Merge "fs_mgr: overlay: do not allow sub-mounts to be overridden"
diff --git a/adb/Android.bp b/adb/Android.bp
index f6aede8..6558b1b 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp
@@ -436,7 +436,6 @@
shared_libs: [
"libbootloader_message",
"libmdnssd",
- "libext4_utils",
"libfec",
"libfs_mgr",
"libselinux",
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 31790b1..9a0f4fe 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -704,10 +704,9 @@
return true;
}
-// For GSI to skip mounting /product and /product_services, until there are
-// well-defined interfaces between them and /system. Otherwise, the GSI flashed
-// on /system might not be able to work with /product and /product_services.
-// When they're skipped here, /system/product and /system/product_services in
+// For GSI to skip mounting /product and /system_ext, until there are well-defined interfaces
+// between them and /system. Otherwise, the GSI flashed on /system might not be able to work with
+// /product and /system_ext. When they're skipped here, /system/product and /system/system_ext in
// GSI will be used.
bool SkipMountingPartitions(Fstab* fstab) {
constexpr const char kSkipMountConfig[] = "/system/etc/init/config/skip_mount.cfg";
diff --git a/init/Android.bp b/init/Android.bp
index 86dcb4c..ee339dd 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -74,7 +74,6 @@
shared_libs: [
"libbacktrace",
"libbase",
- "libbinder",
"libbootloader_message",
"libcutils",
"libcrypto",
@@ -243,11 +242,12 @@
],
whole_static_libs: ["libcap"],
shared_libs: [
- "libprotobuf-cpp-lite",
- "libhidl-gen-utils",
- "libprocessgroup",
- "liblog",
"libcutils",
+ "libhidl-gen-utils",
+ "libjsoncpp",
+ "liblog",
+ "libprocessgroup",
+ "libprotobuf-cpp-lite",
],
srcs: [
"action.cpp",
diff --git a/init/host_init_verifier.cpp b/init/host_init_verifier.cpp
index 8aa3509..92c2aa5 100644
--- a/init/host_init_verifier.cpp
+++ b/init/host_init_verifier.cpp
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <fstream>
#include <iostream>
#include <iterator>
#include <string>
@@ -29,6 +30,7 @@
#include <android-base/logging.h>
#include <android-base/parseint.h>
#include <android-base/strings.h>
+#include <json/json.h>
#include "action.h"
#include "action_manager.h"
@@ -129,21 +131,33 @@
return nullptr;
}
-static std::optional<std::set<std::string>> ReadKnownInterfaces(
- const std::string& known_interfaces_file) {
- if (known_interfaces_file.empty()) {
- LOG(WARNING) << "Missing a known interfaces file.";
+static std::optional<android::init::InterfaceInheritanceHierarchyMap>
+ReadInterfaceInheritanceHierarchy(const std::string& interface_inheritance_hierarchy_file) {
+ if (interface_inheritance_hierarchy_file.empty()) {
+ LOG(WARNING) << "Missing an interface inheritance hierarchy file.";
return {};
}
- std::string known_interfaces;
- if (!ReadFileToString(known_interfaces_file, &known_interfaces)) {
- LOG(ERROR) << "Failed to read known interfaces file '" << known_interfaces_file << "'";
+ Json::Value root;
+ Json::Reader reader;
+ std::ifstream stream(interface_inheritance_hierarchy_file);
+ if (!reader.parse(stream, root)) {
+ LOG(ERROR) << "Failed to read interface inheritance hierarchy file: "
+ << interface_inheritance_hierarchy_file << "\n"
+ << reader.getFormattedErrorMessages();
return {};
}
- auto interfaces = Split(known_interfaces, " ");
- return std::set<std::string>(interfaces.begin(), interfaces.end());
+ android::init::InterfaceInheritanceHierarchyMap result;
+ for (const Json::Value& entry : root) {
+ std::set<std::string> inherited_interfaces;
+ for (const Json::Value& intf : entry["inheritedInterfaces"]) {
