adbd has been built as a static executable since the same binary was
copied to the recovery partition where shared library is not supported.
However, since we now support shared library in the recovery partition,
adbd is built as a dynamic executable.
In addition, the dependency from adbd to libdebuggerd_handler is removed
as debuggerd is handled by the dynamic linker.
A few more modules in /system/core are marked as recovery_available:
true as they are transitive dependencies of the dynamic linker.
This change also includes ld.config.recovery.txt which is the linker
config file for the recovery mode. It is installed to /etc/ld.config.txt
and contains linker namespace config for the dynamic binaries under
/sbin.
Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: Select 'mount /system' in the recovery mode, then `adb shell`.
$ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from
the /lib directory.
Change-Id: I363d5a787863f1677ee40afb5d5841321ddaae77
downloaded apns-conf.xml will be stored in the folder
/data/misc/apns/ to make sure TelephonyProvider gets
access.
Bug: 79948106
Test: Manual
Change-Id: I4ba0596fa6523c0eb96328dbe46ead02587bd9b8
Product-specific libraries in /product/lib can be exposed to Android
apps by adding the list of the libs into
/product/etc/public.libraries-<companyname>.txt. The libs MUST be named
as lib<name>.<companyname>.so.
Bug: 73095206
Test: with taimen
mma -j and runtest.sh. The libs are all loaded in system, but not in
vendor. After reinstalling app using adb -r and reopening app, only
libraries listed in .txt are loaded
Change-Id: I7c386813c72a7b225a7f244b6c5fec4ac0660fd3
Previously on Android Things, we used a vendor public.libraries.txt
file. This cl enables us to tag our library correctly.
Bug: 78226207
Test: test app works
Change-Id: I9e69717e5968a903e84f59c1d889c8e4cf9bcc35
Ensure dropbox has the new dropbox_data_file label.
Bug: 31681871
Test: ls -dZ /data/system/dropbox
u:object_r:dropbox_data_file:s0 /data/system/dropbox
Change-Id: Ia67646f4a789155e20650c33fe4412cae7f930d2
Changes to init's behavior during early mount:
1. Mounting of tmpfs on /mnt is moved from init stage to early mount.
2. init creates /mnt/vendor used to mount vendor partitions.
3. If a device tree fstab entry for early mount specifies a mount point
under /mnt/vendor e.g. /mnt/vendor/foo, init will create
/mnt/vendor/foo mount point.
Bug: 64905218
Test: change dt fstab entry to mount persist to /mnt/vendor/persist;
mount point is created correctly, and partition is mounted in early
mount. See go/pag/1069774
Test: device boots with /mnt/vendor and previous contents of /mnt present,
and selinux label "mnt_vendor_file" is applied correctly.
Test: cts-tradefed run commandAndExit cts --skip-all-system-status-check
--primary-abi-only --skip-preconditions -m CtsAppSecurityHostTestCases
-t android.appsecurity.cts.PermissionsHostTest
Change-Id: I3739130739eadf508355c7f2531366fcaed74175
Merged-In: I3739130739eadf508355c7f2531366fcaed74175
(cherry picked from commit b511475664)
Set F() capability set and 'drop' lmkd from AID_ROOT to AID_LMKD uid
and from AID_ROOT to AID_LMKD and AID_SYSTEM gid.
/dev/memcg/memory.pressure defaults to root.root mode 0000, set it up
as root.system mode 0040 to allow lmkd read access.
Instrument failure to set SCHED_FIFO.
Annotate access points that require elevated capabilities.
Test: check /proc/`pidof lmkd`/status for capability set
Test: lmkd_unit_test
Bug: 77650566
Change-Id: I986081a0434cf6e842b63a55726380205b30a3ea
This commit adds a wildcard linker namespace link between the "vndk"
namespace and the "sphal" namespace of the system processes. This is
created for VNDK-SP-Ext to load vendor libs in "sphal" namespace.
Bug: 77249955
Test: lunch aosp_walleye-userdebug && make -j8 # runs unit tests
Test: lunch aosp_sailfish-userdebug && make -j8 # runs unit tests
Test: Create a VNDK-SP-Ext, link to vendor libs, and run it.
Change-Id: I71b0fb604a84272156aa119130c272f891847008
There has been no section in the linker config file for the binaries
under /postinstall. As a result, the binaries were run with the legacy
default config where /vendor/lib and /odm/lib are added to the search
paths. This is causing selinux denials as the binaries for OTA are not
allowed to access /vendor/lib or /odm/lib, but the dynamic linker calls
realpath(3) on the paths to canonicalize them.
