The sched_compat_yield option was eliminated in Linux 2.6.38 by commit
ac53db596cc0 ("sched: Use a buddy to implement yield_task_fair()") and
as a result, the following error is printed to the log during boot up.
init: write_file: Unable to open '/proc/sys/kernel/sched_compat_yield':
No such file or directory"
Bug: 30034121
Change-Id: Idbdb68de0cb3ab1f67d82a4d66af880bcfdfe261
(cherry picked from commit 724dfbac70)
We will store OTA packages there for both A/B and non-A/B OTAs. The
directory will be accessed by GMSCore (for both), uncrypt (non-A/B),
update_engine (A/B), update_verifier (A/B) and possibly system server
(for non-A/B OTAs to clean up half-way uncrypt'd packages).
Bug: 28944800
Change-Id: I5aa8156ec5052bd15dfadd4d8c28925d464e4401
(Cherry picked from commit 2b22a66382)
This adds a system property for controlling unprivileged access to
perf_event_paranoid. It depends on adding kernel support for
perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to
completely disable unprivileged access to perf. A minimal port of this
feature is used in the vanilla Debian kernel by default.
It hides the non-hardened value as an implementation detail, since while
it is currently 1, it will probably become 2 in the future.
Bug: 29054680
Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
The old way (using triggers) starts defaultcrypto twice because
queue_property_triggers_action retriggers the action.
Bug: 27452459
Change-Id: I48c844836f551673d0dbfed6c33bd8ee1e035f40
We create per-user directories under this location, so it should
only be created once by init, similar to all the other user-specific
directories.
Bug: 27896918
Change-Id: I9ec55e4fd763c0eda6c6e50483694a6377344586
"You are in a maze of twisty little symlinks, all alike."
Restore the /mnt/sdcard symlink, for compatibility with older Android
apps. This symlink was suppose to have been removed in the Gingerbread
time frame, but lives on.
Note: The /mnt/sdcard symlink was originally created in device specific
*.rc files in the device/vendor/hardware/* directory. This change moves
the creation of the symlink into the common init.rc file.
Bug: 25801877
Bug: 28108983
Change-Id: I2f9bf71bddffadb587d7376dfdfc8a546c84ec28
The new top level directory /postinstall is used by the A/B updater to
mount the new partition and run a post-install program before rebooting
into that new system.
init.rc was extended to label this new directory since the initrd has
no extended attributes.
Bug: 27177071
TEST=`ls -laZ /` shows the /postinstall directory on edison-eng
(cherry picked from commit bb968fb04d)
Change-Id: Iff993135c7ce3a1a0f6450892ef7382da408fd5e
cameraserver from nyc uses cameraserver as its username.
thus this change is needed for AVD (android virtual device)'s
camera HAL which is attached to cameraserver to work as that
HAL writes some files to /data/misc/media. the backward compatibility
issue should be handled as separate changes. this approach is
preferred for finer-grained security isolation.
Change-Id: If028667d62df8fcac634ff1001759c39703b00dd
Current profiles (the ones which have not been used for
compilation) are stored in /data/misc/profiles/cur/0/pkgname/.
Reference profiles (the merged of all user profiles, used for
compilation) are stored in /data/misc/profiles/ref/pkgname/.
Add a method to get the shared app gid from an uid or appid.
Bug: 26719109
Bug: 26563023
Change-Id: I89601d7dbeb3041df882c141a9127dac200a645e
libprocessgroup checks whether it can use memory
cgroups for keeping track of forked processes by
seeing whether /dev/memcg/apps is writable. However,
on systems with memory cgroups disabled, SELinux
(correctly) no longer classifies this directory as a cgroup,
and starts denying zygote access. To fix this,
first check whether /dev/memcg/apps/tasks exists to
see if the cgroup is mounted; only then check whether
we can write to the directory.
Bug: 27046965
Change-Id: I6e44cd62d8c396e20ceb162c50606b3e86f2cb3e
The Shell app that stores bugreports now lives under DE storage for
all devices, both FBE and non-FBE.
Bug: 26668510
Change-Id: Iead1dcb98181a5caccf4d0c1e86de62abc6dc990
This ensures that all users on device follow a consistent path for
setup and validation of encryption policy.
Also add remaining user-specific directories and fix linking order.
Bug: 25796509
Change-Id: I8c2e42a78569817f7f5ea03f54b743a6661fdb9c
Allows ActivityManager to use the top-app cpuset to grant the currently
focused app exclusive access to a CPU core.
Change-Id: I45bca5170477e413dec6e5889338399d0859706c
It turns out we were using the CPU accounting
cgroups for keeping track of processes that were
forked by an app without the framework's knowledge,
so we could kill all of them reliably (see b/15313911
for context).
Since we want to use memory cgroups for other purposes,
we might as well use memory cgroups for tracking forked
PIDs if they're enabled. This also gets us automatic cleanup
of empty mem cgroups.
Also, removed old mem cgroup mount point that is no
longer used, as well as cgroup release agent code that
we're not using.
Change-Id: I69d5cc31c162ffa49ef6945755f41381e306cc8b
The Linux kernel implicitly expects /dev/fd to symlink to /proc/self/fd.
This change fixes the exec/execveat.c kernel selftest.
Change-Id: Ia08d50023336fdbfc098527299c326d9d59039a9
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Mix the contents of /proc/cmdline and /default.prop
into /dev/urandom. /proc/cmdline often contains
androidboot.serialno, a device-specific unique
identifier. Similarly, /default.prop contains the
build fingerprint and timestamp, which vary between
device families.
Change-Id: I8803b38c7089b2a1217b99a7c1808b29a3b138cf
SurfaceFlinger needs some of its threads in the system-background cpuset
and some of its threads (the binder pool) outside of the
system-background cpuset in order to improve UI perf/power
consumption. Remove surfaceflinger from the system-background cpuset in
init.rc and allow a thread to place itself in the system-background
cpuset given enough permissions.
bug 25745866
Change-Id: I85f7e41c5439e6ad7cc2d355e51f5dfb3a0c7088
Changes to the way FBE works to support lifecycles mean that these
commands aren't needed any more.
Bug: 22358539
Change-Id: Id73339e0aa8070dd688f35b5d59de75236961395
