Commit graph

44 commits

Author SHA1 Message Date
Sundong Ahn
11a113a67e Add disable_configstore
The disable_configstore is added to disable configstore when API level
is less than or equal to 29.

Bug: 150761042
Test: Add disable_configstore to PRODUCT_PACKAGES && build && check
configstore service

Change-Id: Iac01bb375a5c4080c0e110213c64041ea823ed68
Merged-In: Iac01bb375a5c4080c0e110213c64041ea823ed68
(cherry picked from commit d864334675e83a75c0343510cff3fc90ffb14c51)
2020-03-18 09:06:19 +09:00
Mitch Phillips
7f3cdad0f1 Add gettid() to SELinux policy in prep for GWP-ASan.
GWP-ASan is a sampled allocator framework that is planned for rollout in
Android R. It instruments the bionic allocator, and requires gettid()
during its initialisation.

Ensure that we can call gettid() from configstore.

Bug: 135634846
Test: N/A

Change-Id: I4a92c989ffde9051831e858e805fc20ae993dc01
2019-11-13 10:45:12 -08:00
Steven Moreland
b3a4d3832e Remove libhwbinder/libhidltransport deps
Since these were combined into libhidlbase.

Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I075670b64eebbbbd6a6ae0e84ad51bf1c6f5ba36
2019-09-06 01:07:02 +00:00
Felix
37298a7616 Merge "Add interface info to .rc files"
am: 98d0f4d52c

Change-Id: Ie6cfbacd523c4b09f77bee3369ec8e88b3fa0419
2019-07-08 12:22:23 -07:00
Felix
551b8d15ce Add interface info to .rc files
Signed-off-by: Felix <google@ix5.org>
Change-Id: I6d70bbdb66c3dce280bf6908c3750316a6f6cf70
2019-06-25 20:00:07 +02:00
Steven Moreland
6d494b2346 Merge "Update hidl makefiles for bpfmt" am: ff0bd741ca
am: 96f40f7b02

Change-Id: Idbf030e4993067bdb8181321bca2de00c9b6f7ef
2019-04-18 14:34:45 -07:00
Steven Moreland
1ae4615d9f Update hidl makefiles for bpfmt
hidl-generated makefiles are now generated such that bpfmt(file) == file.

Bug: 67417008
Test: enable bpfmt hook
Change-Id: I1f69d292bc23a7cc293a66110cb02d597e1019ad
2019-04-17 09:38:50 -07:00
Steven Moreland
7f4e21adda Merge "Update makefies: no 'types'" am: 4ee5ec1469 am: bab622f6a6
am: 7224bc9bcf

Change-Id: I434939e0770afa436c532a945542fce30a71ef7d
2019-03-04 16:05:59 -08:00
Steven Moreland
a878aee9ab Update makefies: no 'types'
Bug: 123976090
Test: N/A
Change-Id: I30fb04c81889b62775e1b764b965fdb0f893de17
2019-03-04 11:27:17 -08:00
Sundong Ahn
e64a228861 Remove configstore 1.2
the configstore functionality was added in Q. But The configstore will
be deleted. So additional function is deleted.

Bug: 124531214
Test: build & boot
Test: adb shell lshal | grep configstore & check configstore 1.2
Change-Id: Idbb00b972bc082bd75bba94dbff9cee19df48b89
2019-02-27 12:22:54 +09:00
Peiyong Lin
2b3f82672a [ConfigStore] Add useColorManagement method.
Previously we couple wide color gamut display and color management together,
which is because we only do color management when we have wide color gamut
display. However, we would also want display that doesn't support wide color
gamut but is calibrated and is capable of managing sRGB gamut to have color
management. This means we will decouple wide color gamut display from color
management, a device can indicate that it's color managed without having wide
color gamut display and only manage color within sRGB gamut.