Fixing the issue by letting /postinstall/* binaries to run with a
dedicated linker namespace config, where /vendor/lib and /odm/lib are
not added to the search paths. Not having the paths is okay because
he OTA binaries should not have dependency to the libs there.
Bug: 75287236
Test: do the OTA, selinux denials on postinstall_file is not shown
Test: above test should pass on wahoo, marlin and pre-treble devices
Change-Id: I49c11a0929002adfef667890c0a375c2b41054f4
This change increases the default expiration length of an SA to 1h. The
IPsec API expects that SPIs are allocated indefinitely, but potential
for instability requires that these get cleaned up automatically. As
such, the duration was chosen as a sane, but long timeout value.
Bug: 72316671
Test: Added CTS tests to enforce this behavior
Change-Id: I47aef9cea4a09da253b2ec048a8797af5fa25529
Treble system-as-root GSI needs to work on devices with and without /odm
partition. This change creates the following symlinks for devices without
/odm partition:
/odm/app ->/vendor/odm/app
/odm/bin ->/vendor/odm/bin
/odm/etc ->/vendor/odm/etc
/odm/firmware ->/vendor/odm/firmware
/odm/framework ->/vendor/odm/framework
/odm/lib -> /vendor/odm/lib
/odm/lib64 -> /vendor/odm/lib64
/odm/overlay -> /vendor/odm/overlay
/odm/priv-app -> /vendor/odm/priv-app
For devices with odm partition, /odm will be used as the mount point and
those symlinks will be hidden after mount.
Bug: 70678783
Test: boot a A/B device without /odm partition, checks those symlinks exist
Test: boot a A/B device with /odm partition, checks those symlinks don't exist
Change-Id: I4d960b52e2754f461188f3ab562c751f502046ea
This change adds some additional flags to the /config mount. This is to
reduce the number of mounts with unnecessary privileges.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {ExternalStorageHostTest,StorageHostTest}
Merged-In: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
Change-Id: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
This change adds some additional flags to /mnt. This is to reduce
the number of mounts with unnecessary flags.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {StorageHostTest,ExternalStorageHostTest}
Test: CtsOsTestCases StorageManagerTest
Test: find /mnt | egrep -v '^/mnt/runtime/(default|read|write)/emulated' | \
xargs ls -lZd # Shows no character devices or executable files
Change-Id: I54739133119d9626ebeb2ef9a1c127f7a90fa098
Since we only want to change the ro flag on / (and leave all other mount
flags alone), this can also be achieved by passing MS_REMOUNT|MS_BIND,
even if the mount is not a bind-mount.
This aims to make running Android within a user namespace easier, since
remounts without the MS_BIND flag are forbidden.
Bug: 73255020
Test: aosp_sailfish still boots
Test: rootfs on / type rootfs (rw,seclabel)
/dev/root on / type ext4 (ro,seclabel,relatime,data=ordered)
Change-Id: I2f89a8badfc467db47304c9355648e8fd8ad1272
For non-VNDK-enforced devices, libz cannot be installed in vndk-sp
to avoid CTS test failure.
Move libz to llndk from vndk-sp for generating the namespace
configuration from ld.config.vndk_lite.txt.
Bug: 73296261
Test: run android.jni.cts test on marlin/sailfish
Change-Id: I1b8b43cd87dc8dfdd2667001ae1e50d9eaedf93d
This change adds some additional flags to some mounts. This is to reduce
the number of mounts with these flags.
Bug: 73255020
Test: aosp_sailfish still boots
Change-Id: I285e6d7b3dcc19f691a3d6780e7d3a3a5d7cb3de
For strict VNDK runtime restriction, use ld.config.txt as a source
file. For treblized devices without BOARD_VNDK_VERSION, use
ld.config.vndk_lite.txt file.
Test: Build and boot on Pixel 2017 and 2018 devices.
Change-Id: Ie5b77facd4c11bc73219ecf13ad1298ac5d60d8e
Rename ld.config.txt.in to ld.config.vndk.txt and
ld.config.txt to ld.config.vndk_light.txt.
For FULL_TREBLE devices without BOARD_VNDK_VERSION, update the VNDK
library list in ld.config.vndk_light.txt with the actual VNDK list.
Bug: 69526027
Test: Build marlin/sailfish and check boot
Change-Id: Idbb0cc97d11037c1493d4739e84961297ce51dbd
Merged-In: Idbb0cc97d11037c1493d4739e84961297ce51dbd
This CL will enable reading /product/build.prop and add product paths
into ld.config.txt.in.
