Commit graph

33 commits

Author SHA1 Message Date
Nick Kralevich
be5e446791 introduce auditctl and use it to configure SELinux throttling
In an effort to ensure that our development community does not
introduce new code without corresponding SELinux changes, Android
closely monitors the number of SELinux denials which occur during
boot. This monitoring occurs both in treehugger, as well as various
dashboards. If SELinux denials are dropped during early boot, this
could result in non-determinism for the various SELinux treehugger
tests.

Introduce /system/bin/auditctl. This tool, model after
https://linux.die.net/man/8/auditctl , allows for configuring the
throttling rate for the kernel auditing system.

Remove any throttling from early boot. This will hopefully reduce
treehugger flakiness by making denial generation more predictible
during early boot.

Reapply the throttling at boot complete, to avoid denial of service
attacks against the auditing subsystem.

Delete pre-existing unittests for logd / SELinux integration. It's
intended that all throttling decisions be made in the kernel, and
shouldn't be a concern of logd.

Bug: 118815957
Test: Perform an operation which generates lots of SELinux denials,
      and count how many occur before and after the time period.
Change-Id: I6c787dbdd4a28208dc854b543e1727ae92e5eeed
2019-04-09 13:19:08 -07:00
Xiaoyong Zhou
cf5dbc200b install mini-keyctl to /system/bin
This CL installs mini-keyctl for fsverity

Bug: 112038861
Test: build, flash and check mini-keyctl is properly installed.
Change-Id: Ib3adc1b7c92cae28caf72544987c7f3f23eafbbc
2019-01-31 13:48:04 -08:00
Yabin Cui
af3e30d271 Add setuid/setgid capabilities to simpleperf_app_runner.
Also add simpleperf_app_runner in shell utilities.

Bug: 118835348
Test: build and boot.
Test: run simpleperf_app_runner manually.

Change-Id: I538503dabfa8ff192f4b3029206a62613eacdf32
2019-01-22 11:20:10 -08:00
Yabin Cui
1eb462ba11 Add simpleperf in system shell utilities.
This is to ship simpleperf on user device.

Bug: 118835348
Test: build.
Change-Id: Ice37fc672d4d273fff67b3ffe49f2e83929fdc9f
2019-01-17 15:28:00 -08:00
Elliott Hughes
b9c064e140 Update shell documentation for the current state of master.
Test: N/A
Change-Id: I6efdd73ef44f376820f471dcfcd8005aa1e79cb0
2018-12-05 13:08:32 -08:00
Elliott Hughes
ab08933f97 Make unzip available.
Bug: N/A
Test: N/A
Change-Id: I7f7a2e5d494536e5eb5f5e8744af224f31351c15
2018-09-04 13:33:30 -07:00
Elliott Hughes
8100d05778 Move back to BSD grep, and make it available for recovery too.
Bug: http://b/111849261
Bug: https://bugs.exim.org/show_bug.cgi?id=2294
Test: manual
Change-Id: Ia4f67b9f803c4f039d170f6d015a1bd2bb0ef23d
2018-08-01 10:35:46 -07:00
Elliott Hughes
887133101c Restore tcpdump.
tcpdump accidentally fell off the device when its Android.mk was converted
to Android.bp.

Bug: http://b/111654811
Test: builds
Change-Id: Ia49a6722b47c9017b6e573cb88f7a93f3d95db5d
2018-07-27 09:31:01 -07:00
Elliott Hughes
f9408d5cdf Revert "Switch to PCRE grep."
This reverts commit 90a018a87a.

Not a clean revert because things have changed slightly, and I'm sticking
with the egrep/fgrep shell scripts for now.

Bug: http://b/111849261
Bug: https://bugs.exim.org/show_bug.cgi?id=2294
Test: manual
Change-Id: I72ae637c84f0eb1c2b5291db73ebff1628d54110
2018-07-26 14:52:45 -07:00
Anton Hansson
a242a4ba06 Merge "Split shell_and_utilities into partition parts." 2018-06-21 07:32:37 +00:00
Elliott Hughes
0310f46e26 shell_and_utilities: update README.md.
Bug: N/A
Test: N/A
Change-Id: I972e6e06b0eedc9a16420ba8360258cfaf2d1c57
2018-06-20 15:48:28 -07:00
Anton Hansson
ca38c79622 Split shell_and_utilities into partition parts.
This allows a product to selectively include binaries for the
partitions relevant to it. For example, mainline will only include
the system copies.

Bug: 80410283
Test: make
Change-Id: I1d1d62a3c8afff19cd45388adc323587f5043243
2018-06-20 22:37:41 +01:00
Treehugger Robot
c50fe3dc54 Merge "newfs_msdos: switch to external/newfs_msdos." 2018-06-20 19:06:59 +00:00
Elliott Hughes
76858a06d0 newfs_msdos: switch to external/newfs_msdos.
Bug: http://b/29899852
Test: builds
Change-Id: Iecd80d0c64cb5eec4c76ba4bce775508ee45df49
2018-06-13 13:21:24 -07:00
Jiyong Park
011ee12b1d Shared libs are supported in recovery mode
adbd has been built as a static executable since the same binary was
copied to the recovery partition where shared library is not supported.
However, since we now support shared library in the recovery partition,
adbd is built as a dynamic executable.

In addition, the dependency from adbd to libdebuggerd_handler is removed
as debuggerd is handled by the dynamic linker.

A few more modules in /system/core are marked as recovery_available:
true as they are transitive dependencies of the dynamic linker.

