +268,6 @@
 }
 
 /*
- * Writes hex_len hex characters (1/2 byte) to hex from bytes.
- */
-std::string bytes_to_hex(const uint8_t* bytes, size_t bytes_len) {
-    std::string hex("0x");
-    for (size_t i = 0; i < bytes_len; i++)
-        android::base::StringAppendF(&hex, "%02x", bytes[i]);
-    return hex;
-}
-
-/*
  * Returns true is pathname is a directory
  */
 bool is_dir(const char* pathname) {
@@ -452,5 +441,9 @@
     android::base::InitLogging(argv, &android::base::KernelLogger, std::move(abort_function));
 }
 
+bool IsRecoveryMode() {
+    return access("/system/bin/recovery", F_OK) == 0;
+}
+
 }  // namespace init
 }  // namespace android
diff --git a/init/util.h b/init/util.h
index 53f4547..2232a0f 100644
--- a/init/util.h
+++ b/init/util.h
@@ -51,7 +51,6 @@
 void import_kernel_cmdline(bool in_qemu,
                            const std::function<void(const std::string&, const std::string&, bool)>&);
 bool make_dir(const std::string& path, mode_t mode);
-std::string bytes_to_hex(const uint8_t *bytes, size_t bytes_len);
 bool is_dir(const char* pathname);
 bool expand_props(const std::string& src, std::string* dst);
 
@@ -65,7 +64,7 @@
 bool IsLegalPropertyName(const std::string& name);
 
 void InitKernelLogging(char** argv, std::function<void(const char*)> abort_function);
-
+bool IsRecoveryMode();
 }  // namespace init
 }  // namespace android
 
diff --git a/libcutils/ashmem-dev.cpp b/libcutils/ashmem-dev.cpp
index 0cc4fc0..f65dc8b 100644
--- a/libcutils/ashmem-dev.cpp
+++ b/libcutils/ashmem-dev.cpp
@@ -23,6 +23,9 @@
  */
 #define LOG_TAG "ashmem"
 
+#ifndef __ANDROID_VNDK__
+#include <dlfcn.h>
+#endif
 #include <errno.h>
 #include <fcntl.h>
 #include <linux/ashmem.h>
@@ -45,13 +48,46 @@
  */
 static pthread_mutex_t __ashmem_lock = PTHREAD_MUTEX_INITIALIZER;
 
+/*
+ * We use ashmemd to enforce that apps don't open /dev/ashmem directly. Vendor
+ * code can't access system aidl services per Treble requirements. So we limit
+ * ashmemd access to the system variant of libcutils.
+ */
+#ifndef __ANDROID_VNDK__
+using openFdType = int (*)();
+
+openFdType initOpenAshmemFd() {
+    openFdType openFd = nullptr;
+    void* handle = dlopen("libashmemd_client.so", RTLD_NOW);
+    if (!handle) {
+        ALOGE("Failed to dlopen() libashmemd_client.so: %s", dlerror());
+        return openFd;
+    }
+
+    openFd = reinterpret_cast<openFdType>(dlsym(handle, "openAshmemdFd"));
+    if (!openFd) {
+        ALOGE("Failed to dlsym() openAshmemdFd() function: %s", dlerror());
+    }
+    return openFd;
+}
+#endif
+
 /* logistics of getting file descriptor for ashmem */
 static int __ashmem_open_locked()
 {
     int ret;
     struct stat st;
 
-    int fd = TEMP_FAILURE_RETRY(open(ASHMEM_DEVICE, O_RDWR | O_CLOEXEC));
+    int fd = -1;
+#ifndef __ANDROID_VNDK__
+    static auto openFd = initOpenAshmemFd();
+    if (openFd) {
+        fd = openFd();
+    }
+#endif
+    if (fd < 0) {
+        fd = TEMP_FAILURE_RETRY(open(ASHMEM_DEVICE, O_RDWR | O_CLOEXEC));
+    }
     if (fd < 0) {
         return fd;
     }
diff --git a/libcutils/include/private/android_filesystem_config.h b/libcutils/include/private/android_filesystem_config.h
index 03edfb5..63c3793 100644
--- a/libcutils/include/private/android_filesystem_config.h
+++ b/libcutils/include/private/android_filesystem_config.h
@@ -134,6 +134,7 @@
 #define AID_IORAPD 1071          /* input/output readahead and pin daemon */
 #define AID_GPU_SERVICE 1072     /* GPU service daemon */
 #define AID_NETWORK_STACK 1073   /* network stack service */
+#define AID_GSID 1074            /* GSI service daemon */
 /* Changes to this file must be made in AOSP, *not* in internal branches. */
 
 #define AID_SHELL 2000 /* adb and debug shell user */
diff --git a/libcutils/tests/Android.bp b/libcutils/tests/Android.bp
index 72ae559..fb9bbdd 100644
--- a/libcutils/tests/Android.bp
+++ b/libcutils/tests/Android.bp
@@ -59,6 +59,7 @@
     "libcutils",
     "liblog",
     "libbase",
+    "libjsoncpp",
     "libprocessgroup",
 ]
 
diff --git a/libkeyutils/Android.bp b/libkeyutils/Android.bp
index b388e95..e816926 100644
--- a/libkeyutils/Android.bp
+++ b/libkeyutils/Android.bp
@@ -16,3 +16,16 @@
     srcs: ["keyutils_test.cpp"],
     test_suites: ["device-tests"],
 }
+
+cc_binary {
+    name: "mini-keyctl",
+    srcs: ["mini_keyctl.cpp"],
+
+    shared_libs: [
+        "libbase",
+        "libkeyutils",
+        "liblog",
+    ],
+
+    cflags: ["-Werror", "-Wall", "-Wextra"],
+}
diff --git a/libkeyutils/include/keyutils.h b/libkeyutils/include/keyutils.h
index 585767d..c508f27 100644
--- a/libkeyutils/include/keyutils.h
+++ b/libkeyutils/include/keyutils.h
@@ -51,6 +51,10 @@
 
 long keyctl_unlink(key_serial_t key, key_serial_t keyring);
 
+long keyctl_restrict_keyring(key_serial_t keyring, const char* type, const char* restriction);
+
+long keyctl_get_security(key_serial_t key, char* buffer, size_t buflen);
+
 __END_DECLS
 
 #endif
diff --git a/libkeyutils/keyutils.cpp b/libkeyutils/keyutils.cpp
index 58a2a17..8f63f70 100644
--- a/libkeyutils/keyutils.cpp
+++ b/libkeyutils/keyutils.cpp
@@ -69,3 +69,11 @@
 long keyctl_unlink(key_serial_t key, key_serial_t keyring) {
   return keyctl(KEYCTL_UNLINK, key, keyring);
 }
+
+long keyctl_restrict_keyring(key_serial_t keyring, const char* type, const char* restriction) {
+  return keyctl(KEYCTL_RESTRICT_KEYRING, keyring, type, restriction);
+}
+
+long keyctl_get_security(key_serial_t id, char* buffer, size_t buflen) {
+  return keyctl(KEYCTL_GET_SECURITY, id, buffer, buflen);
+}
diff --git a/libkeyutils/mini_keyctl.cpp b/libkeyutils/mini_keyctl.cpp
new file mode 100644
index 0000000..abc8f82
--- /dev/null
+++ b/libkeyutils/mini_keyctl.cpp
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * A tool loads keys to keyring.
+ */
+
+#include <dirent.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <fstream>
+#include <iostream>
+#include <iterator>
+#include <sstream>
+#include <string>
+#include <vector>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/properties.h>
+#include <android-base/strings.h>
+#include <keyutils.h>
+
+static constexpr int kMaxCertSize = 4096;
+
+// Add all the certs from directory path to keyring with keyring_id. Returns the number of keys
+// added.
+int AddKeys(const std::string& path, const key_serial_t keyring_id, const std::string& keyring_desc,
+            int start_index) {
+  std::unique_ptr<DIR, int (*)(DIR*)> dir(opendir(path.c_str()), closedir);
+  if (!dir) {
+    PLOG(WARNING) << "Failed to open directory " << path;
+    return 0;
+  }
+  int keys_added = 0;
+  struct dirent* dp;
+  while ((dp = readdir(dir.get())) != NULL) {
+    if (dp->d_type != DT_REG) {
+      continue;
+    }
+    std::string cert_path = path + "/" + dp->d_name;
+    std::string cert_buf;
+    if (!android::base::ReadFileToString(cert_path, &cert_buf, false /* follow_symlinks */)) {
+      LOG(ERROR) << "Failed to read " << cert_path;
+      continue;
+    }
+
+    if (cert_buf.size() > kMaxCertSize) {
+      LOG(ERROR) << "Certficate size too large: " << cert_path;
+      continue;
+    }
+
+    // Add key to keyring.
+    int key_desc_index = keys_added + start_index;
+    std::string key_desc = keyring_desc + "-key" + std::to_string(key_desc_index);
+    key_serial_t key =
+        add_key("asymmetric", key_desc.c_str(), &cert_buf[0], cert_buf.size(), keyring_id);
+    if (key < 0) {
+      PLOG(ERROR) << "Failed to add key to keyring: " << cert_path;
+      continue;
+    }
+    keys_added++;
+  }
+  return keys_added;
+}
+
+std::vector<std::string> SplitBySpace(const std::string& s) {
+  std::istringstream iss(s);
+  return std::vector<std::string>{std::istream_iterator<std::string>{iss},
+                                  std::istream_iterator<std::string>{}};
+}
+
+// Find the keyring id. Because request_key(2) syscall is not available or the key is
+// kernel keyring, the id is looked up from /proc/keys. The keyring description may contain other
+// information in the descritption section depending on the key type, only the first word in the
+// keyring description is used for searching.
+bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id) {
+  if (!keyring_id) {
+    LOG(ERROR) << "keyring_id is null";
+    return false;
+  }
+
+  // Only keys allowed by SELinux rules will be shown here.
+  std::ifstream proc_keys_file("/proc/keys");
+  if (!proc_keys_file.is_open()) {
+    PLOG(ERROR) << "Failed to open /proc/keys";
+    return false;
+  }
+
+  std::string line;
+  while (getline(proc_keys_file, line)) {
+    std::vector<std::string> tokens = SplitBySpace(line);
+    if (tokens.size() < 9) {
+      continue;
+    }
+    std::string key_id = tokens[0];
+    std::string key_type = tokens[7];
+    // The key description may contain space.
+    std::string key_desc_prefix = tokens[8];
+    // The prefix has a ":" at the end
+    std::string key_desc_pattern = keyring_desc + ":";
+    if (key_type != "keyring" || key_desc_prefix != key_desc_pattern) {
+      continue;
+    }
+    *keyring_id = std::stoi(key_id, nullptr, 16);
+    return true;
+  }
+  return false;
+}
+
+static void Usage(int exit_code) {
+  fprintf(stderr, "usage: mini-keyctl -c PATHS -s DESCRIPTION\n");
+  fprintf(stderr, "\n");
+  fprintf(stderr, "-c, --cert_dirs     the certificate locations, separated by comma\n");
+  fprintf(stderr, "-k, --keyring       the keyring description\n");
+  _exit(exit_code);
+}
+
+int main(int argc, char** argv) {
+  if (argc < 5) Usage(1);
+
+  std::string arg_cert_dirs;
+  std::string arg_keyring_desc;
+
+  for (int i = 1; i < argc; i++) {
+    std::string option = argv[i];
+    if (option == "-c" || option == "--cert_dirs") {
+      if (i + 1 < argc) arg_cert_dirs = argv[++i];
+    } else if (option == "-k" || option == "--keyring") {
+      if (i + 1 < argc) arg_keyring_desc = argv[++i];
+    }
+  }
+
+  if (arg_cert_dirs.empty() || arg_keyring_desc.empty()) {
+    LOG(ERROR) << "Missing cert_dirs or keyring desc";
+    Usage(1);
+  }
+
+  // Get the keyring id
+  key_serial_t key_ring_id;
+  if (!GetKeyringId(arg_keyring_desc, &key_ring_id)) {
+    PLOG(ERROR) << "Can't find keyring with " << arg_keyring_desc;
+    return 1;
+  }
+
+  std::vector<std::string> cert_dirs = android::base::Split(arg_cert_dirs, ",");
+  int start_index = 0;
+  for (const auto& cert_dir : cert_dirs) {
+    int keys_added = AddKeys(cert_dir, key_ring_id, arg_keyring_desc, start_index);
+    start_index += keys_added;
+  }
+
+  // Prevent new keys to be added.
+  if (!android::base::GetBoolProperty("ro.debuggable", false) &&
+      keyctl_restrict_keyring(key_ring_id, nullptr, nullptr) < 0) {
+    PLOG(ERROR) << "Failed to restrict key ring " << arg_keyring_desc;
+    return 1;
+  }
+
+  return 0;
+}
diff --git a/liblog/tests/AndroidTest.xml b/liblog/tests/AndroidTest.xml
index 7b64433..c167478 100644
--- a/liblog/tests/AndroidTest.xml
+++ b/liblog/tests/AndroidTest.xml
@@ -16,6 +16,8 @@
 <configuration description="Config for CTS Logging Library test cases">
     <option name="test-suite-tag" value="cts" />
     <option name="config-descriptor:metadata" key="component" value="systems" />
+    <option name="config-descriptor:metadata" key="parameter" value="not_instant_app" />
+    <option name="config-descriptor:metadata" key="parameter" value="multi_abi" />
     <target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher">
         <option name="cleanup" value="true" />
         <option name="push" value="CtsLiblogTestCases->/data/local/tmp/CtsLiblogTestCases" />
diff --git a/libmeminfo/Android.bp b/libmeminfo/Android.bp
index 3e191ad..fc022bd 100644
--- a/libmeminfo/Android.bp
+++ b/libmeminfo/Android.bp
@@ -46,7 +46,6 @@
 
