In particular, this allows services running as the root user to have
capabilities removed instead of always having full capabilities.
Test: boot device with a root service with an empty capabilities
option in init showing no capabilities in /proc/<pid>/status
Change-Id: I569a5573ed4bc5fab0eb37ce9224ab708e980451
As of Id663c5f284e3b4fc65ed8cb8c2da6bcf6542e034, the asan libs
are in the TARGET_COPY_OUT_X subpath of the /data/asan/ dir, rather
than just 'x' unconditionally.
Test: presubmit
Change-Id: I3a515791e237ad10703415ea532c7a089660d8e9
TARGET_COPY_OUT_PRODUCT_SERVICES can be equal to
TARGET_COPY_OUT_PRODUCT, in which case the ld.config
lines containing PRODUCT_SERVICES are redundant.
Test: make and diff
Change-Id: I1dc24eb49d37f1ab0faa6eecdb0ccc974321f4ac
We already know that "polling" must be non-zero at this point,
because it hasn't been modified since our check on line 1960.
So we remove this check for code clarity.
Test: TreeHugger
Change-Id: I069d9fd0eef70748a5333733dd0518d1ac8021b7
We want our default implementations to fail, but '-1' is implicitly
cast to 'true', since it's non-zero. We explicitly use 'false' to
fix this.
Test: TreeHugger
Change-Id: I369897b519601ce1a887cf6acd5f2cb9a6113a9a
This callback replaces getVendorNamespace(). Fix nativeloader
to use NativeBridgeGetExportedNamespace instead of
NativeBridgeGetVendorNamespace.
Bug: http://b/121248172
Bug: http://b/121372395
Test: make
Change-Id: I8fa2081e37815f6f65490c9536bed0687b7f1e77
Non-android targets should not mount cgroups described in cgroup map
file. When used on non-Android targets SetupCgroup will fail. When
SetupCgroup is called via SetupCgroups a warning will be generated for
each cgroup that fails to mount.
Bug: 111307099
Change-Id: I213a5f9b02f312ba1dd7dc91c89b67334fb939b9
Merged-In: I213a5f9b02f312ba1dd7dc91c89b67334fb939b9
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Non-Android build targets are missing sys/prctl.h header and functionality
should be disabled for them like it was done previously inside
sched_policy.cpp. Also make the set_sched_policy/get_sched_policy
functionality backward compatible by creating stubs for non-Android
targets.
Bug: 111307099
Test: built sdk_gphone_x86-sdk_addon_mac target using forrest
Change-Id: I1c195267e287a84a21c588bd61d7c452bff6cfbe
Merged-In: I1c195267e287a84a21c588bd61d7c452bff6cfbe
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Remove hardcoded cpuset path usage and replace it with a request to
get the path using new API.
Exempt-From-Owner-Approval: already approved in internal master
Bug: 111307099
Test: builds, boots
Change-Id: I211d093c24a682e2d1992c08e4c1d980379711a4
Merged-In: I211d093c24a682e2d1992c08e4c1d980379711a4
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Abstract usage of cgroups into task profiles that allows for changes
in cgroup hierarchy and version without affecting framework codebase.
Rework current processgroup and sched_policy API function implementations
to use task profiles instead of hardcoded paths and attributes.
Mount cgroups using information from cgroups.json rather than from init.rc
Exempt-From-Owner-Approval: already approved in internal master
Bug: 111307099
Test: builds, boots
Change-Id: If5532d6dc570add825cebd5b5148e00c7d688e32
Merged-In: If5532d6dc570add825cebd5b5148e00c7d688e32
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Add cgroups.json and task_profiles.json file to be places under /etc/ on
the device to describe cgroups to be mounted and task profiles that
processes can request. This adds additional layer of abstraction between
what a process wants to achieve and how system implements that request.
Bug: 111307099
test: builds, boots
Change-Id: If92f011230ef5d24750e184bad776f30ba226f86
Merged-In: If92f011230ef5d24750e184bad776f30ba226f86
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
With new psi monitor support in the kernel lmkd can use it to register
custom pressure levels. Add lmkd support for psi monitors when they are
provided by the kernel and use them by default. When kernel does not
support psi lmkd will fall back to vmpressure usage.
Add ability to poll memory status after the initial psi event is triggered
because kernel throttles psi memory pressure events to one per PSI tracking
window (currently set to 1sec). Current implementation polls every 200ms
for 1sec duration after the initial event is triggered.
If ro.lmk.use_psi is set to false psi logic will be disabled even when psi
is supported in kernel.
Bug: 111308141
Test: lmkd_unit_test
Change-Id: I685774b176f393bab7412161773f5c9af51e0163
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Reimplement commit ffc11d3cf3 using
fdevent. The previous attempt was reverted because we were blindly
continuing when revents & POLLIN == 0, which ignored POLLHUP/POLLERR,
leading to spinloops when the opposite end of the file descriptor was
shutdown when we had no data left to read.
This patch reimplements the functionality implemented by that commit
using fdevent, which gets us detection of spin loops for free.
Bug: http://b/74616284
Test: ./test_device.py
Change-Id: I1abd671fef4c29e99dad968aa66bb754ca382578
Add some test to verify the refcount and fd reference is correct when
the dma_buf is shared between processes.
Bug; 63860998
Test: libdmabufinfo_test
Change-Id: Id22e68e7a65820f19847b2faab11c78e6d942d92
The vulkan runtime loads drivers into the sphal namespace and relies
on them being in the sphal search path so that it doesn't have to
hardcode /vendor/${LIB}/hw.
These paths used to be allowed, but were removed by commit 2498e1b
because they were believed not to be required. Things didn't break
immediately because the vulkan runtime has a (supposed to be
temporary) fallback to hw_get_module, which loads from
/vendor/${LIB}/hw using absolute paths.
Bug: 123600276
Test: Launch Vulkan app on device with hw_get_module disabled
Change-Id: I07ac43bc9d2d877d8f427058b2d62c62d065c558
This CL installs mini-keyctl for fsverity
Bug: 112038861
Test: build, flash and check mini-keyctl is properly installed.
Change-Id: Ib3adc1b7c92cae28caf72544987c7f3f23eafbbc
