This gives search (x) permission on the parent apex data
directory /data/misc/apexdata so that directories below it
may be opened. It also gives that permission on the apex
data directories themselves.
Bug: 147848983
Test: Build & flash, check perms are correct
Change-Id: I27c4ea01602002c89d0771a144265e3879d9041a
Create KernelLibcutilsTest and add it to vts-core.
VtsKernelLibcutilsTest just run the test of libcutils_test_static
and filter-out all of the test except AshmemTest#. We can just use the
include-filter to do the same thing.
Bug: 147789274
Test: atest KernelLibcutilsTest
Change-Id: Idb5cee3596bf063c2419f1a11055a17ad3075e26
fwrite can cross windows platform to show log on terminal,
so we use it instead of WriteFdExactly.
Change-Id: I252c15a0bc72e1dbd98b7b5ec8000ecdcde16416
Signed-off-by: Junyong Sun <sunjy516@gmail.com>
verify a process frozen state by reading its frezer cgroup value and
don't consider it as loop-locked if frozen.
Bug: 145698592
Test: llkd_unit_test
Test: Manually froze a few processes and waited for llkd timeout, verifying that
no processes are killed, no reboot or ramdump occur and no llkd events are
logged.
Change-Id: Iea02cd86dbd1df0e6658d02581aa4bb9b658f107
It was failing with:
build/make/core/main.mk:2: Calling make directly is no longer supported.
build/make/core/main.mk:3: Either use 'envsetup.sh; m' or 'build/soong/soong_ui.bash --make-mode'
build/make/core/main.mk:4: *** done. Stop.
Test: system/core/bootstat/boot_reason_test.sh ota
Change-Id: I4fea25f1c09e6ec2f346b6de3749699e254ffd26
The credstore system daemon is running as an unprivileged user. This
CL adds this user and also creates a directory (/data/misc/credstore/)
where this daemon can store its data.
Bug: 111446262
Test: N/A
Change-Id: I8da2c32dd04fef797870b8a7bbc5e499bed71f9e
Historically, the syscall was controlled by a system-wide
perf_event_paranoid sysctl, which is not flexible enough to allow only
specific processes to use the syscall. However, SELinux support for the
syscall has been upstreamed recently[1] (and is being backported to
Android R release common kernels).
[1] da97e18458
As the presence of these hooks is not guaranteed on all Android R
platforms (since we support upgrades while keeping an older kernel), we
need to test for the feature dynamically. The LSM hooks themselves have
no way of being detected directly, so we instead test for their effects,
so we perform several syscalls, and look for a specific success/failure
combination, corresponding to the platform's SELinux policy.
If hooks are detected, perf_event_paranoid is set to -1 (unrestricted),
as the SELinux policy is then sufficient to control access.
This is done within init for several reasons:
* CAP_SYS_ADMIN side-steps perf_event_paranoid, so the tests can be done
if non-root users aren't allowed to use the syscall (the default).
* init is already the setter of the paranoid value (see init.rc), which
is also a privileged operation.
* the test itself is simple (couple of syscalls), so having a dedicated
test binary/domain felt excessive.
I decided to go through a new sysprop (set by a builtin test in
second-stage init), and keeping the actuation in init.rc. We can change
it to an immediate write to the paranoid value if a use-case comes up
that requires the decision to be made earlier in the init sequence.
Bug: 137092007
Change-Id: Ib13a31fee896f17a28910d993df57168a83a4b3d
4.19 kernel reported __arm64_sys_openat instead of SyS_openat, so
the test for llkd.sleep also needs to check for that as well.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 147486902
Test: llkd_unit_test
Change-Id: Ibb4b4ca45391e35fd03fcb8e7ccea01f547b76e1
As a result of commit f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7
("proc: restrict kernel stack dumps to root")
the userdebug feature where llkd can monitor for live lock
signatures in the stack traces broke.
So now userdebug variant of llkd requires sys_admin permissions.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Test: llkd_unit_test
Bug: 147486902
Change-Id: I31572afa08daa490a69783855bce55313eaed96c
Compute and print the progress percentage of the dm-snapshot devices
merging after an update is marked as successful.
All the snapshot devices are queried for their update states and all
their allocated, metadata and total sectors are summed as if the system
consists of a single big snapshot device, as well as the initial
allocated sectors to keep trace of the absolute progress. Then the merge
percentage is computed on the numbers for this fake snapshot device.
Bug: 139088917
Test: manual OTA
Change-Id: Ia9a51742105c90b7fd043f3cbf4249877def7f08
Signed-off-by: Alessio Balsini <balsini@google.com>
In case one of the cryptfs calls to vdc fails, first try a normal
reboot.
Test: manual
Bug: 135984674
Bug: 143970043
Change-Id: I5706d9cd6c3a08fa06329ffb7d141de632620e3d