     static_libs: [
         "libmeminfo",
-        "libpagemap",
         "libbase",
         "liblog",
     ],
diff --git a/libmeminfo/libdmabufinfo/Android.bp b/libmeminfo/libdmabufinfo/Android.bp
new file mode 100644
index 0000000..3d5f2e7
--- /dev/null
+++ b/libmeminfo/libdmabufinfo/Android.bp
@@ -0,0 +1,55 @@
+//
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_defaults {
+    name: "dmabufinfo_defaults",
+    static_libs: [
+        "libbase",
+        "liblog",
+        "libprocinfo",
+    ],
+
+    cflags: [
+        "-Wall",
+        "-Werror",
+        "-Wextra",
+    ],
+}
+
+cc_library_static {
+    name: "libdmabufinfo",
+    defaults: ["dmabufinfo_defaults"],
+    export_include_dirs: ["include"],
+    static_libs: ["libc++fs"],
+
+    srcs: [
+         "dmabufinfo.cpp",
+    ],
+}
+
+cc_test {
+    name: "dmabufinfo_test",
+    defaults: ["dmabufinfo_defaults"],
+    srcs: [
+         "dmabufinfo_test.cpp"
+    ],
+
+    static_libs: [
+        "libc++fs",
+        "libdmabufinfo",
+        "libion",
+        "libmeminfo",
+    ],
+}
diff --git a/libmeminfo/libdmabufinfo/dmabufinfo.cpp b/libmeminfo/libdmabufinfo/dmabufinfo.cpp
new file mode 100644
index 0000000..b4ad667
--- /dev/null
+++ b/libmeminfo/libdmabufinfo/dmabufinfo.cpp
@@ -0,0 +1,259 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <dmabufinfo/dmabufinfo.h>
+
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <filesystem>
+#include <memory>
+#include <string>
+#include <vector>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/parseint.h>
+#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
+#include <procinfo/process_map.h>
+
+namespace android {
+namespace dmabufinfo {
+
+static bool FileIsDmaBuf(const std::string& path) {
+    return ::android::base::StartsWith(path, "/dmabuf");
+}
+
+static bool ReadDmaBufFdInfo(pid_t pid, int fd, std::string* name, std::string* exporter,
+                             uint64_t* count) {
+    std::string fdinfo = ::android::base::StringPrintf("/proc/%d/fdinfo/%d", pid, fd);
+    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(fdinfo.c_str(), "re"), fclose};
+    if (fp == nullptr) {
+        LOG(ERROR) << "Failed to open dmabuf info from debugfs";
+        return false;
+    }
+
+    char* line = nullptr;
+    size_t len = 0;
+    while (getline(&line, &len, fp.get()) > 0) {
+        switch (line[0]) {
+            case 'c':
+                if (strncmp(line, "count:", 6) == 0) {
+                    char* c = line + 6;
+                    *count = strtoull(c, nullptr, 10);
+                }
+                break;
+            case 'e':
+                if (strncmp(line, "exp_name:", 9) == 0) {
+                    char* c = line + 9;
+                    *exporter = ::android::base::Trim(c);
+                }
+                break;
+            case 'n':
+                if (strncmp(line, "name:", 5) == 0) {
+                    char* c = line + 5;
+                    *name = ::android::base::Trim(std::string(c));
+                }
+                break;
+        }
+    }
+
+    free(line);
+    return true;
+}
+
+static bool ReadDmaBufFdRefs(pid_t pid, std::vector<DmaBuffer>* dmabufs) {
+    std::string fdpath = ::android::base::StringPrintf("/proc/%d/fd", pid);
+    for (auto& de : std::filesystem::directory_iterator(fdpath)) {
+        if (!std::filesystem::is_symlink(de.path())) {
+            continue;
+        }
+
+        std::string target;
+        if (!::android::base::Readlink(de.path().string(), &target)) {
+            LOG(ERROR) << "Failed to find target for symlink: " << de.path().string();
+            return false;
+        }
+
+        if (!FileIsDmaBuf(target)) {
+            continue;
+        }
+
+        int fd;
+        if (!::android::base::ParseInt(de.path().filename().string(), &fd)) {
+            LOG(ERROR) << "Dmabuf fd: " << de.path().string() << " is invalid";
+            return false;
+        }
+
+        // Set defaults in case the kernel doesn't give us the information
+        // we need in fdinfo
+        std::string name = "<unknown>";
+        std::string exporter = "<unknown>";
+        uint64_t count = 0;
+        if (!ReadDmaBufFdInfo(pid, fd, &name, &exporter, &count)) {
+            LOG(ERROR) << "Failed to read fdinfo for: " << de.path().string();
+            return false;
+        }
+
+        struct stat sb;
+        if (stat(de.path().c_str(), &sb) < 0) {
+            PLOG(ERROR) << "Failed to stat: " << de.path().string();
+            return false;
+        }
+
+        uint64_t inode = sb.st_ino;
+        auto buf = std::find_if(dmabufs->begin(), dmabufs->end(),
+                                [&inode](const DmaBuffer& dbuf) { return dbuf.inode() == inode; });
+        if (buf != dmabufs->end()) {
+            if (buf->name() == "" || buf->name() == "<unknown>")
+                buf->SetName(name);
+            if (buf->exporter() == "" || buf->exporter() == "<unknown>")
+                buf->SetExporter(exporter);
+            if (buf->count() == 0)
+                buf->SetCount(count);
+            buf->AddFdRef(pid);
+            return true;
+        }
+
+        DmaBuffer& db =
+                dmabufs->emplace_back(sb.st_ino, sb.st_blocks * 512, count, exporter, name);
+        db.AddFdRef(pid);
+    }
+
+    return true;
+}
+
+static bool ReadDmaBufMapRefs(pid_t pid, std::vector<DmaBuffer>* dmabufs) {
+    std::string mapspath = ::android::base::StringPrintf("/proc/%d/maps", pid);
+    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(mapspath.c_str(), "re"), fclose};
+    if (fp == nullptr) {
+        LOG(ERROR) << "Failed to open maps for pid: " << pid;
+        return false;
+    }
+
+    char* line = nullptr;
+    size_t len = 0;
+
+    // Process the map if it is dmabuf. Add map reference to existing object in 'dmabufs'
+    // if it was already found. If it wasn't create a new one and append it to 'dmabufs'
+    auto account_dmabuf = [&](uint64_t start, uint64_t end, uint16_t /* flags */,
+                              uint64_t /* pgoff */, const char* name) {
+        // no need to look into this mapping if it is not dmabuf
+        if (!FileIsDmaBuf(std::string(name))) {
+            return;
+        }
+
+        // TODO (b/123532375) : Add inode number to the callback of ReadMapFileContent.
+        //
+        // Workaround: we know 'name' points to the name at the end of 'line'.
+        // We use that to backtrack and pick up the inode number from the line as well.
+        // start    end      flag pgoff    mj:mn inode   name
+        // 00400000-00409000 r-xp 00000000 00:00 426998  /dmabuf (deleted)
+        const char* p = name;
+        p--;
+        // skip spaces
+        while (p != line && *p == ' ') {
+            p--;
+        }
+        // walk backwards to the beginning of inode number
+        while (p != line && isdigit(*p)) {
+            p--;
+        }
+        uint64_t inode = strtoull(p, nullptr, 10);
+        auto buf = std::find_if(dmabufs->begin(), dmabufs->end(),
+                                [&inode](const DmaBuffer& dbuf) { return dbuf.inode() == inode; });
+        if (buf != dmabufs->end()) {
+            buf->AddMapRef(pid);
+            return;
+        }
+
+        // We have a new buffer, but unknown count and name
+        DmaBuffer& dbuf = dmabufs->emplace_back(inode, end - start, 0, "<unknown>", "<unknown>");
+        dbuf.AddMapRef(pid);
+    };
+
+    while (getline(&line, &len, fp.get()) > 0) {
+        if (!::android::procinfo::ReadMapFileContent(line, account_dmabuf)) {
+            LOG(ERROR) << "Failed t parse maps for pid: " << pid;
+            return false;
+        }
+    }
+
+    free(line);
+    return true;
+}
+
+// Public methods
+bool ReadDmaBufInfo(std::vector<DmaBuffer>* dmabufs, const std::string& path) {
+    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
+    if (fp == nullptr) {
+        LOG(ERROR) << "Failed to open dmabuf info from debugfs";
+        return false;
+    }
+
+    char* line = nullptr;
+    size_t len = 0;
+    dmabufs->clear();
+    while (getline(&line, &len, fp.get()) > 0) {
+        // The new dmabuf bufinfo format adds inode number and a name at the end
+        // We are looking for lines as follows:
+        // size     flags       mode        count  exp_name ino         name
+        // 01048576 00000002    00000007    00000001    ion 00018758    CAMERA
+        // 01048576 00000002    00000007    00000001    ion 00018758
+        uint64_t size, count;
+        char* exporter_name = nullptr;
+        ino_t inode;
+        char* name = nullptr;
+        int matched = sscanf(line, "%" SCNu64 "%*x %*x %" SCNu64 " %ms %lu %ms", &size, &count,
+                             &exporter_name, &inode, &name);
+        if (matched < 4) {
+            continue;
+        }
+        dmabufs->emplace_back(inode, size, count, exporter_name, matched > 4 ? name : "");
+        free(exporter_name);
+        free(name);
+    }
+
+    free(line);
+
+    return true;
+}
+
+bool ReadDmaBufInfo(pid_t pid, std::vector<DmaBuffer>* dmabufs) {
+    dmabufs->clear();
+    return AppendDmaBufInfo(pid, dmabufs);
+}
+
+bool AppendDmaBufInfo(pid_t pid, std::vector<DmaBuffer>* dmabufs) {
+    if (!ReadDmaBufFdRefs(pid, dmabufs)) {
+        LOG(ERROR) << "Failed to read dmabuf fd references";
+        return false;
+    }
+
+    if (!ReadDmaBufMapRefs(pid, dmabufs)) {
+        LOG(ERROR) << "Failed to read dmabuf map references";
+        return false;
+    }
+    return true;
+}
+
+}  // namespace dmabufinfo
+}  // namespace android
diff --git a/libmeminfo/libdmabufinfo/dmabufinfo_test.cpp b/libmeminfo/libdmabufinfo/dmabufinfo_test.cpp
new file mode 100644
index 0000000..eb53e57
--- /dev/null
+++ b/libmeminfo/libdmabufinfo/dmabufinfo_test.cpp
@@ -0,0 +1,484 @@
+/* Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <gtest/gtest.h>
+#include <inttypes.h>
+#include <linux/dma-buf.h>
+#include <poll.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <fstream>
+#include <string>
+#include <unordered_map>
+#include <vector>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/stringprintf.h>
+#include <android-base/unique_fd.h>
+#include <ion/ion.h>
+
+#include <dmabufinfo/dmabufinfo.h>
+
+using namespace ::android::dmabufinfo;
+using namespace ::android::base;
+
+#define MAX_HEAP_NAME 32
+#define ION_HEAP_ANY_MASK (0x7fffffff)
+
+struct ion_heap_data {
+    char name[MAX_HEAP_NAME];
+    __u32 type;
+    __u32 heap_id;
+    __u32 reserved0;
+    __u32 reserved1;
+    __u32 reserved2;
+};
+
+#ifndef DMA_BUF_SET_NAME
+#define DMA_BUF_SET_NAME _IOW(DMA_BUF_BASE, 5, const char*)
+#endif
+
+class fd_sharer {
+  public:
+    fd_sharer();
+    ~fd_sharer() { kill(); }
+
+    bool ok() const { return child_pid > 0; }
+    bool sendfd(int fd);
+    bool kill();
+    pid_t pid() const { return child_pid; }
+
+  private:
+    unique_fd parent_fd, child_fd;
+    pid_t child_pid;
+
+    void run();
+};
+
+fd_sharer::fd_sharer() : parent_fd{}, child_fd{}, child_pid{-1} {
+    bool sp_ok = android::base::Socketpair(SOCK_STREAM, &parent_fd, &child_fd);
+    if (!sp_ok) return;
+
+    child_pid = fork();
+    if (child_pid < 0) return;
+
+    if (child_pid == 0) run();
+}
+
+bool fd_sharer::kill() {
+    int err = ::kill(child_pid, SIGKILL);
+    if (err < 0) return false;
+
+    return ::waitpid(child_pid, nullptr, 0) == child_pid;
+}
+
+void fd_sharer::run() {
+    while (true) {
+        int fd;
+        char unused = 0;
+
+        iovec iov{};
+        iov.iov_base = &unused;
+        iov.iov_len = sizeof(unused);
+
+        msghdr msg{};
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+
+        char cmsg_buf[CMSG_SPACE(sizeof(fd))];
+        msg.msg_control = cmsg_buf;
+        msg.msg_controllen = sizeof(cmsg_buf);
+
+        cmsghdr* cmsg = CMSG_FIRSTHDR(&msg);
+        cmsg->cmsg_level = SOL_SOCKET;
+        cmsg->cmsg_type = SCM_RIGHTS;
+        cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
+
+        ssize_t s = TEMP_FAILURE_RETRY(recvmsg(child_fd, &msg, 0));
+        if (s == -1) break;
+
+        s = TEMP_FAILURE_RETRY(write(child_fd, &unused, sizeof(unused)));
+        if (s == -1) break;
+    }
+}
+
+bool fd_sharer::sendfd(int fd) {
+    char unused = 0;
+
+    iovec iov{};
+    iov.iov_base = &unused;
+    iov.iov_len = sizeof(unused);
+
+    msghdr msg{};
+    msg.msg_iov = &iov;
+    msg.msg_iovlen = 1;
+
+    char cmsg_buf[CMSG_SPACE(sizeof(fd))];
+    msg.msg_control = cmsg_buf;
+    msg.msg_controllen = sizeof(cmsg_buf);
+
+    cmsghdr* cmsg = CMSG_FIRSTHDR(&msg);
+    cmsg->cmsg_level = SOL_SOCKET;
+    cmsg->cmsg_type = SCM_RIGHTS;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
+
+    int* fd_buf = reinterpret_cast<int*>(CMSG_DATA(cmsg));
+    *fd_buf = fd;
+
+    ssize_t s = TEMP_FAILURE_RETRY(sendmsg(parent_fd, &msg, 0));
+    if (s == -1) return false;
+
+    // The target process installs the fd into its fd table during recvmsg().
+    // So if we return now, there's a brief window between sendfd() finishing
+    // and libmemoryinfo actually seeing that the buffer has been shared.  This
+    // window is just large enough to break tests.
+    //
+    // To work around this, wait for the target process to respond with a dummy
+    // byte, with a timeout of 1 s.
+    pollfd p{};
+    p.fd = parent_fd;
+    p.events = POLL_IN;
+    int ready = poll(&p, 1, 1000);
+    if (ready != 1) return false;
+
+    s = TEMP_FAILURE_RETRY(read(parent_fd, &unused, sizeof(unused)));
+    if (s == -1) return false;
+
+    return true;
+}
+
+#define EXPECT_ONE_BUF_EQ(_bufptr, _name, _fdrefs, _maprefs, _expname, _count, _size) \
+    do {                                                                              \
+        EXPECT_EQ(_bufptr->name(), _name);                                            \
+        EXPECT_EQ(_bufptr->fdrefs().size(), _fdrefs);                                 \
+        EXPECT_EQ(_bufptr->maprefs().size(), _maprefs);                               \
+        EXPECT_EQ(_bufptr->exporter(), _expname);                                     \
+        EXPECT_EQ(_bufptr->count(), _count);                                          \
+        EXPECT_EQ(_bufptr->size(), _size);                                            \
+    } while (0)
+
+#define EXPECT_PID_IN_FDREFS(_bufptr, _pid, _expect)                         \
+    do {                                                                     \
+        const std::unordered_map<pid_t, int>& _fdrefs = _bufptr->fdrefs();   \
+        auto _ref = _fdrefs.find(_pid);                                      \
+        EXPECT_EQ((_ref != _fdrefs.end()), _expect);                         \
+    } while (0)
+
+#define EXPECT_PID_IN_MAPREFS(_bufptr, _pid, _expect)                        \
+    do {                                                                     \
+        const std::unordered_map<pid_t, int>& _maprefs = _bufptr->maprefs(); \
+        auto _ref = _maprefs.find(_pid);                                     \
+        EXPECT_EQ((_ref != _maprefs.end()), _expect);                        \
+    } while (0)
+
+TEST(DmaBufInfoParser, TestReadDmaBufInfo) {
+    std::string bufinfo = R"bufinfo(00045056    00000002    00000007    00000002    ion 00022069    
+	Attached Devices:
+Total 0 devices attached
+01048576    00000002    00000007    00000001    ion 00019834    CAMERA
+	Attached Devices:
+	soc:qcom,cam_smmu:msm_cam_smmu_icp
+Total 1 devices attached)bufinfo";
+
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    ASSERT_TRUE(::android::base::WriteStringToFd(bufinfo, tf.fd));
+    std::string path = std::string(tf.path);
+
+    std::vector<DmaBuffer> dmabufs;
+    EXPECT_TRUE(ReadDmaBufInfo(&dmabufs, path));
+
+    EXPECT_EQ(dmabufs.size(), 2UL);
+
+    EXPECT_EQ(dmabufs[0].size(), 45056UL);
+    EXPECT_EQ(dmabufs[0].inode(), 22069UL);
+    EXPECT_EQ(dmabufs[0].count(), 2UL);
+    EXPECT_EQ(dmabufs[0].exporter(), "ion");
+    EXPECT_TRUE(dmabufs[0].name().empty());
+    EXPECT_EQ(dmabufs[0].total_refs(), 0ULL);
+    EXPECT_TRUE(dmabufs[0].fdrefs().empty());
+    EXPECT_TRUE(dmabufs[0].maprefs().empty());
+
+    EXPECT_EQ(dmabufs[1].size(), 1048576UL);
+    EXPECT_EQ(dmabufs[1].inode(), 19834UL);
+    EXPECT_EQ(dmabufs[1].count(), 1UL);
+    EXPECT_EQ(dmabufs[1].exporter(), "ion");
+    EXPECT_FALSE(dmabufs[1].name().empty());
+    EXPECT_EQ(dmabufs[1].name(), "CAMERA");
+    EXPECT_EQ(dmabufs[1].total_refs(), 0ULL);
+    EXPECT_TRUE(dmabufs[1].fdrefs().empty());
+    EXPECT_TRUE(dmabufs[1].maprefs().empty());
+}
+
+class DmaBufTester : public ::testing::Test {
+  public:
+    DmaBufTester() : ion_fd(ion_open()), ion_heap_mask(get_ion_heap_mask()) {}
+
+    ~DmaBufTester() {
+        if (is_valid()) {
+            ion_close(ion_fd);
+        }
+    }
+
+    bool is_valid() { return (ion_fd >= 0 && ion_heap_mask > 0); }
+
+    unique_fd allocate(uint64_t size, const std::string& name) {
+        int fd;
+        int err = ion_alloc_fd(ion_fd, size, 0, ion_heap_mask, 0, &fd);
+        if (err < 0) {
+            return unique_fd{err};
+        }
+
+        if (!name.empty()) {
+            err = ioctl(fd, DMA_BUF_SET_NAME, name.c_str());
+            if (err < 0) return unique_fd{-errno};
+        }
+
+        return unique_fd{fd};
+    }
+
+    void readAndCheckDmaBuffer(std::vector<DmaBuffer>* dmabufs, pid_t pid, const std::string name,
+                               size_t fdrefs_size, size_t maprefs_size, const std::string exporter,
+                               size_t refcount, uint64_t buf_size, bool expectFdrefs,
+                               bool expectMapRefs) {
+        EXPECT_TRUE(ReadDmaBufInfo(pid, dmabufs));
+        EXPECT_EQ(dmabufs->size(), 1UL);
+        EXPECT_ONE_BUF_EQ(dmabufs->begin(), name, fdrefs_size, maprefs_size, exporter, refcount,
+                          buf_size);
+        // Make sure the buffer has the right pid too.
+        EXPECT_PID_IN_FDREFS(dmabufs->begin(), pid, expectFdrefs);
+        EXPECT_PID_IN_MAPREFS(dmabufs->begin(), pid, expectMapRefs);
+    }
+
+    bool checkPidRef(DmaBuffer& dmabuf, pid_t pid, int expectFdrefs) {
+        int fdrefs = dmabuf.fdrefs().find(pid)->second;
+        return fdrefs == expectFdrefs;
+    }
+
+  private:
+    int get_ion_heap_mask() {
+        if (ion_fd < 0) {
+            return 0;
+        }
+
+        if (ion_is_legacy(ion_fd)) {
+            // Since ION is still in staging, we've seen that the heap mask ids are also
+            // changed across kernels for some reason. So, here we basically ask for a buffer
+            // from _any_ heap.
+            return ION_HEAP_ANY_MASK;
+        }
+
+        int cnt;
+        int err = ion_query_heap_cnt(ion_fd, &cnt);
+        if (err < 0) {
+            return err;
+        }
+
+        std::vector<ion_heap_data> heaps;
+        heaps.resize(cnt);
+        err = ion_query_get_heaps(ion_fd, cnt, &heaps[0]);
+        if (err < 0) {
+            return err;
+        }
+
+        unsigned int ret = 0;
+        for (auto& it : heaps) {
+            if (!strcmp(it.name, "ion_system_heap")) {
+                ret |= (1 << it.heap_id);
+            }
+        }
+
+        return ret;
+    }
+
+    unique_fd ion_fd;
+    const int ion_heap_mask;
+};
+
+TEST_F(DmaBufTester, TestFdRef) {
+    // Test if a dma buffer is found while the corresponding file descriptor
+    // is open
+    ASSERT_TRUE(is_valid());
+    pid_t pid = getpid();
+    std::vector<DmaBuffer> dmabufs;
+    {
+        // Allocate one buffer and make sure the library can see it
+        unique_fd buf = allocate(4096, "dmabuftester-4k");
+        ASSERT_GT(buf, 0) << "Allocated buffer is invalid";
+        ASSERT_TRUE(ReadDmaBufInfo(pid, &dmabufs));
+
+        EXPECT_EQ(dmabufs.size(), 1UL);
+        EXPECT_ONE_BUF_EQ(dmabufs.begin(), "dmabuftester-4k", 1UL, 0UL, "ion", 1UL, 4096ULL);
+
+        // Make sure the buffer has the right pid too.
+        EXPECT_PID_IN_FDREFS(dmabufs.begin(), pid, true);
+    }
+
+    // Now make sure the buffer has disappeared
+    ASSERT_TRUE(ReadDmaBufInfo(pid, &dmabufs));
+    EXPECT_TRUE(dmabufs.empty());
+}
+
+TEST_F(DmaBufTester, TestMapRef) {
+    // Test to make sure we can find a buffer if the fd is closed but the buffer
+    // is mapped
+    ASSERT_TRUE(is_valid());
+    pid_t pid = getpid();
+    std::vector<DmaBuffer> dmabufs;
+    {
+        // Allocate one buffer and make sure the library can see it
+        unique_fd buf = allocate(4096, "dmabuftester-4k");
+        ASSERT_GT(buf, 0) << "Allocated buffer is invalid";
+        auto ptr = mmap(0, 4096, PROT_READ, MAP_SHARED, buf, 0);
+        ASSERT_NE(ptr, MAP_FAILED);
+        ASSERT_TRUE(ReadDmaBufInfo(pid, &dmabufs));
+
+        EXPECT_EQ(dmabufs.size(), 1UL);
+        EXPECT_ONE_BUF_EQ(dmabufs.begin(), "dmabuftester-4k", 1UL, 1UL, "ion", 2UL, 4096ULL);
+
+        // Make sure the buffer has the right pid too.
+        EXPECT_PID_IN_FDREFS(dmabufs.begin(), pid, true);
+        EXPECT_PID_IN_MAPREFS(dmabufs.begin(), pid, true);
+
+        // close the file descriptor and re-read the stats
+        buf.reset(-1);
+        ASSERT_TRUE(ReadDmaBufInfo(pid, &dmabufs));
+
+        EXPECT_EQ(dmabufs.size(), 1UL);
+        EXPECT_ONE_BUF_EQ(dmabufs.begin(), "<unknown>", 0UL, 1UL, "<unknown>", 0UL, 4096ULL);
+
+        EXPECT_PID_IN_FDREFS(dmabufs.begin(), pid, false);
+        EXPECT_PID_IN_MAPREFS(dmabufs.begin(), pid, true);
+
+        // unmap the bufer and lose all references
+        munmap(ptr, 4096);
+    }
+
+    // Now make sure the buffer has disappeared
+    ASSERT_TRUE(ReadDmaBufInfo(pid, &dmabufs));
+    EXPECT_TRUE(dmabufs.empty());
+}
+
+TEST_F(DmaBufTester, TestSharedfd) {
+    // Each time a shared buffer is received over a socket, the remote process
+    // will take an extra reference on it.
+
+    ASSERT_TRUE(is_valid());
+
+    pid_t pid = getpid();
+    std::vector<DmaBuffer> dmabufs;
+    {
+        fd_sharer sharer{};
+        ASSERT_TRUE(sharer.ok());
+        // Allocate one buffer and make sure the library can see it
+        unique_fd buf = allocate(4096, "dmabuftester-4k");
+        ASSERT_GT(buf, 0) << "Allocated buffer is invalid";
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 1UL, 4096ULL, true,
+                              false);
+
+        ASSERT_TRUE(sharer.sendfd(buf));
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 2UL, 4096ULL, true,
+                              false);
+        EXPECT_TRUE(checkPidRef(dmabufs[0], pid, 1));
+        readAndCheckDmaBuffer(&dmabufs, sharer.pid(), "dmabuftester-4k", 1UL, 0UL, "ion", 2UL,
+                              4096ULL, true, false);
+        EXPECT_TRUE(checkPidRef(dmabufs[0], sharer.pid(), 1));
+
+        ASSERT_TRUE(sharer.sendfd(buf));
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 3UL, 4096ULL, true,
+                              false);
+        EXPECT_TRUE(checkPidRef(dmabufs[0], pid, 1));
+        readAndCheckDmaBuffer(&dmabufs, sharer.pid(), "dmabuftester-4k", 1UL, 0UL, "ion", 3UL,
+                              4096ULL, true, false);
+        EXPECT_TRUE(checkPidRef(dmabufs[0], sharer.pid(), 2));
+
+        ASSERT_TRUE(sharer.kill());
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 1UL, 4096ULL, true,
+                              false);
+    }
+
+    // Now make sure the buffer has disappeared
+    ASSERT_TRUE(ReadDmaBufInfo(pid, &dmabufs));
+    EXPECT_TRUE(dmabufs.empty());
+}
+
+TEST_F(DmaBufTester, DupFdTest) {
+    // dup()ing an fd will make this process take an extra reference on the
+    // shared buffer.
+
+    ASSERT_TRUE(is_valid());
+
+    pid_t pid = getpid();
+    std::vector<DmaBuffer> dmabufs;
+    {
+        // Allocate one buffer and make sure the library can see it
+        unique_fd buf = allocate(4096, "dmabuftester-4k");
+        ASSERT_GT(buf, 0) << "Allocated buffer is invalid";
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 1UL, 4096ULL, true,
+                              false);
+
+        unique_fd buf2{dup(buf)};
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 2UL, 4096ULL, true,
+                              false);
+        EXPECT_TRUE(checkPidRef(dmabufs[0], pid, 2));
+
+        close(buf2.release());
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 1UL, 4096ULL, true,
+                              false);
+        EXPECT_TRUE(checkPidRef(dmabufs[0], pid, 1));
+    }
+
+    // Now make sure the buffer has disappeared
+    ASSERT_TRUE(ReadDmaBufInfo(pid, &dmabufs));
+    EXPECT_TRUE(dmabufs.empty());
+}
+
+TEST_F(DmaBufTester, ForkTest) {
+    // fork()ing a child will cause the child to automatically take a reference
+    // on any existing shared buffers.
+    ASSERT_TRUE(is_valid());
+
+    pid_t pid = getpid();
+    std::vector<DmaBuffer> dmabufs;
+    {
+        // Allocate one buffer and make sure the library can see it
+        unique_fd buf = allocate(4096, "dmabuftester-4k");
+        ASSERT_GT(buf, 0) << "Allocated buffer is invalid";
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 1UL, 4096ULL, true,
+                              false);
+        fd_sharer sharer{};
+        ASSERT_TRUE(sharer.ok());
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 2UL, 4096ULL, true,
+                              false);
+        readAndCheckDmaBuffer(&dmabufs, sharer.pid(), "dmabuftester-4k", 1UL, 0UL, "ion", 2UL,
+                              4096ULL, true, false);
+        ASSERT_TRUE(sharer.kill());
+        readAndCheckDmaBuffer(&dmabufs, pid, "dmabuftester-4k", 1UL, 0UL, "ion", 1UL, 4096ULL, true,
+                              false);
+    }
+
+    // Now make sure the buffer has disappeared
+    ASSERT_TRUE(ReadDmaBufInfo(pid, &dmabufs));
+    EXPECT_TRUE(dmabufs.empty());
+}
+
+int main(int argc, char** argv) {
+    ::testing::InitGoogleTest(&argc, argv);
+    ::android::base::InitLogging(argv, android::base::StderrLogger);
+    return RUN_ALL_TESTS();
+}
diff --git a/libmeminfo/libdmabufinfo/include/dmabufinfo/dmabufinfo.h b/libmeminfo/libdmabufinfo/include/dmabufinfo/dmabufinfo.h
new file mode 100644
index 0000000..e3be320
--- /dev/null
+++ b/libmeminfo/libdmabufinfo/include/dmabufinfo/dmabufinfo.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <string>
+#include <vector>
+#include <unordered_map>
+
+namespace android {
+namespace dmabufinfo {
+
+struct DmaBuffer {
+  public:
+    DmaBuffer(ino_t inode, uint64_t size, uint64_t count, const std::string& exporter,
+              const std::string& name)
+        : inode_(inode), size_(size), count_(count), exporter_(exporter), name_(name) {}
+    ~DmaBuffer() = default;
+
+    // Adds one file descriptor reference for the given pid
+    void AddFdRef(pid_t pid) {
+        AddRefToPidMap(pid, &fdrefs_);
+    }
+
+    // Adds one map reference for the given pid
+    void AddMapRef(pid_t pid) {
+        AddRefToPidMap(pid, &maprefs_);
+    }
+
+    // Getters for each property
+    uint64_t size() const { return size_; }
+    const std::unordered_map<pid_t, int>& fdrefs() const { return fdrefs_; }
+    const std::unordered_map<pid_t, int>& maprefs() const { return maprefs_; }
+    ino_t inode() const { return inode_; }
+    uint64_t total_refs() const { return fdrefs_.size() + maprefs_.size(); }
+    uint64_t count() const { return count_; };
+    const std::string& name() const { return name_; }
+    const std::string& exporter() const { return exporter_; }
+    void SetName(const std::string& name) { name_ = name; }
+    void SetExporter(const std::string& exporter) { exporter_ = exporter; }
+    void SetCount(uint64_t count) { count_ = count; }
+
+    bool operator==(const DmaBuffer& rhs) {
+        return (inode_ == rhs.inode()) && (size_ == rhs.size()) && (name_ == rhs.name()) &&
+               (exporter_ == rhs.exporter());
+    }
+
+  private:
+    ino_t inode_;
+    uint64_t size_;
+    uint64_t count_;
+    std::string exporter_;
+    std::string name_;
+    std::unordered_map<pid_t, int> fdrefs_;
+    std::unordered_map<pid_t, int> maprefs_;
+    void AddRefToPidMap(pid_t pid, std::unordered_map<pid_t, int>* map) {
+        // The first time we find a ref, we set the ref count to 1
+        // otherwise, increment the existing ref count
+        auto [it, inserted] = map->insert(std::make_pair(pid, 1));
+        if (!inserted)
+            it->second++;
+    }
+};
+
+// Read and return current dma buf objects from
+// DEBUGFS/dma_buf/bufinfo. The references to each dma buffer are not
+// populated here and will return an empty vector.
+//
+// Returns false if something went wrong with the function, true otherwise.
+bool ReadDmaBufInfo(std::vector<DmaBuffer>* dmabufs,
+                    const std::string& path = "/sys/kernel/debug/dma_buf/bufinfo");
+
+
+// Read and return dmabuf objects for a given process without the help
+// of DEBUGFS
+//
+// Returns false if something went wrong with the function, true otherwise.
+bool ReadDmaBufInfo(pid_t pid, std::vector<DmaBuffer>* dmabufs);
+
+// Append dmabuf objects for a given process without the help
+// of DEBUGFS to an existing vector
+//
+// Returns false if something went wrong with the function, true otherwise.
+bool AppendDmaBufInfo(pid_t pid, std::vector<DmaBuffer>* dmabufs);
+
+}  // namespace dmabufinfo
+}  // namespace android
diff --git a/libmeminfo/libmeminfo_test.cpp b/libmeminfo/libmeminfo_test.cpp
index ccc40d1..5451ca3 100644
--- a/libmeminfo/libmeminfo_test.cpp
+++ b/libmeminfo/libmeminfo_test.cpp
@@ -26,7 +26,6 @@
 #include <meminfo/pageacct.h>
 #include <meminfo/procmeminfo.h>
 #include <meminfo/sysmeminfo.h>
-#include <pagemap/pagemap.h>
 
 #include <android-base/file.h>
 #include <android-base/logging.h>
@@ -37,239 +36,12 @@
 
 pid_t pid = -1;
 
-class ValidateProcMemInfo : public ::testing::Test {
-  protected:
-    void SetUp() override {
-        ASSERT_EQ(0, pm_kernel_create(&ker));
-        ASSERT_EQ(0, pm_process_create(ker, pid, &proc));
-        proc_mem = new ProcMemInfo(pid);
-        ASSERT_NE(proc_mem, nullptr);
-    }
-
-    void TearDown() override {
-        delete proc_mem;
-        pm_process_destroy(proc);
-        pm_kernel_destroy(ker);
-    }
-
-    pm_kernel_t* ker;
-    pm_process_t* proc;
-    ProcMemInfo* proc_mem;
-};
-
-TEST_F(ValidateProcMemInfo, TestMapsSize) {
-    const std::vector<Vma>& maps = proc_mem->Maps();
-    ASSERT_FALSE(maps.empty()) << "Process " << getpid() << " maps are empty";
-}
-
-TEST_F(ValidateProcMemInfo, TestMapsEquality) {
-    const std::vector<Vma>& maps = proc_mem->Maps();
-    ASSERT_EQ(proc->num_maps, maps.size());
-
-    for (size_t i = 0; i < maps.size(); ++i) {
-        EXPECT_EQ(proc->maps[i]->start, maps[i].start);
-        EXPECT_EQ(proc->maps[i]->end, maps[i].end);
-        EXPECT_EQ(proc->maps[i]->offset, maps[i].offset);
-        EXPECT_EQ(std::string(proc->maps[i]->name), maps[i].name);
-    }
-}
-
-TEST_F(ValidateProcMemInfo, TestMaps) {
-    const std::vector<Vma>& maps = proc_mem->Maps();
-    ASSERT_FALSE(maps.empty());
-    ASSERT_EQ(proc->num_maps, maps.size());
-
-    pm_memusage_t map_usage, proc_usage;
-    pm_memusage_zero(&map_usage);
-    pm_memusage_zero(&proc_usage);
-    for (size_t i = 0; i < maps.size(); i++) {
-        ASSERT_EQ(0, pm_map_usage(proc->maps[i], &map_usage));
-        EXPECT_EQ(map_usage.vss, maps[i].usage.vss) << "VSS mismatch for map: " << maps[i].name;
-        EXPECT_EQ(map_usage.rss, maps[i].usage.rss) << "RSS mismatch for map: " << maps[i].name;
-        EXPECT_EQ(map_usage.pss, maps[i].usage.pss) << "PSS mismatch for map: " << maps[i].name;
-        EXPECT_EQ(map_usage.uss, maps[i].usage.uss) << "USS mismatch for map: " << maps[i].name;
-        pm_memusage_add(&proc_usage, &map_usage);
-    }
-
-    EXPECT_EQ(proc_usage.vss, proc_mem->Usage().vss);
-    EXPECT_EQ(proc_usage.rss, proc_mem->Usage().rss);
-    EXPECT_EQ(proc_usage.pss, proc_mem->Usage().pss);
-    EXPECT_EQ(proc_usage.uss, proc_mem->Usage().uss);
-}
-
-TEST_F(ValidateProcMemInfo, TestSwapUsage) {
-    const std::vector<Vma>& maps = proc_mem->Maps();
-    ASSERT_FALSE(maps.empty());
-    ASSERT_EQ(proc->num_maps, maps.size());
-
-    pm_memusage_t map_usage, proc_usage;
-    pm_memusage_zero(&map_usage);
-    pm_memusage_zero(&proc_usage);
-    for (size_t i = 0; i < maps.size(); i++) {
-        ASSERT_EQ(0, pm_map_usage(proc->maps[i], &map_usage));
-        EXPECT_EQ(map_usage.swap, maps[i].usage.swap) << "SWAP mismatch for map: " << maps[i].name;
-        pm_memusage_add(&proc_usage, &map_usage);
-    }
-
-    EXPECT_EQ(proc_usage.swap, proc_mem->Usage().swap);
-}
-
-TEST_F(ValidateProcMemInfo, TestSwapOffsets) {
-    const MemUsage& proc_usage = proc_mem->Usage();
-    const std::vector<uint16_t>& swap_offsets = proc_mem->SwapOffsets();
-
-    EXPECT_EQ(proc_usage.swap / getpagesize(), swap_offsets.size());
-}
-
-TEST_F(ValidateProcMemInfo, TestPageMap) {
-    std::vector<uint64_t> pagemap;
-
-    auto vma_callback = [&](const Vma& vma) {
-        uint64_t* pmap_out;
-        size_t len;
-        ASSERT_EQ(0, pm_process_pagemap_range(proc, vma.start, vma.end, &pmap_out, &len));
-        ASSERT_TRUE(proc_mem->PageMap(vma, &pagemap));
-
-        EXPECT_EQ(len, ((vma.end - vma.start) / getpagesize()));
-        for (size_t i = 0; i < len; i++) {
-            EXPECT_EQ(pmap_out[i], pagemap[i]);
-        }
-    };
-    ASSERT_TRUE(proc_mem->ForEachVma(vma_callback));
-}
-
-class ValidateProcMemInfoWss : public ::testing::Test {
-  protected:
-    void SetUp() override {
-        ASSERT_EQ(0, pm_kernel_create(&ker));
-        ASSERT_EQ(0, pm_process_create(ker, pid, &proc));
-        proc_mem = new ProcMemInfo(pid, true);
-        ASSERT_NE(proc_mem, nullptr);
-    }
-
-    void TearDown() override {
-        delete proc_mem;
-        pm_process_destroy(proc);
-        pm_kernel_destroy(ker);
-    }
-
-    pm_kernel_t* ker;
-    pm_process_t* proc;
-    ProcMemInfo* proc_mem;
-};
-
-TEST_F(ValidateProcMemInfoWss, TestWorkingTestReset) {
+TEST(ProcMemInfo, TestWorkingTestReset) {
     // Expect reset to succeed
     EXPECT_TRUE(ProcMemInfo::ResetWorkingSet(pid));
 }
 