+ inherited_interfaces.insert(intf.asString());
+ }
+ result[entry["interface"].asString()] = inherited_interfaces;
+ }
+
+ return result;
}
namespace android {
@@ -169,7 +183,7 @@
android::base::InitLogging(argv, &android::base::StdioLogger);
android::base::SetMinimumLogSeverity(android::base::ERROR);
- std::string known_interfaces_file;
+ std::string interface_inheritance_hierarchy_file;
while (true) {
static const struct option long_options[] = {
@@ -177,7 +191,7 @@
{nullptr, 0, nullptr, 0},
};
- int arg = getopt_long(argc, argv, "p:k:", long_options, nullptr);
+ int arg = getopt_long(argc, argv, "p:i:", long_options, nullptr);
if (arg == -1) {
break;
@@ -190,8 +204,8 @@
case 'p':
passwd_files.emplace_back(optarg);
break;
- case 'k':
- known_interfaces_file = optarg;
+ case 'i':
+ interface_inheritance_hierarchy_file = optarg;
break;
default:
std::cerr << "getprop: getopt returned invalid result: " << arg << std::endl;
@@ -213,8 +227,10 @@
ServiceList& sl = ServiceList::GetInstance();
Parser parser;
parser.AddSectionParser(
- "service", std::make_unique<ServiceParser>(&sl, nullptr,
- ReadKnownInterfaces(known_interfaces_file)));
+ "service",
+ std::make_unique<ServiceParser>(
+ &sl, nullptr,
+ ReadInterfaceInheritanceHierarchy(interface_inheritance_hierarchy_file)));
parser.AddSectionParser("on", std::make_unique<ActionParser>(&am, nullptr));
parser.AddSectionParser("import", std::make_unique<HostImportParser>());
diff --git a/init/init.cpp b/init/init.cpp
index 675f3e5..5dba54d 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -50,10 +50,6 @@
#include <processgroup/setup.h>
#include <selinux/android.h>
-#ifndef RECOVERY
-#include <binder/ProcessState.h>
-#endif
-
#include "action_parser.h"
#include "boringssl_self_test.h"
#include "builtins.h"
@@ -139,12 +135,12 @@
if (!parser.ParseConfig("/system/etc/init")) {
late_import_paths.emplace_back("/system/etc/init");
}
+ // late_import is available only in Q and earlier release. As we don't
+ // have system_ext in those versions, skip late_import for system_ext.
+ parser.ParseConfig("/system_ext/etc/init");
if (!parser.ParseConfig("/product/etc/init")) {
late_import_paths.emplace_back("/product/etc/init");
}
- if (!parser.ParseConfig("/product_services/etc/init")) {
- late_import_paths.emplace_back("/product_services/etc/init");
- }
if (!parser.ParseConfig("/odm/etc/init")) {
late_import_paths.emplace_back("/odm/etc/init");
}
@@ -453,24 +449,6 @@
return {};
}
-static Result<void> InitBinder(const BuiltinArguments& args) {
- // init's use of binder is very limited. init cannot:
- // - have any binder threads
- // - receive incoming binder calls
- // - pass local binder services to remote processes
- // - use death recipients
- // The main supported usecases are:
- // - notifying other daemons (oneway calls only)
- // - retrieving data that is necessary to boot
- // Also, binder can't be used by recovery.
-#ifndef RECOVERY
- android::ProcessState::self()->setThreadPoolMaxThreadCount(0);
- android::ProcessState::self()->setCallRestriction(
- ProcessState::CallRestriction::ERROR_IF_NOT_ONEWAY);
-#endif
- return {};
-}
-
// Set the UDC controller for the ConfigFS USB Gadgets.
// Read the UDC controller in use from "/sys/class/udc".
// In case of multiple UDC controllers select the first one.
@@ -766,9 +744,6 @@
// wasn't ready immediately after wait_for_coldboot_done
am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng");
- // Initialize binder before bringing up other system services
- am.QueueBuiltinAction(InitBinder, "InitBinder");
-
// Don't mount filesystems or start core system services in charger mode.