Bug: 64195575
Test: tested with 'PRODUCT_PRODUCT_PROPERTIES := ro.product.abc=abc' on
sailfish
Change-Id: Ie996def20e25dc1afe0c74af2096af844934b2dc
This commit links the vndk namespace of vendor processes to the default
namespace of vendor processes. allow_all_shared_libs is specified so
that VNDK extensions can link with other vendor libraries in
/vendor/lib[64].
Bug: 69824336
Test: Create a vndk-ext lib that links to vendor lib and use that
vndk-ext lib in a vendor executable.
Change-Id: Ibd3dc2e5f0f2e6ff9fc9677c6bcfcf87a1a70e50
This commit moves /{odm,vendor}/lib[64]/vndk[-sp] to vndk namespace so
that vndk extension can override vndk libs from
/system/lib[64]/vndk[-sp].
Bug: 69824336
Test: Create libutils_ext locally and it can be called from
android.hardware.nfc@1.0-service.
Change-Id: Id63e58d665fa41eda85950ee1d16fe06c35cd7d3
Traceur app is being split out of shell user. Previously it logged to
shell's bugreports directory. It no longer has access, so it needs a
new, user-friendly file location to store trace data.
Bug:68126425
Test: Traceur can write and shell can read from this directory
Change-Id: I9e344973fd43eb5699f7a848524e20b06458fb77
As we use different ld.config.txt per version, we don't need to
substitute the VNDK_VER on run time.
Remove all ${VNDK_VER} from the linker namespace configuration files.
Bug: 70603313
Test: build and boot GSI for walleye and sailfish
Change-Id: Ief8aee5c3308b2462cafaffc2423deda4e51a7bb
Mount the eBPF file system under /sys/fs/bpf to allow netd to pin and
retrieve persistent eBPF map object from the file system. It helps the
system to maintain a consistent eBPF data store when netd crashed and
restart. Mount the cgroupv2 module and use the root folder of it to
monitor network statistics through eBPF program attached.
Test: eBPF map object show up under /sys/fs/bpf after netd start.
Bug: 30950746
Change-Id: Ie475112116603798fe75a75c5a84f4bbe5b942ec
Setting up infanstructure for vendor tombstone in dir:
/data/vendor/tombstones
Wifi specific dumps will go into:
/data/vendor/tombstones/wifi
Bug: 70170285
Test: compile, run on device.
Change-Id: Ie16dd8236d9b5df19adb9818b4c62ce01e0d0b10
If BOARD_VNDK_VERSION is not defined, ro.vndk.version will not be
set. In this case, the device, is not able to use versioned
configuration files.
Check BOARD_VNDK_VERSION to append the VNDK version to the namespace
configuration files.
Bug: 71730104
Test: Check boot on both 2016 and 2017 Pixel devices.
Change-Id: I1df27c75de42a526768a156387f22a934cda6d72
In the namespace with "isolated = false", "permitted.paths" is not
used.
Bug: 71727966
Test: walleye device boot
Change-Id: I6f624be3c4e2c4070bb784632d0757408ec12db0
We recently created a new GID that can be granted to critical system
processes, so that the system is usable enough for the user to free
up disk space used by abusive apps.
Test: builds, boots
Bug: 62024591
Change-Id: Ia5af7535cc05a214f8720ac08c594c6db888597a
The odm partition will eventually be required. Prepare for this by
creating its mount point.
Bug: 37322799
Test: run cts-dev -m CtsPermissionTestCases
Change-Id: Ibd031b68dd7328c853ded401bb2690dbd6675141
Shared libraries in the directory should be dlopened with full file
paths. That was a workaround for some legacy prebuilt binaries and they
are all now fixed. Thus removing.
Bug: 70551668
Test: walleye, aosp_walleye, taimen, aosp_taimen boot to the UI
Change-Id: Ifb123b09c13f873cbefa7784e76dfe5f35575a8d
This commit extracts /system/lib[64]/vndk and /system/lib[64]/vndk-sp
into another namespace in the vendor section. This commit is necessary
because LLNDK libraries (e.g. libc or libnativewindow) may otherwise
link to the shared libraries in /system/lib[64]/vndk-sp, which may be
older than the one LLNDK libraries built with.
Test: aosp_walleye boots
Bug: 70816018
Change-Id: I6fceb0da92c978ad940af91f5efe84e673c9247e
