This way you'll get a build time error if you make the usual mistake of
adding to the enum but not adding an entry to the array.
Also improve the unit tests, and fix get_sched_policy_name's incorrect
behavior on invalid inputs.
Bug: N/A
Test: ran tests
Change-Id: Iefcb1ec9ef66267837da7a576c8be3d0cfb16cd0
Introduce a standalone live-lock daemon (llkd), to catch kernel
or native user space deadlocks and take mitigating actions. Will
also configure [khungtaskd] to fortify the actions.
If a thread is in D or Z state with no forward progress for longer
than ro.llk.timeout_ms, or ro.llk.[D|Z].timeout_ms, kill the process
or parent process respectively. If another scan shows the same
process continues to exist, then have a confirmed live-lock condition
and need to panic. Panic the kernel in a manner to provide the
greatest bugreporting details as to the condition. Add a alarm self
watchdog should llkd ever get locked up that is double the expected
time to flow through the mainloop. Sampling is every
ro.llk_sample_ms.
Default will not monitor init, or [kthreadd] and all that [kthreadd]
spawns. This reduces the effectiveness of llkd by limiting its
coverage. If in the future, if value in covering kthreadd spawned
threads, the requirement will be to code drivers so that they do not
remain in a persistent 'D' state, or that they have mechanisms to
recover the thread should it be killed externally. Then the
blacklists can be adjusted accordingly if these conditions are met.
An accompanying gTest set have been added, and will setup a persistent
D or Z process, with and without forward progress, but not in a
live-lock state because that would require a buggy kernel, or a module
or kernel modification to stimulate.
Android Properties llkd respond to (*_ms parms are in milliseconds):
- ro.config.low_ram default false, if true do not sysrq t (dump
all threads).
- ro.llk.enable default false, allow live-lock daemon to be enabled.
- ro.khungtask.enable default false, allow [khungtaskd] to be enabled.
- ro.llk.mlockall default true, allow mlock'd live-lock daemon.
- ro.khungtask.timeout default 12 minutes.
- ro.llk.timeout_ms default 10 minutes, D or Z maximum timelimit,
double this value and it sets the alarm watchdog for llkd.
- ro.llk.D.timeout_ms default ro.llk.timeout_ms, D maximum timelimit.
- ro.llk.Z.timeout_ms default ro.llk.timeout_ms, Z maximum timelimit.
- ro.llk.check_ms default 2 minutes sampling interval
(ro.llk.timeout_ms / 5) for threads in D or Z state.
- ro.llk.blacklist.process default 0,1,2 (kernel, init and
[kthreadd]), and process names (/comm or /cmdline) init,[kthreadd],
lmkd,lmkd.llkd,llkd,[khungtaskd],watchdogd,[watchdogd],
[watchdogd/0] ...
- ro.llk.blacklist.parent default 0,2 (kernel and [kthreadd]) and
"[kthreadd]". A comma separated lists of process ids, /comm names
or /cmdline names.
- ro.llk.blacklist.uid default <empty>, comma separated list of
uid numbers or names from getpwuid/getpwnam.
Test: llkd_unit_test
Bug: 33808187
Bug: 72838192
Change-Id: I32e8aa78aef10834e093265d0f3ed5b4199807c6
Set F() capability set and 'drop' lmkd from AID_ROOT to AID_LMKD uid
and from AID_ROOT to AID_LMKD and AID_SYSTEM gid.
/dev/memcg/memory.pressure defaults to root.root mode 0000, set it up
as root.system mode 0040 to allow lmkd read access.
Instrument failure to set SCHED_FIFO.
Annotate access points that require elevated capabilities.
Test: check /proc/`pidof lmkd`/status for capability set
Test: lmkd_unit_test
Bug: 77650566
Change-Id: I986081a0434cf6e842b63a55726380205b30a3ea
Their capability bits are now specified in their associated init .rc
file, which is the proper place for this to be done.
A notice is added to guide developers away from using android_files to
give services Linux capabilities and to guide them away from adding
vendor/ entries.
Bug: 74554159
Test: BT, Wifi, Tethering work on walleye
Merged-In: I13c425d022b4f5c217587cdf601884ef44650ac7
Change-Id: I13c425d022b4f5c217587cdf601884ef44650ac7
(cherry picked from commit b5e5c56401)
Their capability bits are now specified in their associated init .rc
file, which is the proper place for this to be done.
A notice is added to guide developers away from using android_files to
give services Linux capabilities and to guide them away from adding
vendor/ entries.
Bug: 74554159
Test: BT, Wifi, Tethering work on walleye
Change-Id: I13c425d022b4f5c217587cdf601884ef44650ac7
This reverts commit 656b75c77c.
Capability bits are moving from fs_config.cpp to the associated init
scripts for daemons on /vendor.
Bug: 74554159
Test: wifi tethering works on walleye
So we can auto-generate tracing code for AIDL interfaces.
