Commit graph

1453 commits

Author SHA1 Message Date
Treehugger Robot
a981d58972 Merge "Remove sub-includes from libcutils/threads.h" into main 2023-08-09 16:43:32 +00:00
Treehugger Robot
a28b62e0c7 Merge "Add snapuserd_ramdisk execute permission" into main 2023-08-07 18:46:33 +00:00
Tomasz Wasilczyk
d22098f65d Remove sub-includes from libcutils/threads.h
This will drop any incentive to use this header

Bug: 289414897
Test: it builds
Change-Id: I3d7f56ac027f59794cb4cf533847c5fda5529906
2023-08-03 22:16:23 +00:00
Tomasz Wasilczyk
21a0716613 Remove gettid declaration from cutils
Bug: 289414897
Test: it builds
Change-Id: I22d93406cf065c0e3c7d94e800763974d228ee21
2023-08-03 22:16:12 +00:00
Ray-cy.lee
d865493814 Add snapuserd_ramdisk execute permission
Bug: 294192189
Test: th
Change-Id: I42ff176ffb7eae0ac05e7f9cc54090c82df982b5
2023-08-02 16:27:50 +00:00
Tomasz Wasilczyk
8fe4f073c2 Add bug component to cutils
Bug: 289414897
Test: N/A
Change-Id: Ic7122e52c3847beba3891b121b723d19bf2076de
2023-07-27 10:16:05 -07:00
Hao Chen
8dad4b2b8a Merge "threads.h: avoid defining gettid on glibc >= 2.30" into main 2023-07-18 21:38:34 +00:00
Hao Chen
253445ce3a threads.h: avoid defining gettid on glibc >= 2.30
The issue in https://bugs.chromium.org/p/chromium/issues/detail?id=1182060 also
exists on glibc 2.30 and 2.31 since `gettid` was Introduced in glibc 2.30.

See https://man7.org/linux/man-pages/man2/gettid.2.html

Bug: 285204695
Test: Build
Change-Id: I7e534edf8c0a20c415232bcfffabbf2c1d6eec98
2023-07-18 19:52:19 +00:00
Kiyoung Kim
a4648c2be0 Enable ABI dump for libcutils
Enable ABI dump for libcutils, so ABI can be stabilized from any update
after official release.

Bug: 254141417
Test: abidiff intermediates found from libcutils.vendor build
Change-Id: Ic27c82b908b7836c7bc538a24202ed8adba4d048
2023-07-13 07:23:39 +00:00
Tomasz Wasilczyk
0c44d8d68d Make atrace_*_body explicitly a part of API.
Also, remove leftover atrace_set_debuggable(bool) symbol.

Bug: 289151149
Test: it builds
Change-Id: Id9fdf9451567d85b64971a6bb409336b12d3f535
2023-06-29 13:28:37 -07:00
Steven Moreland
7681f71b43 Merge "libcutils_test: static libjsoncpp" 2023-06-06 21:34:44 +00:00
Steven Moreland
40b59a61fc libcutils_test: static libjsoncpp
The 32-bit variant of libjsoncpp is not always installed
on 64-bit devices, so it must always be statically included.

We should probably collapse libcutils_test with
libcutils_test_static in the future.

Bug: 285357054
Test: libcutils_test
Change-Id: Ic84901ce5af766338b2cab07c3cf10841ba9a150
2023-06-06 17:52:39 +00:00
Edward Liaw
e2aba20f19 KernelLibcutilsTest: change test file push location
Upload files to /data/local/tests/unrestricted instead to improve data
collection in the event of a crash.

Bug: 284307085
Bug: 258819618
Bug: 199904562
Test: atest KernelLibcutilsTest
Change-Id: Iff816fd3276b24507c60eddc1bcd3f2c2184c27d
Signed-off-by: Edward Liaw <edliaw@google.com>
2023-06-02 23:39:48 +00:00
Edward Liaw
f8a9ba13f5 TEST_MAPPING: enable KernelLibcutilsTest in kernel-presubmit
Bug: 284307085
Bug: 258819618
Test: atest :kernel-presubmit
Change-Id: Ifa3427d3b7ff66d25ba58f5d16d0d62a709274a0
Signed-off-by: Edward Liaw <edliaw@google.com>
2023-05-31 17:29:17 +00:00
Maciej Żenczykowski
e37468b295 remove inprocess tethering
Test: TreeHugger
Bug: 279942846
Change-Id: Ia3a5d289cceac96d310e04fbae3588789cc859ca
2023-04-27 19:27:57 +00:00
Maciej Żenczykowski
93c9dfcd33 fix clatd permissions try 3 - this time for GSI
where stuff is apparently under /system_ext/apex/...
instead of /system/apex/...