std::string bootmode = GetProperty("ro.bootmode", "");
if (bootmode == "charger") {
diff --git a/init/property_service.cpp b/init/property_service.cpp
index b89914f..8623c30 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -782,10 +782,9 @@
"brand", "device", "manufacturer", "model", "name",
};
const char* RO_PRODUCT_PROPS_ALLOWED_SOURCES[] = {
- "odm", "product", "product_services", "system", "vendor",
+ "odm", "product", "system_ext", "system", "vendor",
};
- const char* RO_PRODUCT_PROPS_DEFAULT_SOURCE_ORDER =
- "product,product_services,odm,vendor,system";
+ const char* RO_PRODUCT_PROPS_DEFAULT_SOURCE_ORDER = "product,odm,vendor,system_ext,system";
const std::string EMPTY = "";
std::string ro_product_props_source_order =
@@ -892,6 +891,7 @@
}
}
load_properties_from_file("/system/build.prop", nullptr, &properties);
+ load_properties_from_file("/system_ext/build.prop", nullptr, &properties);
load_properties_from_file("/vendor/default.prop", nullptr, &properties);
load_properties_from_file("/vendor/build.prop", nullptr, &properties);
if (SelinuxGetVendorAndroidVersion() >= __ANDROID_API_Q__) {
@@ -901,7 +901,6 @@
load_properties_from_file("/odm/build.prop", nullptr, &properties);
}
load_properties_from_file("/product/build.prop", nullptr, &properties);
- load_properties_from_file("/product_services/build.prop", nullptr, &properties);
load_properties_from_file("/factory/factory.prop", "ro.*", &properties);
if (load_debug_prop) {
diff --git a/init/reboot.cpp b/init/reboot.cpp
index d9d885c..cb54d34 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -636,11 +636,9 @@
bool run_fsck = false;
bool command_invalid = false;
- if (cmd_params.size() > 3) {
- command_invalid = true;
- } else if (cmd_params[0] == "shutdown") {
+ if (cmd_params[0] == "shutdown") {
cmd = ANDROID_RB_POWEROFF;
- if (cmd_params.size() == 2) {
+ if (cmd_params.size() >= 2) {
if (cmd_params[1] == "userrequested") {
// The shutdown reason is PowerManager.SHUTDOWN_USER_REQUESTED.
// Run fsck once the file system is remounted in read-only mode.
@@ -671,6 +669,13 @@
"bootloader_message: "
<< err;
}
+ } else if (reboot_target == "recovery") {
+ const std::vector<std::string> options = {};
+ std::string err;
+ if (!write_bootloader_message(options, &err)) {
+ LOG(ERROR) << "Failed to set bootloader message: " << err;
+ return false;
+ }
} else if (reboot_target == "sideload" || reboot_target == "sideload-auto-reboot" ||
reboot_target == "fastboot") {
std::string arg = reboot_target == "sideload-auto-reboot" ? "sideload_auto_reboot"
@@ -686,9 +691,9 @@
reboot_target = "recovery";
}
- // If there is an additional parameter, pass it along
- if ((cmd_params.size() == 3) && cmd_params[2].size()) {
- reboot_target += "," + cmd_params[2];
+ // If there are additional parameter, pass them along
+ for (size_t i = 2; (cmd_params.size() > i) && cmd_params[i].size(); ++i) {
+ reboot_target += "," + cmd_params[i];
}
}
} else {
diff --git a/init/service_parser.cpp b/init/service_parser.cpp
index ba35104..88ce364 100644
--- a/init/service_parser.cpp
+++ b/init/service_parser.cpp
@@ -18,6 +18,9 @@
#include <linux/input.h>
+#include <algorithm>
+#include <sstream>
+
#include <android-base/logging.h>
#include <android-base/parseint.h>
#include <android-base/strings.h>
@@ -152,12 +155,6 @@
return Error() << "Interface name must not be a value name '" << interface_name << "'";
}
- if (known_interfaces_ && known_interfaces_->count(interface_name) == 0) {
- return Error() << "Interface is not in the known set of hidl_interfaces: '"
- << interface_name << "'. Please ensure the interface is built "
- << "by a hidl_interface target.";
- }
-
const std::string fullname = interface_name + "/" + instance_name;
for (const auto& svc : *service_list_) {
@@ -540,6 +537,37 @@
return {};
}
+ if (interface_inheritance_hierarchy_) {
+ std::set<std::string> interface_names;
+ for (const std::string& intf : service_->interfaces()) {
+ interface_names.insert(Split(intf, "/")[0]);
+ }
+ std::ostringstream error_stream;
+ for (const std::string& intf : interface_names) {
+ if (interface_inheritance_hierarchy_->count(intf) == 0) {
+ error_stream << "\nInterface is not in the known set of hidl_interfaces: '" << intf
+ << "'. Please ensure the interface is spelled correctly and built "
+ << "by a hidl_interface target.";
+ continue;
+ }
+ const std::set<std::string>& required_interfaces =
+ (*interface_inheritance_hierarchy_)[intf];
+ std::set<std::string> diff;
+ std::set_difference(required_interfaces.begin(), required_interfaces.end(),
+ interface_names.begin(), interface_names.end(),
+ std::inserter(diff, diff.begin()));
+ if (!diff.empty()) {
+ error_stream << "\nInterface '" << intf << "' requires its full inheritance "
+ << "hierarchy to be listed in this init_rc file. Missing "
