Since we're in much worse trouble if `/data/system/packages.list` is
attacker-controlled, there doesn't seem like much benefit to having
the little bit of [incomplete] range checking we had on the uid
field (by using a wider type than `uid_t` actually is), and
apparently we're now abusing `-1` to mean "apex or sdk library",
despite `uid_t` being an unsigned type.
Bug: http://b/336659478
Change-Id: I7a270eea937d21fc1d7fcda8654054210cf631fe
Tests starting failing on aarch64, so force presubmit to run the
debuggerd tests on device to close this coverage hole.
Test: Treehugger and verify tests are run on device.
Change-Id: Ie40eab35e46cefd3cebc132d9c0a3d1ebdb0d766
App metadata bundles, also known as Android Safety Labels (ASL),
contains information about the app's privacy and security practices.
This information is used to help users make more informed choices when,
for example, granting access to permissions.
ASL can currently only be preloaded on the system image or distributed
by the installer and written to a file in the app's codePath. To support
embedded ASL in APK we need to extract ASLs from APKs to a writeable
location. For non-preloaded apps we can write to the app's codePath like
the installer provided ASLs, however, we need to create a new writable
directory for preloaded apps located on read only partitions.
Bug: 336618214
Test: manual
Change-Id: I651b2dab45c3132d8467c507dc4ee304001f73f5
This change introduces a new mode to `subsystem.devname` in `ueventd.rc`
configuration files, which sets the file name to the contents of
`/sys/DEVNAME/name`.
The objective of this change is to help Cuttlefish distinguish between
console devices, which are only different in uevents by initialization
order. Cuttlefish currently relies on `/dev/hvc##` devices which are
created for non-multiport virtio-console devices.
https://cs.android.com/android/platform/superproject/main/+/main:device/google/cuttlefish/shared/config/ueventd.rc;l=18;drc=5204f119d859d3ae5f1a2ee1c6a05ee68d6a28ed
On Cuttlefish we're considering moving to multiport virtio-console
devices ( https://fedoraproject.org/wiki/Features/VirtioSerial ). It
would be possible to rely on device order here as well, but using names
to distinguish devices makes it possible to drop unused devices in the
future, rather than reserving indexes indefinitely.
Multiport virtio-console devices create uevents with DEVNAME=vport#p#
and DEVPATH=.../vport#p#, only exposing the name in a sysfs file.
Bug: 336663898
Test: Attach multiport console, run with `-DLOG_UEVENTS=1`
Test: Introduce ueventd policy using `devname sys_name`
Change-Id: I59632b556db4a47883eab97e90c0e6ca81a9c650
Upgrading to clang-r522817's new libc++ requires that <vector> be
included here.
Bug: 333165689
Test: treehugger
Flag: EXEMPT, fix build error
Change-Id: Ib9a072ddb39477b98c79879da6354557695ba350
we consume load_sequential only in libmodprobe, so remove this parameter
before sending them into kernel layer
Bug: 332435366
Test: Built and boot husky targets
Change-Id: I37e63723d3c8d4fd8ca1fda682b344a721b9a637
Signed-off-by: Chungkai Mei <chungkai@google.com>
Creating the directory /data/storage_area (which will store each user's directory
of app directories of storage areas) on startup, and adding this directory
/data/storage_area to the tmpfs mirror so it can be protected by app data isolation
in zygote.
Bug: 325121608
Test: atest StorageAreaTest
Change-Id: Ia938e89fd8b794dbcbb844b01b790db7c0a62319
When setting property with setprop, a property name which starts with
"ro." could be set no matter how long the value name is.
Change-Id: Ia035ef009952db08ae8a6d4a2b8b9567d86124fc
U requires 4.14+
V requires 4.19+
as such this is no longer useful
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I39d01cc16897c6c9174cf074e27c888bc758f1cc
which has been fully replaced by eBpf
(started in android P, finished in android S)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie38e54600a9bb01c7ecdde63d9a9256bed047f41
std::array<T, N> takes exactly N * sizeof(T) bytes, leaving no room for
the null terminator.
Bug: 335047945
Test: re-run the GSI test
Change-Id: Ic3aca5f409021c78a7eb965c5ed610e6a51e42cb
Remove hard coded global variables referencing cow version in
libsnapshot. This value should stem from the build system, or set
individually in test cases.
Bug: 307452468
Test: th
Change-Id: I3d536246008acca92cd93e77886e5f7d17a131e0
* changes:
libprocessgroup: Check validity of uid and pid arguments for createProcessGroup
Revert "libprocessgroup: Check validity of uid and pid arguments"
killProcessGroup already checks for validity of the uid and pid input
arguments. Also add this checking to createProcessGroup.
Bug: 333261173
Change-Id: Ie74b9c2716978cb5eb434af12e27945e29af876e
If the COW device is allocated only from /data, then
the COW device name will end with -cow-img. Hence, check
that path as well.
Bug: 335552315
Test: snapshotctl apply-update
Change-Id: Id3c5cf8afd77994da117de41bb98a226b350f8e4
Signed-off-by: Akilesh Kailash <akailash@google.com>
init_second_stage_defaults provides properties that are common to both
Android's init and Microdroid's init. Before this CL, it included
target.product.required and target.recovery.required properties. The
required dependencies were Android-specific; the dependencies included
Android-only init.rc. Microdroid has its own init.rc (microdroid_init_rc
module).
This was problematic but so far it didn't cause an issue because those
Android-only dependencies were not installed to Microdroid due to a bug
in the build system.
As we fix the build system bug, the Android-only dependencies started
get installed to Microdroid, effectively overriding the Microdroid-only
init.rc file. This made Microdroid fail to boot.
Fixing this issue by moving the Android-only dependencies out of the
defaults module and putting them on the Android's init.
In addition to that, this CL removes the recovery variant for the
Microdroid's init because it's not used.
Bug: N/A
Test: run AVF tests
Change-Id: I09748f1123125cac74ce54fd5c360c9a3ba2f996
* changes:
Add build flag to split the cgroup v2 hierarchy into apps/system
Add build flag to force memcg to the v2 cgroup hierarchy
Use ConvertUid{Pid}ToPath for all path generation
Fix unused params and remove unneeded cflags
Background:
* -f = Allows mapping files in the format `-f file:backing_file`. This
can be used for mapping secure storage files like `0` and `persist/0`
to block devices. Storageproxyd will handle creating the appropriate
symlinks in the root datapath
* -m = Allows specifying the the max size constraint for file backed storages.
The constraint is chosen by giving a file, this allows for passing a
block device for which a max file size can be queried. File based
storages will be constrained to that size as well.
Bug: 324989972
Test: File sizes are restricted as specified, and mappings are created
Change-Id: I8ff550afafbd372288daa9e27c4db3451948b25d
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