BUG: 111505327
Test: BUild, flash and check Natural/Boosted mode.
Change-Id: If1241ce040a6f691609d8f8d72a2d6f3141557cf
2018-08-21 15:21:54 -07:00
Jeffrey Vander Stoep
1850703a5e Merge "Revert "configstore: include crash_dump seccomp policy""
am: aeb792be28

Change-Id: I636f1db4864b0c20a113f7a82e4ecda5ee253f40
2018-06-15 10:02:44 -07:00
Jeff Vander Stoep
ca8d5c9250 Merge "configstore: include crash_dump seccomp policy"
am: 25080b1fff

Change-Id: I54535004faf8beebef7222989d025fa0b999f9a6
2018-06-13 11:16:58 -07:00
Jaesoo Lee
ff866b9b0d Merge "configstore: configstore HAL uprev'ed to 1.1" into pi-dev
am: ce7d394935

Change-Id: I610b46eb5a8d959e7ebacbc2beecb953b9e5383c
2018-05-23 18:20:47 -07:00
Jaesoo Lee
712ee82162 configstore: configstore HAL uprev'ed to 1.1
This change provides a reference implementation of the configstore HAL
v1.1.

Bug: 69691076
Test: tested on walleye-userdebug
Change-Id: I68ee224bcbda64f6fef91e8a0f95adb32d504aad
2018-05-23 15:48:36 -07:00
Sundong Ahn
b162f3f8dd Configstore HAL is down-revisioned to 1.0
Configstore was up-revisioned from 1.0 to 1.1. However no new
APIs were added to 1.1. Therefore configstore in master will be down
revisioned to 1.0.

Bug: 71555815
Test: lshal | grep configsotre
Test: "cat proc/<configstore pid>/status | grep Seccomp " return:
    Seccomp: 2

Change-Id: I65d2dc06fbe12d0c0ccc020bbd287e0b14320f2f
2018-01-04 16:15:56 +09:00
TreeHugger Robot
91d263d6a9 Merge "Fix library loading order in .mk files." 2017-11-13 20:40:38 +00:00
Martijn Coenen
b6fa3ae638 Fix library loading order in .mk files.
Test: angler boots again
Bug: 69180318
Change-Id: Id71e2348eabf5101d1fd286bbc0076154703d159
2017-11-13 19:59:54 +01:00
Steven Moreland
8db261bc99 Updating makefiles for hidl_interface.
Bug: 64487114
Test: manual
Merged-In: Ie13d9e014cf2b81c18c67f551b4644fb9f0ba812
Change-Id: Ie13d9e014cf2b81c18c67f551b4644fb9f0ba812
2017-11-13 10:00:18 -08:00
TreeHugger Robot
448beed214 Merge "configstore: reduce restrictions in prctl()" 2017-10-24 23:04:02 +00:00
Jeff Vander Stoep
41534729e5 configstore: reduce restrictions in prctl()
Prevent configstore from crash-looping due to:
/vendor/bin/hw/android.hardware.configstore@1.0-service:
libminijail[22988]: blocked syscall: prctl

Bug: 68162846
Test: Launch photos.
Change-Id: I1593ea1e03ec5f688ec7311e586178f2f952fed9
2017-10-24 10:34:46 -07:00
Elliott Hughes
2e924e753c Add sched_setscheduler to the arm64 policy.
To support pthread_attr_setinheritsched for any code that uses pthread_create.

Bug: http://b/67471710
Test: no rolling configstore crashes when booting with the pthread change
Change-Id: I5847adba36b6a5d13b7bd20f955e432c14ce78b8
2017-10-20 17:52:00 -07:00
Steven Moreland
f390f03aa4 Update for Soong-only makefiles.
Test: pass
Bug: 33420795
Change-Id: Ibec6d1e38939b9e7566a96381439be2aac3bf8ca
2017-10-11 18:30:28 +00:00
Steven Moreland
3788a7321f Update makefiles for hidl-adapter (2/2).
Bug: 37518178
Test: none
Change-Id: I77fe67964f89da8b66aeb8df6d424de0f8689f8d
2017-09-27 08:55:47 -07:00
Jeff Vander Stoep
19eb208a45 Merge "Allow clock_gettime syscall for logging" into oc-mr1-dev am: 3816306137
am: 9942d5e495

Change-Id: I2e81116a46a7025f2cb15e696a155a3320b19471
2017-09-14 06:00:39 +00:00
Jaekyun Seok
81104ae5ef Add 'vendor.' prefix to a vendor HAL service name
To prevent property name collisions between properties of system and
vendor, 'vendor.' prefix must be added to a vendor HAL service name.
You can see the details in http://go/treble-sysprop-compatibility.