+ << "interfaces: [" << base::Join(diff, " ") << "]";
+ }
+ }
+ const std::string& errors = error_stream.str();
+ if (!errors.empty()) {
+ return Error() << errors;
+ }
+ }
+
Service* old_service = service_list_->FindService(service_->name());
if (old_service) {
if (!service_->is_override()) {
diff --git a/init/service_parser.h b/init/service_parser.h
index 5a16768..5ad26ef 100644
--- a/init/service_parser.h
+++ b/init/service_parser.h
@@ -26,13 +26,16 @@
namespace android {
namespace init {
+using InterfaceInheritanceHierarchyMap = std::map<std::string, std::set<std::string>>;
+
class ServiceParser : public SectionParser {
public:
- ServiceParser(ServiceList* service_list, std::vector<Subcontext>* subcontexts,
- const std::optional<std::set<std::string>>& known_interfaces)
+ ServiceParser(
+ ServiceList* service_list, std::vector<Subcontext>* subcontexts,
+ const std::optional<InterfaceInheritanceHierarchyMap>& interface_inheritance_hierarchy)
: service_list_(service_list),
subcontexts_(subcontexts),
- known_interfaces_(known_interfaces),
+ interface_inheritance_hierarchy_(interface_inheritance_hierarchy),
service_(nullptr) {}
Result<void> ParseSection(std::vector<std::string>&& args, const std::string& filename,
int line) override;
@@ -85,7 +88,7 @@
ServiceList* service_list_;
std::vector<Subcontext>* subcontexts_;
- std::optional<std::set<std::string>> known_interfaces_;
+ std::optional<InterfaceInheritanceHierarchyMap> interface_inheritance_hierarchy_;
std::unique_ptr<Service> service_;
std::string filename_;
};
diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
index 897a169..b29638c 100644
--- a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp
@@ -106,7 +106,7 @@
// oem/ file-system since the intent is to provide support for customized
// portions of a separate vendor.img or oem.img. Has to remain open so that
// customization can also land on /system/vendor, /system/oem, /system/odm,
-// /system/product or /system/product_services.
+// /system/product or /system/system_ext.
//
// We expect build-time checking or filtering when constructing the associated
// fs_config_* files (see build/tools/fs_config/fs_config_generate.c)
@@ -118,15 +118,12 @@
static const char odm_conf_file[] = "/odm/etc/fs_config_files";
static const char product_conf_dir[] = "/product/etc/fs_config_dirs";
static const char product_conf_file[] = "/product/etc/fs_config_files";
-static const char product_services_conf_dir[] = "/product_services/etc/fs_config_dirs";
-static const char product_services_conf_file[] = "/product_services/etc/fs_config_files";
+static const char system_ext_conf_dir[] = "/system_ext/etc/fs_config_dirs";
+static const char system_ext_conf_file[] = "/system_ext/etc/fs_config_files";
static const char* conf[][2] = {
- {sys_conf_file, sys_conf_dir},
- {ven_conf_file, ven_conf_dir},
- {oem_conf_file, oem_conf_dir},
- {odm_conf_file, odm_conf_dir},
- {product_conf_file, product_conf_dir},
- {product_services_conf_file, product_services_conf_dir},
+ {sys_conf_file, sys_conf_dir}, {ven_conf_file, ven_conf_dir},
+ {oem_conf_file, oem_conf_dir}, {odm_conf_file, odm_conf_dir},
+ {product_conf_file, product_conf_dir}, {system_ext_conf_file, system_ext_conf_dir},
};
// Do not use android_files to grant Linux capabilities. Use ambient capabilities in their
@@ -158,9 +155,9 @@
{ 00600, AID_ROOT, AID_ROOT, 0, "product/build.prop" },
{ 00444, AID_ROOT, AID_ROOT, 0, product_conf_dir + 1 },
{ 00444, AID_ROOT, AID_ROOT, 0, product_conf_file + 1 },
- { 00600, AID_ROOT, AID_ROOT, 0, "product_services/build.prop" },
- { 00444, AID_ROOT, AID_ROOT, 0, product_services_conf_dir + 1 },
- { 00444, AID_ROOT, AID_ROOT, 0, product_services_conf_file + 1 },
+ { 00600, AID_ROOT, AID_ROOT, 0, "system_ext/build.prop" },
+ { 00444, AID_ROOT, AID_ROOT, 0, system_ext_conf_dir + 1 },
+ { 00444, AID_ROOT, AID_ROOT, 0, system_ext_conf_file + 1 },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump32" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump64" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/debuggerd" },
@@ -248,9 +245,9 @@
}
// if path is "odm/<stuff>", "oem/<stuff>", "product/<stuff>",
-// "product_services/<stuff>" or "vendor/<stuff>"
+// "system_ext/<stuff>" or "vendor/<stuff>"
static bool is_partition(const std::string& path) {
- static const char* partitions[] = {"odm/", "oem/", "product/", "product_services/", "vendor/"};
+ static const char* partitions[] = {"odm/", "oem/", "product/", "system_ext/", "vendor/"};
for (size_t i = 0; i < (sizeof(partitions) / sizeof(partitions[0])); ++i) {
if (StartsWith(path, partitions[i])) return true;
}
@@ -285,10 +282,8 @@
if (fnmatch(pattern.c_str(), input.c_str(), fnm_flags) == 0) return true;
// Check match between logical partition's files and patterns.
