With Treble and Mainline, each partition needs to be able to
independently define its own set of AIDs and therefore needs its own
AID range to not conflict with updates made to other partitions.
This includes the system partition in the case of vendors making
additions to it. Bionic will always have the hardcoded list of
platform AIDs in its own reserved list.
Bug: 73062966
Test: can load AIDs from partitions other than vendor
Test: bionic-unit-tests
Change-Id: I6509acc555cd28b421b9edaf3f8006bad6c56125
No one outside of libcutils is using these structs and we don't want
to leak them as they are private.
Test: build
Change-Id: I1c95564a9843c9155a333334008cbff7c7ff1f51
We replaced creating the binary fs_config files with a python script
(/build/make/tools/fs_config/fs_config_generator.py), so there are no
more users of this function, nor do we plan for there to be.
Test: build
Change-Id: I49ec7e3d22c206bc250cbda6f66a4a59e47030e9
In device root directory, we have the following symlinks:
- /odm/app -> /vendor/odm/app
- /odm/bin -> /vendor/odm/bin
- /odm/etc -> /vendor/odm/etc
...
This allows the Generic System Image (GSI) to be used on both devices:
1) Has a physical odm partition, where those symlink will be hidden
when /odm is used as the mount point
2) Has no physical odm partition and fallback to /vendor/odm/.
We can't just have the symlink /odm -> /vendor/odm, because the former
devices won't have /vendor/odm directory, which leads to mount failure
when the mount point /odm is resolved to /vendor/odm.
The existing /vendor/odm/build.prop won't be loaded in the latter
devices, because there is no symlink
- /odm/build.prop -> /vendor/odm/build.prop.
Note that init blocks reading through direct symlinks (O_NOFOLLOW) so
the above symlink won't work either. This CL moves the odm build.prop
to /odm/etc/build.prop for init to load it (symlinks in earlier
components of the path will still be followed by O_NOFOLLOW).
Bug: 132128501
Test: boot a device and checks /odm/etc/build.prop is loaded
Change-Id: I0733c277baa67c549bb45599abb70aba13fbdbcf
Merged-In: I0733c277baa67c549bb45599abb70aba13fbdbcf
Android build system added support for building translated binaries
used on natively bridged targets (arm on x86 for example).
However in order to avoid building unnecessary binaries and libraries
for such architectures most modules do not support native bridge by default.
All needed modules have to explicitly indicate if they may be used as part
of translated binary build.
This change enabled native bridge support for libcutils which is a
greylisted library (available for apps targeting Android version < N).
Bug: http://b/77159578
Test: make
Change-Id: I56fe5e11a884d22714cfc4afb78bec0a352d6370
In odm's binary files can't have executable permission.
Add default executable permission in odm/bin and vendor/odm/bin.
Previously partitions that except system, only appeared in
system partition if product haven't separated partition.
After support ODM, vendor/odm should considered.
Bug : 124465978
Test : Check each file's permission.
system/vendor/bin/* -> 0755
system/product/bin/* -> 0755
system/product_services/bin/* -> 0644
system/oem/bin/* -> 0644
vendor/odm/bin/* -> 0755
vendor/product/bin/* -> 0644
vendor/product_services/bin/* -> 0644
Change-Id: I5cee48474fceaf73853b2013d58017bd64953d86
Add a new ashmem_init function that only dlopens libashmemd_client.
This allows the library to be preloaded in the zygote.
Test: boots, works
Bug: 129543489
Change-Id: Ie106791edf381654f085203c266c9f9c0df35cfc
Use the LL-NDK library to read cgroup.rc.
As a side-effect, the CgroupController class is changed
to a wrapper of ACgroupController* from the library. The
class itself essentially becomes the pointer, and can be
trivially copied. Modify all client code for this change.
Test: builds and boots
Bug: 123664216
Change-Id: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
Merged-In: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
Hex literals have the type of the first type they fit in. The reboot
constants are large enough that that's `unsigned` rather than `int`.
Bug: http://b/76110968
Test: treehugger
Change-Id: Iac4fe61d1fe572297febf0b57e34d698942469f9
It appears Chase has fixed their app, so we no longer need to keep these
permissions relaxed.
This reverts commit 53842f8a90.
Bug: 119605322
Test: compiles and boots
Change-Id: Iba5e9ecd685eb386997a5e92638b8a1b5943ad4b
Having shared host libraries allows libraries depending on these to use
'shared_libs' for these. This simplifies configurations since these
libraries don't have to specify 'shared_libs' on all non-host targets.
Bug: 124524556
Test: build only
Change-Id: I09fb4a4fb66ea0a87cb76b1e6f400c537a11f082
If the path to android_get_control_file is a symlink, the final sanity
check will fail that the fd does not have the same path as the given
file. We can't expect callers to readlink() because this would change
the environment key. Instead, try to call realpath on both paths.