Bug: 74416314
Test: inspect atrace output
Change-Id: I91b14b3b16d8d7a29f531101b14ddf10dbc61a5a
Merged-In: I91b14b3b16d8d7a29f531101b14ddf10dbc61a5a
So we can auto-generate tracing code for AIDL interfaces.
Bug: 74416314
Test: inspect atrace output
Change-Id: I91b14b3b16d8d7a29f531101b14ddf10dbc61a5a
This process is now spawned from the main app_process zygote, rather
than being its own binary launched by init.
Bug: 63749735
Test: m
Change-Id: I87e00197e1ce64d77b4c306fcd702c6ad778b236
Now all somewhat time-consuming methods of the VibratorService
are surrounded by traceBegin/traceEnd blocks.
The vibration itself is surrounded with asyncTrace block.
Test: Run "systrace vibrator" and see the time consumption report.
Bug: 73000045
Merged-In: I94172e379354ec3418321b8151e6182cec2e886c
Change-Id: I94172e379354ec3418321b8151e6182cec2e886c
Multiple LTP tests require a "daemon" or "bin" user. These user ids
have been defined since UNIX incept, and even up to the '80s remained
in many of the tools as hard coded values. Add these two ids with
a cautionary note.
Test: compile
Bug: 31152327
Bug: 31226046
Bug: 32385889
Change-Id: Ida2fb6d817b8ada0624870439fcf848667b31fb3
For processes that start very early, atrace initialization can cause
an selinux denial, so make sure it's possible to disable it and avoid
the call to open "trace_marker".
Bug: 63927601
Test: disable atrace early in vold, ensure that selinux denial is
avoided.
Change-Id: I2422e6d0db323bc13c6d6ed1896435151fca21f7
There may be evidence of ashmem_valid(fd) reporting that the file
descriptor is an ashmem node. Increase testing of ashmem_valid(fd),
reporting that the node _is_ ashmem, to inspire confidence in the
positive result. Scan all file descriptors in the system, and for
those that pass ashmem_valid, get a non-zero size reference back.
Some clang-format-isms applied.
Test: libcutils-test --gtest_filter=AshmemTest.*
Bug: 72021458
Change-Id: I77d746b57a89a6afa1b829dddfdc4dd319f6b684
This CL will enable reading /product/build.prop and add product paths
into ld.config.txt.in.
Bug: 64195575
Test: tested with 'PRODUCT_PRODUCT_PROPERTIES := ro.product.abc=abc' on
sailfish
Change-Id: Ie996def20e25dc1afe0c74af2096af844934b2dc
Filesystems allow the setting of the "resgid" parameter to designate
a GID that is allowed to use the "reserved" disk space (in addition
to UID 0). We'll be granting this GID to critical system processes,
so that the system is usable enough for the user to free up disk
space used by abusive apps.
Test: builds, boots
Bug: 62024591
Change-Id: I2d166f3b730f0a3e7279fb40f12db7413c1dadad
We should have done this from the beginning. Thanks to Windows, we're not
going to be able to switch libbase over to std::string_view any time soon.
Bug: N/A
Test: ran tests
Change-Id: Iff2f56986e39de53f3ac484415378af17dacf26b
AID_SHARED_GID is a GID shared by a specific app across all users on
the same device. Bring the UserHandle and multiuser.c implementations
into agreement, and copy/paste the unit tests that verify that both
behave identically.
This fixes a regression where multiuser_get_shared_gid() was applying
per-user isolation when it shouldn't have.
Test: adb shell /data/nativetest64/libcutils_test/libcutils_test64
Bug: 34151068, 64548938
Change-Id: I491dd79d23a214425a68865d1d0f8269916aad4c
Just the minimial changes to get this to actually build, because otherwise
we always bog down trying to rewrite everything (when the real answer
is usually "stop using libcutils, it's awful").
This doesn't move a handful of files: two are basically just BSD libc
source, a couple have outstanding code reviews, and one can be deleted
(but I'll do that in a separate change).
I'm also skipping the presubmit hooks because otherwise clang-format
wants to reformat everything. I'll follow up with that...
Bug: N/A
Test: builds
Change-Id: I06403f465b67c8e493bad466dd76b1151eed5993
In order to replace qtaguid module with new eBPF network monitoring
module. We firstly move the current qtaguid userspace implementation
into netd and hide the detail from other processes. The current API will
talk to netd fwmark client to pass down the qtaguid related request from
high level framework and netd will use the proper method to complete the
request.
Test: Current TrafficStats CTS tests should not fail.
Bug: 30950746
Change-Id: Ie90c28f3594ab2877746b2372a1b6944768bfb18
The qtaguid kernel module will be deprecated on devices running 4.9
kernel or above and we need to support both old and new module in
userspace. Netd is responsible for choosing which kernel module to use
and all the current qtaguid native implementation need to be hided
behind it. So the current qtaguid native API implementation will be
moved to a isolate library under system/core and only netd can access to
it. The libcutils qtaguid API will become a wrapper to send request to
netd module. This modification will make sure the apps that currently
using this native API will not be broken.
Bug: 30950746
Test: All cts and vts test related should not fail.