- static constexpr const char* kLogicalPartitions[] = {"system/product/",
- "system/product_services/",
- "system/vendor/",
- "vendor/odm/"};
+ static constexpr const char* kLogicalPartitions[] = {"system/product/", "system/system_ext/",
+ "system/vendor/", "vendor/odm/"};
for (auto& logical_partition : kLogicalPartitions) {
if (StartsWith(input, logical_partition)) {
std::string input_in_partition = input.substr(input.find('/') + 1);
diff --git a/libutils/include/utils/RefBase.h b/libutils/include/utils/RefBase.h
index a105474..3a02a8a 100644
--- a/libutils/include/utils/RefBase.h
+++ b/libutils/include/utils/RefBase.h
@@ -188,9 +188,6 @@
// ---------------------------------------------------------------------------
namespace android {
-class TextOutput;
-TextOutput& printWeakPointer(TextOutput& to, const void* val);
-
// ---------------------------------------------------------------------------
#define COMPARE_WEAK(_op_) \
@@ -459,9 +456,6 @@
weakref_type* m_refs;
};
-template <typename T>
-TextOutput& operator<<(TextOutput& to, const wp<T>& val);
-
#undef COMPARE_WEAK
// ---------------------------------------------------------------------------
@@ -635,12 +629,6 @@
}
}
-template <typename T>
-inline TextOutput& operator<<(TextOutput& to, const wp<T>& val)
-{
- return printWeakPointer(to, val.unsafe_get());