-TEST_F(ValidateProcMemInfoWss, TestWssEquality) {
-    // Read wss using libpagemap
-    pm_memusage_t wss_pagemap;
-    EXPECT_EQ(0, pm_process_workingset(proc, &wss_pagemap, 0));
-
-    // Read wss using libmeminfo
-    MemUsage wss = proc_mem->Wss();
-
-    // compare
-    EXPECT_EQ(wss_pagemap.rss, wss.rss);
-    EXPECT_EQ(wss_pagemap.pss, wss.pss);
-    EXPECT_EQ(wss_pagemap.uss, wss.uss);
-}
-
-class ValidatePageAcct : public ::testing::Test {
-  protected:
-    void SetUp() override {
-        ASSERT_EQ(0, pm_kernel_create(&ker));
-        ASSERT_EQ(0, pm_process_create(ker, pid, &proc));
-    }
-
-    void TearDown() override {
-        pm_process_destroy(proc);
-        pm_kernel_destroy(ker);
-    }
-
-    pm_kernel_t* ker;
-    pm_process_t* proc;
-};
-
-TEST_F(ValidatePageAcct, TestPageFlags) {
-    PageAcct& pi = PageAcct::Instance();
-    pi.InitPageAcct(false);
-
-    uint64_t* pagemap;
-    size_t num_pages;
-    for (size_t i = 0; i < proc->num_maps; i++) {
-        ASSERT_EQ(0, pm_map_pagemap(proc->maps[i], &pagemap, &num_pages));
-        for (size_t j = 0; j < num_pages; j++) {
-            if (!PM_PAGEMAP_PRESENT(pagemap[j])) continue;
-
-            uint64_t pfn = PM_PAGEMAP_PFN(pagemap[j]);
-            uint64_t page_flags_pagemap, page_flags_meminfo;
-
-            ASSERT_EQ(0, pm_kernel_flags(ker, pfn, &page_flags_pagemap));
-            ASSERT_TRUE(pi.PageFlags(pfn, &page_flags_meminfo));
-            // check if page flags equal
-            EXPECT_EQ(page_flags_pagemap, page_flags_meminfo);
-        }
-        free(pagemap);
-    }
-}
-
-TEST_F(ValidatePageAcct, TestPageCounts) {
-    PageAcct& pi = PageAcct::Instance();
-    pi.InitPageAcct(false);
-
-    uint64_t* pagemap;
-    size_t num_pages;
-    for (size_t i = 0; i < proc->num_maps; i++) {
-        ASSERT_EQ(0, pm_map_pagemap(proc->maps[i], &pagemap, &num_pages));
-        for (size_t j = 0; j < num_pages; j++) {
-            uint64_t pfn = PM_PAGEMAP_PFN(pagemap[j]);
-            uint64_t map_count_pagemap, map_count_meminfo;
-
-            ASSERT_EQ(0, pm_kernel_count(ker, pfn, &map_count_pagemap));
-            ASSERT_TRUE(pi.PageMapCount(pfn, &map_count_meminfo));
-            // check if map counts are equal
-            EXPECT_EQ(map_count_pagemap, map_count_meminfo);
-        }
-        free(pagemap);
-    }
-}
-
-TEST_F(ValidatePageAcct, TestPageIdle) {
-    // skip the test if idle page tracking isn't enabled
-    if (pm_kernel_init_page_idle(ker) != 0) {
-        return;
-    }
-
-    PageAcct& pi = PageAcct::Instance();
-    ASSERT_TRUE(pi.InitPageAcct(true));
-
-    uint64_t* pagemap;
-    size_t num_pages;
-    for (size_t i = 0; i < proc->num_maps; i++) {
-        ASSERT_EQ(0, pm_map_pagemap(proc->maps[i], &pagemap, &num_pages));
-        for (size_t j = 0; j < num_pages; j++) {
-            if (!PM_PAGEMAP_PRESENT(pagemap[j])) continue;
-            uint64_t pfn = PM_PAGEMAP_PFN(pagemap[j]);
-
-            ASSERT_EQ(0, pm_kernel_mark_page_idle(ker, &pfn, 1));
-            int idle_status_pagemap = pm_kernel_get_page_idle(ker, pfn);
-            int idle_status_meminfo = pi.IsPageIdle(pfn);
-            EXPECT_EQ(idle_status_pagemap, idle_status_meminfo);
-        }
-        free(pagemap);
-    }
-}
-
-TEST(TestProcMemInfo, MapsEmpty) {
-    ProcMemInfo proc_mem(pid);
-    const std::vector<Vma>& maps = proc_mem.Maps();
-    EXPECT_GT(maps.size(), 0);
-}
-
-TEST(TestProcMemInfo, UsageEmpty) {
+TEST(ProcMemInfo, UsageEmpty) {
     // If we created the object for getting working set,
     // the usage must be empty
     ProcMemInfo proc_mem(pid, true);
@@ -281,7 +53,14 @@
     EXPECT_EQ(usage.swap, 0);
 }
 
-TEST(TestProcMemInfo, WssEmpty) {
+TEST(ProcMemInfo, MapsNotEmpty) {
+    // Make sure the process maps are never empty
+    ProcMemInfo proc_mem(pid);
+    const std::vector<Vma>& maps = proc_mem.Maps();
+    EXPECT_FALSE(maps.empty());
+}
+
+TEST(ProcMemInfo, WssEmpty) {
     // If we created the object for getting usage,
     // the working set must be empty
     ProcMemInfo proc_mem(pid, false);
@@ -293,7 +72,7 @@
     EXPECT_EQ(wss.swap, 0);
 }
 
-TEST(TestProcMemInfo, SwapOffsetsEmpty) {
+TEST(ProcMemInfo, SwapOffsetsEmpty) {
     // If we created the object for getting working set,
     // the swap offsets must be empty
     ProcMemInfo proc_mem(pid, true);
@@ -301,7 +80,10 @@
     EXPECT_EQ(swap_offsets.size(), 0);
 }
 
-TEST(TestProcMemInfo, IsSmapsSupportedTest) {
+TEST(ProcMemInfo, IsSmapsSupportedTest) {
+    // Get any pid and check if /proc/<pid>/smaps_rollup exists using the API.
+    // The API must return the appropriate value regardless of the after it succeeds
+    // once.
     std::string path = ::android::base::StringPrintf("/proc/%d/smaps_rollup", pid);
     bool supported = IsSmapsRollupSupported(pid);
     EXPECT_EQ(!access(path.c_str(), F_OK | R_OK), supported);
@@ -310,7 +92,8 @@
     EXPECT_EQ(supported, IsSmapsRollupSupported(-1));
 }
 
-TEST(TestProcMemInfo, SmapsOrRollupTest) {
+TEST(ProcMemInfo, SmapsOrRollupTest) {
+    // Make sure we can parse 'smaps_rollup' correctly
     std::string rollup =
             R"rollup(12c00000-7fe859e000 ---p 00000000 00:00 0                                [rollup]
 Rss:              331908 kB
@@ -342,8 +125,8 @@
     EXPECT_EQ(stats.swap_pss, 442);
 }
 
-TEST(TestProcMemInfo, SmapsOrRollupSmapsTest) {
-    // This is a made up smaps for the test
+TEST(ProcMemInfo, SmapsOrRollupSmapsTest) {
+    // Make sure /proc/<pid>/smaps is parsed correctly
     std::string smaps =
             R"smaps(12c00000-13440000 rw-p 00000000 00:00 0                                  [anon:dalvik-main space (region space)]
 Name:           [anon:dalvik-main space (region space)]
@@ -382,8 +165,9 @@
     EXPECT_EQ(stats.swap_pss, 70);
 }
 
-TEST(TestProcMemInfo, SmapsOrRollupPssRollupTest) {
-    // This is a made up smaps for the test
+TEST(ProcMemInfo, SmapsOrRollupPssRollupTest) {
+    // Make sure /proc/<pid>/smaps is parsed correctly
+    // to get the PSS
     std::string smaps =
             R"smaps(12c00000-13440000 rw-p 00000000 00:00 0                                  [anon:dalvik-main space (region space)]
 Name:           [anon:dalvik-main space (region space)]
@@ -417,7 +201,8 @@
     EXPECT_EQ(pss, 2652);
 }
 
-TEST(TestProcMemInfo, SmapsOrRollupPssSmapsTest) {
+TEST(ProcMemInfo, SmapsOrRollupPssSmapsTest) {
+    // Correctly parse smaps file to gather pss
     std::string exec_dir = ::android::base::GetExecutableDirectory();
     std::string path = ::android::base::StringPrintf("%s/testdata1/smaps_short", exec_dir.c_str());
 
@@ -426,7 +211,8 @@
     EXPECT_EQ(pss, 19119);
 }
 
-TEST(TestProcMemInfo, ForEachVmaFromFileTest) {
+TEST(ProcMemInfo, ForEachVmaFromFileTest) {
+    // Parse smaps file correctly to make callbacks for each virtual memory area (vma)
     std::string exec_dir = ::android::base::GetExecutableDirectory();
     std::string path = ::android::base::StringPrintf("%s/testdata1/smaps_short", exec_dir.c_str());
     ProcMemInfo proc_mem(pid);
@@ -519,13 +305,14 @@
     EXPECT_EQ(vmas[5].usage.swap_pss, 0);
 }
 
-TEST(TestProcMemInfo, SmapsReturnTest) {
+TEST(ProcMemInfo, SmapsReturnTest) {
+    // Make sure Smaps() is never empty for any process
     ProcMemInfo proc_mem(pid);
     auto vmas = proc_mem.Smaps();
     EXPECT_FALSE(vmas.empty());
 }
 
-TEST(TestProcMemInfo, SmapsTest) {
+TEST(ProcMemInfo, SmapsTest) {
     std::string exec_dir = ::android::base::GetExecutableDirectory();
     std::string path = ::android::base::StringPrintf("%s/testdata1/smaps_short", exec_dir.c_str());
     ProcMemInfo proc_mem(pid);
@@ -616,56 +403,7 @@
     EXPECT_EQ(vmas[5].usage.swap_pss, 0);
 }
 
-TEST(ValidateProcMemInfoFlags, TestPageFlags1) {
-    // Create proc object using libpagemap
-    pm_kernel_t* ker;
-    ASSERT_EQ(0, pm_kernel_create(&ker));
-    pm_process_t* proc;
-    ASSERT_EQ(0, pm_process_create(ker, pid, &proc));
-
-    // count swapbacked pages using libpagemap
-    pm_memusage_t proc_usage;
-    pm_memusage_zero(&proc_usage);
-    ASSERT_EQ(0, pm_process_usage_flags(proc, &proc_usage, (1 << KPF_SWAPBACKED),
-                                        (1 << KPF_SWAPBACKED)));
-
-    // Create ProcMemInfo that counts swapbacked pages
-    ProcMemInfo proc_mem(pid, false, (1 << KPF_SWAPBACKED), (1 << KPF_SWAPBACKED));
-
-    EXPECT_EQ(proc_usage.vss, proc_mem.Usage().vss);
-    EXPECT_EQ(proc_usage.rss, proc_mem.Usage().rss);
-    EXPECT_EQ(proc_usage.pss, proc_mem.Usage().pss);
-    EXPECT_EQ(proc_usage.uss, proc_mem.Usage().uss);
-
-    pm_process_destroy(proc);
-    pm_kernel_destroy(ker);
-}
-
-TEST(ValidateProcMemInfoFlags, TestPageFlags2) {
-    // Create proc object using libpagemap
-    pm_kernel_t* ker;
-    ASSERT_EQ(0, pm_kernel_create(&ker));
-    pm_process_t* proc;
-    ASSERT_EQ(0, pm_process_create(ker, pid, &proc));
-
-    // count non-swapbacked pages using libpagemap
-    pm_memusage_t proc_usage;
-    pm_memusage_zero(&proc_usage);
-    ASSERT_EQ(0, pm_process_usage_flags(proc, &proc_usage, (1 << KPF_SWAPBACKED), 0));
-
-    // Create ProcMemInfo that counts non-swapbacked pages
-    ProcMemInfo proc_mem(pid, false, 0, (1 << KPF_SWAPBACKED));
-
-    EXPECT_EQ(proc_usage.vss, proc_mem.Usage().vss);
-    EXPECT_EQ(proc_usage.rss, proc_mem.Usage().rss);
-    EXPECT_EQ(proc_usage.pss, proc_mem.Usage().pss);
-    EXPECT_EQ(proc_usage.uss, proc_mem.Usage().uss);
-
-    pm_process_destroy(proc);
-    pm_kernel_destroy(ker);
-}
-
-TEST(SysMemInfoParser, TestSysMemInfoFile) {
+TEST(SysMemInfo, TestSysMemInfoFile) {
     std::string meminfo = R"meminfo(MemTotal:        3019740 kB
 MemFree:         1809728 kB
 MemAvailable:    2546560 kB
@@ -733,7 +471,7 @@
     EXPECT_EQ(mi.mem_kernel_stack_kb(), 4880);
 }
 
-TEST(SysMemInfoParser, TestEmptyFile) {
+TEST(SysMemInfo, TestEmptyFile) {
     TemporaryFile tf;
     std::string empty_string = "";
     ASSERT_TRUE(tf.fd != -1);
@@ -744,7 +482,7 @@
     EXPECT_EQ(mi.mem_total_kb(), 0);
 }
 
-TEST(SysMemInfoParser, TestZramTotal) {
+TEST(SysMemInfo, TestZramTotal) {
     std::string exec_dir = ::android::base::GetExecutableDirectory();
 
     SysMemInfo mi;
@@ -774,7 +512,7 @@
     MEMINFO_COUNT
 };
 
-TEST(SysMemInfoParser, TestZramWithTags) {
+TEST(SysMemInfo, TestZramWithTags) {
     std::string meminfo = R"meminfo(MemTotal:        3019740 kB
 MemFree:         1809728 kB
 MemAvailable:    2546560 kB
@@ -849,7 +587,7 @@
     EXPECT_EQ(mem[MEMINFO_KERNEL_STACK], 4880);
 }
 
-TEST(SysMemInfoParser, TestVmallocInfoNoMemory) {
+TEST(SysMemInfo, TestVmallocInfoNoMemory) {
     std::string vmallocinfo =
             R"vmallocinfo(0x0000000000000000-0x0000000000000000   69632 of_iomap+0x78/0xb0 phys=17a00000 ioremap
 0x0000000000000000-0x0000000000000000    8192 of_iomap+0x78/0xb0 phys=b220000 ioremap
@@ -864,7 +602,7 @@
     EXPECT_EQ(ReadVmallocInfo(file), 0);
 }
 
-TEST(SysMemInfoParser, TestVmallocInfoKernel) {
+TEST(SysMemInfo, TestVmallocInfoKernel) {
     std::string vmallocinfo =
             R"vmallocinfo(0x0000000000000000-0x0000000000000000    8192 drm_property_create_blob+0x44/0xec pages=1 vmalloc)vmallocinfo";
 
@@ -876,7 +614,7 @@
     EXPECT_EQ(ReadVmallocInfo(file), getpagesize());
 }
 
-TEST(SysMemInfoParser, TestVmallocInfoModule) {
+TEST(SysMemInfo, TestVmallocInfoModule) {
     std::string vmallocinfo =
             R"vmallocinfo(0x0000000000000000-0x0000000000000000   28672 pktlog_alloc_buf+0xc4/0x15c [wlan] pages=6 vmalloc)vmallocinfo";
 
@@ -888,7 +626,7 @@
     EXPECT_EQ(ReadVmallocInfo(file), 6 * getpagesize());
 }
 
-TEST(SysMemInfoParser, TestVmallocInfoAll) {
+TEST(SysMemInfo, TestVmallocInfoAll) {
     std::string vmallocinfo =
             R"vmallocinfo(0x0000000000000000-0x0000000000000000   69632 of_iomap+0x78/0xb0 phys=17a00000 ioremap
 0x0000000000000000-0x0000000000000000    8192 of_iomap+0x78/0xb0 phys=b220000 ioremap
@@ -907,11 +645,7 @@
 
 int main(int argc, char** argv) {
     ::testing::InitGoogleTest(&argc, argv);
-    if (argc <= 1) {
-        cerr << "Pid of a permanently sleeping process must be provided." << endl;
-        exit(EXIT_FAILURE);
-    }
     ::android::base::InitLogging(argv, android::base::StderrLogger);
-    pid = std::stoi(std::string(argv[1]));
+    pid = getpid();
     return RUN_ALL_TESTS();
 }
diff --git a/libnativebridge/include/nativebridge/native_bridge.h b/libnativebridge/include/nativebridge/native_bridge.h
index 5aea967..e9c9500 100644
--- a/libnativebridge/include/nativebridge/native_bridge.h
+++ b/libnativebridge/include/nativebridge/native_bridge.h
@@ -164,8 +164,9 @@
 void* NativeBridgeLoadLibraryExt(const char* libpath, int flag,
                                  struct native_bridge_namespace_t* ns);
 
-// Returns vendor namespace if it is enabled for the device and null otherwise
-struct native_bridge_namespace_t* NativeBridgeGetVendorNamespace();
+// Returns exported namespace by the name. This is a reflection of
+// android_get_exported_namespace function. Introduced in v5.
+struct native_bridge_namespace_t* NativeBridgeGetExportedNamespace(const char* name);
 
 // Native bridge interfaces to runtime.
 struct NativeBridgeCallbacks {
@@ -362,7 +363,17 @@
   //
   // Returns:
   //   vendor namespace or null if it was not set up for the device
+  //
+  // Starting with v5 (Android Q) this function is no longer used.
+  // Use getExportedNamespace() below.
   struct native_bridge_namespace_t* (*getVendorNamespace)();
+
+  // Get native bridge version of exported namespace. Peer of
+  // android_get_exported_namespace(const char*) function.
+  //
+  // Returns:
+  //   exported namespace or null if it was not set up for the device
+  struct native_bridge_namespace_t* (*getExportedNamespace)(const char* name);
 };
 
 // Runtime interfaces to native bridge.
diff --git a/libnativebridge/libnativebridge.map.txt b/libnativebridge/libnativebridge.map.txt
index a616b85..a6841a3 100644
--- a/libnativebridge/libnativebridge.map.txt
+++ b/libnativebridge/libnativebridge.map.txt
@@ -24,7 +24,7 @@
     NativeBridgeGetError;
     NativeBridgeIsPathSupported;
     NativeBridgeCreateNamespace;
-    NativeBridgeGetVendorNamespace;
+    NativeBridgeGetExportedNamespace;
     NativeBridgeLinkNamespaces;
     NativeBridgeLoadLibraryExt;
     NativeBridgeInitAnonymousNamespace;
diff --git a/libnativebridge/native_bridge.cc b/libnativebridge/native_bridge.cc
index a2d8d81..9adba9a 100644
--- a/libnativebridge/native_bridge.cc
+++ b/libnativebridge/native_bridge.cc
@@ -101,6 +101,8 @@
   NAMESPACE_VERSION = 3,
   // The version with vendor namespaces
   VENDOR_NAMESPACE_VERSION = 4,
+  // The version with runtime namespaces
+  RUNTIME_NAMESPACE_VERSION = 5,
 };
 
 // Whether we had an error at some point.
@@ -610,12 +612,22 @@
   return false;
 }
 
-native_bridge_namespace_t* NativeBridgeGetVendorNamespace() {
-  if (!NativeBridgeInitialized() || !isCompatibleWith(VENDOR_NAMESPACE_VERSION)) {
+native_bridge_namespace_t* NativeBridgeGetExportedNamespace(const char* name) {
+  if (!NativeBridgeInitialized()) {
     return nullptr;
   }
 
-  return callbacks->getVendorNamespace();
+  if (isCompatibleWith(RUNTIME_NAMESPACE_VERSION)) {
+    return callbacks->getExportedNamespace(name);
+  }
+
+  // sphal is vendor namespace name -> use v4 callback in the case NB callbacks
+  // are not compatible with v5
+  if (isCompatibleWith(VENDOR_NAMESPACE_VERSION) && name != nullptr && strcmp("sphal", name) == 0) {
+    return callbacks->getVendorNamespace();
+  }
+
+  return nullptr;
 }
 
 void* NativeBridgeLoadLibraryExt(const char* libpath, int flag, native_bridge_namespace_t* ns) {
diff --git a/libnativeloader/native_loader.cpp b/libnativeloader/native_loader.cpp
index ad967db..a4e00bd 100644
--- a/libnativeloader/native_loader.cpp
+++ b/libnativeloader/native_loader.cpp
@@ -103,6 +103,11 @@
 static constexpr const char kVndkspNativeLibrariesSystemConfigPathFromRoot[] =
     "/etc/vndksp.libraries.txt";
 
+static const std::vector<const std::string> kRuntimePublicLibraries = {
+    "libicuuc.so",
+    "libicui18n.so",
+};
+
 // The device may be configured to have the vendor libraries loaded to a separate namespace.
 // For historical reasons this namespace was named sphal but effectively it is intended
 // to use to load vendor libraries to separate namespace with controlled interface between
@@ -111,6 +116,8 @@
 
 static constexpr const char* kVndkNamespaceName = "vndk";
 
+static constexpr const char* kRuntimeNamespaceName = "runtime";
+
 static constexpr const char* kClassloaderNamespaceName = "classloader-namespace";
 static constexpr const char* kVendorClassloaderNamespaceName = "vendor-classloader-namespace";
 
@@ -245,6 +252,8 @@
       }
     }
 
+    std::string runtime_exposed_libraries = base::Join(kRuntimePublicLibraries, ":");
+
     NativeLoaderNamespace native_loader_ns;
     if (!is_native_bridge) {
       android_namespace_t* android_parent_ns =
@@ -265,11 +274,21 @@
       // which is expected behavior in this case.
       android_namespace_t* vendor_ns = android_get_exported_namespace(kVendorNamespaceName);
 
+      android_namespace_t* runtime_ns = android_get_exported_namespace(kRuntimeNamespaceName);
+
       if (!android_link_namespaces(ns, nullptr, system_exposed_libraries.c_str())) {
         *error_msg = dlerror();
         return nullptr;
       }
 
+      // Runtime apex does not exist in host, and under certain build conditions.
+      if (runtime_ns != nullptr) {
+        if (!android_link_namespaces(ns, runtime_ns, runtime_exposed_libraries.c_str())) {
+          *error_msg = dlerror();
+          return nullptr;
+        }
+      }
+
       if (vndk_ns != nullptr && !system_vndksp_libraries_.empty()) {
         // vendor apks are allowed to use VNDK-SP libraries.
         if (!android_link_namespaces(ns, vndk_ns, system_vndksp_libraries_.c_str())) {
@@ -300,13 +319,22 @@
         return nullptr;
       }
 
-      native_bridge_namespace_t* vendor_ns = NativeBridgeGetVendorNamespace();
+      native_bridge_namespace_t* vendor_ns = NativeBridgeGetExportedNamespace(kVendorNamespaceName);
+      native_bridge_namespace_t* runtime_ns =
+          NativeBridgeGetExportedNamespace(kRuntimeNamespaceName);
 
       if (!NativeBridgeLinkNamespaces(ns, nullptr, system_exposed_libraries.c_str())) {
         *error_msg = NativeBridgeGetError();
         return nullptr;
       }
 