This change also includes ld.config.recovery.txt which is the linker
config file for the recovery mode. It is installed to /etc/ld.config.txt
and contains linker namespace config for the dynamic binaries under
/sbin.

Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: Select 'mount /system' in the recovery mode, then `adb shell`.
$ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from
the /lib directory.

Change-Id: I363d5a787863f1677ee40afb5d5841321ddaae77
2018-06-10 08:32:24 +09:00
Tao Bao
6220400636 Update shell and utilities doc on the use of dd and grep.
We have moved away from BSD dd and grep, which is also shown in the
section for Android Q.

Test: N/A
Change-Id: I13484879e697a1cf2c8b82d7e28a167cb34c00fa
2018-06-08 12:52:56 -04:00
Elliott Hughes
4c4b30d7b7 Update shell and utilities docs.
For both P and Q.

Bug: N/A
Test: N/A
Change-Id: I85572bd71871a30c5e6761e098c0d4c63563e873
2018-05-03 11:02:07 -07:00
Elliott Hughes
90a018a87a Switch to PCRE grep.
Bug: http://b/77150016
Test: boots, manual testing
Change-Id: I377ca42ed9783edcceab4daabe43e993ef74e837
2018-04-23 17:00:54 -07:00
Elliott Hughes
9edec24a2f Document the switch to toybox dd.
Bug: N/A
Test: N/A
Change-Id: Ia1fd8a14ceb9d9e8661804a126b3818cc066b0ff
2018-04-21 10:49:17 -07:00
Elliott Hughes
0b539f3bcb Build /vendor/bin/logwrapper too.
Bug: https://issuetracker.google.com/77284669
Test: builds
Change-Id: Iaafc856f2a7441d318f7b9376caa6629e02a8e23
2018-04-11 08:28:37 -07:00
Tom Cherry
91094e06ce Reland: Add getprop to toolbox
Add a non-toybox version of getprop, so that we can interface with the
new C++ PropertyInfoAreaFile class to return property context
information.

Bug: 36001741
Test: Compared toolbox getprop results with toybox getprop
Change-Id: I4e90aa5b843cb5cfcbe85f05f23ae8e22729b26e
2018-01-10 11:26:24 -08:00
Tom Cherry
6fb3dcaa5f Add toolbox to vendor
In preparation for adding getprop to toolbox

Test: toolbox is present in vendor
Change-Id: I8f2f7f8359902e84c14cc0c4adf349475d1d7aa7
2018-01-09 13:21:01 -08:00
Tom Cherry
e69ba761a3 Revert "Add getprop to toolbox"
This reverts commit c73497e17a.

Change-Id: Id6b84c86781a6ad7b675c10f142c3daa4117ec46
2018-01-09 15:53:00 +01:00
Tom Cherry
c73497e17a Add getprop to toolbox
Add a non-toybox version of getprop, so that we can interface with the
new C++ PropertyInfoAreaFile class to return property context
information.

Bug: 36001741
Test: Compared toolbox getprop results with toybox getprop
Change-Id: I5f98f9e895d0620a2d9686bc0608490e7d9c3120
2018-01-08 12:36:44 -08:00
Elliott Hughes
3289b9c928 Merge "Add OWNERS." 2017-12-07 23:21:26 +00:00
Elliott Hughes
693d63f9cf Add OWNERS.
Bug: N/A
Test: N/A
Change-Id: Ie785058c0f5eb9b4086c98ccba6e63e3ed411b65
2017-12-07 13:30:03 -08:00
Elliott Hughes
62fc11b054 Always build awk.
Bug: http://b/69117476
Test: builds
Change-Id: I93590e942fa78d7e472f032181f72b87c57bc387
2017-12-04 09:35:43 -08:00
Elliott Hughes
d7ddf39a5a Update shell and utilities docs for O.
Bug: N/A
Test: N/A
Change-Id: I9e5acdcdd124e9d7907fe6fa51a3be290262be69
2017-09-13 20:59:25 -07:00
Colin Cross
73c2ef4b87 Remove reference to deleted gzip module
The gzip module was removed and replaced with an implementation in
toybox.  Remove the required modules reference.

Bug: 63400769
Change-Id: I032d7ddc59105b3c6fb87084983266655772756a
Test: m -j checkbuild
2017-07-06 22:33:22 +00:00
Erik Staats
0c3b1bd2a5 Add building and installing of grep for vendor.
Bug: 38240024
Test: Verified that grep is installed in /vendor/bin. See details in
testing done comment in https://android-review.googlesource.com/412061 .
Change-Id: I06007014779310bc24c65f7343111c5217ba6ff0
2017-06-15 15:04:41 -07:00
Sandeep Patil
52b20877dc shell_and_utils: add vendor shell and toybox targets
Bug: 36463595
Test: Build and boot.

Change-Id: I245d1755546fa597e941badce251c2e8293e998e
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-05-22 08:30:44 -07:00
Elliott Hughes
5a0818a633 Add a README.md about our shell and utilities.
This is definitely a FAQ, and it doesn't make sense for me to maintain
this on Google+ when I have the power to just check it in (and now have
a sensible place to do so).

Bug: N/A
Test: N/A
Change-Id: I649803ac846917a45f4b7b89cffe5b450179c479
2017-04-14 17:59:55 -07:00
Elliott Hughes
521d303582 Switch to a shell_and_utilities phony module.
(cherrypick of 8ad0e66e77c795d11e9cd5c7b576eed0da60537e.)

Bug: N/A
Test: builds
Change-Id: I700700abb4de76017a2ff811ceff19ea2ee86eb2
2017-04-03 17:14:26 +00:00