This change splits out the selinux initialization and supporting
functionality into selinux.cpp and splits the security related
initialization of the rng, etc to security.cpp. It also provides
additional documentation for SEPolicy loading as this has been
requested by some teams.
It additionally cleans up sehandle and sehandle_prop. The former is
static within selinux.cpp and new wrapper functions are created around
selabel_lookup*() to better serve the users. The latter is moved to
property_service.cpp as it is isolated to that file for its usage.
Test: boot bullhead
Merged-In: Idc95d493cebc681fbe686b5160502f36af149f60
Change-Id: Idc95d493cebc681fbe686b5160502f36af149f60
In debuggerd, when dumping a tombstone, run the new unwinder and verify
the old and new unwinder are the same. If not, dump enough information
in the tombstones to figure out how to duplicate the failure.
Bug: 23762183
Test: Builds, ran and forced a mismatch and verified output.
Change-Id: Ia178bde64d67e623d4f35086ebda68aebbff0c3c
Inspired by ag/2659809/, this CL add readahead built-in command in init
to let files be prefetched into pagecache for faster reading.
Readahead happens in background but due to filesystem limitation it
might take small amount of time in it reading the filesystem metadata
needed to locate the requested blocks. So the command is executed in a
forked process to not block init execution.
Bug: 62413151
Test: boottime, dumpcache
Change-Id: I56c86e2ebc20efda4aa509e6efb736bd1d92baa5
- The pc read from the eh frame binary table of pc/fde offset is off by 4.
I verified that on arm/arm64/x86/x86_64 the pc in this table matches
the fde pc_start value. I did this by adding an error if this occurred
and ran unwind_info over everything in system/lib, system/lib64, system/bin.
- Fixed unit tests for the above change.
- Fix a small bug in the processing encoded values. The high
bit of the encoding should be masked off, but I wasn't doing that. That
meant during processing of the fde, I was incorrectly returning
an error because the encoded value was unknown.
- Added a new test for this encoding change.
Bug: 23762183
Test: Build and all unit tests pass. Also, see above comments.
Change-Id: If074a410a1726392274cd72c64470ca0be48e0db
AttestKeyResponse may be larger than 4K (always less than 8K) when
attesting an RSA key. This change allows the non-secure side to read a
response that may be larger than 4K by adding an additional bit
indicating the end of a response. If a message command has the
KEYMASTER_STOP_BIT set, then the non-secure side knows that the response
has been fully read.
Test: android.keystore.cts.KeyAttestationTest#testRsaAttestation passes
with production attestation key and chain, when AttestKeyResponse is
larger than 4K.
Tested with other CTS tests when keymaster messages are smaller
than 4K, still passes.
Manual test to verify that a tipc error due to large message size is
handled correctly.
Bug: 63335726
Change-Id: I8776ba7ca70da893648e15cfa770784ab31a2cb0
service.cpp, which is part of libinit, references symbols in
property_service.cpp, which causes the linker to complain when linking
libinit.a in some situations.
Therefore, we move property_service.cpp to libinit.
Separately, this will make it easier to write tests for
property_service.cpp, which we will want to do in the future.
Test: build, init unit tests
Change-Id: If1cffa8510b97e9436efed3c8ea0724272383eba
The shared libselinux library does not export all of the symbols that
we use in init and the linker is now complaining about this, so let's
use the static libselinux library in init_tests to match init itself.
Test: build, init unit tests
Change-Id: I9011a959a7c49446b3529740e606140a4ee8c32d
Look for asan options under /data/asan so that multi-process coverage
can be enabled on a newly-started remote process without disabling
verity and without forcing it to be always-on.
Test: adb shell echo "include_if_exists=/data/asan/asan.options.%b" >>
/system/asan.options && adb shell echo
"coverage=1\ncoverage_dir=/data/misc/trace" >
/data/asan/asan.options.android.hardware.light@2.0-service && adb shell killall
android.hardware.light@2.0-service
Bug: 64019182
Change-Id: I241ad8478439323681dc1cfde2fa0770f030ae75
bootstat does not need root uid and root gid permissions to perform
its tasks. It appears that system uid and log gid are adequate and
appropriate.
Test: manual
Bug: 63736262
Change-Id: I094c2cb054e441562fa8717a4d3dc0086fb70a7a
selabel_lookup() must be threadsafe, but had failed in the past.
Bug: 63861738
Test: this newly added test
Change-Id: I78bdb8e555433e8217ac6d4be112ba91de9f03bb
This can be used to disable verity and/or verification when flashing a
build to a device. It works with both 'fastboot flashall' and
'fastboot flash vbmeta /path/to/vbmeta.img'.
Bug: 62903976
Test: Manually tested.
Change-Id: Iad22d42a9dd5befd70ecd0224803721a10a28d90
* Use const reference parameter type to avoid unnecessary copy.
* Use more efficient overloaded string methods.
Bug: 30407689
Bug: 30411878
Test: build with WITH_TIDY=1
Change-Id: Ia5a00581e718d412255d6177e5a7c286cdfbec11
Also add a comment to the GetElf function to indicate that it never returns
nullptr.
Also needed to add this library to the a million and one places that the vndk
has hard-coded this data.
Bug: 23762183
Test: Built, nothing uses the new code.
Test: However, I did run backtrace_test using this code, and all tests pass.
Change-Id: Ib270665dcb7a7607075e36d88be76dbde6e2faa8
(cherry picked from commit dc4104b720)
When Android is running in a container, ftrace trace_marker may be
disabled, e.g. Chrome OS verified mode. To enable trace, a socket is
created for everyone to send trace event.
Modify libcutils so apps using it can write trace to the socket.
To achieve this goal without touching code for normal device,
trace-container.c is created for code specific to container. Shared
code between trace-dev.c and trace-container.c is moved to local
trace-dev.h.
Note that to avoid sharing FDs across different processes, Zygote closes
FD and reopen it to /dev/null if it is a socket. Therefore, we need to
manually close FD and reopen it again after forking. This is done in
the atrace_set_tracing_enabled as Zygote also use it to clear flags
during forking.
Related change:
- http://crrev.com/2400163003 (Chromium)
- http://ag/2028075 (Android system/core)
- http://ag/1738271 (Android device/google/cheets2)
Bug: 29776474, 62410809
Test: run chrome://tracing and see data from the host side.
Change-Id: I3fe969e284b972c28e4f32f23cd948aaea61a043