+      // Runtime apex does not exist in host, and under certain build conditions.
+      if (runtime_ns != nullptr) {
+        if (!NativeBridgeLinkNamespaces(ns, runtime_ns, runtime_exposed_libraries.c_str())) {
+          *error_msg = NativeBridgeGetError();
+          return nullptr;
+        }
+      }
       if (!vendor_public_libraries_.empty()) {
         if (!NativeBridgeLinkNamespaces(ns, vendor_ns, vendor_public_libraries_.c_str())) {
           *error_msg = NativeBridgeGetError();
diff --git a/libnetutils/Android.bp b/libnetutils/Android.bp
index 1d43775..268496f 100644
--- a/libnetutils/Android.bp
+++ b/libnetutils/Android.bp
@@ -6,6 +6,7 @@
     },
 
     srcs: [
+        "checksum.c",
         "dhcpclient.c",
         "dhcpmsg.c",
         "ifc_utils.c",
diff --git a/libnetutils/checksum.c b/libnetutils/checksum.c
new file mode 100644
index 0000000..74b5fdd
--- /dev/null
+++ b/libnetutils/checksum.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2011 Daniel Drown
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * checksum.c - ipv4/ipv6 checksum calculation
+ */
+#include <netinet/icmp6.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+#include <netinet/ip_icmp.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+
+#include "netutils/checksum.h"
+
+/* function: ip_checksum_add
+ * adds data to a checksum. only known to work on little-endian hosts
+ * current - the current checksum (or 0 to start a new checksum)
+ *   data        - the data to add to the checksum
+ *   len         - length of data
+ */
+uint32_t ip_checksum_add(uint32_t current, const void* data, int len) {
+    uint32_t checksum = current;
+    int left = len;
+    const uint16_t* data_16 = data;
+
+    while (left > 1) {
+        checksum += *data_16;
+        data_16++;
+        left -= 2;
+    }
+    if (left) {
+        checksum += *(uint8_t*)data_16;
+    }
+
+    return checksum;
+}
+
+/* function: ip_checksum_fold
+ * folds a 32-bit partial checksum into 16 bits
+ *   temp_sum - sum from ip_checksum_add
+ *   returns: the folded checksum in network byte order
+ */
+uint16_t ip_checksum_fold(uint32_t temp_sum) {
+    while (temp_sum > 0xffff) {
+        temp_sum = (temp_sum >> 16) + (temp_sum & 0xFFFF);
+    }
+    return temp_sum;
+}
+
+/* function: ip_checksum_finish
+ * folds and closes the checksum
+ *   temp_sum - sum from ip_checksum_add
+ *   returns: a header checksum value in network byte order
+ */
+uint16_t ip_checksum_finish(uint32_t temp_sum) {
+    return ~ip_checksum_fold(temp_sum);
+}
+
+/* function: ip_checksum
+ * combined ip_checksum_add and ip_checksum_finish
+ *   data - data to checksum
+ *   len  - length of data
+ */
+uint16_t ip_checksum(const void* data, int len) {
+    // TODO: consider starting from 0xffff so the checksum of a buffer entirely consisting of zeros
+    // is correctly calculated as 0.
+    uint32_t temp_sum;
+
+    temp_sum = ip_checksum_add(0, data, len);
+    return ip_checksum_finish(temp_sum);
+}
+
+/* function: ipv6_pseudo_header_checksum
+ * calculate the pseudo header checksum for use in tcp/udp/icmp headers
+ *   ip6      - the ipv6 header
+ *   len      - the transport length (transport header + payload)
+ *   protocol - the transport layer protocol, can be different from ip6->ip6_nxt for fragments
+ */
+uint32_t ipv6_pseudo_header_checksum(const struct ip6_hdr* ip6, uint32_t len, uint8_t protocol) {
+    uint32_t checksum_len = htonl(len);
+    uint32_t checksum_next = htonl(protocol);
+
+    uint32_t current = 0;
+
+    current = ip_checksum_add(current, &(ip6->ip6_src), sizeof(struct in6_addr));
+    current = ip_checksum_add(current, &(ip6->ip6_dst), sizeof(struct in6_addr));
+    current = ip_checksum_add(current, &checksum_len, sizeof(checksum_len));
+    current = ip_checksum_add(current, &checksum_next, sizeof(checksum_next));
+
+    return current;
+}
+
+/* function: ipv4_pseudo_header_checksum
+ * calculate the pseudo header checksum for use in tcp/udp headers
+ *   ip      - the ipv4 header
+ *   len     - the transport length (transport header + payload)
+ */
+uint32_t ipv4_pseudo_header_checksum(const struct iphdr* ip, uint16_t len) {
+    uint16_t temp_protocol, temp_length;
+
+    temp_protocol = htons(ip->protocol);
+    temp_length = htons(len);
+
+    uint32_t current = 0;
+
+    current = ip_checksum_add(current, &(ip->saddr), sizeof(uint32_t));
+    current = ip_checksum_add(current, &(ip->daddr), sizeof(uint32_t));
+    current = ip_checksum_add(current, &temp_protocol, sizeof(uint16_t));
+    current = ip_checksum_add(current, &temp_length, sizeof(uint16_t));
+
+    return current;
+}
+
+/* function: ip_checksum_adjust
+ * calculates a new checksum given a previous checksum and the old and new pseudo-header checksums
+ *   checksum    - the header checksum in the original packet in network byte order
+ *   old_hdr_sum - the pseudo-header checksum of the original packet
+ *   new_hdr_sum - the pseudo-header checksum of the translated packet
+ *   returns: the new header checksum in network byte order
+ */
+uint16_t ip_checksum_adjust(uint16_t checksum, uint32_t old_hdr_sum, uint32_t new_hdr_sum) {
+    // Algorithm suggested in RFC 1624.
+    // http://tools.ietf.org/html/rfc1624#section-3
+    checksum = ~checksum;
+    uint16_t folded_sum = ip_checksum_fold(checksum + new_hdr_sum);
+    uint16_t folded_old = ip_checksum_fold(old_hdr_sum);
+    if (folded_sum > folded_old) {
+        return ~(folded_sum - folded_old);
+    } else {
+        return ~(folded_sum - folded_old - 1);  // end-around borrow
+    }
+}
diff --git a/libnetutils/include/netutils/checksum.h b/libnetutils/include/netutils/checksum.h
new file mode 100644
index 0000000..868217c
--- /dev/null
+++ b/libnetutils/include/netutils/checksum.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2011 Daniel Drown
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * checksum.h - checksum functions
+ */
+#ifndef __CHECKSUM_H__
+#define __CHECKSUM_H__
+
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+#include <stdint.h>
+
+uint32_t ip_checksum_add(uint32_t current, const void* data, int len);
+uint16_t ip_checksum_finish(uint32_t temp_sum);
+uint16_t ip_checksum(const void* data, int len);
+
+uint32_t ipv6_pseudo_header_checksum(const struct ip6_hdr* ip6, uint32_t len, uint8_t protocol);
+uint32_t ipv4_pseudo_header_checksum(const struct iphdr* ip, uint16_t len);
+
+uint16_t ip_checksum_adjust(uint16_t checksum, uint32_t old_hdr_sum, uint32_t new_hdr_sum);
+
+#endif /* __CHECKSUM_H__ */
diff --git a/libprocessgroup/Android.bp b/libprocessgroup/Android.bp
index d04a79a..d97f09f 100644
--- a/libprocessgroup/Android.bp
+++ b/libprocessgroup/Android.bp
@@ -16,8 +16,10 @@
 
 cc_library {
     srcs: [
+        "cgroup_map.cpp",
         "processgroup.cpp",
         "sched_policy.cpp",
+        "task_profiles.cpp",
     ],
     name: "libprocessgroup",
     host_supported: true,
@@ -29,7 +31,7 @@
     },
     shared_libs: [
         "libbase",
-        "liblog",
+        "libjsoncpp",
     ],
     // for cutils/android_filesystem_config.h
     header_libs: [
diff --git a/libprocessgroup/cgroup_map.cpp b/libprocessgroup/cgroup_map.cpp
new file mode 100644
index 0000000..12cfb7e
--- /dev/null
+++ b/libprocessgroup/cgroup_map.cpp
@@ -0,0 +1,417 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//#define LOG_NDEBUG 0
+#define LOG_TAG "libprocessgroup"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <time.h>
+#include <unistd.h>
+
+#include <regex>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/properties.h>
+#include <android-base/stringprintf.h>
+#include <android-base/unique_fd.h>
+#include <cgroup_map.h>
+#include <json/reader.h>
+#include <json/value.h>
+#include <processgroup/processgroup.h>
+
+using android::base::GetBoolProperty;
+using android::base::StringPrintf;
+using android::base::unique_fd;
+
+static constexpr const char* CGROUPS_DESC_FILE = "/etc/cgroups.json";
+
+static constexpr const char* CGROUP_PROCS_FILE = "/cgroup.procs";
+static constexpr const char* CGROUP_TASKS_FILE = "/tasks";
+static constexpr const char* CGROUP_TASKS_FILE_V2 = "/cgroup.tasks";
+
+static bool Mkdir(const std::string& path, mode_t mode, const std::string& uid,
+                  const std::string& gid) {
+    if (mode == 0) {
+        mode = 0755;
+    }
+
+    if (mkdir(path.c_str(), mode) != 0) {
+        /* chmod in case the directory already exists */
+        if (errno == EEXIST) {
+            if (fchmodat(AT_FDCWD, path.c_str(), mode, AT_SYMLINK_NOFOLLOW) != 0) {
+                // /acct is a special case when the directory already exists
+                // TODO: check if file mode is already what we want instead of using EROFS
+                if (errno != EROFS) {
+                    PLOG(ERROR) << "fchmodat() failed for " << path;
+                    return false;
+                }
+            }
+        } else {
+            PLOG(ERROR) << "mkdir() failed for " << path;
+            return false;
+        }
+    }
+
+    passwd* uid_pwd = nullptr;
+    passwd* gid_pwd = nullptr;
+
+    if (!uid.empty()) {
+        uid_pwd = getpwnam(uid.c_str());
+        if (!uid_pwd) {
+            PLOG(ERROR) << "Unable to decode UID for '" << uid << "'";
+            return false;
+        }
+
+        if (!gid.empty()) {
+            gid_pwd = getpwnam(gid.c_str());
+            if (!gid_pwd) {
+                PLOG(ERROR) << "Unable to decode GID for '" << gid << "'";
+                return false;
+            }
+        }
+    }
+
+    if (uid_pwd && lchown(path.c_str(), uid_pwd->pw_uid, gid_pwd ? gid_pwd->pw_uid : -1) < 0) {
+        PLOG(ERROR) << "lchown() failed for " << path;
+        return false;
+    }
+
+    /* chown may have cleared S_ISUID and S_ISGID, chmod again */
+    if (mode & (S_ISUID | S_ISGID)) {
+        if (fchmodat(AT_FDCWD, path.c_str(), mode, AT_SYMLINK_NOFOLLOW) != 0) {
+            PLOG(ERROR) << "fchmodat() failed for " << path;
+            return false;
+        }
+    }
+
+    return true;
+}
+
+static bool ReadDescriptors(std::map<std::string, CgroupDescriptor>* descriptors) {
+    std::vector<CgroupDescriptor> result;
+    std::string json_doc;
+
+    if (!android::base::ReadFileToString(CGROUPS_DESC_FILE, &json_doc)) {
+        LOG(ERROR) << "Failed to read task profiles from " << CGROUPS_DESC_FILE;
+        return false;
+    }
+
+    Json::Reader reader;
+    Json::Value root;
+    if (!reader.parse(json_doc, root)) {
+        LOG(ERROR) << "Failed to parse cgroups description: " << reader.getFormattedErrorMessages();
+        return false;
+    }
+
+    Json::Value cgroups = root["Cgroups"];
+    for (Json::Value::ArrayIndex i = 0; i < cgroups.size(); ++i) {
+        std::string name = cgroups[i]["Controller"].asString();
+        descriptors->emplace(std::make_pair(
+                name,
+                CgroupDescriptor(1, name, cgroups[i]["Path"].asString(), cgroups[i]["Mode"].asInt(),
+                                 cgroups[i]["UID"].asString(), cgroups[i]["GID"].asString())));
+    }
+
+    Json::Value cgroups2 = root["Cgroups2"];
+    descriptors->emplace(std::make_pair(
+            CGROUPV2_CONTROLLER_NAME,
+            CgroupDescriptor(2, CGROUPV2_CONTROLLER_NAME, cgroups2["Path"].asString(),
+                             cgroups2["Mode"].asInt(), cgroups2["UID"].asString(),
+                             cgroups2["GID"].asString())));
+
+    return true;
+}
+
+// To avoid issues in sdk_mac build
+#if defined(__ANDROID__)
+
+static bool SetupCgroup(const CgroupDescriptor& descriptor) {
+    const CgroupController* controller = descriptor.controller();
+
+    // mkdir <path> [mode] [owner] [group]
+    if (!Mkdir(controller->path(), descriptor.mode(), descriptor.uid(), descriptor.gid())) {
+        PLOG(ERROR) << "Failed to create directory for " << controller->name() << " cgroup";
+        return false;
+    }
+
+    int result;
+    if (controller->version() == 2) {
+        result = mount("none", controller->path(), "cgroup2", MS_NODEV | MS_NOEXEC | MS_NOSUID,
+                       nullptr);
+    } else {
+        // Unfortunately historically cpuset controller was mounted using a mount command
+        // different from all other controllers. This results in controller attributes not
+        // to be prepended with controller name. For example this way instead of
+        // /dev/cpuset/cpuset.cpus the attribute becomes /dev/cpuset/cpus which is what
+        // the system currently expects.
+        if (!strcmp(controller->name(), "cpuset")) {
+            // mount cpuset none /dev/cpuset nodev noexec nosuid
+            result = mount("none", controller->path(), controller->name(),
+                           MS_NODEV | MS_NOEXEC | MS_NOSUID, nullptr);
+        } else {
+            // mount cgroup none <path> nodev noexec nosuid <controller>
+            result = mount("none", controller->path(), "cgroup", MS_NODEV | MS_NOEXEC | MS_NOSUID,
+                           controller->name());
+        }
+    }
+
+    if (result < 0) {
+        PLOG(ERROR) << "Failed to mount " << controller->name() << " cgroup";
+        return false;
+    }
+
+    return true;
+}
+
+#else
+
+// Stubs for non-Android targets.
+static bool SetupCgroup(const CgroupDescriptor&) {
+    return false;
+}
+
+#endif
+
+static bool WriteRcFile(const std::map<std::string, CgroupDescriptor>& descriptors) {
+    std::string cgroup_rc_path = StringPrintf("%s/%s", CGROUPS_RC_DIR, CgroupMap::CGROUPS_RC_FILE);
+    unique_fd fd(TEMP_FAILURE_RETRY(open(cgroup_rc_path.c_str(),
+                                         O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC,
+                                         S_IRUSR | S_IRGRP | S_IROTH)));
+    if (fd < 0) {
+        PLOG(ERROR) << "open() failed for " << cgroup_rc_path;
+        return false;
+    }
+
+    CgroupFile fl;
+    fl.version_ = CgroupFile::FILE_CURR_VERSION;
+    fl.controller_count_ = descriptors.size();
+    int ret = TEMP_FAILURE_RETRY(write(fd, &fl, sizeof(fl)));
+    if (ret < 0) {
+        PLOG(ERROR) << "write() failed for " << cgroup_rc_path;
+        return false;
+    }
+
+    for (const auto& [name, descriptor] : descriptors) {
+        ret = TEMP_FAILURE_RETRY(write(fd, descriptor.controller(), sizeof(CgroupController)));
+        if (ret < 0) {
+            PLOG(ERROR) << "write() failed for " << cgroup_rc_path;
+            return false;
+        }
+    }
+
+    return true;
+}
+
+CgroupController::CgroupController(uint32_t version, const std::string& name,
+                                   const std::string& path) {
+    version_ = version;
+    strncpy(name_, name.c_str(), sizeof(name_) - 1);
+    name_[sizeof(name_) - 1] = '\0';
+    strncpy(path_, path.c_str(), sizeof(path_) - 1);
+    path_[sizeof(path_) - 1] = '\0';
+}
+
+std::string CgroupController::GetTasksFilePath(const std::string& path) const {
+    std::string tasks_path = path_;
+
+    if (!path.empty()) {
+        tasks_path += "/" + path;
+    }
+    return (version_ == 1) ? tasks_path + CGROUP_TASKS_FILE : tasks_path + CGROUP_TASKS_FILE_V2;
+}
+
+std::string CgroupController::GetProcsFilePath(const std::string& path, uid_t uid,
+                                               pid_t pid) const {
+    std::string proc_path(path_);
+    proc_path.append("/").append(path);
+    proc_path = regex_replace(proc_path, std::regex("<uid>"), std::to_string(uid));
+    proc_path = regex_replace(proc_path, std::regex("<pid>"), std::to_string(pid));
+
+    return proc_path.append(CGROUP_PROCS_FILE);
+}
+
+bool CgroupController::GetTaskGroup(int tid, std::string* group) const {
+    std::string file_name = StringPrintf("/proc/%d/cgroup", tid);
+    std::string content;
+    if (!android::base::ReadFileToString(file_name, &content)) {
+        LOG(ERROR) << "Failed to read " << file_name;
+        return false;
+    }
+
+    // if group is null and tid exists return early because
+    // user is not interested in cgroup membership
+    if (group == nullptr) {
+        return true;
+    }
+
+    std::string cg_tag = StringPrintf(":%s:", name_);
+    size_t start_pos = content.find(cg_tag);
+    if (start_pos == std::string::npos) {
+        return false;
+    }
+
+    start_pos += cg_tag.length() + 1;  // skip '/'
+    size_t end_pos = content.find('\n', start_pos);
+    if (end_pos == std::string::npos) {
+        *group = content.substr(start_pos, std::string::npos);
+    } else {
+        *group = content.substr(start_pos, end_pos - start_pos);
+    }
+
+    return true;
+}
+
+CgroupDescriptor::CgroupDescriptor(uint32_t version, const std::string& name,
+                                   const std::string& path, mode_t mode, const std::string& uid,
+                                   const std::string& gid)
+    : controller_(version, name, path), mode_(mode), uid_(uid), gid_(gid) {}
+
+CgroupMap::CgroupMap() : cg_file_data_(nullptr), cg_file_size_(0) {
+    if (!LoadRcFile()) {
+        PLOG(ERROR) << "CgroupMap::LoadRcFile called for [" << getpid() << "] failed";
+    }
+}
+
+CgroupMap::~CgroupMap() {
+    if (cg_file_data_) {
+        munmap(cg_file_data_, cg_file_size_);
+        cg_file_data_ = nullptr;
+        cg_file_size_ = 0;
+    }
+}
+
+CgroupMap& CgroupMap::GetInstance() {
+    static CgroupMap instance;
+    return instance;
+}
+
+bool CgroupMap::LoadRcFile() {
+    struct stat sb;
+
+    if (cg_file_data_) {
+        // Data already initialized
+        return true;
+    }
+
+    std::string cgroup_rc_path = StringPrintf("%s/%s", CGROUPS_RC_DIR, CGROUPS_RC_FILE);
+    unique_fd fd(TEMP_FAILURE_RETRY(open(cgroup_rc_path.c_str(), O_RDONLY | O_CLOEXEC)));
+    if (fd < 0) {
+        PLOG(ERROR) << "open() failed for " << cgroup_rc_path;
+        return false;
+    }
+
+    if (fstat(fd, &sb) < 0) {
+        PLOG(ERROR) << "fstat() failed for " << cgroup_rc_path;
+        return false;
+    }
+
+    cg_file_size_ = sb.st_size;
+    if (cg_file_size_ < sizeof(CgroupFile)) {
+        PLOG(ERROR) << "Invalid file format " << cgroup_rc_path;
+        return false;
+    }
+
+    cg_file_data_ = (CgroupFile*)mmap(nullptr, cg_file_size_, PROT_READ, MAP_SHARED, fd, 0);
+    if (cg_file_data_ == MAP_FAILED) {
+        PLOG(ERROR) << "Failed to mmap " << cgroup_rc_path;
+        return false;
+    }
+
+    if (cg_file_data_->version_ != CgroupFile::FILE_CURR_VERSION) {
+        PLOG(ERROR) << cgroup_rc_path << " file version mismatch";
+        return false;
+    }
+
+    return true;
+}
+
+void CgroupMap::Print() {
+    LOG(INFO) << "File version = " << cg_file_data_->version_;
+    LOG(INFO) << "File controller count = " << cg_file_data_->controller_count_;
+
+    LOG(INFO) << "Mounted cgroups:";
+    CgroupController* controller = (CgroupController*)(cg_file_data_ + 1);
+    for (int i = 0; i < cg_file_data_->controller_count_; i++, controller++) {
+        LOG(INFO) << "\t" << controller->name() << " ver " << controller->version() << " path "
+                  << controller->path();
+    }
+}
+
+bool CgroupMap::SetupCgroups() {
+    std::map<std::string, CgroupDescriptor> descriptors;
+
+    // load cgroups.json file
+    if (!ReadDescriptors(&descriptors)) {
+        PLOG(ERROR) << "Failed to load cgroup description file";
+        return false;
+    }
+
+    // setup cgroups
+    for (const auto& [name, descriptor] : descriptors) {
+        if (!SetupCgroup(descriptor)) {
+            // issue a warning and proceed with the next cgroup
+            // TODO: mark the descriptor as invalid and skip it in WriteRcFile()
+            LOG(WARNING) << "Failed to setup " << name << " cgroup";
+        }
+    }
+
+    // mkdir <CGROUPS_RC_DIR> 0711 system system
+    if (!Mkdir(CGROUPS_RC_DIR, 0711, "system", "system")) {
+        PLOG(ERROR) << "Failed to create directory for <CGROUPS_RC_FILE> file";
+        return false;
+    }
+
+    // Generate <CGROUPS_RC_FILE> file which can be directly mmapped into
+    // process memory. This optimizes performance, memory usage
+    // and limits infrormation shared with unprivileged processes
+    // to the minimum subset of information from cgroups.json
+    if (!WriteRcFile(descriptors)) {
+        LOG(ERROR) << "Failed to write " << CGROUPS_RC_FILE << " file";
+        return false;
+    }
+
+    std::string cgroup_rc_path = StringPrintf("%s/%s", CGROUPS_RC_DIR, CGROUPS_RC_FILE);
+    // chmod 0644 <cgroup_rc_path>
+    if (fchmodat(AT_FDCWD, cgroup_rc_path.c_str(), 0644, AT_SYMLINK_NOFOLLOW) < 0) {
+        LOG(ERROR) << "fchmodat() failed";
+        return false;
+    }
+
+    return true;
+}
+
+const CgroupController* CgroupMap::FindController(const std::string& name) const {
+    if (!cg_file_data_) {
+        return nullptr;
+    }
+
+    // skip the file header to get to the first controller
+    CgroupController* controller = (CgroupController*)(cg_file_data_ + 1);
+    for (int i = 0; i < cg_file_data_->controller_count_; i++, controller++) {
+        if (name == controller->name()) {
+            return controller;
+        }
+    }
+
+    return nullptr;
+}
diff --git a/libprocessgroup/cgroup_map.h b/libprocessgroup/cgroup_map.h
new file mode 100644
index 0000000..ba2caf7
--- /dev/null
+++ b/libprocessgroup/cgroup_map.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <sys/cdefs.h>
+#include <sys/types.h>
+
+#include <map>
+#include <mutex>
+#include <string>
+
+// Minimal controller description to be mmapped into process address space
+class CgroupController {
+  public:
+    CgroupController() {}
+    CgroupController(uint32_t version, const std::string& name, const std::string& path);
+
+    uint32_t version() const { return version_; }
+    const char* name() const { return name_; }
+    const char* path() const { return path_; }
+
+    std::string GetTasksFilePath(const std::string& path) const;
+    std::string GetProcsFilePath(const std::string& path, uid_t uid, pid_t pid) const;
+    bool GetTaskGroup(int tid, std::string* group) const;
+
+  private:
+    static constexpr size_t CGROUP_NAME_BUF_SZ = 16;
+    static constexpr size_t CGROUP_PATH_BUF_SZ = 32;
+
+    uint32_t version_;
+    char name_[CGROUP_NAME_BUF_SZ];
+    char path_[CGROUP_PATH_BUF_SZ];
+};
+
+// Complete controller description for mounting cgroups
+class CgroupDescriptor {
+  public:
+    CgroupDescriptor(uint32_t version, const std::string& name, const std::string& path,
+                     mode_t mode, const std::string& uid, const std::string& gid);
+
+    const CgroupController* controller() const { return &controller_; }
+    mode_t mode() const { return mode_; }
+    std::string uid() const { return uid_; }
+    std::string gid() const { return gid_; }
+
+  private:
+    CgroupController controller_;
+    mode_t mode_;
+    std::string uid_;
+    std::string gid_;
+};
+
+struct CgroupFile {
+    static constexpr uint32_t FILE_VERSION_1 = 1;
+    static constexpr uint32_t FILE_CURR_VERSION = FILE_VERSION_1;
+
+    uint32_t version_;
+    uint32_t controller_count_;
+    CgroupController controllers_[];
+};
+
+class CgroupMap {
+  public:
+    static constexpr const char* CGROUPS_RC_FILE = "cgroup.rc";
+
+    // Selinux policy ensures only init process can successfully use this function
+    static bool SetupCgroups();
+
+    static CgroupMap& GetInstance();
+
+    const CgroupController* FindController(const std::string& name) const;
+
+  private:
+    struct CgroupFile* cg_file_data_;
+    size_t cg_file_size_;
+
+    CgroupMap();
+    ~CgroupMap();
+
+    bool LoadRcFile();
+    void Print();
+};
diff --git a/libprocessgroup/include/processgroup/processgroup.h b/libprocessgroup/include/processgroup/processgroup.h
index 2412f3c..6f973b8 100644
--- a/libprocessgroup/include/processgroup/processgroup.h
+++ b/libprocessgroup/include/processgroup/processgroup.h
@@ -14,14 +14,28 @@
  *  limitations under the License.
  */
 
-#ifndef _PROCESSGROUP_H_
-#define _PROCESSGROUP_H_
+#pragma once
 
 #include <sys/cdefs.h>
 #include <sys/types.h>
+#include <string>
+#include <vector>
 
 __BEGIN_DECLS
 
+static constexpr const char* CGROUPV2_CONTROLLER_NAME = "cgroup2";
+static constexpr const char* CGROUPS_RC_DIR = "/dev/cgroup_info";
+
+bool CgroupSetupCgroups();
+bool CgroupGetControllerPath(const std::string& cgroup_name, std::string* path);
+bool CgroupGetAttributePath(const std::string& attr_name, std::string* path);
+bool CgroupGetAttributePathForTask(const std::string& attr_name, int tid, std::string* path);
+
+bool UsePerAppMemcg();
+
+bool SetTaskProfiles(int tid, const std::vector<std::string>& profiles);
+bool SetProcessProfiles(uid_t uid, pid_t pid, const std::vector<std::string>& profiles);
+
 // Return 0 and removes the cgroup if there are no longer any processes in it.
 // Returns -1 in the case of an error occurring or if there are processes still running
 // even after retrying for up to 200ms.
@@ -42,5 +56,3 @@
 void removeAllProcessGroups(void);
 
 __END_DECLS
-
-#endif
diff --git a/libprocessgroup/include/processgroup/sched_policy.h b/libprocessgroup/include/processgroup/sched_policy.h
index 79a32fd..3c498da 100644
--- a/libprocessgroup/include/processgroup/sched_policy.h
+++ b/libprocessgroup/include/processgroup/sched_policy.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018 The Android Open Source Project
+ * Copyright (C) 2019 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -67,13 +67,13 @@
  * On platforms which support gettid(), zero tid means current thread.
  * Return value: 0 for success, or -1 for error and set errno.
  */
-extern int get_sched_policy(int tid, SchedPolicy *policy);
+extern int get_sched_policy(int tid, SchedPolicy* policy);
 
 /* Return a displayable string corresponding to policy.
  * Return value: non-NULL NUL-terminated name of unspecified length;
  * the caller is responsible for displaying the useful part of the string.
  */
-extern const char *get_sched_policy_name(SchedPolicy policy);
+extern const char* get_sched_policy_name(SchedPolicy policy);
 
 #ifdef __cplusplus
 }
diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp
index 8d2ac3d..e9dec12 100644
--- a/libprocessgroup/processgroup.cpp
+++ b/libprocessgroup/processgroup.cpp
@@ -25,12 +25,12 @@
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #include <chrono>
+#include <map>
 #include <memory>
 #include <mutex>
 #include <set>
@@ -43,8 +43,8 @@
 #include <android-base/stringprintf.h>
 #include <android-base/strings.h>
 #include <cutils/android_filesystem_config.h>
-
 #include <processgroup/processgroup.h>
+#include <task_profiles.h>
 
 using android::base::GetBoolProperty;
 using android::base::StartsWith;
@@ -53,16 +53,103 @@
 
 using namespace std::chrono_literals;
 
-static const char kCpuacctCgroup[] = "/acct";
-static const char kMemoryCgroup[] = "/dev/memcg/apps";
-
 #define PROCESSGROUP_CGROUP_PROCS_FILE "/cgroup.procs"
 
+bool CgroupSetupCgroups() {
+    return CgroupMap::SetupCgroups();
+}
+
+bool CgroupGetControllerPath(const std::string& cgroup_name, std::string* path) {
+    const CgroupController* controller = CgroupMap::GetInstance().FindController(cgroup_name);
+
+    if (controller == nullptr) {
+        return false;
+    }
+
+    if (path) {
+        *path = controller->path();
+    }
+
+    return true;
+}
+
+bool CgroupGetAttributePath(const std::string& attr_name, std::string* path) {
+    const TaskProfiles& tp = TaskProfiles::GetInstance();
+    const ProfileAttribute* attr = tp.GetAttribute(attr_name);
+
+    if (attr == nullptr) {
+        return false;
+    }
+
+    if (path) {
+        *path = StringPrintf("%s/%s", attr->controller()->path(), attr->file_name().c_str());
+    }
+
+    return true;
+}
+
+bool CgroupGetAttributePathForTask(const std::string& attr_name, int tid, std::string* path) {
+    const TaskProfiles& tp = TaskProfiles::GetInstance();
+    const ProfileAttribute* attr = tp.GetAttribute(attr_name);
+
+    if (attr == nullptr) {
+        return false;
+    }
+
+    if (!attr->GetPathForTask(tid, path)) {
+        PLOG(ERROR) << "Failed to find cgroup for tid " << tid;
+        return false;
+    }
+
+    return true;
+}
+
+bool UsePerAppMemcg() {
+    bool low_ram_device = GetBoolProperty("ro.config.low_ram", false);
+    return GetBoolProperty("ro.config.per_app_memcg", low_ram_device);
+}
+
 static bool isMemoryCgroupSupported() {
-    static bool memcg_supported = !access("/dev/memcg/memory.limit_in_bytes", F_OK);
+    std::string cgroup_name;
+    static bool memcg_supported = (CgroupMap::GetInstance().FindController("memory") != nullptr);
+
     return memcg_supported;
 }
 