-}
-
// ---------------------------------------------------------------------------
// this class just serves as a namespace so TYPE::moveReferences can stay
diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt
index b1616d3..a6ea2ab 100644
--- a/rootdir/etc/ld.config.txt
+++ b/rootdir/etc/ld.config.txt
@@ -7,6 +7,7 @@
# absolute path of an executable is selected.
dir.system = /system/bin/
dir.system = /system/xbin/
+dir.system = /%SYSTEM_EXT%/bin/
dir.system = /%PRODUCT%/bin/
dir.vendor = /odm/bin/
@@ -48,8 +49,8 @@
namespace.default.visible = true
namespace.default.search.paths = /system/${LIB}
+namespace.default.search.paths += /%SYSTEM_EXT%/${LIB}
namespace.default.search.paths += /%PRODUCT%/${LIB}
-namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
# We can't have entire /system/${LIB} as permitted paths because doing so
# makes it possible to load libs in /system/${LIB}/vndk* directories by
@@ -61,12 +62,15 @@
namespace.default.permitted.paths = /system/${LIB}/drm
namespace.default.permitted.paths += /system/${LIB}/extractors
namespace.default.permitted.paths += /system/${LIB}/hw
+namespace.default.permitted.paths += /%SYSTEM_EXT%/${LIB}
namespace.default.permitted.paths += /%PRODUCT%/${LIB}
-namespace.default.permitted.paths += /%PRODUCT_SERVICES%/${LIB}
# These are where odex files are located. libart has to be able to dlopen the files
namespace.default.permitted.paths += /system/framework
namespace.default.permitted.paths += /system/app
namespace.default.permitted.paths += /system/priv-app
+namespace.default.permitted.paths += /%SYSTEM_EXT%/framework
+namespace.default.permitted.paths += /%SYSTEM_EXT%/app
+namespace.default.permitted.paths += /%SYSTEM_EXT%/priv-app
namespace.default.permitted.paths += /vendor/framework
namespace.default.permitted.paths += /vendor/app
namespace.default.permitted.paths += /vendor/priv-app
@@ -80,9 +84,6 @@
namespace.default.permitted.paths += /%PRODUCT%/framework
namespace.default.permitted.paths += /%PRODUCT%/app
namespace.default.permitted.paths += /%PRODUCT%/priv-app
-namespace.default.permitted.paths += /%PRODUCT_SERVICES%/framework
-namespace.default.permitted.paths += /%PRODUCT_SERVICES%/app
-namespace.default.permitted.paths += /%PRODUCT_SERVICES%/priv-app
namespace.default.permitted.paths += /data
namespace.default.permitted.paths += /mnt/expand
namespace.default.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
@@ -90,10 +91,10 @@
namespace.default.asan.search.paths = /data/asan/system/${LIB}
namespace.default.asan.search.paths += /system/${LIB}
+namespace.default.asan.search.paths += /data/asan/%SYSTEM_EXT%/${LIB}
+namespace.default.asan.search.paths += /%SYSTEM_EXT%/${LIB}
namespace.default.asan.search.paths += /data/asan/%PRODUCT%/${LIB}
namespace.default.asan.search.paths += /%PRODUCT%/${LIB}
-namespace.default.asan.search.paths += /data/asan/%PRODUCT_SERVICES%/${LIB}
-namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
namespace.default.asan.permitted.paths = /data
namespace.default.asan.permitted.paths += /system/${LIB}/drm
@@ -102,6 +103,10 @@
namespace.default.asan.permitted.paths += /system/framework
namespace.default.asan.permitted.paths += /system/app
namespace.default.asan.permitted.paths += /system/priv-app
+namespace.default.asan.permitted.paths += /%SYSTEM_EXT%/${LIB}
+namespace.default.asan.permitted.paths += /%SYSTEM_EXT%/framework
+namespace.default.asan.permitted.paths += /%SYSTEM_EXT%/app
+namespace.default.asan.permitted.paths += /%SYSTEM_EXT%/priv-app
namespace.default.asan.permitted.paths += /vendor/framework
namespace.default.asan.permitted.paths += /vendor/app
namespace.default.asan.permitted.paths += /vendor/priv-app
@@ -116,10 +121,6 @@
namespace.default.asan.permitted.paths += /%PRODUCT%/framework
namespace.default.asan.permitted.paths += /%PRODUCT%/app
namespace.default.asan.permitted.paths += /%PRODUCT%/priv-app
-namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/${LIB}
-namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/framework
-namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/app
-namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/priv-app
namespace.default.asan.permitted.paths += /mnt/expand
namespace.default.asan.permitted.paths += /apex/com.android.runtime/${LIB}/bionic
namespace.default.asan.permitted.paths += /system/${LIB}/bootstrap
@@ -510,15 +511,15 @@
namespace.system.isolated = false
namespace.system.search.paths = /system/${LIB}
+namespace.system.search.paths += /%SYSTEM_EXT%/${LIB}
namespace.system.search.paths += /%PRODUCT%/${LIB}
-namespace.system.search.paths += /%PRODUCT_SERVICES%/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