Bug: 277646103
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I947e44af334628d82ca633546f3328319c2bac60
2023-04-18 21:09:14 +00:00
Satoshi Niwa
d385506465 flattened apex: fix clatd mode also for inprocess tethering
This is a follow-on CL for aosp/2528043

/system/apex/com.android.tethering.inprocess/bin/for-system/clatd
is bind mounted as /apex/com.android.tethering/bin/for-system/clatd
when using inprocess tethering.

Bug: 273821347
Test: `ls -l /apex/com.android.tethering/bin/for-system/clatd` on bertha
Test: Also see aosp/2528043 for how it is tested
Change-Id: Ia20165663e4ff6d9266fe601d25395816792a3f7
2023-04-12 14:35:31 +09:00
Maciej Żenczykowski
1ba94402f2 flattened apex: fix /apex/com.android.tethering/bin/for-system{,/clatd} mode
from packages/modules/Connectivity/Tethering/apex/canned_fs_config
   /bin/for-system 0 1000 0750
   /bin/for-system/clatd 1029 1029 06755
the Tethering apex mounts at /apex/com.android.tethering,
but that's a bind mount, it really lives at /system/...
in the flattened fs image.

Testing via:

aosp$ export OVERRIDE_TARGET_FLATTEN_APEX=true
aosp$ a_make_target aosp_cf_x86_phone-userdebug

$ sudo mkdir /mnt/point && sudo mount -o loop,ro /aosp/out/target/product/vsoc_x86/system.img /mnt/point && egrep /mnt/point /proc/mounts && sudo ls -dlnZ /mnt/point/system/apex/com.android.tethering/bin/for-system{,/clatd} && sudo umount /mnt/point && sudo rmdir /mnt/point

/dev/loop0 /mnt/point erofs ro,relatime,user_xattr,acl,cache_strategy=readaround 0 0

drwxr-x---. 2 0 1000 u:object_r:system_file:s0 44 Apr 11 03:12 /mnt/point/system/apex/com.android.tethering/bin/for-system
-rwsr-sr-x. 1 1029 1029 u:object_r:clatd_exec:s0 18876 Apr 11 03:12 /mnt/point/system/apex/com.android.tethering/bin/for-system/clatd

while without this patch it showed:

drwxr-x--x. 2 0 2000 u:object_r:system_file:s0 44 Apr 11 01:53 /mnt/point/system/apex/com.android.tethering/bin/for-system
-rwxr-xr-x. 1 0 2000 u:object_r:clatd_exec:s0 18876 Apr 11 01:53 /mnt/point/system/apex/com.android.tethering/bin/for-system/clatd

Test: TreeHugger
Bug: 273821347
Bug: 277646103
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9714b1e935afbe27c2eb4be3f96a9742eb752e92
2023-04-11 10:29:16 +00:00
Edward Liaw
d5ffbdfc56 sched_policy_test: set_sched_policy also set the cpuset policy as fallback
get_sched_policy uses the cpuset policy as fallback if the cpu cgroup
is not recognized.  Pixel is currently not using the cpu cgroup for
background policy due to b/208895940.

Bug: 265852986
Test: atest libcutils_test:libcutils_test.SchedPolicy#set_sched_policy -- --abi arm64-v8a
Change-Id: Ia77ace7513c48b1a14290c6ecc0222b46d6bf927
Signed-off-by: Edward Liaw <edliaw@google.com>
2023-02-01 03:06:45 +00:00
Maciej Żenczykowski
a5083ab7a7 qtaguid.cpp - improvements
Resolves a pair of TODO's, and makes a pair of error return
code paths not return null function pointers.

Note that:
  system/netd/client/NetdClient.cpp
implements this as:

int checkSocket(int socketFd) {
    if (socketFd < 0) {
        return -EBADF;
    }
    int family;
    socklen_t familyLen = sizeof(family);
    if (getsockopt(socketFd, SOL_SOCKET, SO_DOMAIN, &family, &familyLen) == -1) {
        return -errno;
    }
    if (!FwmarkClient::shouldSetFwmark(family)) {
        return -EAFNOSUPPORT;
    }
    return 0;
}

$define CHECK_SOCKET_IS_MARKABLE(sock) \
    do {                               \
        int err = checkSocket(sock);   \
        if (err) return err;           \
    } while (false)

extern "C" int tagSocket(int socketFd, uint32_t tag, uid_t uid) {
    CHECK_SOCKET_IS_MARKABLE(socketFd);
    FwmarkCommand command = {FwmarkCommand::TAG_SOCKET, 0, uid, tag};
    return FwmarkClient().send(&command, socketFd, nullptr);
}

extern "C" int untagSocket(int socketFd) {
    CHECK_SOCKET_IS_MARKABLE(socketFd);
    FwmarkCommand command = {FwmarkCommand::UNTAG_SOCKET, 0, 0, 0};
    return FwmarkClient().send(&command, socketFd, nullptr);
}