+bool SetProcessProfiles(uid_t uid, pid_t pid, const std::vector<std::string>& profiles) {
+    const TaskProfiles& tp = TaskProfiles::GetInstance();
+
+    for (const auto& name : profiles) {
+        const TaskProfile* profile = tp.GetProfile(name);
+        if (profile != nullptr) {
+            if (!profile->ExecuteForProcess(uid, pid)) {
+                PLOG(WARNING) << "Failed to apply " << name << " process profile";
+            }
+        } else {
+            PLOG(WARNING) << "Failed to find " << name << "process profile";
+        }
+    }
+
+    return true;
+}
+
+bool SetTaskProfiles(int tid, const std::vector<std::string>& profiles) {
+    const TaskProfiles& tp = TaskProfiles::GetInstance();
+
+    for (const auto& name : profiles) {
+        const TaskProfile* profile = tp.GetProfile(name);
+        if (profile != nullptr) {
+            if (!profile->ExecuteForTask(tid)) {
+                PLOG(WARNING) << "Failed to apply " << name << " task profile";
+            }
+        } else {
+            PLOG(WARNING) << "Failed to find " << name << "task profile";
+        }
+    }
+
+    return true;
+}
+
 static std::string ConvertUidToPath(const char* cgroup, uid_t uid) {
     return StringPrintf("%s/uid_%d", cgroup, uid);
 }
@@ -103,11 +190,21 @@
     }
 }
 
-void removeAllProcessGroups()
-{
+void removeAllProcessGroups() {
     LOG(VERBOSE) << "removeAllProcessGroups()";
-    for (const char* cgroup_root_path : {kCpuacctCgroup, kMemoryCgroup}) {
-        std::unique_ptr<DIR, decltype(&closedir)> root(opendir(cgroup_root_path), closedir);
+
+    std::vector<std::string> cgroups;
+    std::string path;
+
+    if (CgroupGetControllerPath("cpuacct", &path)) {
+        cgroups.push_back(path);
+    }
+    if (CgroupGetControllerPath("memory", &path)) {
+        cgroups.push_back(path);
+    }
+
+    for (std::string cgroup_root_path : cgroups) {
+        std::unique_ptr<DIR, decltype(&closedir)> root(opendir(cgroup_root_path.c_str()), closedir);
         if (root == NULL) {
             PLOG(ERROR) << "Failed to open " << cgroup_root_path;
         } else {
@@ -121,7 +218,7 @@
                     continue;
                 }
 
-                auto path = StringPrintf("%s/%s", cgroup_root_path, dir->d_name);
+                auto path = StringPrintf("%s/%s", cgroup_root_path.c_str(), dir->d_name);
                 RemoveUidProcessGroups(path);
                 LOG(VERBOSE) << "Removing " << path;
                 if (rmdir(path.c_str()) == -1) PLOG(WARNING) << "Failed to remove " << path;
@@ -130,6 +227,21 @@
     }
 }
 
+static bool MkdirAndChown(const std::string& path, mode_t mode, uid_t uid, gid_t gid) {
+    if (mkdir(path.c_str(), mode) == -1 && errno != EEXIST) {
+        return false;
+    }
+
+    if (chown(path.c_str(), uid, gid) == -1) {
+        int saved_errno = errno;
+        rmdir(path.c_str());
+        errno = saved_errno;
+        return false;
+    }
+
+    return true;
+}
+
 // Returns number of processes killed on success
 // Returns 0 if there are no processes in the process cgroup left to kill
 // Returns -1 on error
@@ -200,10 +312,16 @@
 }
 
 static int KillProcessGroup(uid_t uid, int initialPid, int signal, int retries) {
+    std::string cpuacct_path;
+    std::string memory_path;
+
+    CgroupGetControllerPath("cpuacct", &cpuacct_path);
+    CgroupGetControllerPath("memory", &memory_path);
+
     const char* cgroup =
-            (!access(ConvertUidPidToPath(kCpuacctCgroup, uid, initialPid).c_str(), F_OK))
-                    ? kCpuacctCgroup
-                    : kMemoryCgroup;
+            (!access(ConvertUidPidToPath(cpuacct_path.c_str(), uid, initialPid).c_str(), F_OK))
+                    ? cpuacct_path.c_str()
+                    : memory_path.c_str();
 
     std::chrono::steady_clock::time_point start = std::chrono::steady_clock::now();
 
@@ -258,44 +376,22 @@
     return KillProcessGroup(uid, initialPid, signal, 0 /*retries*/);
 }
 
-static bool MkdirAndChown(const std::string& path, mode_t mode, uid_t uid, gid_t gid) {
-    if (mkdir(path.c_str(), mode) == -1 && errno != EEXIST) {
-        return false;
-    }
-
-    if (chown(path.c_str(), uid, gid) == -1) {
-        int saved_errno = errno;
-        rmdir(path.c_str());
-        errno = saved_errno;
-        return false;
-    }
-
-    return true;
-}
-
-static bool isPerAppMemcgEnabled() {
-    static bool per_app_memcg =
-            GetBoolProperty("ro.config.per_app_memcg", GetBoolProperty("ro.config.low_ram", false));
-    return per_app_memcg;
-}
-
-int createProcessGroup(uid_t uid, int initialPid, bool memControl)
-{
-    const char* cgroup;
-    if (isMemoryCgroupSupported() && (memControl || isPerAppMemcgEnabled())) {
-        cgroup = kMemoryCgroup;
+int createProcessGroup(uid_t uid, int initialPid, bool memControl) {
+    std::string cgroup;
+    if (isMemoryCgroupSupported() && (memControl || UsePerAppMemcg())) {
+        CgroupGetControllerPath("memory", &cgroup);
     } else {
-        cgroup = kCpuacctCgroup;
+        CgroupGetControllerPath("cpuacct", &cgroup);
     }
 
-    auto uid_path = ConvertUidToPath(cgroup, uid);
+    auto uid_path = ConvertUidToPath(cgroup.c_str(), uid);
 
     if (!MkdirAndChown(uid_path, 0750, AID_SYSTEM, AID_SYSTEM)) {
         PLOG(ERROR) << "Failed to make and chown " << uid_path;
         return -errno;
     }
 
-    auto uid_pid_path = ConvertUidPidToPath(cgroup, uid, initialPid);
+    auto uid_pid_path = ConvertUidPidToPath(cgroup.c_str(), uid, initialPid);
 
     if (!MkdirAndChown(uid_pid_path, 0750, AID_SYSTEM, AID_SYSTEM)) {
         PLOG(ERROR) << "Failed to make and chown " << uid_pid_path;
@@ -313,13 +409,17 @@
     return ret;
 }
 
-static bool SetProcessGroupValue(uid_t uid, int pid, const std::string& file_name, int64_t value) {
+static bool SetProcessGroupValue(int tid, const std::string& attr_name, int64_t value) {
     if (!isMemoryCgroupSupported()) {
         PLOG(ERROR) << "Memcg is not mounted.";
         return false;
     }
 
-    auto path = ConvertUidPidToPath(kMemoryCgroup, uid, pid) + file_name;
+    std::string path;
+    if (!CgroupGetAttributePathForTask(attr_name, tid, &path)) {
+        PLOG(ERROR) << "Failed to find attribute '" << attr_name << "'";
+        return false;
+    }
 
     if (!WriteStringToFile(std::to_string(value), path)) {
         PLOG(ERROR) << "Failed to write '" << value << "' to " << path;
@@ -328,14 +428,14 @@
     return true;
 }
 
-bool setProcessGroupSwappiness(uid_t uid, int pid, int swappiness) {
-    return SetProcessGroupValue(uid, pid, "/memory.swappiness", swappiness);
+bool setProcessGroupSwappiness(uid_t, int pid, int swappiness) {
+    return SetProcessGroupValue(pid, "MemSwappiness", swappiness);
 }
 
-bool setProcessGroupSoftLimit(uid_t uid, int pid, int64_t soft_limit_in_bytes) {
-    return SetProcessGroupValue(uid, pid, "/memory.soft_limit_in_bytes", soft_limit_in_bytes);
+bool setProcessGroupSoftLimit(uid_t, int pid, int64_t soft_limit_in_bytes) {
+    return SetProcessGroupValue(pid, "MemSoftLimit", soft_limit_in_bytes);
 }
 
-bool setProcessGroupLimit(uid_t uid, int pid, int64_t limit_in_bytes) {
-    return SetProcessGroupValue(uid, pid, "/memory.limit_in_bytes", limit_in_bytes);
+bool setProcessGroupLimit(uid_t, int pid, int64_t limit_in_bytes) {
+    return SetProcessGroupValue(pid, "MemLimit", limit_in_bytes);
 }
diff --git a/libprocessgroup/sched_policy.cpp b/libprocessgroup/sched_policy.cpp
index f95d7e4..337b032 100644
--- a/libprocessgroup/sched_policy.cpp
+++ b/libprocessgroup/sched_policy.cpp
@@ -1,372 +1,83 @@
 /*
-** Copyright 2007, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-**     http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
 #include <processgroup/sched_policy.h>
 
 #define LOG_TAG "SchedPolicy"
 
 #include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
 #include <unistd.h>
 
-#include <android-base/macros.h>
-#include <log/log.h>
+#include <android-base/logging.h>
+#include <android-base/threads.h>
+#include <cgroup_map.h>
+#include <processgroup/processgroup.h>
+
+using android::base::GetThreadId;
 
 /* Re-map SP_DEFAULT to the system default policy, and leave other values unchanged.
  * Call this any place a SchedPolicy is used as an input parameter.
  * Returns the possibly re-mapped policy.
  */
-static inline SchedPolicy _policy(SchedPolicy p)
-{
-   return p == SP_DEFAULT ? SP_SYSTEM_DEFAULT : p;
+static inline SchedPolicy _policy(SchedPolicy p) {
+    return p == SP_DEFAULT ? SP_SYSTEM_DEFAULT : p;
 }
 
 #if defined(__ANDROID__)
 
-#include <pthread.h>
-#include <sched.h>
-#include <sys/prctl.h>
-
-#define POLICY_DEBUG 0
-
-// timer slack value in nS enforced when the thread moves to background
-#define TIMER_SLACK_BG 40000000
-#define TIMER_SLACK_FG 50000
-
-static pthread_once_t the_once = PTHREAD_ONCE_INIT;
-
-static int __sys_supports_timerslack = -1;
-
-// File descriptors open to /dev/cpuset/../tasks, setup by initialize, or -1 on error
-static int system_bg_cpuset_fd = -1;
-static int bg_cpuset_fd = -1;
-static int fg_cpuset_fd = -1;
-static int ta_cpuset_fd = -1; // special cpuset for top app
-static int rs_cpuset_fd = -1;  // special cpuset for screen off restrictions
-
-// File descriptors open to /dev/stune/../tasks, setup by initialize, or -1 on error
-static int bg_schedboost_fd = -1;
-static int fg_schedboost_fd = -1;
-static int ta_schedboost_fd = -1;
-static int rt_schedboost_fd = -1;
-
-/* Add tid to the scheduling group defined by the policy */
-static int add_tid_to_cgroup(int tid, int fd)
-{
-    if (fd < 0) {
-        SLOGE("add_tid_to_cgroup failed; fd=%d\n", fd);
-        errno = EINVAL;
-        return -1;
-    }
-
-    // specialized itoa -- works for tid > 0
-    char text[22];
-    char *end = text + sizeof(text) - 1;
-    char *ptr = end;
-    *ptr = '\0';
-    while (tid > 0) {
-        *--ptr = '0' + (tid % 10);
-        tid = tid / 10;
-    }
-
-    if (write(fd, ptr, end - ptr) < 0) {
-        /*
-         * If the thread is in the process of exiting,
-         * don't flag an error
-         */
-        if (errno == ESRCH)
-                return 0;
-        SLOGW("add_tid_to_cgroup failed to write '%s' (%s); fd=%d\n",
-              ptr, strerror(errno), fd);
-        errno = EINVAL;
-        return -1;
-    }
-
-    return 0;
-}
-
-/*
-    If CONFIG_CPUSETS for Linux kernel is set, "tasks" can be found under
-    /dev/cpuset mounted in init.rc; otherwise, that file does not exist
-    even though the directory, /dev/cpuset, is still created (by init.rc).
-
-    A couple of other candidates (under cpuset mount directory):
-        notify_on_release
-        release_agent
-
-    Yet another way to decide if cpuset is enabled is to parse
-    /proc/self/status and search for lines begin with "Mems_allowed".
-
-    If CONFIG_PROC_PID_CPUSET is set, the existence "/proc/self/cpuset" can
-    be used to decide if CONFIG_CPUSETS is set, so we don't have a dependency
-    on where init.rc mounts cpuset. That's why we'd better require this
-    configuration be set if CONFIG_CPUSETS is set.
-
-    In older releases, this was controlled by build-time configuration.
- */
-bool cpusets_enabled() {
-    static bool enabled = (access("/dev/cpuset/tasks", F_OK) == 0);
-
-    return enabled;
-}
-
-/*
-    Similar to CONFIG_CPUSETS above, but with a different configuration
-    CONFIG_CGROUP_SCHEDTUNE that's in Android common Linux kernel and Linaro
-    Stable Kernel (LSK), but not in mainline Linux as of v4.9.
-
-    In older releases, this was controlled by build-time configuration.
- */
-bool schedboost_enabled() {
-    static bool enabled = (access("/dev/stune/tasks", F_OK) == 0);
-
-    return enabled;
-}
-
-static void __initialize() {
-    const char* filename;
-
-    if (cpusets_enabled()) {
-        if (!access("/dev/cpuset/tasks", W_OK)) {
-
-            filename = "/dev/cpuset/foreground/tasks";
-            fg_cpuset_fd = open(filename, O_WRONLY | O_CLOEXEC);
-            filename = "/dev/cpuset/background/tasks";
-            bg_cpuset_fd = open(filename, O_WRONLY | O_CLOEXEC);
-            filename = "/dev/cpuset/system-background/tasks";
-            system_bg_cpuset_fd = open(filename, O_WRONLY | O_CLOEXEC);
-            filename = "/dev/cpuset/top-app/tasks";
-            ta_cpuset_fd = open(filename, O_WRONLY | O_CLOEXEC);
-            filename = "/dev/cpuset/restricted/tasks";
-            rs_cpuset_fd = open(filename, O_WRONLY | O_CLOEXEC);
-
-            if (schedboost_enabled()) {
-                filename = "/dev/stune/top-app/tasks";
-                ta_schedboost_fd = open(filename, O_WRONLY | O_CLOEXEC);
-                filename = "/dev/stune/foreground/tasks";
-                fg_schedboost_fd = open(filename, O_WRONLY | O_CLOEXEC);
-                filename = "/dev/stune/background/tasks";
-                bg_schedboost_fd = open(filename, O_WRONLY | O_CLOEXEC);
-                filename = "/dev/stune/rt/tasks";
-                rt_schedboost_fd = open(filename, O_WRONLY | O_CLOEXEC);
-            }
-        }
-    }
-
-    char buf[64];
-    snprintf(buf, sizeof(buf), "/proc/%d/timerslack_ns", getpid());
-    __sys_supports_timerslack = !access(buf, W_OK);
-}
-
-/*
- * Returns the path under the requested cgroup subsystem (if it exists)
- *
- * The data from /proc/<pid>/cgroup looks (something) like:
- *  2:cpu:/bg_non_interactive
- *  1:cpuacct:/
- *
- * We return the part after the "/", which will be an empty string for
- * the default cgroup.  If the string is longer than "bufLen", the string
- * will be truncated.
- */
-static int getCGroupSubsys(int tid, const char* subsys, char* buf, size_t bufLen)
-{
-#if defined(__ANDROID__)
-    char pathBuf[32];
-    char lineBuf[256];
-    FILE *fp;
-
-    snprintf(pathBuf, sizeof(pathBuf), "/proc/%d/cgroup", tid);
-    if (!(fp = fopen(pathBuf, "re"))) {
-        return -1;
-    }
-
-    while(fgets(lineBuf, sizeof(lineBuf) -1, fp)) {
-        char *next = lineBuf;
-        char *found_subsys;
-        char *grp;
-        size_t len;
-
-        /* Junk the first field */
-        if (!strsep(&next, ":")) {
-            goto out_bad_data;
-        }
-
-        if (!(found_subsys = strsep(&next, ":"))) {
-            goto out_bad_data;
-        }
-
-        if (strcmp(found_subsys, subsys)) {
-            /* Not the subsys we're looking for */
-            continue;
-        }
-
-        if (!(grp = strsep(&next, ":"))) {
-            goto out_bad_data;
-        }
-        grp++; /* Drop the leading '/' */
-        len = strlen(grp);
-        grp[len-1] = '\0'; /* Drop the trailing '\n' */
-
-        if (bufLen <= len) {
-            len = bufLen - 1;
-        }
-        strncpy(buf, grp, len);
-        buf[len] = '\0';
-        fclose(fp);
-        return 0;
-    }
-
-    SLOGE("Failed to find subsys %s", subsys);
-    fclose(fp);
-    return -1;
- out_bad_data:
-    SLOGE("Bad cgroup data {%s}", lineBuf);
-    fclose(fp);
-    return -1;
-#else
-    errno = ENOSYS;
-    return -1;
-#endif
-}
-
-int get_sched_policy(int tid, SchedPolicy *policy)
-{
+int set_cpuset_policy(int tid, SchedPolicy policy) {
     if (tid == 0) {
-        tid = gettid();
-    }
-    pthread_once(&the_once, __initialize);
-
-    char grpBuf[32];
-
-    grpBuf[0] = '\0';
-    if (schedboost_enabled()) {
-        if (getCGroupSubsys(tid, "schedtune", grpBuf, sizeof(grpBuf)) < 0) return -1;
-    }
-    if ((grpBuf[0] == '\0') && cpusets_enabled()) {
-        if (getCGroupSubsys(tid, "cpuset", grpBuf, sizeof(grpBuf)) < 0) return -1;
-    }
-    if (grpBuf[0] == '\0') {
-        *policy = SP_FOREGROUND;
-    } else if (!strcmp(grpBuf, "foreground")) {
-        *policy = SP_FOREGROUND;
-    } else if (!strcmp(grpBuf, "system-background")) {
-        *policy = SP_SYSTEM;
-    } else if (!strcmp(grpBuf, "background")) {
-        *policy = SP_BACKGROUND;
-    } else if (!strcmp(grpBuf, "top-app")) {
-        *policy = SP_TOP_APP;
-    } else {
-        errno = ERANGE;
-        return -1;
-    }
-    return 0;
-}
-
-int set_cpuset_policy(int tid, SchedPolicy policy)
-{
-    // in the absence of cpusets, use the old sched policy
-    if (!cpusets_enabled()) {
-        return set_sched_policy(tid, policy);
-    }
-
-    if (tid == 0) {
-        tid = gettid();
+        tid = GetThreadId();
     }
     policy = _policy(policy);
-    pthread_once(&the_once, __initialize);
 
-    int fd = -1;
-    int boost_fd = -1;
     switch (policy) {
-    case SP_BACKGROUND:
-        fd = bg_cpuset_fd;
-        boost_fd = bg_schedboost_fd;
-        break;
-    case SP_FOREGROUND:
-    case SP_AUDIO_APP:
-    case SP_AUDIO_SYS:
-        fd = fg_cpuset_fd;
-        boost_fd = fg_schedboost_fd;
-        break;
-    case SP_TOP_APP :
-        fd = ta_cpuset_fd;
-        boost_fd = ta_schedboost_fd;
-        break;
-    case SP_SYSTEM:
-        fd = system_bg_cpuset_fd;
-        break;
-    case SP_RESTRICTED:
-        fd = rs_cpuset_fd;
-        break;
-    default:
-        boost_fd = fd = -1;
-        break;
-    }
-
-    if (add_tid_to_cgroup(tid, fd) != 0) {
-        if (errno != ESRCH && errno != ENOENT)
-            return -errno;
-    }
-
-    if (schedboost_enabled()) {
-        if (boost_fd > 0 && add_tid_to_cgroup(tid, boost_fd) != 0) {
-            if (errno != ESRCH && errno != ENOENT)
-                return -errno;
-        }
+        case SP_BACKGROUND:
+            return SetTaskProfiles(tid,
+                                   {"HighEnergySaving", "ProcessCapacityLow", "TimerSlackHigh"})
+                           ? 0
+                           : -1;
+        case SP_FOREGROUND:
+        case SP_AUDIO_APP:
+        case SP_AUDIO_SYS:
+            return SetTaskProfiles(tid,
+                                   {"HighPerformance", "ProcessCapacityHigh", "TimerSlackNormal"})
+                           ? 0
+                           : -1;
+        case SP_TOP_APP:
+            return SetTaskProfiles(tid,
+                                   {"MaxPerformance", "ProcessCapacityMax", "TimerSlackNormal"})
+                           ? 0
+                           : -1;
+        case SP_SYSTEM:
+            return SetTaskProfiles(tid, {"ServiceCapacityLow", "TimerSlackNormal"}) ? 0 : -1;
+        case SP_RESTRICTED:
+            return SetTaskProfiles(tid, {"ServiceCapacityRestricted", "TimerSlackNormal"}) ? 0 : -1;
+        default:
+            break;
     }
 
     return 0;
 }
 
-static void set_timerslack_ns(int tid, unsigned long slack) {
-    // v4.6+ kernels support the /proc/<tid>/timerslack_ns interface.
-    // TODO: once we've backported this, log if the open(2) fails.
-    if (__sys_supports_timerslack) {
-        char buf[64];
-        snprintf(buf, sizeof(buf), "/proc/%d/timerslack_ns", tid);
-        int fd = open(buf, O_WRONLY | O_CLOEXEC);
-        if (fd != -1) {
-            int len = snprintf(buf, sizeof(buf), "%lu", slack);
-            if (write(fd, buf, len) != len) {
-                SLOGE("set_timerslack_ns write failed: %s\n", strerror(errno));
-            }
-            close(fd);
-            return;
-        }
-    }
-
-    // TODO: Remove when /proc/<tid>/timerslack_ns interface is backported.
-    if ((tid == 0) || (tid == gettid())) {
-        if (prctl(PR_SET_TIMERSLACK, slack) == -1) {
-            SLOGE("set_timerslack_ns prctl failed: %s\n", strerror(errno));
-        }
-    }
-}
-
-int set_sched_policy(int tid, SchedPolicy policy)
-{
+int set_sched_policy(int tid, SchedPolicy policy) {
     if (tid == 0) {
-        tid = gettid();
+        tid = GetThreadId();
     }
     policy = _policy(policy);
-    pthread_once(&the_once, __initialize);
 
 #if POLICY_DEBUG
     char statfile[64];
@@ -376,73 +87,113 @@
     snprintf(statfile, sizeof(statfile), "/proc/%d/stat", tid);
     memset(thread_name, 0, sizeof(thread_name));
 
-    int fd = open(statfile, O_RDONLY | O_CLOEXEC);
+    unique_fd fd(TEMP_FAILURE_RETRY(open(statfile, O_RDONLY | O_CLOEXEC)));
     if (fd >= 0) {
         int rc = read(fd, statline, 1023);
-        close(fd);
         statline[rc] = 0;
-        char *p = statline;
-        char *q;
+        char* p = statline;
+        char* q;
 
-        for (p = statline; *p != '('; p++);
+        for (p = statline; *p != '('; p++)
+            ;
         p++;
-        for (q = p; *q != ')'; q++);
+        for (q = p; *q != ')'; q++)
+            ;
 
-        strncpy(thread_name, p, (q-p));
+        strncpy(thread_name, p, (q - p));
     }
     switch (policy) {
-    case SP_BACKGROUND:
-        SLOGD("vvv tid %d (%s)", tid, thread_name);
-        break;
-    case SP_FOREGROUND:
-    case SP_AUDIO_APP:
-    case SP_AUDIO_SYS:
-    case SP_TOP_APP:
-        SLOGD("^^^ tid %d (%s)", tid, thread_name);
-        break;
-    case SP_SYSTEM:
-        SLOGD("/// tid %d (%s)", tid, thread_name);
-        break;
-    case SP_RT_APP:
-	SLOGD("RT  tid %d (%s)", tid, thread_name);
-	break;
-    default:
-        SLOGD("??? tid %d (%s)", tid, thread_name);
-        break;
-    }
-#endif
-
-    if (schedboost_enabled()) {
-        int boost_fd = -1;
-        switch (policy) {
         case SP_BACKGROUND:
-            boost_fd = bg_schedboost_fd;
+            SLOGD("vvv tid %d (%s)", tid, thread_name);
             break;
         case SP_FOREGROUND:
         case SP_AUDIO_APP:
         case SP_AUDIO_SYS:
-            boost_fd = fg_schedboost_fd;
-            break;
         case SP_TOP_APP:
-            boost_fd = ta_schedboost_fd;
+            SLOGD("^^^ tid %d (%s)", tid, thread_name);
+            break;
+        case SP_SYSTEM:
+            SLOGD("/// tid %d (%s)", tid, thread_name);
             break;
         case SP_RT_APP:
-	    boost_fd = rt_schedboost_fd;
-	    break;
-        default:
-            boost_fd = -1;
+            SLOGD("RT  tid %d (%s)", tid, thread_name);
             break;
-        }
+        default:
+            SLOGD("??? tid %d (%s)", tid, thread_name);
+            break;
+    }
+#endif
 
-        if (boost_fd > 0 && add_tid_to_cgroup(tid, boost_fd) != 0) {
-            if (errno != ESRCH && errno != ENOENT)
-                return -errno;
-        }
-
+    switch (policy) {
+        case SP_BACKGROUND:
+            return SetTaskProfiles(tid, {"HighEnergySaving", "TimerSlackHigh"}) ? 0 : -1;
+        case SP_FOREGROUND:
+        case SP_AUDIO_APP:
+        case SP_AUDIO_SYS:
+            return SetTaskProfiles(tid, {"HighPerformance", "TimerSlackNormal"}) ? 0 : -1;
+        case SP_TOP_APP:
+            return SetTaskProfiles(tid, {"MaxPerformance", "TimerSlackNormal"}) ? 0 : -1;
+        case SP_RT_APP:
+            return SetTaskProfiles(tid, {"RealtimePerformance", "TimerSlackNormal"}) ? 0 : -1;
+        default:
+            return SetTaskProfiles(tid, {"TimerSlackNormal"}) ? 0 : -1;
     }
 