-namespace.system.asan.search.paths += /data/asan/product/${LIB}
+namespace.system.asan.search.paths += /data/asan/%SYSTEM_EXT%/${LIB}
+namespace.system.asan.search.paths += /%SYSTEM_EXT%/${LIB}
+namespace.system.asan.search.paths += /data/asan/%PRODUCT%/${LIB}
namespace.system.asan.search.paths += /%PRODUCT%/${LIB}
-namespace.system.asan.search.paths += /data/asan/product_services/${LIB}
-namespace.system.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
namespace.system.links = runtime
namespace.system.link.runtime.shared_libs = libdexfile_external.so
@@ -553,15 +554,15 @@
# The search paths here should be kept the same as that of the 'system'
# namespace.
namespace.vndk_in_system.search.paths = /system/${LIB}
+namespace.vndk_in_system.search.paths += /%SYSTEM_EXT%/${LIB}
namespace.vndk_in_system.search.paths += /%PRODUCT%/${LIB}
-namespace.vndk_in_system.search.paths += /%PRODUCT_SERVICES%/${LIB}
namespace.vndk_in_system.asan.search.paths = /data/asan/system/${LIB}
namespace.vndk_in_system.asan.search.paths += /system/${LIB}
-namespace.vndk_in_system.asan.search.paths += /data/asan/product/${LIB}
+namespace.vndk_in_system.asan.search.paths += /data/asan/%SYSTEM_EXT%/${LIB}
+namespace.vndk_in_system.asan.search.paths += /%SYSTEM_EXT%/${LIB}
+namespace.vndk_in_system.asan.search.paths += /data/asan/%PRODUCT%/${LIB}
namespace.vndk_in_system.asan.search.paths += /%PRODUCT%/${LIB}
-namespace.vndk_in_system.asan.search.paths += /data/asan/product_services/${LIB}
-namespace.vndk_in_system.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
namespace.vndk_in_system.whitelisted = %VNDK_USING_CORE_VARIANT_LIBRARIES%
@@ -705,7 +706,7 @@
[postinstall]
namespace.default.isolated = false
namespace.default.search.paths = /system/${LIB}
+namespace.default.search.paths += /%SYSTEM_EXT%/${LIB}
namespace.default.search.paths += /%PRODUCT%/${LIB}
-namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
namespace.default.link.runtime.shared_libs = %SANITIZER_RUNTIME_LIBRARIES%
diff --git a/rootdir/etc/ld.config.vndk_lite.txt b/rootdir/etc/ld.config.vndk_lite.txt