Test: succeeded building and tested on a walleye device
Bug: 36796459
Change-Id: I4e8fbee791ec917a8f627a1366f4d44ec7e6febc
2017-09-12 08:01:42 +09:00
Sundong Ahn
169eeecb08 Configstore HAL is down-revisioned to 1.0
Configstore was up-revisioned from 1.0 to 1.1. However no new
APIs were added to 1.1. Therefore configstore in mr1 will be down
revisioned to 1.0.

Bug: 64999074
Test: lshal | grep configsotre
Test: "cat proc/<configstore pid>/status | grep Seccomp " return:
    Seccomp: 2
Change-Id: Ia2614439cd620fbe5fbd427571ab55a15089cc47
2017-08-25 17:05:29 +00:00
Jeff Vander Stoep
f378b7ffe2 configstore: Allow syscalls needed by crash_dump
Information such as tombstones and callstack are important when
debugging why a process crashed. configstore's seccomp filter
and selinux policy are currently overly strict and are blocking
the collection of crash data.

In order to keep configstore's sandbox as strict as possible, use
Crash_dump's fallback mechanism to collect crash data. This uses a
local socket to send crash data to tombstoned.

Bug: 64768925
Test: killall -ABRT android.hardware.configstore@1.1-service
    Verify that configstore callstack gets dumped to logcat.
    Verify that a crash tombstone gets recorded to /data/tombstones
Test: proto_fuzzer runs without crashing

Change-Id: I3c3e13d6aa1c1e2dda2a619dfa815375ee7ebff6
(cherry picked from commit 60ced29112)
2017-08-23 21:22:07 -07:00
Jeff Vander Stoep
60ced29112 configstore: Allow syscalls needed by crash_dump
Information such as tombstones and callstack are important when
debugging why a process crashed. configstore's seccomp filter
and selinux policy are currently overly strict and are blocking
the collection of crash data.

In order to keep configstore's sandbox as strict as possible, use
Crash_dump's fallback mechanism to collect crash data. This uses a
local socket to send crash data to tombstoned.

Bug: 64768925
Test: killall -ABRT android.hardware.configstore@1.1-service
    Verify that configstore callstack gets dumped to logcat.
    Verify that a crash tombstone gets recorded to /data/tombstones
Test: proto_fuzzer runs without crashing

Change-Id: I3c3e13d6aa1c1e2dda2a619dfa815375ee7ebff6
2017-08-18 13:51:43 -07:00
TreeHugger Robot
b5a807de3a Merge "configstore: sandbox with seccomp filter" into oc-mr1-dev 2017-08-11 16:40:06 +00:00
Steven Moreland
6da35570df Updating all makefiles.
Bug: 64487114
Test: none
Change-Id: I8608c8f636c35f21e4246a805a9eff6d14124e0a
2017-08-10 23:43:46 +00:00
Tri Vo
2b2ba2fa83 Merge "VTS tests now static link to HAL def libs. #2" into oc-mr1-dev am: 2883486706
am: a6969cdd68

Change-Id: Iecd7cfd4e02aea837647e2f12446e7375744f004
2017-08-10 18:38:53 +00:00
Tri Vo
0c2ce357b1 VTS tests now static link to HAL def libs. #2
And use VtsHalTargetTestDefaults.

Bug: 64040096
Test: crop out all non-affected tests from vts-hal-hidl.xml and run
vts-tradefed run commandAndExit vts-hal-hidl --skip-all-system-status-check 
--skip-preconditions
2 failures, same as without this change:
GatekeeperHidlTest.DeleteAllUsersTest
GatekeeperHidlTest.DeleteUserTest

Change-Id: I8f6995e9536a9aefe283ee3effec9f5a7f03b620
2017-08-10 17:44:57 +00:00
Jeff Vander Stoep
03253b48c9 configstore: sandbox with seccomp filter
Configstore HAL is accessible to third party apps and thus requires
a tight sandbox that reflects the limited system access this HAL
needs.

We use two primary mechanisms to sandbox configstore, selinux and
seccomp, with the goal of restricting its access to userspace and
the kernel. The addition of a seccomp filter is primarily aimed
at reducing the kernel's attack surface that is reachable by
configstore HAL.

Seccomp filters are architecture dependent, so filters need to be
added for each architecture. This change adds a seccomp filter for
arm64 and issues a non-fatal runtime warning for other architectures
which still require a seccomp filter.