which means it *already* verifies that the passed in sockfd
is >= 0 and a socket via getsockopt(SOL_SOCKET, SO_DOMAIN),
as such the 'fcntl(sockfd, F_GETFD)' check is spurious.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I91ef68be5b0cc6b1972d514c13a76eaf834a3d5d
2023-01-26 22:39:04 +00:00
Treehugger Robot
aaa402ae6a Merge "TEST_MAPPING: add vts core lib tests" 2023-01-17 18:40:24 +00:00
Edward Liaw
51c52426f7 TEST_MAPPING: add vts core lib tests
Bug: 258819618
Test: atest :kernel-presubmit
Change-Id: I5e60c69e4f442d33a67b138314918725c6321137
Signed-off-by: Edward Liaw <edliaw@google.com>
2023-01-09 22:05:37 +00:00
Maciej Żenczykowski
e28f0ecebc Merge "qtaguid.h - remove qtaguid_setPacifier declaration" 2023-01-03 21:53:54 +00:00
Chih-Hung Hsieh
0ebbc62c63 Fix uninitialized value warnings.
* Also applied clang-format.

Bug: 263274255
Test: presubmit; make tidy-system-core_subset
Change-Id: I63149572b3e1af6ef33ce19c8d3f18b4f28a3eab
2022-12-20 11:56:40 -08:00
Maciej Żenczykowski
65d416a18f qtaguid.h - remove qtaguid_setPacifier declaration
There does not appear to be *any* implementation...

Additionally in a non-qtaguid eBPF world, this API simply appears meaningless...

cs/p:aosp-master qtaguid_setPacifier -file:system/core/libcutils/include.*/cutils/qtaguid[.]h$

finds nothing, except for:
  test/vts/specification/lib/ndk/bionic/1.0/libcutilsV1.vts

  api: {
    name: "qtaguid_setPacifier"
    return_type: {
      type: TYPE_SCALAR
      scalar_type: "int32_t"
    }
    arg: {
      type: TYPE_SCALAR
      scalar_type: "int32_t"
    }
  }

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I0b7def936920d4dacf90d6bb0a8efb7b09811c6a
2022-12-18 20:40:09 +00:00
Elliott Hughes
06a839fc77 Remove an obsolete workaround.
Bug: http://b/29412086
Test: treehugger
Change-Id: I3a61db8da234b4c150816af264d796da7dfe0af6
2022-10-18 16:31:04 +00:00
Liu Cunyuan
46ed34b68f Add riscv64 support for libcutils
Signed-off-by: Liu Cunyuan <liucunyuan.lcy@linux.alibaba.com>
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Change-Id: I3dbe6b6d79c2655ab76f48e48fd22ab72d761dfd
2022-10-12 22:16:41 +08:00
Pete Bentley
6cb61610e6 Add AID for PRNG seeder daemon.
Also adjust permissions on /dev/hw_random to allow prng_seeder group
read access.

Manual testing protocol:
* Verify prng_seeder daemon is running and has the
  correct label and uid/gid.
* Verify prng_seeder socket present and has correct
  label and permissions
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
  data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
  (e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance

Bug: 243933553
Test: Manual - see above
Change-Id: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
2022-09-26 17:50:09 +01:00
Treehugger Robot
98e474ab43 Merge "Add fdsan capabilities for native handles" 2022-09-06 22:48:31 +00:00
Brian Duddie
9f2af69d2a Add fdsan capabilities for native handles
Introduces new APIs which can be used to simplify application of fdsan
to native_handle_t usage, and applies fdsan protection to
native_handle_clone() by default.

Bug: 244214188
Test: validated alongside sensor service change to use the new APIs
Change-Id: I3be16a09c336bcbe880bdb542d5da2969c2c34d3
2022-09-02 00:44:13 +00:00
Elliott Hughes
b7475a4c3f Add the "sys" group for tests.
It's useful to have a group that shares a numeric id with Linux and
macOS. "root" doesn't count because group 0 is actually called "wheel"
on the BSDs, and macOS has "daemon" and "kmem" as its groups 1 and 2.

This lets us have toybox tar tests that have the same results on all
supported OSes without special handling.

Test: treehugger
Change-Id: I4704d6f9ada84f3065831a099b34d1c20c4c6b03
2022-09-01 00:01:04 +00:00
Florian Mayer
556b4e0f80 Promote HWASan tests to presubmit.
They have been passing and do not show significant slowdown.

Change-Id: I8f6ac751515cffd4904e10d1ec473c3a1fff60ec
2022-06-17 22:41:33 +00:00
Rubin Xu
7e14d138ae Add AID_SECURITY_LOG_WRITER
A suppplementary group to mark which app can write to the security log
buffer. Granted via android.permission.WRITE_SECURITY_LOG and checked by
logd.

