To quickly answer the question of "how much data is a UID using?" we
need a GID range to label files on external storage, similar to
the GID ranges already defined for cached and shared data.
Also define a new GID that will be used to label the OBB files shared
between all users under /data/media/obb.
Test: builds, newly added tests pass
Bug: 34263266
Change-Id: I16fb7d166c3dcdeafbf477162d191d3b73ae8ac2
The following files will be loaded additionally.
- /odm/default.prop and /vendor/default.prop for default props.
- /odm/build.prop for build props.
The props files must follow the following priority order.
- /default.prop > /odm/default.prop > /vendor/default.prop
- /system/build.prop > /odm/build.prop > /vendor/buid.prop
Test: tested default/build prop files with enabling early mount, but
didn't test files of odm partition because odm partition doesn't
exist now.
Bug: 34116668
Change-Id: I946d076dae38f2288865dd986fb16d801d4abcc0
Remove debuggerd in favor of a helper process that gets execed by
crashing processes.
Bug: http://b/30705528
Test: debuggerd_test
Change-Id: I9906c69473989cbf7fe5ea6cccf9a9c563d75906
Some of Android componets e.g. init have migrated to use base/logging to get rid
of klog utilities. However, without explicit initilization, the default
klog_level is set to 3 which masks the logwrap output.
This patch sets default klog_level to KLOG_INFO_LEVEL to make
android_fork_execvp_ext log available.
Bug: 34256270
Test: manual
Change-Id: Ibe74707a92c954053cd0e6828a984fbd72b4acae
Enforce that the only API for reading properties is through the property
server, not by reading the (system|vendor|rootfs) *.prop files.
Test: Device boots and no property errors.
Change-Id: Ibb6ed4e74a80cac00010c707d7574f8e92fc6448
To support upcoming disk usage calculation optimizations, this change
creates a new GID for each app that will be used to mark its cached
data. We're allocating these unique GIDs so that we can use
quotactl() to track cached data on a per-app basis.
This change also tightens up the implementation of both the cache
and shared GID calculation to ensure that they stay inside the valid
ranges, and includes tests to verify.
Test: builds, boots, tests pass
Bug: 27948817
Change-Id: Ie4377e5aae267f2da39a165888139228995987cb
The SO_RCVBUFFORCE option requires the caller of uevent_create_socket()
to have net_admin capabilities.
Set platform default rcv/snd buffer sizes to 256kb that will always be
overridden by the device/target. However, it will allow
ueventd / healthd to use the uevent_create_socket() API w/o requiring
the net_admin capability.
Note: All devices override the buffer sizes according to the technology
maximum to at least ~8MB. So, the init.rc change here is to make sure
platform code can work w/o any overrides.
Test: no SELinux failures for healthd with 'net_admin' removed.
Bug: https://b/32733887
Change-Id: Ida346468cd550ad07901bf3a78ad508939849906
Signed-off-by: Sandeep Patil <sspatil@google.com>
Respect "android" and "not_windows" (linux + darwin). This
means the string test and control support routines were not
being tested on android.
Test: gTest libcutils_test
Bug: 32450474
Change-Id: I9505fefeb0a4a8c5b54aa637812b4f3c07c2893c
Surprise surprise, MAC sdk build has F_GETFD & not TEMP_FAILURE_RETRY.
Revert code to original form with the three alternatives for all OSii.
Test: Build
Bug: 32450474
Change-Id: Ia7361d8107675a620968d8395c5e2351ad364d29
files.[h|cpp] is bound to be abused with junk, replace with
android_get_control_file.[h|cpp]. Plus some sundry cleanup.
Test: gTest libcutils-tests, logd-unit-tests, liblog-unit-tests,
logcat-unit-tests and init_tests
Bug: 32450474
Change-Id: Ibd4a7aa4624ea19a43d1f98a3c71ac37805d36b5
- Neuter SOCK_NONBLOCK and SOCK_CLOEXEC if they are not defined.
- F_SETFL O_NONBLOCK after socket() call.
- Correct environment reference (we recently changed handler to
replace non-ascii and non-numericals with '_' for env tag).
Test: libcutils_test32 --gtest_filter=SocketsTest.android_get_control_socket
Bug: 32450474
Change-Id: I409a8c2c78e5f057af5fd6251cbd8657018be22b
Add CAP_SYSLOG, CAP_AUDIT_CONTROL and CAP_SETGID, set
uid and gid to AID_LOGD, and permissions user and group
read and execute only.
Fix up indents for in table for clarity.
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Manually inspect owner and group for /system/bin/logd
Bug: 32450474
Change-Id: I5183ab200dbcd13efb0727cb91db5b12018ae804
Solve one more issue where privilege is required to open a file and
we do not want to grant such to the service. This is the client side
of the picture, init is the server. The file's descriptor was placed
into the environment as "ANDROID_FILE_<path>" where non-alpha and
non-numeric characters in the <path> are replaced with _ and this
function picks the file descriptor up.
Added definition ANDROID_FILE_ENV_PREFIX ("ANDROID_FILE_") and
android_get_control_file() prototype in a new include <cutils/files.h>
android_get_control_file() checks if the resulting file descriptor is
valid, open and matches the name reference, which on purpose will fail
if a symbolic link is in the path rather than using a fully qualified
path. Add gTest unit test for both.
Test: gTest libcutils_test --gtest_filter=FileTest.android_get_control_file
Bug: 32450474
Change-Id: I2d0310a1727f1e393a00d9fc7e6cf5d028f27905
android_get_control_socket() checks if the resulting file descriptor
is valid, open and matches the socket bound name reference, which on
purpose will fail if a symbolic link is in the path rather than using
a fully qualified path. If there are any non-alpha and non-numeric
characters in the name, they are replaced with _. Add unit test.
Test: gTest libcutils_test --gtest_filter=SocketTest.android_get_control_socket
Bug: 32450474
Change-Id: I27a6419012033ef8bd6ca04f3e479d01264d8c49
The webview_zygote is a non-root zygote process that creates isolated_app
children for rendering web content. It needs:
- CAP_SETUID and CAP_SETGID to change the UID of the new child process.
- CAP_SETPCAP to clear the capability bounding set after forking.
Test: m
Test: angler boots
Bug: 21643067
Change-Id: I986fa04be54e812f5dd2afa14e5d2d3e474e2b10
Add netlink permissions for the new wifi HAL daemon name.
Bug: 31821133
Test: Compiled and ensured that the permission denials are no longer
present in logs.
Change-Id: If939df4760d9f7e85f0f134617d3a79030e09347
Point to log/log.h where necessary, define LOG_TAG where necessary.
Accept that private/android_logger.h is suitable replacement for
log/logger.h and android/log.h.
Correct liblog/README
Effectively a cleanup and controlled select revert of
'system/core: drop or replace log/logger.h' and
'system/core: Replace log/log.h with android/log.h'.
Test: compile
Bug: 30465923
Change-Id: Ic2ad157bad6f5efe2c6af293a73bb753300b17a2
* changes:
fs_mgr: use __android_log_is_debuggable()
adb: use __android_log_is_debuggable()
debuggerd: use __android_log_is_debuggable()
logd: use __android_log_is_debuggable()
libcutils: use __android_log_is_debuggable()