-    set_timerslack_ns(tid, policy == SP_BACKGROUND ? TIMER_SLACK_BG : TIMER_SLACK_FG);
+    return 0;
+}
 
+bool cpusets_enabled() {
+    static bool enabled = (CgroupMap::GetInstance().FindController("cpuset") != nullptr);
+    return enabled;
+}
+
+bool schedboost_enabled() {
+    static bool enabled = (CgroupMap::GetInstance().FindController("schedtune") != nullptr);
+    return enabled;
+}
+
+static int getCGroupSubsys(int tid, const char* subsys, std::string& subgroup) {
+    const CgroupController* controller = CgroupMap::GetInstance().FindController(subsys);
+
+    if (!controller) return -1;
+
+    if (!controller->GetTaskGroup(tid, &subgroup)) {
+        PLOG(ERROR) << "Failed to find cgroup for tid " << tid;
+        return -1;
+    }
+    return 0;
+}
+
+int get_sched_policy(int tid, SchedPolicy* policy) {
+    if (tid == 0) {
+        tid = GetThreadId();
+    }
+
+    std::string group;
+    if (schedboost_enabled()) {
+        if (getCGroupSubsys(tid, "schedtune", group) < 0) return -1;
+    }
+    if (group.empty() && cpusets_enabled()) {
+        if (getCGroupSubsys(tid, "cpuset", group) < 0) return -1;
+    }
+
+    // TODO: replace hardcoded directories
+    if (group.empty()) {
+        *policy = SP_FOREGROUND;
+    } else if (group == "foreground") {
+        *policy = SP_FOREGROUND;
+    } else if (group == "system-background") {
+        *policy = SP_SYSTEM;
+    } else if (group == "background") {
+        *policy = SP_BACKGROUND;
+    } else if (group == "top-app") {
+        *policy = SP_TOP_APP;
+    } else if (group == "restricted") {
+        *policy = SP_RESTRICTED;
+    } else {
+        errno = ERANGE;
+        return -1;
+    }
     return 0;
 }
 
@@ -450,11 +201,11 @@
 
 /* Stubs for non-Android targets. */
 
-int set_sched_policy(int /*tid*/, SchedPolicy /*policy*/) {
+int set_sched_policy(int, SchedPolicy) {
     return 0;
 }
 
-int get_sched_policy(int /*tid*/, SchedPolicy* policy) {
+int get_sched_policy(int, SchedPolicy* policy) {
     *policy = SP_SYSTEM_DEFAULT;
     return 0;
 }
diff --git a/libprocessgroup/task_profiles.cpp b/libprocessgroup/task_profiles.cpp
new file mode 100644
index 0000000..ec6cbbc
--- /dev/null
+++ b/libprocessgroup/task_profiles.cpp
@@ -0,0 +1,382 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//#define LOG_NDEBUG 0
+#define LOG_TAG "libprocessgroup"
+
+#include <fcntl.h>
+#include <task_profiles.h>
+#include <string>
+
+#include <android-base/file.h>
+#include <android-base/logging.h>
+#include <android-base/stringprintf.h>
+#include <android-base/threads.h>
+
+#include <cutils/android_filesystem_config.h>
+
+#include <json/reader.h>
+#include <json/value.h>
+
+// To avoid issues in sdk_mac build
+#if defined(__ANDROID__)
+#include <sys/prctl.h>
+#endif
+
+using android::base::GetThreadId;
+using android::base::StringPrintf;
+using android::base::unique_fd;
+using android::base::WriteStringToFile;
+
+#define TASK_PROFILE_DB_FILE "/etc/task_profiles.json"
+
+bool ProfileAttribute::GetPathForTask(int tid, std::string* path) const {
+    std::string subgroup;
+    if (!controller_->GetTaskGroup(tid, &subgroup)) {
+        return false;
+    }
+
+    if (path == nullptr) {
+        return true;
+    }
+
+    if (subgroup.empty()) {
+        *path = StringPrintf("%s/%s", controller_->path(), file_name_.c_str());
+    } else {
+        *path = StringPrintf("%s/%s/%s", controller_->path(), subgroup.c_str(), file_name_.c_str());
+    }
+    return true;
+}
+
+bool SetClampsAction::ExecuteForProcess(uid_t, pid_t) const {
+    // TODO: add support when kernel supports util_clamp
+    LOG(WARNING) << "SetClampsAction::ExecuteForProcess is not supported";
+    return false;
+}
+
+bool SetClampsAction::ExecuteForTask(int) const {
+    // TODO: add support when kernel supports util_clamp
+    LOG(WARNING) << "SetClampsAction::ExecuteForTask is not supported";
+    return false;
+}
+
+// To avoid issues in sdk_mac build
+#if defined(__ANDROID__)
+
+bool SetTimerSlackAction::IsTimerSlackSupported(int tid) {
+    auto file = StringPrintf("/proc/%d/timerslack_ns", tid);
+
+    return (access(file.c_str(), W_OK) == 0);
+}
+
+bool SetTimerSlackAction::ExecuteForTask(int tid) const {
+    static bool sys_supports_timerslack = IsTimerSlackSupported(tid);
+
+    // v4.6+ kernels support the /proc/<tid>/timerslack_ns interface.
+    // TODO: once we've backported this, log if the open(2) fails.
+    if (sys_supports_timerslack) {
+        auto file = StringPrintf("/proc/%d/timerslack_ns", tid);
+        if (!WriteStringToFile(std::to_string(slack_), file)) {
+            PLOG(ERROR) << "set_timerslack_ns write failed";
+        }
+    }
+
+    // TODO: Remove when /proc/<tid>/timerslack_ns interface is backported.
+    if (tid == 0 || tid == GetThreadId()) {
+        if (prctl(PR_SET_TIMERSLACK, slack_) == -1) {
+            PLOG(ERROR) << "set_timerslack_ns prctl failed";
+        }
+    }
+
+    return true;
+}
+
+#endif
+
+bool SetAttributeAction::ExecuteForProcess(uid_t, pid_t pid) const {
+    return ExecuteForTask(pid);
+}
+
+bool SetAttributeAction::ExecuteForTask(int tid) const {
+    std::string path;
+
+    if (!attribute_->GetPathForTask(tid, &path)) {
+        PLOG(ERROR) << "Failed to find cgroup for tid " << tid;
+        return false;
+    }
+
+    if (!WriteStringToFile(value_, path)) {
+        PLOG(ERROR) << "Failed to write '" << value_ << "' to " << path;
+        return false;
+    }
+
+    return true;
+}
+
+bool SetCgroupAction::IsAppDependentPath(const std::string& path) {
+    return path.find("<uid>", 0) != std::string::npos || path.find("<pid>", 0) != std::string::npos;
+}
+
+SetCgroupAction::SetCgroupAction(const CgroupController* c, const std::string& p)
+    : controller_(c), path_(p) {
+    // cache file descriptor only if path is app independent
+    if (IsAppDependentPath(path_)) {
+        // file descriptor is not cached
+        fd_.reset(-2);
+        return;
+    }
+
+    std::string tasks_path = c->GetTasksFilePath(p.c_str());
+
+    if (access(tasks_path.c_str(), W_OK) != 0) {
+        // file is not accessible
+        fd_.reset(-1);
+        return;
+    }
+
+    unique_fd fd(TEMP_FAILURE_RETRY(open(tasks_path.c_str(), O_WRONLY | O_CLOEXEC)));
+    if (fd < 0) {
+        PLOG(ERROR) << "Failed to cache fd '" << tasks_path << "'";
+        fd_.reset(-1);
+        return;
+    }
+
+    fd_ = std::move(fd);
+}
+
+bool SetCgroupAction::AddTidToCgroup(int tid, int fd) {
+    if (tid <= 0) {
+        return true;
+    }
+
+    std::string value = std::to_string(tid);
+
+    if (TEMP_FAILURE_RETRY(write(fd, value.c_str(), value.length())) < 0) {
+        // If the thread is in the process of exiting, don't flag an error
+        if (errno != ESRCH) {
+            PLOG(ERROR) << "JoinGroup failed to write '" << value << "'; fd=" << fd;
+            return false;
+        }
+    }
+
+    return true;
+}
+
+bool SetCgroupAction::ExecuteForProcess(uid_t uid, pid_t pid) const {
+    if (fd_ >= 0) {
+        // fd is cached, reuse it
+        if (!AddTidToCgroup(pid, fd_)) {
+            PLOG(ERROR) << "Failed to add task into cgroup";
+            return false;
+        }
+        return true;
+    }
+
+    if (fd_ == -1) {
+        // no permissions to access the file, ignore
+        return true;
+    }
+
+    // this is app-dependent path, file descriptor is not cached
+    std::string procs_path = controller_->GetProcsFilePath(path_.c_str(), uid, pid);
+    unique_fd tmp_fd(TEMP_FAILURE_RETRY(open(procs_path.c_str(), O_WRONLY | O_CLOEXEC)));
+    if (tmp_fd < 0) {
+        PLOG(WARNING) << "Failed to open " << procs_path << ": " << strerror(errno);
+        return false;
+    }
+    if (!AddTidToCgroup(pid, tmp_fd)) {
+        PLOG(ERROR) << "Failed to add task into cgroup";
+        return false;
+    }
+
+    return true;
+}
+
+bool SetCgroupAction::ExecuteForTask(int tid) const {
+    if (fd_ >= 0) {
+        // fd is cached, reuse it
+        if (!AddTidToCgroup(tid, fd_)) {
+            PLOG(ERROR) << "Failed to add task into cgroup";
+            return false;
+        }
+        return true;
+    }
+
+    if (fd_ == -1) {
+        // no permissions to access the file, ignore
+        return true;
+    }
+
+    // application-dependent path can't be used with tid
+    PLOG(ERROR) << "Application profile can't be applied to a thread";
+    return false;
+}
+
+bool TaskProfile::ExecuteForProcess(uid_t uid, pid_t pid) const {
+    for (const auto& element : elements_) {
+        if (!element->ExecuteForProcess(uid, pid)) {
+            return false;
+        }
+    }
+    return true;
+}
+
+bool TaskProfile::ExecuteForTask(int tid) const {
+    if (tid == 0) {
+        tid = GetThreadId();
+    }
+    for (const auto& element : elements_) {
+        if (!element->ExecuteForTask(tid)) {
+            return false;
+        }
+    }
+    return true;
+}
+
+TaskProfiles& TaskProfiles::GetInstance() {
+    static TaskProfiles instance;
+    return instance;
+}
+
+TaskProfiles::TaskProfiles() {
+    if (!Load(CgroupMap::GetInstance())) {
+        LOG(ERROR) << "TaskProfiles::Load for [" << getpid() << "] failed";
+    }
+}
+
+bool TaskProfiles::Load(const CgroupMap& cg_map) {
+    std::string json_doc;
+
+    if (!android::base::ReadFileToString(TASK_PROFILE_DB_FILE, &json_doc)) {
+        LOG(ERROR) << "Failed to read task profiles from " << TASK_PROFILE_DB_FILE;
+        return false;
+    }
+
+    Json::Reader reader;
+    Json::Value root;
+    if (!reader.parse(json_doc, root)) {
+        LOG(ERROR) << "Failed to parse task profiles: " << reader.getFormattedErrorMessages();
+        return false;
+    }
+
+    Json::Value attr = root["Attributes"];
+    for (Json::Value::ArrayIndex i = 0; i < attr.size(); ++i) {
+        std::string name = attr[i]["Name"].asString();
+        std::string ctrlName = attr[i]["Controller"].asString();
+        std::string file_name = attr[i]["File"].asString();
+
+        if (attributes_.find(name) == attributes_.end()) {
+            const CgroupController* controller = cg_map.FindController(ctrlName.c_str());
+            if (controller) {
+                attributes_[name] = std::make_unique<ProfileAttribute>(controller, file_name);
+            } else {
+                LOG(WARNING) << "Controller " << ctrlName << " is not found";
+            }
+        } else {
+            LOG(WARNING) << "Attribute " << name << " is already defined";
+        }
+    }
+
+    std::map<std::string, std::string> params;
+
+    Json::Value profilesVal = root["Profiles"];
+    for (Json::Value::ArrayIndex i = 0; i < profilesVal.size(); ++i) {
+        Json::Value profileVal = profilesVal[i];
+
+        std::string profileName = profileVal["Name"].asString();
+        Json::Value actions = profileVal["Actions"];
+        auto profile = std::make_unique<TaskProfile>();
+
+        for (Json::Value::ArrayIndex actIdx = 0; actIdx < actions.size(); ++actIdx) {
+            Json::Value actionVal = actions[actIdx];
+            std::string actionName = actionVal["Name"].asString();
+            Json::Value paramsVal = actionVal["Params"];
+            if (actionName == "JoinCgroup") {
+                std::string ctrlName = paramsVal["Controller"].asString();
+                std::string path = paramsVal["Path"].asString();
+
+                const CgroupController* controller = cg_map.FindController(ctrlName.c_str());
+                if (controller) {
+                    profile->Add(std::make_unique<SetCgroupAction>(controller, path));
+                } else {
+                    LOG(WARNING) << "JoinCgroup: controller " << ctrlName << " is not found";
+                }
+            } else if (actionName == "SetTimerSlack") {
+                std::string slackValue = paramsVal["Slack"].asString();
+                char* end;
+                unsigned long slack;
+
+                slack = strtoul(slackValue.c_str(), &end, 10);
+                if (end > slackValue.c_str()) {
+                    profile->Add(std::make_unique<SetTimerSlackAction>(slack));
+                } else {
+                    LOG(WARNING) << "SetTimerSlack: invalid parameter: " << slackValue;
+                }
+            } else if (actionName == "SetAttribute") {
+                std::string attrName = paramsVal["Name"].asString();
+                std::string attrValue = paramsVal["Value"].asString();
+
+                auto iter = attributes_.find(attrName);
+                if (iter != attributes_.end()) {
+                    profile->Add(
+                            std::make_unique<SetAttributeAction>(iter->second.get(), attrValue));
+                } else {
+                    LOG(WARNING) << "SetAttribute: unknown attribute: " << attrName;
+                }
+            } else if (actionName == "SetClamps") {
+                std::string boostValue = paramsVal["Boost"].asString();
+                std::string clampValue = paramsVal["Clamp"].asString();
+                char* end;
+                unsigned long boost;
+
+                boost = strtoul(boostValue.c_str(), &end, 10);
+                if (end > boostValue.c_str()) {
+                    unsigned long clamp = strtoul(clampValue.c_str(), &end, 10);
+                    if (end > clampValue.c_str()) {
+                        profile->Add(std::make_unique<SetClampsAction>(boost, clamp));
+                    } else {
+                        LOG(WARNING) << "SetClamps: invalid parameter " << clampValue;
+                    }
+                } else {
+                    LOG(WARNING) << "SetClamps: invalid parameter: " << boostValue;
+                }
+            } else {
+                LOG(WARNING) << "Unknown profile action: " << actionName;
+            }
+        }
+        profiles_[profileName] = std::move(profile);
+    }
+
+    return true;
+}
+
+const TaskProfile* TaskProfiles::GetProfile(const std::string& name) const {
+    auto iter = profiles_.find(name);
+
+    if (iter != profiles_.end()) {
+        return iter->second.get();
+    }
+    return nullptr;
+}
+
+const ProfileAttribute* TaskProfiles::GetAttribute(const std::string& name) const {
+    auto iter = attributes_.find(name);
+
+    if (iter != attributes_.end()) {
+        return iter->second.get();
+    }
+    return nullptr;
+}
diff --git a/libprocessgroup/task_profiles.h b/libprocessgroup/task_profiles.h
new file mode 100644
index 0000000..83e74b2
--- /dev/null
+++ b/libprocessgroup/task_profiles.h
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <sys/cdefs.h>
+#include <sys/types.h>
+#include <map>
+#include <string>
+#include <vector>
+
+#include <android-base/unique_fd.h>
+#include <cgroup_map.h>
+
+class ProfileAttribute {
+  public:
+    ProfileAttribute(const CgroupController* controller, const std::string& file_name)
+        : controller_(controller), file_name_(file_name) {}
+
+    const CgroupController* controller() const { return controller_; }
+    const std::string& file_name() const { return file_name_; }
+
+    bool GetPathForTask(int tid, std::string* path) const;
+
+  private:
+    const CgroupController* controller_;
+    std::string file_name_;
+};
+
+// Abstract profile element
+class ProfileAction {
+  public:
+    virtual ~ProfileAction() {}
+
+    // Default implementations will fail
+    virtual bool ExecuteForProcess(uid_t, pid_t) const { return false; };
+    virtual bool ExecuteForTask(int) const { return false; };
+};
+
+// Profile actions
+class SetClampsAction : public ProfileAction {
+  public:
+    SetClampsAction(int boost, int clamp) noexcept : boost_(boost), clamp_(clamp) {}
+
+    virtual bool ExecuteForProcess(uid_t uid, pid_t pid) const;
+    virtual bool ExecuteForTask(int tid) const;
+
+  protected:
+    int boost_;
+    int clamp_;
+};
+
+// To avoid issues in sdk_mac build
+#if defined(__ANDROID__)
+
+class SetTimerSlackAction : public ProfileAction {
+  public:
+    SetTimerSlackAction(unsigned long slack) noexcept : slack_(slack) {}
+
+    virtual bool ExecuteForTask(int tid) const;
+
+  private:
+    unsigned long slack_;
+
+    static bool IsTimerSlackSupported(int tid);
+};
+
+#else
+
+class SetTimerSlackAction : public ProfileAction {
+  public:
+    SetTimerSlackAction(unsigned long) noexcept {}
+
+    virtual bool ExecuteForTask(int) const { return true; }
+};
+
+#endif
+
+// Set attribute profile element
+class SetAttributeAction : public ProfileAction {
+  public:
+    SetAttributeAction(const ProfileAttribute* attribute, const std::string& value)
+        : attribute_(attribute), value_(value) {}
+
+    virtual bool ExecuteForProcess(uid_t uid, pid_t pid) const;
+    virtual bool ExecuteForTask(int tid) const;
+
+  private:
+    const ProfileAttribute* attribute_;
+    std::string value_;
+};
+
+// Set cgroup profile element
+class SetCgroupAction : public ProfileAction {
+  public:
+    SetCgroupAction(const CgroupController* c, const std::string& p);
+
+    virtual bool ExecuteForProcess(uid_t uid, pid_t pid) const;
+    virtual bool ExecuteForTask(int tid) const;
+
+    const CgroupController* controller() const { return controller_; }
+    std::string path() const { return path_; }
+
+  private:
+    const CgroupController* controller_;
+    std::string path_;
+    android::base::unique_fd fd_;
+
+    static bool IsAppDependentPath(const std::string& path);
+    static bool AddTidToCgroup(int tid, int fd);
+};
+
+class TaskProfile {
+  public:
+    TaskProfile() {}
+
+    void Add(std::unique_ptr<ProfileAction> e) { elements_.push_back(std::move(e)); }
+
+    bool ExecuteForProcess(uid_t uid, pid_t pid) const;
+    bool ExecuteForTask(int tid) const;
+
+  private:
+    std::vector<std::unique_ptr<ProfileAction>> elements_;
+};
+
+class TaskProfiles {
+  public:
+    // Should be used by all users
+    static TaskProfiles& GetInstance();
+
+    const TaskProfile* GetProfile(const std::string& name) const;
+    const ProfileAttribute* GetAttribute(const std::string& name) const;
+
+  private:
+    std::map<std::string, std::unique_ptr<TaskProfile>> profiles_;
+    std::map<std::string, std::unique_ptr<ProfileAttribute>> attributes_;
+
+    TaskProfiles();
+
+    bool Load(const CgroupMap& cg_map);
+};
diff --git a/libunwindstack/Android.bp b/libunwindstack/Android.bp
index d1b8271..c90f5b2 100644
--- a/libunwindstack/Android.bp
+++ b/libunwindstack/Android.bp
@@ -212,6 +212,7 @@
         "tests/RegsStepIfSignalHandlerTest.cpp",
         "tests/RegsTest.cpp",
         "tests/SymbolsTest.cpp",
+        "tests/TestUtils.cpp",
         "tests/UnwindOfflineTest.cpp",
         "tests/UnwindTest.cpp",
         "tests/UnwinderTest.cpp",
diff --git a/libunwindstack/MapInfo.cpp b/libunwindstack/MapInfo.cpp
index f319971..89a6a79 100644
--- a/libunwindstack/MapInfo.cpp
+++ b/libunwindstack/MapInfo.cpp
@@ -22,6 +22,8 @@
 #include <mutex>
 #include <string>
 
+#include <android-base/stringprintf.h>
+
 #include <unwindstack/Elf.h>
 #include <unwindstack/MapInfo.h>
 #include <unwindstack/Maps.h>
@@ -311,4 +313,17 @@
   return *reinterpret_cast<std::string*>(id);
 }
 
+std::string MapInfo::GetPrintableBuildID() {
+  std::string raw_build_id = GetBuildID();
+  if (raw_build_id.empty()) {
+    return "";
+  }
+  std::string printable_build_id;
+  for (const char& c : raw_build_id) {
+    // Use %hhx to avoid sign extension on abis that have signed chars.
+    printable_build_id += android::base::StringPrintf("%02hhx", c);
+  }
+  return printable_build_id;
+}
+
 }  // namespace unwindstack
diff --git a/libunwindstack/include/unwindstack/MapInfo.h b/libunwindstack/include/unwindstack/MapInfo.h
index 5143ff1..e938986 100644
--- a/libunwindstack/include/unwindstack/MapInfo.h
+++ b/libunwindstack/include/unwindstack/MapInfo.h
@@ -84,8 +84,12 @@
 
   bool GetFunctionName(uint64_t addr, std::string* name, uint64_t* func_offset);
 
+  // Returns the raw build id read from the elf data.
   std::string GetBuildID();
 
+  // Returns the printable version of the build id (hex dump of raw data).
+  std::string GetPrintableBuildID();
+
  private:
   MapInfo(const MapInfo&) = delete;
   void operator=(const MapInfo&) = delete;
diff --git a/libunwindstack/include/unwindstack/Unwinder.h b/libunwindstack/include/unwindstack/Unwinder.h
index f4788d7..ddda7fd 100644
--- a/libunwindstack/include/unwindstack/Unwinder.h
+++ b/libunwindstack/include/unwindstack/Unwinder.h
@@ -81,6 +81,12 @@
 
   const std::vector<FrameData>& frames() { return frames_; }
 
+  std::vector<FrameData> ConsumeFrames() {
+    std::vector<FrameData> frames = std::move(frames_);
+    frames_.clear();
+    return frames;
+  }
+
   std::string FormatFrame(size_t frame_num);
   static std::string FormatFrame(const FrameData& frame, bool is32bit);
 
diff --git a/libunwindstack/tests/MapInfoGetBuildIDTest.cpp b/libunwindstack/tests/MapInfoGetBuildIDTest.cpp
index 3b89c59..16451d1 100644
--- a/libunwindstack/tests/MapInfoGetBuildIDTest.cpp
+++ b/libunwindstack/tests/MapInfoGetBuildIDTest.cpp
@@ -67,6 +67,7 @@
   MapInfo info(nullptr, 0x1000, 0x2000, 0, PROT_READ, "");
 
   EXPECT_EQ("", info.GetBuildID());
+  EXPECT_EQ("", info.GetPrintableBuildID());
 }
 
 TEST_F(MapInfoGetBuildIDTest, from_elf) {
@@ -74,6 +75,18 @@
   elf_interface_->FakeSetBuildID("FAKE_BUILD_ID");
 
   EXPECT_EQ("FAKE_BUILD_ID", map_info_->GetBuildID());
+  EXPECT_EQ("46414b455f4255494c445f4944", map_info_->GetPrintableBuildID());
+}
+
+TEST_F(MapInfoGetBuildIDTest, from_elf_no_sign_extension) {
+  map_info_->elf.reset(elf_container_.release());
+
+  std::string build_id = {static_cast<char>(0xfa), static_cast<char>(0xab), static_cast<char>(0x12),
+                          static_cast<char>(0x02)};
+  elf_interface_->FakeSetBuildID(build_id);
+
+  EXPECT_EQ("\xFA\xAB\x12\x2", map_info_->GetBuildID());
+  EXPECT_EQ("faab1202", map_info_->GetPrintableBuildID());
 }
 
 void MapInfoGetBuildIDTest::MultipleThreadTest(std::string expected_build_id) {
@@ -172,6 +185,7 @@
   InitElfData(tf_->fd);
 
   EXPECT_EQ("ELF_BUILDID", map_info_->GetBuildID());
+  EXPECT_EQ("454c465f4255494c444944", map_info_->GetPrintableBuildID());
 }
 
 TEST_F(MapInfoGetBuildIDTest, multiple_thread_elf_exists_in_memory) {
diff --git a/libunwindstack/tests/TestUtils.cpp b/libunwindstack/tests/TestUtils.cpp
new file mode 100644
index 0000000..e76f5f8
--- /dev/null
+++ b/libunwindstack/tests/TestUtils.cpp
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <malloc.h>
+#include <stdint.h>
+
+#include <gtest/gtest.h>
+
+namespace unwindstack {
+
+void TestCheckForLeaks(void (*unwind_func)(void*), void* data) {
+  static constexpr size_t kNumLeakLoops = 200;
+  static constexpr size_t kMaxAllowedLeakBytes = 32 * 1024;
+
+  size_t first_allocated_bytes = 0;
+  size_t last_allocated_bytes = 0;
+  for (size_t i = 0; i < kNumLeakLoops; i++) {
+    unwind_func(data);
+
+    size_t allocated_bytes = mallinfo().uordblks;
+    if (first_allocated_bytes == 0) {
+      first_allocated_bytes = allocated_bytes;
+    } else if (last_allocated_bytes > first_allocated_bytes) {
+      // Check that the memory did not increase too much over the first loop.
+      ASSERT_LE(last_allocated_bytes - first_allocated_bytes, kMaxAllowedLeakBytes);
+    }
+    last_allocated_bytes = allocated_bytes;
+  }
+}
+
+}  // namespace unwindstack
diff --git a/libunwindstack/tests/TestUtils.h b/libunwindstack/tests/TestUtils.h
index 8c31aa6..a4d7b9b 100644
--- a/libunwindstack/tests/TestUtils.h
+++ b/libunwindstack/tests/TestUtils.h
@@ -50,6 +50,8 @@
   return ready;
 }
 
+void TestCheckForLeaks(void (*unwind_func)(void*), void* data);
+
 }  // namespace unwindstack
 
