This gives us two benefits:
- Better compatibility to keyctl(1), which doesn't have "dadd"
- Pave the way to specify key's security labels, since keyctl(1)
doesn't support, and we want to avoid adding incompatible option.
Test: See keys loaded in /proc/keys
Bug: 128607724
Change-Id: Ia45f6e9dea80d037c0820cf1fd2bc9d7c8bb6302
Allow having properties in 'file' option of a service.
Test: boots (sanity)
Test: lpdumpd
Bug: 126233777
Change-Id: I55158b81e3829b393a9725fd8f09200690d0230f
If the path to android_get_control_file is a symlink, the final sanity
check will fail that the fd does not have the same path as the given
file. We can't expect callers to readlink() because this would change
the environment key. Instead, try to call realpath on both paths.
Bug: 126233777
Test: lpdump
Change-Id: I0df10d7dbe3e572b8335faad812e5cd80bff1733
AsynchronousCloseMonitor is moved into libandroidio by
r.android.com/910073 and so libjavacore no longer needs to
be linked to the conscrypt namespace.
Bug: 123744297
Test: m && flashall
Test: atest CtsLibcoreOkHttpTestCases
Test: atest CtsLibcoreTestCases
Change-Id: Id720b59e4ef42a2c0226b497a1cc3c54f7a837d0
This avoids a race between destruction on process exit and concurrent
access from another thread.
Bug: 129023204
Change-Id: Iecafa67a78e2cce53687156e7f91547b4a23ec13
The process of determining whether or not to emit a safetynet error
entry while processing a malformed file relies on addition overflow.
Since this is only logging, and logging which isn't used, delete the
code instead of trying to fix the logic which is causing the integer
overflow.
This change is necessary to enable integer sanitization on this code.
Somewhat related to Bug: 122975762
Test: atest ziparchive-tests
Change-Id: I6b41ccf7881348cb4e5236324eaa44a05662a725
Attempting to shift a uint8_t which has the top bit set results in a
value outside of the range allowable for a uint8_t. The process of
converting this value back to a uint8_t triggers ubsan's
implicit-conversion sanitizer.
Ensure the high order bit is stripped before shifting, so that the
shifted value fits into the allowable uint8_t range.
This change is necessary to enable integer sanitization on this code.
Somewhat related to Bug: 122975762
Test: atest ziparchive-tests
Change-Id: I940c8b2828ac88348d80f731274b990e35de6631
Only Netd and Logd use FrameworkListener currently.
Run realted test to ensure anything are still fine.
Bug: 126307309
Test: built, flashed, booted
system/netd/tests/runtests.sh pass
atest CtsLogdTestCases
Change-Id: Iacd0cc13f23f457a0868a8a706080c3edc9a3cbd
Bug: 126230649
Bug: 127953521
Test: GSI boots when installed to sdcard on hikey960
GSI boots when installed to /data/gsi
Change-Id: Id59926ebe363939c8c5745bb1bf5bd13722dae7e
SIGBUS shouldn't happen, since all of the regions being walked
were previously read out of /prod/pid/maps, but it seems to happen
rarely. Catch it so it can produce a better log message.
Bug: 128983715
Test: atest memunreachable_test
Change-Id: I82d3941a382a0451c0dda12f5eb849ad8d697bc9
The code in libziparchive has lots of questionable looking but not
obviously wrong integer operations. In order to shake out integer bugs
in libziparchive (for example, commit
1ee4892e66 from bug 31251826) and provide
protection against security bugs, enable some integer sanitization
options in libziparchive.
Bug: 122975762
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=941802
Test: device boots and no obvious problems.
Change-Id: I215d81892a6eff12d692648c69a03e8200b334d7
* Scan memory in a non-sanitized function.
* Don't scan hwasan shadow mappings.
Shadow is ~33G and never contains any heap pointers. The scan takes
about a minute on my device.
Bug: 112438058
Test: memunreachable_test with SANITIZE_TARGET=hwaddress
the test still fails, but now there are no hwasan reports or new
tombstones, and it completes in less than a minute
Change-Id: Ibe4811c67609ca9fe317edc250993b915570a638
Previously we only installed the gatekeeper.trusty.so library, which is
insufficient to actually start Gatekeeper. We now also install the -impl
and -service wrappers.
Bug: 127700127
Test: Gatekeeper 1.0 VTS with Trusty running
Change-Id: Idd8d6a4e1e409c2a712dddfd92d5f9cf6b16b50c
The code section is already marked as to be removed, simply suppress
the -Wstring-plus-int warning.
Test: m checkbuild
Bug: 128878287
Change-Id: I95a03aca90dbb5d27db49f5baf534cbaacf9b830
Allow disabling ro.adb.nonblocking_ffs via an ro system property, which
gets overridden by the currently supported persist.adb.nonblocking_ffs.
Bug: http://b/128679787
Test: mma
Change-Id: I28891d2da129e9654bf63ab8a4c330c4d2f5b336
Previously, we were initializing IoBlock::pending when submitting a read,
but leaving it uninitialized when doing a write, which would sometimes
result in an assertion firing when we received a previously allocated
block of memory that happened to have a nonzero value in pending.
Test: treehugger
Change-Id: I434c65f554ceed313fea9cfcc98788908f3ca8bc
If a process is ptraced already, we might not be able to exec crash_dump
due to selinux. Since we can be called for non-fatal events, we
shouldn't abort in that case.
Bug: http://b/128054996
Test: treehugger
Change-Id: I1442041caa7af908df2ab87b9e010c44082e7587