index 9212408..69535a9 100644
--- a/rootdir/etc/ld.config.vndk_lite.txt
+++ b/rootdir/etc/ld.config.vndk_lite.txt
@@ -7,6 +7,7 @@
# absolute path of an executable is selected.
dir.system = /system/bin/
dir.system = /system/xbin/
+dir.system = /%SYSTEM_EXT%/bin/
dir.system = /%PRODUCT%/bin/
dir.vendor = /odm/bin/
@@ -48,21 +49,21 @@
namespace.default.visible = true
namespace.default.search.paths = /system/${LIB}
+namespace.default.search.paths += /%SYSTEM_EXT%/${LIB}
+namespace.default.search.paths += /%PRODUCT%/${LIB}
namespace.default.search.paths += /odm/${LIB}
namespace.default.search.paths += /vendor/${LIB}
-namespace.default.search.paths += /%PRODUCT%/${LIB}
-namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
namespace.default.asan.search.paths = /data/asan/system/${LIB}
namespace.default.asan.search.paths += /system/${LIB}
+namespace.default.asan.search.paths += /data/asan/%SYSTEM_EXT%/${LIB}
+namespace.default.asan.search.paths += /%SYSTEM_EXT%/${LIB}
+namespace.default.asan.search.paths += /data/asan/%PRODUCT%/${LIB}
+namespace.default.asan.search.paths += /%PRODUCT%/${LIB}
namespace.default.asan.search.paths += /data/asan/odm/${LIB}
namespace.default.asan.search.paths += /odm/${LIB}
namespace.default.asan.search.paths += /data/asan/vendor/${LIB}
namespace.default.asan.search.paths += /vendor/${LIB}
-namespace.default.asan.search.paths += /data/asan/%PRODUCT%/${LIB}
-namespace.default.asan.search.paths += /%PRODUCT%/${LIB}
-namespace.default.asan.search.paths += /data/asan/%PRODUCT_SERVICES%/${LIB}
-namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
# Keep in sync with the "platform" namespace in art/build/apex/ld.config.txt.
# If a shared library or an executable requests a shared library that
@@ -336,8 +337,9 @@
# Access to system libraries is allowed
namespace.default.search.paths += /system/${LIB}/vndk-sp%VNDK_VER%
namespace.default.search.paths += /system/${LIB}
+namespace.default.search.paths += /%SYSTEM_EXT%/${LIB}
namespace.default.search.paths += /%PRODUCT%/${LIB}
-namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
+# Put /system/lib/vndk at the last search order in vndk_lite for GSI
namespace.default.search.paths += /system/${LIB}/vndk%VNDK_VER%
namespace.default.asan.search.paths = /data/asan/odm/${LIB}
@@ -356,10 +358,10 @@
namespace.default.asan.search.paths += /system/${LIB}/vndk-sp%VNDK_VER%
namespace.default.asan.search.paths += /data/asan/system/${LIB}
namespace.default.asan.search.paths += /system/${LIB}
-namespace.default.asan.search.paths += /data/asan/product/${LIB}
+namespace.default.asan.search.paths += /data/asan/%SYSTEM_EXT%/${LIB}
+namespace.default.asan.search.paths += /%SYSTEM_EXT%/${LIB}
+namespace.default.asan.search.paths += /data/asan/%PRODUCT%/${LIB}
namespace.default.asan.search.paths += /%PRODUCT%/${LIB}
-namespace.default.asan.search.paths += /data/asan/product_services/${LIB}
-namespace.default.asan.search.paths += /%PRODUCT_SERVICES%/${LIB}
namespace.default.asan.search.paths += /data/asan/system/${LIB}/vndk%VNDK_VER%
namespace.default.asan.search.paths += /system/${LIB}/vndk%VNDK_VER%
@@ -514,5 +516,5 @@
[postinstall]
namespace.default.isolated = false
namespace.default.search.paths = /system/${LIB}
+namespace.default.search.paths += /%SYSTEM_EXT%/${LIB}
namespace.default.search.paths += /%PRODUCT%/${LIB}
-namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 3acf301..96ffa69 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -413,6 +413,10 @@
# HALs required before storage encryption can get unlocked (FBE/FDE)
class_start early_hal
+ # Check and mark a successful boot, before mounting userdata with mount_all.
+ # No-op for non-A/B device.
+ exec_start update_verifier_nonencrypted
+
on post-fs-data
mark_post_data
@@ -628,22 +632,16 @@
# It is recommended to put unnecessary data/ initialization from post-fs-data
# to start-zygote in device's init.rc to unblock zygote start.
on zygote-start && property:ro.crypto.state=unencrypted
- # A/B update verifier that marks a successful boot.
- exec_start update_verifier_nonencrypted
start netd
start zygote
start zygote_secondary
on zygote-start && property:ro.crypto.state=unsupported
- # A/B update verifier that marks a successful boot.
- exec_start update_verifier_nonencrypted
start netd
start zygote
start zygote_secondary
on zygote-start && property:ro.crypto.state=encrypted && property:ro.crypto.type=file
- # A/B update verifier that marks a successful boot.
- exec_start update_verifier_nonencrypted
start netd
start zygote
start zygote_secondary
@@ -770,8 +768,6 @@
trigger zygote-start
on property:vold.decrypt=trigger_restart_min_framework
- # A/B update verifier that marks a successful boot.
- exec_start update_verifier
class_start main
on property:vold.decrypt=trigger_restart_framework
diff --git a/rootdir/update_and_install_ld_config.mk b/rootdir/update_and_install_ld_config.mk
index f62c3df..c949a4f 100644
--- a/rootdir/update_and_install_ld_config.mk
+++ b/rootdir/update_and_install_ld_config.mk
@@ -147,12 +147,7 @@
$(hide) sed -i.bak -e "s?%SANITIZER_RUNTIME_LIBRARIES%?$(PRIVATE_SANITIZER_RUNTIME_LIBRARIES)?g" $@
$(hide) sed -i.bak -e "s?%VNDK_VER%?$(PRIVATE_VNDK_VERSION_SUFFIX)?g" $@
$(hide) sed -i.bak -e "s?%PRODUCT%?$(TARGET_COPY_OUT_PRODUCT)?g" $@
-ifeq ($(TARGET_COPY_OUT_PRODUCT),$(TARGET_COPY_OUT_PRODUCT_SERVICES))
- # Remove lines containing %PRODUCT_SERVICES% (identical to the %PRODUCT% ones)
- $(hide) sed -i.bak -e "\?%PRODUCT_SERVICES%?d" $@
-else
- $(hide) sed -i.bak -e "s?%PRODUCT_SERVICES%?$(TARGET_COPY_OUT_PRODUCT_SERVICES)?g" $@
-endif
+ $(hide) sed -i.bak -e "s?%SYSTEM_EXT%?$(TARGET_COPY_OUT_SYSTEM_EXT)?g" $@
$(hide) sed -i.bak -e "s?^$(PRIVATE_VNDK_VERSION_TAG)??g" $@
$(hide) sed -i.bak "/^\#VNDK[0-9]\{2\}\#.*$$/d" $@
$(hide) rm -f $@.bak