Children of processes that use SocketListener should not be able
to stop the SocketListener.
Test: builds, boots
Test: atest libsysutils_tests
Test: atest --test-mapping system/netd
Change-Id: I64898d9966f62004468b8e8a43b59be4a81a8cc4
charger needs to suspend the device when the power goes away
when it doesn't have root. These two files are marked with
group system, user system, mode 0600 in 'on boot', but
it is not executed in charger. Hence, move these actions
to 'on init'.
Test: no failure in libsuspend in charger
Bug: 129138950
Change-Id: I787b935b4ff6177601329aeedccdac361b119ca3
Merged-In: I787b935b4ff6177601329aeedccdac361b119ca3
In an effort to ensure that our development community does not
introduce new code without corresponding SELinux changes, Android
closely monitors the number of SELinux denials which occur during
boot. This monitoring occurs both in treehugger, as well as various
dashboards. If SELinux denials are dropped during early boot, this
could result in non-determinism for the various SELinux treehugger
tests.
Introduce /system/bin/auditctl. This tool, model after
https://linux.die.net/man/8/auditctl , allows for configuring the
throttling rate for the kernel auditing system.
Remove any throttling from early boot. This will hopefully reduce
treehugger flakiness by making denial generation more predictible
during early boot.
Reapply the throttling at boot complete, to avoid denial of service
attacks against the auditing subsystem.
Delete pre-existing unittests for logd / SELinux integration. It's
intended that all throttling decisions be made in the kernel, and
shouldn't be a concern of logd.
Bug: 118815957
Test: Perform an operation which generates lots of SELinux denials,
and count how many occur before and after the time period.
Change-Id: I6c787dbdd4a28208dc854b543e1727ae92e5eeed
procrank currently fails if a process gets killed while it is reading
the stats. This behavior is a regression from the previous version of
procrank and is often undesired.
Change procrank to silently ignore the process if it detects that it had
been killed while reading the stats. If the process is still around,
then print a warning about it and continue to read stats for other
processes in the system.
Bug: 130177765
Test: Tested by deliberately killing specific process in ProcessRecord()
constructor
Change-Id: I701808c3226bb9b3a350ccf8e67fb29b59b0d4e0
Signed-off-by: Sandeep Patil <sspatil@google.com>
This change allows specifying additional avb keys to verify a fstab
entry. It can be used together with the original 'avb' flag. When both
'avb' and 'avb_keys' are present, it will try to use avb_keys to verify
this partition and extract the AVB descriptor from the end of it first.
When avb_key fails, it falls back to searching the AVB descriptor in the
built-in /vbmeta (and its chained partitions) with the matched partition
name.
An example of a fstab file:
system /system ext4 ro,barrier=1 wait,slotselect,avb=vbmeta,logical,first_stage_mount,avb_keys=/avb/gsi.avbpubkey
vendor /vendor ext4 ro,barrier=1 wait,slotselect,avb,logical,first_stage_mount
The overhead of adding an additional 'avb_keys' should not be significant,
as the typical size of a AVB Hashtree descriptor for /system is usually
less than 1000 bytes. e.g., on crosshatch, it's about 600 bytes, which
takes less than 1 millisecond for the following call to return failure.
auto avb_standalone_handle = AvbHandle::LoadAndVerifyVbmeta(*fstab_entry);
We also checked the time spent on init's first stage on crosshatch, with the
following CL to set ro.boottime.init.first_stage. The testing result
shows no significant difference between them as well.
https://android-review.googlesource.com/c/platform/system/core/+/934536
With an additional avb_keys entry for /system
[ro.boottime.init.first_stage]: [728]
[ro.boottime.init.first_stage]: [720]
[ro.boottime.init.first_stage]: [722]
Without an additional avb_keys entry for /system
[ro.boottime.init.first_stage]: [730]
[ro.boottime.init.first_stage]: [728]
[ro.boottime.init.first_stage]: [725]
Bug: 124491153
Test: boot a device with above fstab settings
Change-Id: I0c81f816efb0dd40c93da2df304f2e215df9d105
As raw protocol does not allow for splitting err - it has to be redirected to inout.
Before this change it was not done for in-process and all err data was lost.
Bug: 130086616
Test: manual + atest adbd_test
Change-Id: I6cd11c940673d73e2993a6eb23c46d31bd8bf504
Somehow the code was still including this include from libbacktrace.
I think the libbacktrace include directory was coming from some
transitive includes. I verified that nothing in debuggerd is using
the libbacktace.so shared library.
Bug: 120606663
Test: Builds, unit tests pass.
Change-Id: I85c2837c5a539ccefc5a7140949988058d21697a
config the shutdown timer via the property system
for vendor customize.
Bug: 129599884
Test: setprop ro.product.charger.unplugged_shutdown_time 5000
getprop ro.product.charger.unplugged_shutdown_time
5000
dmesg:
charger: [371812] device unplugged:
shutting down in [5000] (@ 421812)
Change-Id: Ifa377cdb8e100c453346522a3eb93379fd7e2567
Signed-off-by: John Zhao <yuankuiz@qualcomm.corp-partner.google.com>
Also, print key id in padd/add like keyctl(1). This makes local
debugging and integration test easier.
Test: run all commands manually in shell, see expected output
Bug: None
Change-Id: I6be6ea9e273e80e7d5848da5cf348da8308a62c1
Vendor must be a logical partition and boot must not be a logical
partition.
Test: fuzzy_fastboot --gtest_filter=*Logical*
Bug: 117220134
Change-Id: Ifc6f2f715ca92cd1fe779e8fce2d6a10a1f140b9
converting from a size_t to a uint8_t results in a loss of precision,
which triggers ubsan's implicit-unsigned-integer-truncation checker.
Make the conversion explicit.
This change allows the ziparchive-tests to pass with ubsan enabled.
Test: atest ziparchive-tests
Test: compiles and boots
Bug: 122975762
Change-Id: I63f28b58f1ca1f4c57323494cb1f4a41e0f34fba
Although ubsan's implicit-unsigned-integer-truncation sanitizer may be
happy, this code still performs an implicit conversion from a wider
width data structure to a narrower width data structure. Rather than
masking the bits, make the conversion explicit. This keeps ubsan happy
as well as addressing a -Wconversion warning.
This change addresses comments from the post-submit review
of a4e5433660.
Test: compiles and boots.
Bug: 122975762
Change-Id: I1fa6d6f8a6fcfb93ba9916b7d2b3564ca1d8caf3
Add a new ashmem_init function that only dlopens libashmemd_client.
This allows the library to be preloaded in the zygote.
Test: boots, works
Bug: 129543489
Change-Id: Ie106791edf381654f085203c266c9f9c0df35cfc