Bug: 232283779
Test: manual
Change-Id: I3ad66031ab1c9eef26db0f3e8968659dfa2855cb
2022-05-24 23:34:33 +01:00
Ray Ye
6507f8adc3 Updating ATRACE_ASYNC_FOR_TRACK_END to not require a name argument
Bug: 230399626
Test: atest TraceDevTest
Change-Id: Ia1b39f55c96011a9672f4d5c8763044f849d0bb2
2022-04-28 18:18:57 +00:00
Ray Ye
399465a93e Added async trace functions with a track name argument
Bug: 221119585
Test: atest TraceDevTest
Change-Id: I48d9e858ce588e3735ddbbe14b1bd7c8f264cd83
2022-03-24 23:55:00 +00:00
Treehugger Robot
8461ca5945 Merge "Added trackName as additional argument to WRITE_MSG to handle trace messages with a track name" 2022-03-21 19:45:30 +00:00
Florian Mayer
bb015aacd0 Add libcutils to hwasan-postsubmit
Test: Run tests under HWASan.
Bug: 193568145
Change-Id: I16013b864b3cc7850f46db0163efc59a69485b8d
2022-03-18 21:38:21 +00:00
Ray Ye
9a54240aba Added trackName as additional argument to WRITE_MSG to handle trace
messages with a track name

Bug: 220499650
Test: atest TraceDevTest
Change-Id: I3f6be6b693fb6f906b90655d5d553e853c4d4411
2022-03-17 21:40:15 +00:00
Shikha Malhotra
927d9d1c68 Merge "Adding project_id ranges for internal app and cache folders." 2022-03-10 21:58:40 +00:00
Treehugger Robot
1821237a1e Merge "Reserve a UID for AID_SDK_SANDBOX" 2022-03-04 19:39:58 +00:00
Hanna Nizhnikava
4dc57edc1d Merge "Create utility method for converting sdk_sandbox_uid to app_uid" 2022-03-04 11:27:40 +00:00
Dmitri Plotnikov
8303dd695f Reserve a UID for AID_SDK_SANDBOX
Bug: 219080829
Bug: 219077358
Test: N/A
Change-Id: Iddc4e29668e7d6f2490b5d6acb9b4e5f0082d064
2022-03-03 18:03:30 -08:00
Elliott Hughes
d07d694175 Merge "Define AIDs for Weaver, Keymint and IdentityCredential applets." 2022-03-04 01:40:37 +00:00
Hanna Nizhnikava
fb78816593 Create utility method for converting sdk_sandbox_uid to app_uid
Method is needed for further use in statsd mapping process.

Bug: 217695033
Test: atest installd_service_test
Change-Id: I508a58da5f8d2e32264002db515425134d18aece
2022-03-03 21:49:43 +00:00
Nikita Ioffe
45f8837c90 Rename SupplementalProcess to SdkSandbox
Ignore-AOSP-First: code is not in AOSP yet
Bug: 220320098
Test: presubmit
Change-Id: I310feb08a903c2ee9cd544e3b9751c2e02ce5951
Merged-In: I310feb08a903c2ee9cd544e3b9751c2e02ce5951
(cherry picked from commit 6e124aac7c)
2022-03-02 16:12:41 +00:00
Samiul Islam
b18fea1abb Create utility method for calculating supplemental_uid from app_uid
Every app will now have a corresponding supplemental process associated
with it. We need an utility method to map one to the other.

Implementation details: supplemental process uid will be between range
20k-30k. As such, it will be a 10k offset from app id. See ag/16621743.

Bug: 211763739
Test: atest installd_service_test
Ignore-AOSP-First: Feature is being developed in internal branch
Change-Id: I2b6d6b086985bcb24c837eaa95a937d429d6a583
Merged-In: I2b6d6b086985bcb24c837eaa95a937d429d6a583
(cherry picked from commit 1c7acfdb67)
2022-03-02 13:29:40 +00:00
subrahmanyaman
8b83ce6186 Define AIDs for Weaver, Keymint and IdentityCredential applets.
Bug: b/222112165
Test: Run vts/cts tests
Change-Id: I2fc9144fe4a2d55bf091d8371ba2b78486b1b9c7
2022-03-02 02:35:24 +00:00
Treehugger Robot
1889a41c88 Merge "Add systrace tag for thermal" 2022-02-18 16:54:53 +00:00
Patrick Rohr
78b86ae297 Merge "Remove setCounterSet and deleteTagData support from libcutils" 2022-02-16 19:59:14 +00:00
TeYuan Wang
5ad0a9f864 Add systrace tag for thermal
Bug: 218939123
Test: build
Change-Id: Id899df349e83fa7bf4d962e88d683488632df702
2022-02-14 15:13:45 +08:00