Extend existing restrictions targeting only apps with API level >= 30 to
all apps.
Actual enforcement happens in SELinux. This change just prevents
logspam.
To be merged when automerge to sc-dev ends.
Bug: 170188668
Test: atest bionic-unit-tests-static
Test: atest NetworkInterfaceTest
Test: Connect to Wi-Fi network
Test: atest CtsSelinuxTargetSdk27TestCases
Test: atest CtsSelinuxTargetSdk28TestCasesTest: atest
CtsSelinuxTargetSdk29TestCases
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Change-Id: If1761354216b23a1e55e6b9606de452899afff0c
Remove the vestigial llndk_library and replace it with properties
in the llndk clause of the implementation cc_library.
In order to reduce duplication of the arch-specific headers used
by the implementation and LLNDK, rename libc_headers_arch to
libc_llndk_headers and hoist the "include" directory out of it,
since that directory is preproccessed separately for LLNDK
libraries.
Bug: 170784825
Test: m checkbuild
Test: compare out/soong/build.ninja
Change-Id: I75f0ff9129d910640da55eee6a6387467e6e4a9d
Processes loaded from vendor partitions may have their own sandboxes
that would reject the prctl. Because no devices launched with PAC
enabled before S, we can avoid issues on upgrading devices by checking
for PAC support before issuing the prctl.
Bug: 186117046
Change-Id: I9905b963df01c9007d9fb4527273062ea87a5075
Ease later comparisons by making libc.llndk match libc_headers_arch.
Bug: 170784825
Test: m checkbuild
Change-Id: I90162c0bc5f6f0e79fe974208fde47cca7489fa1
Includes pointing to the python3 version of the clang bindings.
Also, remove stale .gitignore line.
Test: Ran bionic/libc/kernel/tools/update_all.py and verified
Test: the files generated the same exact way.
Change-Id: I4eb9dd7382bca013f70d921b6ef48c7e7478615a
The argument to this is the characters to strip, so `line.strip(line)`
just returns the empty string.
Test: None?
Bug: None
Change-Id: I4f62bffcd00936e4eef837a28b78023fcad54bb0
This fixes all of the problems with our kernel scripts, but not
the clang python script problems.
I also removed the updateGitFiles function since that code was
just silently failing any way. I replaced all calls with updateFiles.
Test: Ran script using python2 to verify it still works.
Test: Run script in python3 verifying that it starts to run.
Change-Id: I223a31a8324c59e6bc4067f48a6110361b3e26e8
Rather than "whatever people have installed as 'python' on their machine".
I've removed check-symbols.py because that's been broken for years and
we never even noticed, and I'm not sure it's worth fixing.
Test: treehugger, manual
Change-Id: Ieb996bbdf790a18d4b1fb46a409cc240ba2a2a49
Turns out that "NSAP" is yet another ISO standard that no-one actually
uses: https://en.wikipedia.org/wiki/NSAP_address
Test: treehugger
Change-Id: I73b4d924a8f4d34e3e2f2da00d0d5529db8e97d1
Change 75830fb836 to fix _nres
initialization to be thread safe accidentally introduced a behavior
change whereby res_init() became a no-op. It also failed to remove all
direct accesses to _nres.
Move the file over to C++ so we can let RAII ensure we're always holding
a lock while using the global state, make all callers access the global
state via this class, and restore the previous behavior of res_init().
Test: atest DnsResolverTest
Bug: 166235340
Change-Id: Ib390a7eac063bc0ff5eeba755e8c74ef1383004e
The test aims to check that the time obtained the VDSO is the "same"
as that obtained via the system call. Unfortunately, time progresses.
Any check involving some fixed tolerance will have some non-zero
probability of failure.
We can instead check that a VDSO time value lies between two system
call times.
Bug: 184819133
Change-Id: Idb9c17b9f612613f6e18a56ee0f256971ddbdf1f
Signed-off-by: Giuliano Procida <gprocida@google.com>
Revert "Updates CTS tests for MAC address restrictions."
Revert submission 1528409-mac-softrestrict
Reason for revert: App compatibility
Reverted Changes:
I74a50b990:Return anonymized MAC for apps targeting SDK < 30
I8738f7912:Reland: Soft-enable MAC address restrictions with ...
Id13670747:Updates CTS tests for MAC address restrictions.
Change-Id: I64e17cb04acf2862bc657e60694067a456b4f936
Also delete some fdsan code that attempts to check for the post-fork
state, but never will, because we update the cached pid upon fork.
Bug: http://b/174542867
Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests
Test: treehugger
Change-Id: I9b748dac9de9b4c741897d93e64d31737e52bf8e
The sleep(3) / clock(3) test is sensitive to outliers in the
distribution of CPU consumed by the sleep system call.
This changes the measured quantity to be the mean over 5 samples and
sets the threshold to 10ms.
Bug: 184727758
Change-Id: I20df3b620a5fbf4e58a3ca67306370351ac01d0c
Test: treehugger
Signed-off-by: Giuliano Procida <gprocida@google.com>