Change-Id: I9de98a25ed5dc71bbf520ee0aadd16d59025699a
The parent change ran into an issue where enabling UBSan on an i686
build caused it to use __mulodi4.
https://github.com/android-ndk/ndk/issues/184 documents linking against
libclang_rt.builtins-i686.a, but that's not available from soong either.
Bug: 62378620
Bug: 29412086
Test: x86 builds work again
Change-Id: I730d59558aa4ed28f8a11b5393e037111e320f29
This change adds user namespace-awareness to uevent_kernel_* in
libcutils. Instead of assuming that root is always uid 0, it detects
whether the uid 0 is mapped in the current user namespace and returns
the appropriately mapped uid (or the kernel's "overflowuid" in case it
is not mapped).
In older kernels, or those where user namespaces are not enabled, this
still uses uid 0 for root.
Bug: 62378620
Test: bullhead networking still works
Test: Android in Chrome OS can now receive netlink-related messages
Change-Id: I7ea3454e8f38b9c70c65294d6b2a99e5a88f9d70
Adding functionality to bootstat --record_boot_complete and
--record_boot_reason to initialize sys.boot.reason, the canonical
system boot reason.
Filter out ro.boot.bootreason oem noise into sys.boot.reason. Add
heuristics to determine what the boot reason is, when otherwise would
be defaulting to the blunt and relatively devoid of detail catch-all
reboot reasons ("reboot", "shutdown", "cold", "warm", "hard").
boot_reason_test.sh is also a compliance test.
Test: boot_reason_test.sh all
Bug: 63736262
Change-Id: Ic9a42cccbcfc89a5c0e081ba66d577a97c8c8c76
Switch from /data/misc/reboot/last_reboot_reason to persistent
Android property persist.sys.boot.reason for indicating why the
device is rebooted or shutdown.
persist.sys.boot.reason has a standard as outlined in b/63736262 and
the associated investigation. Made adjustments to the values so that
we did not create a problem even before we started. Compliance is
part of the tests in boot_reason_test.sh.
Test: system/core/bootstat/boot_reason_test.sh
Bug: 64687998
Change-Id: I812c55a12faf7cb7ff92101009be058ad9958d07
As a VNDK-SP module, Android.bp must have 'vndk' tag as well as
'vendor_available: true'.
The 'vndk' tag for VNDK-SP formated as follows:
vndk: {
enabled: true,
support_system_process: true,
},
VNDK-SP modules will be installed both in system/lib(64) as normal
and in system/lib(64)/vndk-sp as a vendor variant.
Bug: 63866913
Test: build and boot with BOARD_VNDK_VERSION=current
Merged-In: I51fe0859f63ad58b7b91909e7d7d4206443228cd
Change-Id: I51fe0859f63ad58b7b91909e7d7d4206443228cd
(cherry picked from commit aeb68e86e4)
When Android is running in a container, ftrace trace_marker may be
disabled, e.g. Chrome OS verified mode. To enable trace, a socket is
created for everyone to send trace event.
Modify libcutils so apps using it can write trace to the socket.
To achieve this goal without touching code for normal device,
trace-container.c is created for code specific to container. Shared
code between trace-dev.c and trace-container.c is moved to local
trace-dev.h.
Note that to avoid sharing FDs across different processes, Zygote closes
FD and reopen it to /dev/null if it is a socket. Therefore, we need to
manually close FD and reopen it again after forking. This is done in
the atrace_set_tracing_enabled as Zygote also use it to clear flags
during forking.
Related change:
- http://crrev.com/2400163003 (Chromium)
- http://ag/2028075 (Android system/core)
- http://ag/1738271 (Android device/google/cheets2)
Bug: 29776474, 62410809
Test: run chrome://tracing and see data from the host side.
Change-Id: I3fe969e284b972c28e4f32f23cd948aaea61a043
The non AID_ things in android_filesystem_config.h are moved
to fs_config.h. For libcutils.vendor and libcutils_headers.vendor,
fs_config.h is not exported.
An empty system/core/include/private/fs_config.h is placed to
appease the dependency from certain modules (logd, etc.)
that includes system/core/include/private/android_filesystem_config.h
directly.
Test: m -j
Test: BOARD_VNDK_VERSION=current m -j
Bug: 63135587
Change-Id: I95dfb874a426941022b100c0ca26a0576b0f4aa3
Merged-In: I95dfb874a426941022b100c0ca26a0576b0f4aa3
This lets us redeclare property_get with diagnose_if tagged on it,
so we no longer need to deal with overloads.
Bug: 12231437
Test: m checkbuild on bullhead aosp-master.
Change-Id: Ic55dcfeaa314f83d3713aabac7852cb766330fc8
Add NOLINT comment to work around clang-tidy
error in checking macro arguments used in
type expressions.
Bug: 28705665
Test: make with WITH_TIDY=1 WITH_TIDY_CHECKS=-*,misc-macro-* \
WITH_TIDY_FLAGS=-header-filter=system/core/.*
Change-Id: I7619978c1804e151a11a8b0477e80076bcf21cab