Bug: 126233777
Test: lpdump
Change-Id: I0df10d7dbe3e572b8335faad812e5cd80bff1733
Remove a superfluous check in fs_mgr, since those return values are
already impossible for a non-debuggable build. Replace a one time
call to __android_log_is_debuggable(), since there's no reason to
cache the value or use this symbol.
Test: build
Change-Id: Icd4bef7b616c49d304303747388d7e3018c6fcfc
Move tests in the same directory as the corresponding code, so it's
easier to see what is/isn't tested.
Fix naming of libcutils_tests (plural) to match the singular that's more
common (even though the plural makes more sense to me).
Add these two to system/core/'s TEST_MAPPING.
Remove obsolete AndroidTest.xml.
Fix a flaky (timing-dependent) libcutils test.
Test: ran tests
Change-Id: I7e0a31ff45c8a152562bf66fc97161594249366e
This patch adds support to make libcutils create and use memfd where
possible, instead of ashmem.
The libcutils library is made dynamic, since apps are still sending over
ashmem FDs to processes and we are working on moving those apps away
from ashmem. The best we can do for that is make the library work, and
force apps in the long run to move away from directly using ashmem.
Due to further complications mentioned in the 'NOTE' section of the
patch, memfd is kept disabled for now, so nothing changes yet. To enable
it, set the sys.use_memfd property (check user_debug build).
Bug: 113362644
Change-Id: I491cb7841b664db5b1c26b3e07a440a14810e182
Signed-off-by: Joel Fernandes <joelaf@google.com>
If libcutils is not a VNDK version and /dev/ashmem is not available,
then ask ashmemd for opened fd to /dev/ashmem.
We rely on SELinux policy to determine what's allowed to open
/dev/ashmem directly.
Bug: 113362644
Test: device boots (in selinux permissive mode)
Change-Id: I93c4fa6044b0bfa5282097c6c32139a8d8f67deb
Abstract usage of cgroups into task profiles that allows for changes
in cgroup hierarchy and version without affecting framework codebase.
Rework current processgroup and sched_policy API function implementations
to use task profiles instead of hardcoded paths and attributes.
Mount cgroups using information from cgroups.json rather than from init.rc
Exempt-From-Owner-Approval: already approved in internal master
Bug: 111307099
Test: builds, boots
Change-Id: If5532d6dc570add825cebd5b5148e00c7d688e32
Merged-In: If5532d6dc570add825cebd5b5148e00c7d688e32
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
When TARGET_FLATTEN_APEX is set to true, the APEXes are flattened
directly under /system/apex/<name>. Among them the runtime APEX carries
binaries such as linker, dex2oat and they need to be configured to be
executable.
Bug: 123684826
Test: Marlin/sailfish boots to the UI
Change-Id: I8ebe9dc4341410ff91ca2cb7cf95e21b0829c008
This reverts commit b5394db682.
Reason for revert: AOSP is fixed with new vendor image
Change-Id: Ie1a2e0200600214a65f4fe2250c903c8e8ce0a29
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Also add simpleperf_app_runner in shell utilities.
Bug: 118835348
Test: build and boot.
Test: run simpleperf_app_runner manually.
Change-Id: I538503dabfa8ff192f4b3029206a62613eacdf32
Introduce a new systrace tag, TRACE_TAG_RRO, for use with runtime
resource overlay.
Bug: 119761810
Test: builds
Merged-In: I7b883d107a9ae2b12bbda04b74001a68e2a904aa
Change-Id: I7b883d107a9ae2b12bbda04b74001a68e2a904aa
The header contained inline functions that called unimplemented code on
Windows. Enable building the implementations.
Bug: none
Test: make -j 50 checkbuild
Change-Id: I11b39e6f5c72fc000088182f3631a9f538474c42
In commit f4fc922f0b, we tightened the
permissions on various bin directories. Please see
https://android-review.googlesource.com/c/platform/system/core/+/822955
for details.
This change causes the Chase banking app to crash. This is because
the Chase app is using inotify_add_watch() on the /system/bin directory
and not checking the return value.
The Android Security model guarantees the immutability of files in
/system/bin, so the inotify watch is unnecessary.
Until the Chase app fixes their bug, we need to relax the permissions on
the /system/bin directory. Conceptually, this is a partial revert of
f4fc922f0b.
Bug: 119605322
Test: compiles
Change-Id: Ic72dd24cb27cff677093963bdfd0ae09bf132e08
Increase size of the NETLINK_KOBJECT_UEVENT socket receive buffer to
16M. Also, use SO_RCVBUFFORCE to override any limits set by
/proc/sys/net/core/rmem_max.
We had a couple of instances, where we lost critical uevent messages due
to receive buffer overflows.
Bug: 119933843
Change-Id: I6aab183aa0194e173f9175b47c6beb0835cf6675
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