Bug: 36453956
Test: boot Marlin and Angler. Verify that configstore is not aborting
    due to seccomp violations.
Test: "cat proc/<configstore pid>/status | grep seccomp " returns:
    seccomp: 2
    Which indicates that configstore is using seccomp-bpf.

Change-Id: Iab014ff357b7329085a5e18a92f51838d2c72371
(cherry picked from commit ed95043d64)
2017-08-10 10:34:08 -07:00
TreeHugger Robot
cf3dd6faed Merge "configstore: sandbox with seccomp filter" 2017-08-07 21:07:57 +00:00
Justin Yun
723c2dbd43 Update make file for vndk enabled. am: 608d773ef8
am: d66371512c

Change-Id: I35b778c39c2349346278deb6dea56b8cd3701f7d
2017-08-05 02:17:38 +00:00
Justin Yun
608d773ef8 Update make file for vndk enabled.
Update the Android.bp generated with hidl-gen.

Test: build with and without BOARD_VNDK_VERSION=current
Bug: 63866913
Change-Id: I1a9db1df49e0f13c5790da2b118ae9ec63ba34a7
2017-08-04 14:12:23 +09:00
Steven Moreland
6ae7aad171 Update makefiles (frameworks.jar).
Test: links at runtime and buildtime
Bug: 35771640
Change-Id: Ic7a71653d659115205e5bdbb782f73b774af0b29
2017-08-03 23:02:46 +00:00
Tri Vo
f5d136c231 Update Android.bp HIDL makefiles
Allow HAL definition libs to be static.

Bug: 32920003
Bug: 64040096
Test: update-all-google-makefiles.sh
Change-Id: I1483d572bea6799717d1614fb7d52fe225e31104
2017-08-03 00:30:01 +00:00
Jiyong Park
e786494ff3 Remove TODO comment for configstore threadpool size
No problem with current configuration has been reported.

Bug: 34857894
Test: not required
Change-Id: Ie23b234eccb2707323032e37b27b387eb96918e5
2017-07-14 10:53:26 +09:00
Jeff Vander Stoep
ed95043d64 configstore: sandbox with seccomp filter
Configstore HAL is accessible to third party apps and thus requires
a tight sandbox that reflects the limited system access this HAL
needs.

We use two primary mechanisms to sandbox configstore, selinux and
seccomp, with the goal of restricting its access to userspace and
the kernel. The addition of a seccomp filter is primarily aimed
at reducing the kernel's attack surface that is reachable by
configstore HAL.

Seccomp filters are architecture dependent, so filters need to be
added for each architecture. This change adds a seccomp filter for
arm64 and issues a non-fatal runtime warning for other architectures
which still require a seccomp filter.

Bug: 36453956
Test: boot Marlin and Angler. Verify that configstore is not aborting
    due to seccomp violations.
Test: "cat proc/<configstore pid>/status | grep seccomp " returns:
    seccomp: 2
    Which indicates that configstore is using seccomp-bpf.

Change-Id: Iab014ff357b7329085a5e18a92f51838d2c72371
2017-07-12 12:58:01 -07:00
Jae Shin
6e3ec61aab Add structural test VtsHalConfigstoreV1_1Target
Add vts test module for configstore@1.1

Test: make vts -j40 && run commandAndExit vts -m
VtsHalConfigstoreV1_1Target
Bug: 63071317

Change-Id: I405f4409bc2ac4acdf07728b950ba9b653eb3328
2017-07-03 13:47:11 +09:00
Steven Moreland
f04fdeb83e Update internal makefiles.
These makefiles are not in dev topic branches
or AOSP currently so they were not updated. This
update adds hidl-generated-module defaults.

Test: pass
Change-Id: Ie52c54877d795bf5358aa600e6d1a13a4f166d25
2017-06-05 17:47:36 -07:00
Jaesoo Lee
812e85e126 configstore: configstore HAL is up-revisioned to 1.1
This change provides a reference implementation of the configstore HAL
v1.1.

Bug: 37727469
Test: Built sailfish-userdebug and configstore-1.1 works
Change-Id: I75e7fd1da8e90ae48d779a3ba28957c5a93a5529
2017-05-17 15:30:17 +09:00