 #endif  // _LIBUNWINDSTACK_TESTS_TEST_UTILS_H
diff --git a/libunwindstack/tests/UnwindOfflineTest.cpp b/libunwindstack/tests/UnwindOfflineTest.cpp
index 0588a84..b5feb38 100644
--- a/libunwindstack/tests/UnwindOfflineTest.cpp
+++ b/libunwindstack/tests/UnwindOfflineTest.cpp
@@ -43,6 +43,7 @@
 #include <unwindstack/Unwinder.h>
 
 #include "ElfTestUtils.h"
+#include "TestUtils.h"
 
 namespace unwindstack {
 
@@ -901,6 +902,43 @@
   EXPECT_EQ(0xff85f0c0U, unwinder.frames()[75].sp);
 }
 
+struct LeakType {
+  LeakType(Maps* maps, Regs* regs, std::shared_ptr<Memory>& process_memory)
+      : maps(maps), regs(regs), process_memory(process_memory) {}
+
+  Maps* maps;
+  Regs* regs;
+  std::shared_ptr<Memory>& process_memory;
+};
+
+static void OfflineUnwind(void* data) {
+  LeakType* leak_data = reinterpret_cast<LeakType*>(data);
+
+  std::unique_ptr<Regs> regs_copy(leak_data->regs->Clone());
+  JitDebug jit_debug(leak_data->process_memory);
+  Unwinder unwinder(128, leak_data->maps, regs_copy.get(), leak_data->process_memory);
+  unwinder.SetJitDebug(&jit_debug, regs_copy->Arch());
+  unwinder.Unwind();
+  ASSERT_EQ(76U, unwinder.NumFrames());
+}
+
+TEST_F(UnwindOfflineTest, unwind_offline_check_for_leaks) {
+  ASSERT_NO_FATAL_FAILURE(Init("jit_debug_arm/", ARCH_ARM));
+
+  MemoryOfflineParts* memory = new MemoryOfflineParts;
+  AddMemory(dir_ + "descriptor.data", memory);
+  AddMemory(dir_ + "descriptor1.data", memory);
+  AddMemory(dir_ + "stack.data", memory);
+  for (size_t i = 0; i < 7; i++) {
+    AddMemory(dir_ + "entry" + std::to_string(i) + ".data", memory);
+    AddMemory(dir_ + "jit" + std::to_string(i) + ".data", memory);
+  }
+  process_memory_.reset(memory);
+
+  LeakType data(maps_.get(), regs_.get(), process_memory_);
+  TestCheckForLeaks(OfflineUnwind, &data);
+}
+
 // The eh_frame_hdr data is present but set to zero fdes. This should
 // fallback to iterating over the cies/fdes and ignore the eh_frame_hdr.
 // No .gnu_debugdata section in the elf file, so no symbols.
diff --git a/libunwindstack/tests/UnwindTest.cpp b/libunwindstack/tests/UnwindTest.cpp
index c747eab..4e38015 100644
--- a/libunwindstack/tests/UnwindTest.cpp
+++ b/libunwindstack/tests/UnwindTest.cpp
@@ -198,6 +198,21 @@
   OuterFunction(TEST_TYPE_LOCAL_UNWINDER_FROM_PID);
 }
 
+static void LocalUnwind(void* data) {
+  TestTypeEnum* test_type = reinterpret_cast<TestTypeEnum*>(data);
+  OuterFunction(*test_type);
+}
+
+TEST_F(UnwindTest, local_check_for_leak) {
+  TestTypeEnum test_type = TEST_TYPE_LOCAL_UNWINDER;
+  TestCheckForLeaks(LocalUnwind, &test_type);
+}
+
+TEST_F(UnwindTest, local_use_from_pid_check_for_leak) {
+  TestTypeEnum test_type = TEST_TYPE_LOCAL_UNWINDER_FROM_PID;
+  TestCheckForLeaks(LocalUnwind, &test_type);
+}
+
 void WaitForRemote(pid_t pid, uint64_t addr, bool leave_attached, bool* completed) {
   *completed = false;
   // Need to sleep before attempting first ptrace. Without this, on the
@@ -279,6 +294,57 @@
       << "ptrace detach failed with unexpected error: " << strerror(errno);
 }
 
+static void RemoteCheckForLeaks(void (*unwind_func)(void*)) {
+  pid_t pid;
+  if ((pid = fork()) == 0) {
+    OuterFunction(TEST_TYPE_REMOTE);
+    exit(0);
+  }
+  ASSERT_NE(-1, pid);
+  TestScopedPidReaper reap(pid);
+
+  bool completed;
+  WaitForRemote(pid, reinterpret_cast<uint64_t>(&g_ready_for_remote), true, &completed);
+  ASSERT_TRUE(completed) << "Timed out waiting for remote process to be ready.";
+
+  TestCheckForLeaks(unwind_func, &pid);
+
+  ASSERT_EQ(0, ptrace(PTRACE_DETACH, pid, 0, 0))
+      << "ptrace detach failed with unexpected error: " << strerror(errno);
+}
+
+static void RemoteUnwind(void* data) {
+  pid_t* pid = reinterpret_cast<pid_t*>(data);
+
+  RemoteMaps maps(*pid);
+  ASSERT_TRUE(maps.Parse());
+  std::unique_ptr<Regs> regs(Regs::RemoteGet(*pid));
+  ASSERT_TRUE(regs.get() != nullptr);
+
+  VerifyUnwind(*pid, &maps, regs.get(), kFunctionOrder);
+}
+
+TEST_F(UnwindTest, remote_check_for_leaks) {
+  RemoteCheckForLeaks(RemoteUnwind);
+}
+
+static void RemoteUnwindFromPid(void* data) {
+  pid_t* pid = reinterpret_cast<pid_t*>(data);
+
+  std::unique_ptr<Regs> regs(Regs::RemoteGet(*pid));
+  ASSERT_TRUE(regs.get() != nullptr);
+
+  UnwinderFromPid unwinder(512, *pid);
+  ASSERT_TRUE(unwinder.Init(regs->Arch()));
+  unwinder.SetRegs(regs.get());
+
+  VerifyUnwind(&unwinder, kFunctionOrder);
+}
+
+TEST_F(UnwindTest, remote_unwind_for_pid_check_for_leaks) {
+  RemoteCheckForLeaks(RemoteUnwindFromPid);
+}
+
 TEST_F(UnwindTest, from_context) {
   std::atomic_int tid(0);
   std::thread thread([&]() {
diff --git a/libunwindstack/tools/unwind_info.cpp b/libunwindstack/tools/unwind_info.cpp
index 3f5b88b..19982d8 100644
--- a/libunwindstack/tools/unwind_info.cpp
+++ b/libunwindstack/tools/unwind_info.cpp
@@ -44,10 +44,10 @@
   }
 
   printf("ARM Unwind Information:\n");
+  uint64_t load_bias = elf->GetLoadBias();
   for (const auto& entry : interface->pt_loads()) {
-    uint64_t load_bias = entry.second.table_offset;
     printf(" PC Range 0x%" PRIx64 " - 0x%" PRIx64 "\n", entry.second.offset + load_bias,
-           entry.second.table_size + load_bias);
+           entry.second.offset + entry.second.table_size + load_bias);
     for (auto pc : *interface) {
       std::string name;
       printf("  PC 0x%" PRIx64, pc + load_bias);
diff --git a/lmkd/Android.bp b/lmkd/Android.bp
index f9ed57c..4c5ca03 100644
--- a/lmkd/Android.bp
+++ b/lmkd/Android.bp
@@ -6,6 +6,7 @@
         "libcutils",
         "liblog",
         "libprocessgroup",
+        "libpsi",
     ],
     static_libs: [
         "libstatslogc",
diff --git a/lmkd/libpsi/Android.bp b/lmkd/libpsi/Android.bp
new file mode 100644
index 0000000..8a97094
--- /dev/null
+++ b/lmkd/libpsi/Android.bp
@@ -0,0 +1,22 @@
+cc_library_headers {
+    name: "libpsi_headers",
+    export_include_dirs: ["include"],
+}
+
+cc_library {
+    name: "libpsi",
+    srcs: ["psi.c"],
+    shared_libs: [
+        "liblog"
+    ],
+    header_libs: [
+        "libpsi_headers",
+    ],
+    export_header_lib_headers: [
+        "libpsi_headers",
+    ],
+    cflags: [
+        "-Wall",
+        "-Werror",
+    ],
+}
diff --git a/lmkd/libpsi/OWNERS b/lmkd/libpsi/OWNERS
new file mode 100644
index 0000000..b15bb48
--- /dev/null
+++ b/lmkd/libpsi/OWNERS
@@ -0,0 +1 @@
+surenb@google.com
diff --git a/lmkd/libpsi/include/psi/psi.h b/lmkd/libpsi/include/psi/psi.h
new file mode 100644
index 0000000..cd49e8b
--- /dev/null
+++ b/lmkd/libpsi/include/psi/psi.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __ANDROID_PSI_H__
+#define __ANDROID_PSI_H__
+
+#include <sys/cdefs.h>
+#include <sys/types.h>
+
+__BEGIN_DECLS
+
+enum psi_stall_type {
+    PSI_SOME,
+    PSI_FULL,
+    PSI_TYPE_COUNT
+};
+
+/*
+ * Initializes psi monitor.
+ * stall_type, threshold_us and window_us are monitor parameters
+ * When successful, the function returns file descriptor that can
+ * be used with poll/epoll syscalls to wait for EPOLLPRI events.
+ * When unsuccessful, the function returns -1 and errno is set
+ * appropriately.
+ */
+int init_psi_monitor(enum psi_stall_type stall_type,
+        int threshold_us, int window_us);
+
+/*
+ * Registers psi monitor file descriptor fd on the epoll instance
+ * referred to by the file descriptor epollfd.
+ * data parameter will be associated with event's epoll_data.ptr
+ * member.
+ */
+int register_psi_monitor(int epollfd, int fd, void* data);
+
+/*
+ * Unregisters psi monitor file descriptor fd from the epoll instance
+ * referred to by the file descriptor epollfd.
+ */
+int unregister_psi_monitor(int epollfd, int fd);
+
+/*
+ * Destroys psi monitor.
+ * fd is the file descriptor returned by psi monitor initialization
+ * routine.
+ * Note that if user process exits without calling this routine
+ * kernel will destroy the monitor as its lifetime is linked to
+ * the file descriptor.
+ */
+void destroy_psi_monitor(int fd);
+
+__END_DECLS
+
+#endif  // __ANDROID_PSI_H__
diff --git a/lmkd/libpsi/psi.c b/lmkd/libpsi/psi.c
new file mode 100644
index 0000000..f4d5d18
--- /dev/null
+++ b/lmkd/libpsi/psi.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "libpsi"
+
+#include <errno.h>
+#include <string.h>
+#include <sys/epoll.h>
+
+#include <log/log.h>
+#include "psi/psi.h"
+
+#define PSI_MON_FILE_MEMORY "/proc/pressure/memory"
+
+static const char* stall_type_name[] = {
+        "some",
+        "full",
+};
+
+int init_psi_monitor(enum psi_stall_type stall_type,
+             int threshold_us, int window_us) {
+    int fd;
+    int res;
+    char buf[256];
+
+    fd = TEMP_FAILURE_RETRY(open(PSI_MON_FILE_MEMORY, O_WRONLY | O_CLOEXEC));
+    if (fd < 0) {
+        ALOGE("No kernel psi monitor support (errno=%d)", errno);
+        return -1;
+    }
+
+    switch (stall_type) {
+    case (PSI_SOME):
+    case (PSI_FULL):
+        res = snprintf(buf, sizeof(buf), "%s %d %d",
+            stall_type_name[stall_type], threshold_us, window_us);
+        break;
+    default:
+        ALOGE("Invalid psi stall type: %d", stall_type);
+        errno = EINVAL;
+        goto err;
+    }
+
+    if (res >= (ssize_t)sizeof(buf)) {
+        ALOGE("%s line overflow for psi stall type '%s'",
+            PSI_MON_FILE_MEMORY, stall_type_name[stall_type]);
+        errno = EINVAL;
+        goto err;
+    }
+
+    res = TEMP_FAILURE_RETRY(write(fd, buf, strlen(buf) + 1));
+    if (res < 0) {
+        ALOGE("%s write failed for psi stall type '%s'; errno=%d",
+            PSI_MON_FILE_MEMORY, stall_type_name[stall_type], errno);
+        goto err;
+    }
+
+    return fd;
+
+err:
+    close(fd);
+    return -1;
+}
+
+int register_psi_monitor(int epollfd, int fd, void* data) {
+    int res;
+    struct epoll_event epev;
+
+    epev.events = EPOLLPRI;
+    epev.data.ptr = data;
+    res = epoll_ctl(epollfd, EPOLL_CTL_ADD, fd, &epev);
+    if (res < 0) {
+        ALOGE("epoll_ctl for psi monitor failed; errno=%d", errno);
+    }
+    return res;
+}
+
+int unregister_psi_monitor(int epollfd, int fd) {
+    return epoll_ctl(epollfd, EPOLL_CTL_DEL, fd, NULL);
+}
+
+void destroy_psi_monitor(int fd) {
+    if (fd >= 0) {
+        close(fd);
+    }
+}
diff --git a/lmkd/lmkd.c b/lmkd/lmkd.c
index ca78c38..562e578 100644
--- a/lmkd/lmkd.c
+++ b/lmkd/lmkd.c
@@ -44,6 +44,7 @@
 #include <log/log.h>
 #include <log/log_event_list.h>
 #include <log/log_time.h>
+#include <psi/psi.h>
 #include <system/thread_defs.h>
 
 #ifdef LMKD_LOG_STATS
@@ -93,6 +94,7 @@
 #define TARGET_UPDATE_MIN_INTERVAL_MS 1000
 
 #define NS_PER_MS (NS_PER_SEC / MS_PER_SEC)
+#define US_PER_MS (US_PER_SEC / MS_PER_SEC)
 
 /* Defined as ProcessList.SYSTEM_ADJ in ProcessList.java */
 #define SYSTEM_ADJ (-900)
@@ -100,6 +102,18 @@
 #define STRINGIFY(x) STRINGIFY_INTERNAL(x)
 #define STRINGIFY_INTERNAL(x) #x
 
+/*
+ * PSI monitor tracking window size.
+ * PSI monitor generates events at most once per window,
+ * therefore we poll memory state for the duration of
+ * PSI_WINDOW_SIZE_MS after the event happens.
+ */
+#define PSI_WINDOW_SIZE_MS 1000
+/* Polling period after initial PSI signal */
+#define PSI_POLL_PERIOD_MS 200
+/* Poll for the duration of one window after initial PSI signal */
+#define PSI_POLL_COUNT (PSI_WINDOW_SIZE_MS / PSI_POLL_PERIOD_MS)
+
 #define min(a, b) (((a) < (b)) ? (a) : (b))
 
 #define FAIL_REPORT_RLIMIT_MS 1000
@@ -127,6 +141,11 @@
     int64_t max_nr_free_pages;
 } low_pressure_mem = { -1, -1 };
 
+struct psi_threshold {
+    enum psi_stall_type stall_type;
+    int threshold_ms;
+};
+
 static int level_oomadj[VMPRESS_LEVEL_COUNT];
 static int mpevfd[VMPRESS_LEVEL_COUNT] = { -1, -1, -1 };
 static bool debug_process_killing;
@@ -139,6 +158,12 @@
 static bool use_minfree_levels;
 static bool per_app_memcg;
 static int swap_free_low_percentage;
+static bool use_psi_monitors = false;
+static struct psi_threshold psi_thresholds[VMPRESS_LEVEL_COUNT] = {
+    { PSI_SOME, 70 },    /* 70ms out of 1sec for partial stall */
+    { PSI_SOME, 100 },   /* 100ms out of 1sec for partial stall */
+    { PSI_FULL, 70 },    /* 70ms out of 1sec for complete stall */
+};
 
 static android_log_context ctx;
 
@@ -1524,17 +1549,23 @@
         .fd = -1,
     };
 
-    /*
-     * Check all event counters from low to critical
-     * and upgrade to the highest priority one. By reading
-     * eventfd we also reset the event counters.
-     */
-    for (lvl = VMPRESS_LEVEL_LOW; lvl < VMPRESS_LEVEL_COUNT; lvl++) {
-        if (mpevfd[lvl] != -1 &&
-            TEMP_FAILURE_RETRY(read(mpevfd[lvl],
-                               &evcount, sizeof(evcount))) > 0 &&
-            evcount > 0 && lvl > level) {
-            level = lvl;
+    if (debug_process_killing) {
+        ALOGI("%s memory pressure event is triggered", level_name[level]);
+    }
+
+    if (!use_psi_monitors) {
+        /*
+         * Check all event counters from low to critical
+         * and upgrade to the highest priority one. By reading
+         * eventfd we also reset the event counters.
+         */
+        for (lvl = VMPRESS_LEVEL_LOW; lvl < VMPRESS_LEVEL_COUNT; lvl++) {
+            if (mpevfd[lvl] != -1 &&
+                TEMP_FAILURE_RETRY(read(mpevfd[lvl],
+                                   &evcount, sizeof(evcount))) > 0 &&
+                evcount > 0 && lvl > level) {
+                level = lvl;
+            }
         }
     }
 
@@ -1722,6 +1753,54 @@
     }
 }
 
+static bool init_mp_psi(enum vmpressure_level level) {
+    int fd = init_psi_monitor(psi_thresholds[level].stall_type,
+        psi_thresholds[level].threshold_ms * US_PER_MS,
+        PSI_WINDOW_SIZE_MS * US_PER_MS);
+
+    if (fd < 0) {
+        return false;
+    }
+
+    vmpressure_hinfo[level].handler = mp_event_common;
+    vmpressure_hinfo[level].data = level;
+    if (register_psi_monitor(epollfd, fd, &vmpressure_hinfo[level]) < 0) {
+        destroy_psi_monitor(fd);
+        return false;
+    }
+    maxevents++;
+    mpevfd[level] = fd;
+
+    return true;
+}
+
+static void destroy_mp_psi(enum vmpressure_level level) {
+    int fd = mpevfd[level];
+
+    if (unregister_psi_monitor(epollfd, fd) < 0) {
+        ALOGE("Failed to unregister psi monitor for %s memory pressure; errno=%d",
+            level_name[level], errno);
+    }
+    destroy_psi_monitor(fd);
+    mpevfd[level] = -1;
+}
+
+static bool init_psi_monitors() {
+    if (!init_mp_psi(VMPRESS_LEVEL_LOW)) {
+        return false;
+    }
+    if (!init_mp_psi(VMPRESS_LEVEL_MEDIUM)) {
+        destroy_mp_psi(VMPRESS_LEVEL_LOW);
+        return false;
+    }
+    if (!init_mp_psi(VMPRESS_LEVEL_CRITICAL)) {
+        destroy_mp_psi(VMPRESS_LEVEL_MEDIUM);
+        destroy_mp_psi(VMPRESS_LEVEL_LOW);
+        return false;
+    }
+    return true;
+}
+
 static bool init_mp_common(enum vmpressure_level level) {
     int mpfd;
     int evfd;
@@ -1837,12 +1916,22 @@
     if (use_inkernel_interface) {
         ALOGI("Using in-kernel low memory killer interface");
     } else {
-        if (!init_mp_common(VMPRESS_LEVEL_LOW) ||
+        /* Try to use psi monitor first if kernel has it */
+        use_psi_monitors = property_get_bool("ro.lmk.use_psi", true) &&
+            init_psi_monitors();
+        /* Fall back to vmpressure */
+        if (!use_psi_monitors &&
+            (!init_mp_common(VMPRESS_LEVEL_LOW) ||
             !init_mp_common(VMPRESS_LEVEL_MEDIUM) ||
-            !init_mp_common(VMPRESS_LEVEL_CRITICAL)) {
+            !init_mp_common(VMPRESS_LEVEL_CRITICAL))) {
             ALOGE("Kernel does not support memory pressure events or in-kernel low memory killer");
             return -1;
         }
+        if (use_psi_monitors) {
+            ALOGI("Using psi monitors for memory pressure detection");
+        } else {
+            ALOGI("Using vmpressure for memory pressure detection");
+        }
     }
 
     for (i = 0; i <= ADJTOSLOT(OOM_SCORE_ADJ_MAX); i++) {
@@ -1857,14 +1946,37 @@
 
 static void mainloop(void) {
     struct event_handler_info* handler_info;
+    struct event_handler_info* poll_handler = NULL;
+    struct timespec last_report_tm, curr_tm;
     struct epoll_event *evt;
+    long delay = -1;
+    int polling = 0;
 
     while (1) {
         struct epoll_event events[maxevents];
         int nevents;
         int i;
 
-        nevents = epoll_wait(epollfd, events, maxevents, -1);
+        if (polling) {
+            /* Calculate next timeout */
+            clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm);
+            delay = get_time_diff_ms(&last_report_tm, &curr_tm);
+            delay = (delay < PSI_POLL_PERIOD_MS) ?
+                PSI_POLL_PERIOD_MS - delay : PSI_POLL_PERIOD_MS;
+
+            /* Wait for events until the next polling timeout */
+            nevents = epoll_wait(epollfd, events, maxevents, delay);
+
+            clock_gettime(CLOCK_MONOTONIC_COARSE, &curr_tm);
+            if (get_time_diff_ms(&last_report_tm, &curr_tm) >= PSI_POLL_PERIOD_MS) {
+                polling--;
+                poll_handler->handler(poll_handler->data, 0);
+                last_report_tm = curr_tm;
+            }
+        } else {
+            /* Wait for events with no timeout */
+            nevents = epoll_wait(epollfd, events, maxevents, -1);
+        }
 
         if (nevents == -1) {
             if (errno == EINTR)
@@ -1899,6 +2011,17 @@
             if (evt->data.ptr) {
                 handler_info = (struct event_handler_info*)evt->data.ptr;
                 handler_info->handler(handler_info->data, evt->events);
+
+                if (use_psi_monitors && handler_info->handler == mp_event_common) {
+                    /*
+                     * Poll for the duration of PSI_WINDOW_SIZE_MS after the
+                     * initial PSI event because psi events are rate-limited
+                     * at one per sec.
+                     */
+                    polling = PSI_POLL_COUNT;
+                    poll_handler = handler_info;
+                    clock_gettime(CLOCK_MONOTONIC_COARSE, &last_report_tm);
+                }
             }
         }
     }
diff --git a/logd/tests/AndroidTest.xml b/logd/tests/AndroidTest.xml
index 84f0764..9a18edb 100644
--- a/logd/tests/AndroidTest.xml
+++ b/logd/tests/AndroidTest.xml
@@ -16,6 +16,8 @@
 <configuration description="Config for CTS Logging Daemon test cases">
     <option name="test-suite-tag" value="cts" />
     <option name="config-descriptor:metadata" key="component" value="systems" />
+    <option name="config-descriptor:metadata" key="parameter" value="not_instant_app" />
+    <option name="config-descriptor:metadata" key="parameter" value="multi_abi" />
     <target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher">
         <option name="cleanup" value="true" />
         <option name="push" value="CtsLogdTestCases->/data/local/tmp/CtsLogdTestCases" />
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index 1871ca7..cbbc710 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -24,6 +24,48 @@
 LOCAL_MODULE_CLASS := ETC
 LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/init
 
+# Start of runtime APEX compatibility.
+#
+# Meta-comment:
+# The placing of this section is somewhat arbitrary. The LOCAL_POST_INSTALL_CMD
+# entries need to be associated with something that goes into /system.
+# init-debug.rc qualifies but it could be anything else in /system until soong
+# supports creation of symlinks. http://b/123333111
+#
+# Keeping the appearance of files/dirs having old locations for apps that have
+# come to rely on them.
+
+# http://b/121248172 - create a link from /system/usr/icu to
+# /apex/com.android.runtime/etc/icu so that apps can find the ICU .dat file.
+# A symlink can't overwrite a directory and the /system/usr/icu directory once
+# existed so the required structure must be created whatever we find.
+LOCAL_POST_INSTALL_CMD = mkdir -p $(TARGET_OUT)/usr && rm -rf $(TARGET_OUT)/usr/icu
+LOCAL_POST_INSTALL_CMD += ; ln -sf /apex/com.android.runtime/etc/icu $(TARGET_OUT)/usr/icu
+
+# End of runtime APEX compatibilty.
+
+include $(BUILD_PREBUILT)
+
+#######################################
+# cgroups.json
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := cgroups.json
+LOCAL_SRC_FILES := $(LOCAL_MODULE)
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)
+
+include $(BUILD_PREBUILT)
+
+#######################################
+# task_profiles.json
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := task_profiles.json
+LOCAL_SRC_FILES := $(LOCAL_MODULE)
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)
+
 include $(BUILD_PREBUILT)
 
 #######################################
@@ -129,19 +171,6 @@
 LOCAL_POST_INSTALL_CMD += ; ln -sf /vendor/odm/priv-app $(TARGET_ROOT_OUT)/odm/priv-app
 LOCAL_POST_INSTALL_CMD += ; ln -sf /vendor/odm/usr $(TARGET_ROOT_OUT)/odm/usr
 
-# Start of runtime APEX compatibility.
-# Keeping the appearance of files/dirs having old locations for apps that have
-# come to rely on them.
-
-# http://b/121248172 - create a link from /system/usr/icu to
-# /apex/com.android.runtime/etc/icu so that apps can find the ICU .dat file.
-# A symlink can't overwrite a directory and the /system/usr/icu directory once
-# existed so the required structure must be created whatever we find.
-LOCAL_POST_INSTALL_CMD += ; mkdir -p $(TARGET_OUT)/usr && rm -rf $(TARGET_OUT)/usr/icu
-LOCAL_POST_INSTALL_CMD += ; ln -sf /apex/com.android.runtime/etc/icu $(TARGET_OUT)/usr/icu
-
-# End of runtime APEX compatibilty.
-
 ifdef BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE
   LOCAL_POST_INSTALL_CMD += ; mkdir -p $(TARGET_ROOT_OUT)/cache
 else
diff --git a/rootdir/cgroups.json b/rootdir/cgroups.json
new file mode 100644
index 0000000..6eb88c9
--- /dev/null
+++ b/rootdir/cgroups.json
@@ -0,0 +1,43 @@
+{
+  "Cgroups": [
+    {
+      "Controller": "cpu",
+      "Path": "/dev/cpuctl",
+      "Mode": 0755,
+      "UID": "system",
+      "GID": "system"
+    },
+    {
+      "Controller": "cpuacct",
+      "Path": "/acct",
+      "Mode": 0555
+    },
+    {
+      "Controller": "cpuset",
+      "Path": "/dev/cpuset",
+      "Mode": 0755,
+      "UID": "system",
+      "GID": "system"
+    },
+    {
+      "Controller": "memory",
+      "Path": "/dev/memcg",
+      "Mode": 0700,
+      "UID": "root",
+      "GID": "system"
+    },
+    {
+      "Controller": "schedtune",
+      "Path": "/dev/stune",
+      "Mode": 0755,
+      "UID": "system",
+      "GID": "system"
+    }
+  ],
+  "Cgroups2": {
+    "Path": "/dev/cg2_bpf",
+    "Mode": 0600,
+    "UID": "root",
+    "GID": "root"
+  }
+}
diff --git a/rootdir/etc/ld.config.legacy.txt b/rootdir/etc/ld.config.legacy.txt
index 6d9d810..48ca998 100644
--- a/rootdir/etc/ld.config.legacy.txt
+++ b/rootdir/etc/ld.config.legacy.txt
@@ -35,12 +35,17 @@
 # APEX related namespaces.
 ###############################################################################
 
