Enabling seccomp across all processes, rather than just zygote, is
useful for auditing the syscall usage of AOSP. Create a global seccomp
policy that can optionally be enabled by init.
Bug: 37960259
Test: confirm global seccomp by removing finit_module from policy and
observing modprobe fail, confirm regular seccomp unchanged by
comparing length of installed bpf
Change-Id: Iac53a42fa26a80b05126f262dd9525f4f66df558
For the libandroid_support NOTICE file, we need to combine all the files
in that directory, plus the specific files pulled from bionic.
Also cleaned up some of the Python style.
Bug: N/A
Test: used for libandroid_support
Change-Id: If433e3a0f0478f06d99a9b3556e99dde06a7e5e1
Bug: 37253880
Test: Make sure device boots
Run pylint on genseccomp.py, test_genseccomp.py
Run test_genseccomp.py
Run new CTS test
cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Change-Id: I833a5364a1481d65173e77654da1798dc45a3f9d
gensyscalls.py was failing to execute because of a missing "self"
keyword when calling parse_open_file.
Test: manual test running gensyscalls.py.
Change-Id: I78db2cba704c5ca56a730019e36601a7ccd069f8
The check that we are not below the lowest permitted syscall was
off by one, so we always allowed them, rather than always denying
them
Test: Check arm64 boots, chrome and maps work
mips and mips64 emulators boot
Note that arm, x86 and x86_64 already allow syscall 0 so there
will be no functional change there
Change-Id: I85873f1d04124e634e648bd47c027f280f1d6dbd
Test: Make sure arm, x86, x86_64, mips, mips64 emulators boot
Make sure sailfish still boots
Ran CTS test from
https://android-review.googlesource.com/#/c/348671/3 and it passed
The instructions for how to run mips emulators above worked, but
the CTS tests did not seem to actually run.
Change-Id: Iddee5acdb19ed32c7bd4657573313ca439cf6a49
Policy library which exports an autogenerated policy from SYSCALLS.TXT
blocking any other calls.
Test: Generate policy, install onto Sailfish, check boots, Chrome runs,
calls are blocked.
Bug: 32313202
Change-Id: Ib590704e50122f077eeae26561eb9b0a70386551
Hiding our legacy cruft seemed like a good idea, but in practice it will only
mean worse interoperability.
Plus we got it wrong, as the recent `putw` example showed.
Change-Id: I167c7168eff133889028089c22a7a0dfb8d6d0cf
With the introduction of new tags for ndk_library, we'll have a lot
of tags that aren't architecture tags. If we have something tagged
`introduced=21`, it should be in all architectures.
Change-Id: Ib67f07db14625f6903919c181050316eb183bed5
It turns out that clang can emit code where the sp is saved in the r7
register on arm. Unfortunately, a lot of our syscalls overwrite that
value while the syscall is executing, so unwinding through that syscall
fails.
Update the syscall generation code to add unwinding information for
these uses.
Bug: 28411713
(cherry picked from commit 6e45d37dec)
Change-Id: Ib775effc44c4113735fe9032b0602b9d63e3e390
This patch uses __kernel_vsyscall instead of "int 0x80"
as the syscall entry point. AT_SYSINFO points to
an adapter to mask the arch specific difference and gives a
performance boost on i386 architecture.
Change-ID: Ib340c604d02c6c25714a95793737e3cfdc3fc5d7
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
Our fopen/freopen/tmpfile are already always O_LARGEFILE, but let's add
the aliases for _LARGEFILE_SOURCE compatibility.
Bug: http://b/24807045
Change-Id: I5d99b3ef3c9f27ce70f13313f6a92e96c7f21f80
Brillo doesn't use the ndk cruft, so we need
separate set of version scripts. Added new "nobrillo"
tag to mark such symbols in *.map.txt files.
Bug: http://b/26164862
Change-Id: Iaee1b7119f75b68c2971679fc32817e6df29fd94
The scripts affect files in external/icu, bionic
and the generated files affect libcore. The files must
be updated together so there is no "obvious" home.
OEM developers seem to want to update ICU
themselves and have been asking how. Moving the
scripts to external/icu and splitting the ICU generation
code into a sub-script they can run makes some sense.
Bug: 23419215
Change-Id: Ia26fa526fd2b560a79f36d327a10e262a85db752
The ICU4J changes are not necessary for use on Android (since
we use the ICU4C .dat file), but updating them ensures that
the .jars in sync with everything else and the jars are currently
required for host tests.
Change-Id: Ie56b31af87e8fbd27a6489af8287e4b6a7be6b8f
This is now necessary to build .dat files that are useable for ICU4J as
well, and will need to be used for any future updates of the .dat file:
https://android.googlesource.com/platform/external/icu/+/6b52738
Change-Id: Ifa3a7469a66ab932db20876697e45814f0c5ddc3
In https://android-review.googlesource.com/#/c/127908/5/libc/SYSCALLS.TXT@116
Elliott said:
for LP64 these will be hidden. for LP32 we were cowards and left
them all public for compatibility (though i don't think we ever
dremeled to see whether it was needed). we don't have an easy
way to recognize additions, though, so we can't prevent adding
new turds.
Add a mechanism to prevent the adding of new turds, and use that
mechanism on the fchmod/fchmodat system calls.
Bug: 19233951
Change-Id: I98f98345970b631a379f348df57858f9fc3d57c0
We build one too many times. Creating a missing directory
is sufficient.
The tz2icu needs some files in the CWD. Added symlinks.
Bug: 19230091
Change-Id: I58f9817af68b229f48139e56503f50a2b6dbb4fe
We know we can safely statically link `libm`, since it doesn't have
any dependencies on the OS or the layout of a data type that has
changed between releases (like `pthread_t`).
We can safely statically link `libc_syscalls` because the user can
check for and handle `ENOSYS`.
Update `ndk_missing_symbols.py` to account for symbols that are in the
compatibility library.
Improve `symbols.py` to be able to pull symbols from a static library.
Change-Id: Ifb0ede1e8b4a8f0f33865d9fed72fb8b4d443fbc
ndk_missing_symbols.py pulls libc.so and libm.so off a running device
or emulator and shows the list of symbols that are in the current
bionic that aren't available on the target.
Change-Id: Ia92c315a6a0ce2e5c33db0b62c8fab41c08a4c31
If something's in POSIX, we don't need to show it in the glibc list.
If something's not implemented by glibc, we don't need to show it in the
POSIX list (because it's probably either a macro or obsolete).
Change-Id: Ied0f8d97d3fffb280c22e9cdf6782430d776c02f
To maintain the status quo, we need to pull in backzone file. This file
can't be built on its own, so the easiest fix is to give zic(1) all the
files at once.
We also now have a situation where we have links to links, so we need to
dereference them until we find actual data.
Bug: 18330681
Change-Id: I03f4aa8e6e23802dc35cbff2f74f325eb17d7b2b