-additional.namespaces = runtime,conscrypt,media
-namespace.default.asan.permitted.paths += /apex/com.android.resolv/${LIB}
+additional.namespaces = runtime,conscrypt,media,resolv
 
 # Keep in sync with ld.config.txt in the com.android.runtime APEX.
-namespace.default.links = runtime
-namespace.default.asan.links = runtime
+# If a shared library or an executable requests a shared library that
+# cannot be loaded into the default namespace, the dynamic linker tries
+# to load the shared library from the runtime namespace.And then, if the
+# shared library cannot be loaded from the runtime namespace either, the
+# dynamic linker tries to load the shared library from the resolv namespace.
+# Finally, if all attempts fail, the dynamic linker returns an error.
+namespace.default.links = runtime,resolv
+namespace.default.asan.links = runtime,resolv
 # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by
 # libart.
 namespace.default.visible = true
@@ -50,12 +55,18 @@
 namespace.default.link.runtime.shared_libs += libnativehelper.so
 namespace.default.link.runtime.shared_libs += libnativeloader.so
 
+# When libnetd_resolv.so can't be found in the default namespace, search for it
+# in the resolv namespace. Don't allow any other libraries from the resolv namespace
+# to be loaded in the default namespace.
+namespace.default.link.resolv.shared_libs = libnetd_resolv.so
+
 ###############################################################################
 # "runtime" APEX namespace
 #
 # This namespace exposes externally accessible libraries from the Runtime APEX.
 ###############################################################################
 namespace.runtime.isolated = true
+namespace.runtime.visible = true
 
 # Keep in sync with ld.config.txt in the com.android.runtime APEX.
 namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
@@ -80,6 +91,7 @@
 namespace.media.link.default.shared_libs  = %LLNDK_LIBRARIES%
 namespace.media.link.default.shared_libs += libandroid.so
 namespace.media.link.default.shared_libs += libbinder_ndk.so
+namespace.media.link.default.shared_libs += libmediametrics.so
 namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
 
 ###############################################################################
@@ -93,12 +105,29 @@
 # Keep in sync with ld.config.txt in the com.android.runtime APEX.
 namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB}
 namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB}
-namespace.conscrypt.links = default
+namespace.conscrypt.links = runtime,default
+namespace.conscrypt.link.runtime.shared_libs  = libjavacore.so
 namespace.conscrypt.link.default.shared_libs  = libc.so
 namespace.conscrypt.link.default.shared_libs += libm.so
 namespace.conscrypt.link.default.shared_libs += libdl.so
 
 ###############################################################################
+# "resolv" APEX namespace
+#
+# This namespace is for libraries within the resolv APEX.
+###############################################################################
+namespace.resolv.isolated = true
+namespace.resolv.visible = true
+
+namespace.resolv.search.paths = /apex/com.android.resolv/${LIB}
+namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB}
+namespace.resolv.links = default
+namespace.resolv.link.default.shared_libs  = libc.so
+namespace.resolv.link.default.shared_libs += libm.so
+namespace.resolv.link.default.shared_libs += libdl.so
+namespace.resolv.link.default.shared_libs += libbinder_ndk.so
+
+###############################################################################
 # Namespace config for binaries under /postinstall.
 # Only one default namespace is defined and it has no directories other than
 # /system/lib and /product/lib in the search paths. This is because linker
diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt
index 05f75bf..7aa097d 100644
--- a/rootdir/etc/ld.config.txt
+++ b/rootdir/etc/ld.config.txt
@@ -24,11 +24,14 @@
 dir.system = /data/nativetest64
 dir.system = /data/benchmarktest
 dir.system = /data/benchmarktest64
+# TODO(b/123864775): Ensure tests are run from one of the directories above and
+# remove this.
+dir.system = /data/local/tmp
 
 dir.postinstall = /postinstall
 
 [system]
-additional.namespaces = runtime,conscrypt,media,sphal,vndk,rs
+additional.namespaces = runtime,conscrypt,media,resolv,sphal,vndk,rs
 
 ###############################################################################
 # "default" namespace
@@ -73,13 +76,14 @@
 namespace.default.permitted.paths += /%PRODUCT_SERVICES%/priv-app
 namespace.default.permitted.paths += /data
 namespace.default.permitted.paths += /mnt/expand
-namespace.default.permitted.paths += /apex/com.android.resolv/${LIB}
+namespace.default.permitted.paths += /bionic/${LIB}
+namespace.default.permitted.paths += /system/${LIB}/bootstrap
 
 namespace.default.asan.search.paths  = /data/asan/system/${LIB}
 namespace.default.asan.search.paths +=           /system/${LIB}
-namespace.default.asan.search.paths += /data/asan/product/${LIB}
+namespace.default.asan.search.paths += /data/asan/%PRODUCT%/${LIB}
 namespace.default.asan.search.paths +=           /%PRODUCT%/${LIB}
-namespace.default.asan.search.paths += /data/asan/product_services/${LIB}
+namespace.default.asan.search.paths += /data/asan/%PRODUCT_SERVICES%/${LIB}
 namespace.default.asan.search.paths +=           /%PRODUCT_SERVICES%/${LIB}
 
 namespace.default.asan.permitted.paths  = /data
@@ -105,10 +109,17 @@
 namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/app
 namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/priv-app
 namespace.default.asan.permitted.paths += /mnt/expand
-namespace.default.asan.permitted.paths += /apex/com.android.resolv/${LIB}
+namespace.default.asan.permitted.paths += /bionic/${LIB}
+namespace.default.asan.permitted.paths += /system/${LIB}/bootstrap
 
 # Keep in sync with ld.config.txt in the com.android.runtime APEX.
-namespace.default.links = runtime
+# If a shared library or an executable requests a shared library that
+# cannot be loaded into the default namespace, the dynamic linker tries
+# to load the shared library from the runtime namespace.And then, if the
+# shared library cannot be loaded from the runtime namespace either, the
+# dynamic linker tries to load the shared library from the resolv namespace.
+# Finally, if all attempts fail, the dynamic linker returns an error.
+namespace.default.links = runtime,resolv
 # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by
 # libart.
 namespace.default.visible = true
@@ -118,12 +129,18 @@
 namespace.default.link.runtime.shared_libs += libnativehelper.so
 namespace.default.link.runtime.shared_libs += libnativeloader.so
 
+# When libnetd_resolv.so can't be found in the default namespace, search for it
+# in the resolv namespace. Don't allow any other libraries from the resolv namespace
+# to be loaded in the default namespace.
+namespace.default.link.resolv.shared_libs = libnetd_resolv.so
+
 ###############################################################################
 # "runtime" APEX namespace
 #
 # This namespace exposes externally accessible libraries from the Runtime APEX.
 ###############################################################################
 namespace.runtime.isolated = true
+namespace.runtime.visible = true
 
 # Keep in sync with ld.config.txt in the com.android.runtime APEX.
 namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
@@ -162,12 +179,29 @@
 # Keep in sync with ld.config.txt in the com.android.runtime APEX.
 namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB}
 namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB}
-namespace.conscrypt.links = default
+namespace.conscrypt.links = runtime,default
+namespace.conscrypt.link.runtime.shared_libs  = libjavacore.so
 namespace.conscrypt.link.default.shared_libs  = libc.so
 namespace.conscrypt.link.default.shared_libs += libm.so
 namespace.conscrypt.link.default.shared_libs += libdl.so
 
 ###############################################################################
+# "resolv" APEX namespace
+#
+# This namespace is for libraries within the resolv APEX.
+###############################################################################
+namespace.resolv.isolated = true
+namespace.resolv.visible = true
+
+namespace.resolv.search.paths = /apex/com.android.resolv/${LIB}
+namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB}
+namespace.resolv.links = default
+namespace.resolv.link.default.shared_libs  = libc.so
+namespace.resolv.link.default.shared_libs += libm.so
+namespace.resolv.link.default.shared_libs += libdl.so
+namespace.resolv.link.default.shared_libs += libbinder_ndk.so
+
+###############################################################################
 # "sphal" namespace
 #
 # SP-HAL(Sameprocess-HAL)s are the only vendor libraries that are allowed to be
@@ -185,6 +219,7 @@
 
 namespace.sphal.search.paths  = /odm/${LIB}
 namespace.sphal.search.paths += /vendor/${LIB}
+namespace.sphal.search.paths += /vendor/${LIB}/hw
 
 namespace.sphal.permitted.paths  = /odm/${LIB}
 namespace.sphal.permitted.paths += /vendor/${LIB}
@@ -436,7 +471,10 @@
 namespace.system.asan.search.paths +=           /%PRODUCT_SERVICES%/${LIB}
 
 namespace.system.links = runtime
-namespace.system.link.runtime.shared_libs = libdexfile_external.so
+namespace.system.link.runtime.shared_libs  = libdexfile_external.so
+namespace.system.link.runtime.shared_libs += libnativebridge.so
+namespace.system.link.runtime.shared_libs += libnativehelper.so
+namespace.system.link.runtime.shared_libs += libnativeloader.so
 
 ###############################################################################
 # Namespace config for binaries under /postinstall.
diff --git a/rootdir/etc/ld.config.vndk_lite.txt b/rootdir/etc/ld.config.vndk_lite.txt
index 335369e..1904445 100644
--- a/rootdir/etc/ld.config.vndk_lite.txt
+++ b/rootdir/etc/ld.config.vndk_lite.txt
@@ -28,7 +28,7 @@
 dir.postinstall = /postinstall
 
 [system]
-additional.namespaces = runtime,conscrypt,media,sphal,vndk,rs
+additional.namespaces = runtime,conscrypt,media,resolv,sphal,vndk,rs
 
 ###############################################################################
 # "default" namespace
@@ -50,28 +50,41 @@
 namespace.default.asan.search.paths +=           /odm/${LIB}
 namespace.default.asan.search.paths += /data/asan/vendor/${LIB}
 namespace.default.asan.search.paths +=           /vendor/${LIB}
-namespace.default.asan.search.paths += /data/asan/product/${LIB}
+namespace.default.asan.search.paths += /data/asan/%PRODUCT%/${LIB}
 namespace.default.asan.search.paths +=           /%PRODUCT%/${LIB}
-namespace.default.asan.search.paths += /data/asan/product_services/${LIB}
+namespace.default.asan.search.paths += /data/asan/%PRODUCT_SERVICES%/${LIB}
 namespace.default.asan.search.paths +=           /%PRODUCT_SERVICES%/${LIB}
 
 # Keep in sync with the platform namespace in the com.android.runtime APEX
 # ld.config.txt.
-namespace.default.links = runtime
+# If a shared library or an executable requests a shared library that
+# cannot be loaded into the default namespace, the dynamic linker tries
+# to load the shared library from the runtime namespace.And then, if the
+# shared library cannot be loaded from the runtime namespace either, the
+# dynamic linker tries to load the shared library from the resolv namespace.
+# Finally, if all attempts fail, the dynamic linker returns an error.
+namespace.default.links = runtime,resolv
 # Visible because some libraries are dlopen'ed, e.g. libopenjdk is dlopen'ed by
 # libart.
 namespace.default.visible = true
 namespace.default.link.runtime.shared_libs  = libart.so:libartd.so
 namespace.default.link.runtime.shared_libs += libdexfile_external.so
+namespace.default.link.runtime.shared_libs += libnativebridge.so
 namespace.default.link.runtime.shared_libs += libnativehelper.so
 namespace.default.link.runtime.shared_libs += libnativeloader.so
 
+# When libnetd_resolv.so can't be found in the default namespace, search for it
+# in the resolv namespace. Don't allow any other libraries from the resolv namespace
+# to be loaded in the default namespace.
+namespace.default.link.resolv.shared_libs = libnetd_resolv.so
+
 ###############################################################################
 # "runtime" APEX namespace
 #
 # This namespace pulls in externally accessible libs from the Runtime APEX.
 ###############################################################################
 namespace.runtime.isolated = true
+namespace.runtime.visible = true
 
 # Keep in sync with the default namespace in the com.android.runtime APEX
 # ld.config.txt.
@@ -111,12 +124,29 @@
 # Keep in sync with ld.config.txt in the com.android.runtime APEX.
 namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB}
 namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB}
-namespace.conscrypt.links = default
+namespace.conscrypt.links = runtime,default
+namespace.conscrypt.link.runtime.shared_libs  = libjavacore.so
 namespace.conscrypt.link.default.shared_libs  = libc.so
 namespace.conscrypt.link.default.shared_libs += libm.so
 namespace.conscrypt.link.default.shared_libs += libdl.so
 
 ###############################################################################
+# "resolv" APEX namespace
+#
+# This namespace is for libraries within the resolv APEX.
+###############################################################################
+namespace.resolv.isolated = true
+namespace.resolv.visible = true
+
+namespace.resolv.search.paths = /apex/com.android.resolv/${LIB}
+namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB}
+namespace.resolv.links = default
+namespace.resolv.link.default.shared_libs  = libc.so
+namespace.resolv.link.default.shared_libs += libm.so
+namespace.resolv.link.default.shared_libs += libdl.so
+namespace.resolv.link.default.shared_libs += libbinder_ndk.so
+
+###############################################################################
 # "sphal" namespace
 #
 # SP-HAL(Sameprocess-HAL)s are the only vendor libraries that are allowed to be
@@ -134,6 +164,7 @@
 
 namespace.sphal.search.paths  = /odm/${LIB}
 namespace.sphal.search.paths += /vendor/${LIB}
+namespace.sphal.search.paths += /vendor/${LIB}/hw
 
 namespace.sphal.permitted.paths  = /odm/${LIB}
 namespace.sphal.permitted.paths += /vendor/${LIB}
@@ -304,7 +335,10 @@
 namespace.default.asan.search.paths +=           /%PRODUCT_SERVICES%/${LIB}
 
 namespace.default.links = runtime
-namespace.default.link.runtime.shared_libs = libdexfile_external.so
+namespace.default.link.runtime.shared_libs  = libdexfile_external.so
+namespace.default.link.runtime.shared_libs += libnativebridge.so
+namespace.default.link.runtime.shared_libs += libnativehelper.so
+namespace.default.link.runtime.shared_libs += libnativeloader.so
 
 ###############################################################################
 # "runtime" APEX namespace
diff --git a/rootdir/init.rc b/rootdir/init.rc
index d081666..c6e2116 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -11,7 +11,14 @@
 import /init.usb.configfs.rc
 import /init.${ro.zygote}.rc
 
+# Cgroups are mounted right before early-init using list from /etc/cgroups.json
 on early-init
+    # Mount shared so changes propagate into child namespaces
+    # Do this before other processes are started from init. Otherwise,
+    # processes launched while the propagation type of / is 'private'
+    # won't get mount events from others.
+    mount rootfs rootfs / shared rec
+
     # Set init and its forked children's oom_adj.
     write /proc/1/oom_score_adj -1000
 
@@ -24,14 +31,8 @@
     # Set the security context of /postinstall if present.
     restorecon /postinstall
 
-    # Mount cgroup mount point for cpu accounting
-    mount cgroup none /acct nodev noexec nosuid cpuacct
-    chmod 0555 /acct
     mkdir /acct/uid
 
-    # root memory control cgroup, used by lmkd
-    mkdir /dev/memcg 0700 root system
-    mount cgroup none /dev/memcg nodev noexec nosuid memory
     # memory.pressure_level used by lmkd
     chown root system /dev/memcg/memory.pressure_level
     chmod 0040 /dev/memcg/memory.pressure_level
@@ -63,8 +64,6 @@
     symlink /system/vendor /vendor
 
     # Create energy-aware scheduler tuning nodes
-    mkdir /dev/stune
-    mount cgroup none /dev/stune nodev noexec nosuid schedtune
     mkdir /dev/stune/foreground
     mkdir /dev/stune/background
     mkdir /dev/stune/top-app
@@ -158,8 +157,6 @@
     chmod 0400 /proc/net/fib_trie
 
     # Create cgroup mount points for process groups
-    mkdir /dev/cpuctl
-    mount cgroup none /dev/cpuctl nodev noexec nosuid cpu
     chown system system /dev/cpuctl
     chown system system /dev/cpuctl/tasks
     chmod 0666 /dev/cpuctl/tasks
@@ -167,9 +164,6 @@
     write /dev/cpuctl/cpu.rt_runtime_us 950000
 
     # sets up initial cpusets for ActivityManager
-    mkdir /dev/cpuset
-    mount cpuset none /dev/cpuset nodev noexec nosuid
-
     # this ensures that the cpusets are present and usable, but the device's
     # init.rc must actually set the correct cpus
     mkdir /dev/cpuset/foreground
@@ -231,8 +225,6 @@
     # This is needed by any process that uses socket tagging.
     chmod 0644 /dev/xt_qtaguid
 
-    mkdir /dev/cg2_bpf
-    mount cgroup2 cg2_bpf /dev/cg2_bpf nodev noexec nosuid
     chown root root /dev/cg2_bpf
     chmod 0600 /dev/cg2_bpf
     mount bpf bpf /sys/fs/bpf nodev noexec nosuid
@@ -346,8 +338,6 @@
     # Once everything is setup, no need to modify /.
     # The bind+remount combination allows this to work in containers.
     mount rootfs rootfs / remount bind ro nodev
-    # Mount shared so changes propagate into child namespaces
-    mount rootfs rootfs / shared rec
     # Mount default storage into root namespace
     mount none /mnt/runtime/default /storage bind rec
     mount none none /storage slave rec
@@ -583,6 +573,17 @@
     # Check any timezone data in /data is newer than the copy in the runtime module, delete if not.
     exec - system system -- /system/bin/tzdatacheck /apex/com.android.runtime/etc/tz /data/misc/zoneinfo
 
+    # load fsverity keys
+    exec -- /system/bin/mini-keyctl -c /product/etc/security/cacerts_fsverity,/vendor/etc/security/cacerts_fsverity -k .fs-verity
+
+    # Wait for apexd to finish activating APEXes before starting more processes.
+    # This certainly reduces the parallelism but is required to make as many processes
+    # as possible to use the bionic libs from the runtime APEX. This takes less than 50ms
+    # so the impact on the booting time is not significant.
+    wait_for_prop apexd.status ready
+    setup_runtime_bionic
+    parse_apex_configs
+
     # If there is no post-fs-data action in the init.<device>.rc file, you
     # must uncomment this line, otherwise encrypted filesystems
     # won't work.
@@ -804,6 +805,3 @@
 service flash_recovery /system/bin/install-recovery.sh
     class main
     oneshot
-
-on property:apexd.status=ready
-    parse_apex_configs
diff --git a/rootdir/task_profiles.json b/rootdir/task_profiles.json
new file mode 100644
index 0000000..5a090c5
--- /dev/null
+++ b/rootdir/task_profiles.json
@@ -0,0 +1,445 @@
+{
+  "Attributes": [
+    {
+      "Name": "LowCapacityCPUs",
+      "Controller": "cpuset",
+      "File": "background/cpus"
+    },
+    {
+      "Name": "HighCapacityCPUs",
+      "Controller": "cpuset",
+      "File": "foreground/cpus"
+    },
+    {
+      "Name": "MaxCapacityCPUs",
+      "Controller": "cpuset",
+      "File": "top-app/cpus"
+    },
+
+    {
+      "Name": "MemLimit",
+      "Controller": "memory",
+      "File": "memory.limit_in_bytes"
+    },
+    {
+      "Name": "MemSoftLimit",
+      "Controller": "memory",
+      "File": "memory.soft_limit_in_bytes"
+    },
+    {
+      "Name": "MemSwappiness",
+      "Controller": "memory",
+      "File": "memory.swappiness"
+    },
+    {
+      "Name": "STuneBoost",
+      "Controller": "schedtune",
+      "File": "schedtune.boost"
+    },
+    {
+      "Name": "STunePreferIdle",
+      "Controller": "schedtune",
+      "File": "schedtune.prefer_idle"
+    },
+    {
+      "Name": "UClampMin",
+      "Controller": "cpu",
+      "File": "cpu.util.min"
+    },
+    {
+      "Name": "UClampMax",
+      "Controller": "cpu",
+      "File": "cpu.util.max"
+    }
+  ],
+
+  "Profiles": [
+    {
+      "Name": "HighEnergySaving",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "schedtune",
+            "Path": "background"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "NormalPerformance",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "schedtune",
+            "Path": ""
+          }
+        }
+      ]
+    },
+    {
+      "Name": "HighPerformance",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "schedtune",
+            "Path": "foreground"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "MaxPerformance",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "schedtune",
+            "Path": "top-app"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "RealtimePerformance",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "schedtune",
+            "Path": "rt"
+          }
+        }
+      ]
+    },
+
+    {
+      "Name": "CpuPolicySpread",
+      "Actions" : [
+        {
+          "Name" : "SetAttribute",
+          "Params" :
+          {
+            "Name" : "STunePreferIdle",
+            "Value" : "1"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "CpuPolicyPack",
+      "Actions" : [
+        {
+          "Name" : "SetAttribute",
+          "Params" :
+          {
+            "Name" : "STunePreferIdle",
+            "Value" : "0"
+          }
+        }
+      ]
+    },
+
+    {
+      "Name": "VrKernelCapacity",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": ""
+          }
+        }
+      ]
+    },
+    {
+      "Name": "VrServiceCapacityLow",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "system/background"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "VrServiceCapacityNormal",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "system"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "VrServiceCapacityHigh",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "system/performance"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "VrProcessCapacityLow",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "application/background"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "VrProcessCapacityNormal",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "application"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "VrProcessCapacityHigh",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "application/performance"
+          }
+        }
+      ]
+    },
+
+    {
+      "Name": "ProcessCapacityLow",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "background"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "ProcessCapacityNormal",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": ""
+          }
+        }
+      ]
+    },
+    {
+      "Name": "ProcessCapacityHigh",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "foreground"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "ProcessCapacityMax",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "top-app"
+          }
+        }
+      ]
+    },
+
+    {
+      "Name": "ServiceCapacityLow",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "system-background"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "ServiceCapacityRestricted",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "restricted"
+          }
+        }
+      ]
+    },
+
+    {
+      "Name": "CameraServiceCapacity",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "cpuset",
+            "Path": "camera-daemon"
+          }
+        }
+      ]
+    },
+
+    {
+      "Name": "TimerSlackHigh",
+      "Actions" : [
+        {
+          "Name" : "SetTimerSlack",
+          "Params" :
+          {
+            "Slack": "40000000"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "TimerSlackNormal",
+      "Actions" : [
+        {
+          "Name" : "SetTimerSlack",
+          "Params" :
+          {
+            "Slack": "50000"
+          }
+        }
+      ]
+    },
+
+    {
+      "Name": "PerfBoost",
+      "Actions" : [
+        {
+          "Name" : "SetClamps",
+          "Params" :
+          {
+            "Boost" : "50%",
+            "Clamp" : "0"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "PerfClamp",
+      "Actions" : [
+        {
+          "Name" : "SetClamps",
+          "Params" :
+          {
+            "Boost" : "0",
+            "Clamp" : "30%"
+          }
+        }
+      ]
+    },
+
+    {
+      "Name": "LowMemoryUsage",
+      "Actions" : [
+        {
+          "Name" : "SetAttribute",
+          "Params" :
+          {
+            "Name" : "MemSoftLimit",
+            "Value" : "16MB"
+          }
+        },
+        {
+          "Name" : "SetAttribute",
+          "Params" :
+          {
+            "Name" : "MemSwappiness",
+            "Value" : "150"
+
+          }
+        }
+      ]
+    },
+    {
+      "Name": "HighMemoryUsage",
+      "Actions" : [
+        {
+          "Name" : "SetAttribute",
+          "Params" :
+          {
+            "Name" : "MemSoftLimit",
+            "Value" : "512MB"
+          }
+        },
+        {
+          "Name" : "SetAttribute",
+          "Params" :
+          {
+            "Name" : "MemSwappiness",
+            "Value" : "100"
+          }
+        }
+      ]
+    },
+    {
+      "Name": "SystemMemoryProcess",
+      "Actions" : [
+        {
+          "Name" : "JoinCgroup",
+          "Params" :
+          {
+            "Controller": "memory",
+            "Path": "system"
+          }
+        }
+      ]
+    }
+  ]
+}
diff --git a/rootdir/update_and_install_ld_config.mk b/rootdir/update_and_install_ld_config.mk
index 450be66..852e234 100644
--- a/rootdir/update_and_install_ld_config.mk
+++ b/rootdir/update_and_install_ld_config.mk
@@ -118,7 +118,12 @@
 	$(hide) sed -i.bak -e "s?%SANITIZER_RUNTIME_LIBRARIES%?$(PRIVATE_SANITIZER_RUNTIME_LIBRARIES)?g" $@
 	$(hide) sed -i.bak -e "s?%VNDK_VER%?$(PRIVATE_VNDK_VERSION_SUFFIX)?g" $@
 	$(hide) sed -i.bak -e "s?%PRODUCT%?$(TARGET_COPY_OUT_PRODUCT)?g" $@
+ifeq ($(TARGET_COPY_OUT_PRODUCT),$(TARGET_COPY_OUT_PRODUCT_SERVICES))
+	# Remove lines containing %PRODUCT_SERVICES% (identical to the %PRODUCT% ones)
+	$(hide) sed -i.bak -e "\?%PRODUCT_SERVICES%?d" $@
+else
 	$(hide) sed -i.bak -e "s?%PRODUCT_SERVICES%?$(TARGET_COPY_OUT_PRODUCT_SERVICES)?g" $@
+endif
 	$(hide) sed -i.bak -e "s?^$(PRIVATE_VNDK_VERSION_TAG)??g" $@
 	$(hide) sed -i.bak "/^\#VNDK[0-9]\{2\}\#.*$$/d" $@
 	$(hide) rm -f $@.bak
diff --git a/shell_and_utilities/Android.bp b/shell_and_utilities/Android.bp
index 5ce43d5..f01a8c7 100644
--- a/shell_and_utilities/Android.bp
+++ b/shell_and_utilities/Android.bp
@@ -14,6 +14,7 @@
         "bzip2",
         "grep",
         "logwrapper",
+        "mini-keyctl",
         "mkshrc",
         "newfs_msdos",
         "reboot",