The kernel problem has been fixed long time ago and the ad-hoc logging
mechanism is not thread safe and can flood the log with spurious
messages.
BUG: 10899829
Change-Id: I63278db51295e744eed3e47dc8d4cfe621c0d8f7
The log_target parameter of android_fork_execvp_ext() is now a
bit field, and multiple targets can be set to log to multiple
places at the same time.
The new target LOG_FILE will log to a file specified by the new
parameter file_path.
Set LOG_FILE and log to a file in /dev (the only writable filesystem
avilable when e2fsck runs) when invoking e2fsck in fs_mgr.
Bug: 10021342
Change-Id: I63baf644cc8c3afccc8345df27a74203b44d0400
Before this change, FUSE lookup() would have the side effect of
creating the directory on behalf of apps. This resulted in most
directories being created just by Settings trying to measure disk
space. Instead, we're switching to have vold do directory creation
when an app doesn't have enough permissions.
Create fs_mkdirs() utility to create all parent directories in a
path as needed. Allow traversal (+x) into /storage directories.
Fix FUSE derived permissions to be case insensitive. Mark well-known
directories as .nomedia when created.
Bug: 10577808, 10330221
Change-Id: I53114f2e63ffbe6de4ba6a72d94a232523231cad
It's a security best practice to carry entropy across reboots.
(see "man 4 random"). Currently, entropy saving and mixing occur
in the system_server, via the EntropyMixer code. Unfortunately, the
EntropyMixer code runs fairly late in the boot process, which means
early boot doesn't have high quality entropy. This has caused security
problems in the past.
Load entropy data as soon as we can in the early boot process, so that
we can get /dev/random / /dev/urandom into a "random" state earlier.
Bug: 9983133
Change-Id: Id4a6f39e9060f30fe7497bd8f8085a9bec851e80
Changing mem cgroups permissions to only be accessible by root and system.
Bug: 10210529
Bug: 10210900
Change-Id: Ib4fff6f49b33013b3629d40ae98a5e2464571b2d
- This is a complimentary change to the one adding this new source to
MediaRecorder.java
Bug: 10640877.
Change-Id: Ie213e82b5a60dad2a277cef367c2f5e4df70df06
libmemtrack is an interface to a device-specific Memory Tracker HAL
to account for memory that may not show up in the normal memory
usage tools that walk /proc/pid/maps.
Bug: 10294768
Change-Id: I436f6799898df0bf8bf29747be3bc9dea5721185
The change to enable address tracking via netlink incorrectly
changed the subsystem of rtnetlink events from "net" to
"interface". This broke interface add/delete notifications,
which come from the kernel with subsystem "net".
Switch back to "net" and deal with address tracking via new
action codes instead of a new subsystem.
Bug: 10433320
Change-Id: Ibf30efb426949dfd02304cc1d9adb1c005a539a6
handle_rename() would end up acquiring the lock twice. Change to
always derive has_rw inside earlier locks (instead of acquiring a
second time), and pass the value into check_caller_access_to_name().
Bug: 10547597
Change-Id: If5744d6d226a4785676c19d0f7fdf1c05060ed76
In Android 4.3 the run-as binary no longer has the SUID/SGID bits
set. Instead, it requires to be installed with setuid and setgid
file-based capabilities. As a result of the above two changes, the
binary no longer executes as root when invoked by the "shell" user
but can still change its UID/GID to that of the target package.
Unfortunately, run-as attempts to chdir into the target package's
data directory before changing its effective UID/GID. As a result,
when run-as is invoked by the "shell" user, the chdir operation
fails.
The fix is for run-as to chdir after changing the effective UID/GID
to those of the target package.
Bug: 10154652
(cherry picked from commit f2904a7b63)
Change-Id: I0f6cb9efd49f5c2c491f7aa1d614d700a5ec2304
On some devices there is a slight delay between the creation of "/dev/bus"
and "/dev/bus/usb". Previously, the code assumed that both are created in the
same time which caused "watch_existing_subdirs" to fail and libusbhost to stop
working until the device is rebooted. The fix will setup an inotify event on the
creation of the "bus/usb" so it will not be missed once it's created.
Change-Id: I17f06dd167e61573307425e48898e12ebc954093
The group ownership of the package database
/data/system/packages.list read by run-as was changed in
977a9f3b1a from "system" to
"package_info". run-as currently changes its effective group to
"system" and is thus unable to read the database.
This CL fixes the issue by making run-as change its effective group
to "package_info" for reading the package database.
Bug: 10411916
Change-Id: Id23059bfb5b43264824917873a31c287f057ce4e
The Linux RNG may have little entropy during boot. As more and more
devices have a Hardware RNG, we mix in 512 bytes from Hardware RNG
(if present) into Linux RNG early during boot (after
wait_for_coldboot_done and before property_service_init actions in
init).
To avoid having to trust the output of Hardware RNG, we do not mix it
into the Linux RNG's primary pool or increase the Linux RNG's entropy
estimates.
Bug: 10362513
Change-Id: I80617f21710400747f5e7533e518d90ea74e2f11
The fuse_open_out structure returned to the kernel by handle_opendir()
was not properly initializing all the fields. The symptom was recursive
ls (ls -R) failing on the emulated sdcard filesystem, because rewinddir(3)
was failing with ESPIPE.
Bug: 7168594
Change-Id: I56ddfd3453e6aac34fe6e001e88c4c46fb2eb271
The legacy internal layout places users at the top-level of the
filesystem, so handle with new PERM_LEGACY_PRE_ROOT when requested.
Mirror single OBB directory between all users without requiring fancy
bind mounts by letting a nodes graft in another part of the
underlying tree.
Move to everything having "sdcard_r" GID by default, and verify that
calling apps hold "sdcard_rw" when performing mutations. Determines
app group membership from new packages.list column.
Flag to optionally enable sdcard_pics/sdcard_av permissions
splitting. Flag to supply a default GID for all files. Ignore
attempts to access security sensitive files. Fix run-as to check for
new "package_info" GID.
Change-Id: Id5f3680779109141c65fb8fa1daf56597f49ea0d
This adds support for parsing RTM_NEWADDR and RTM_DELADDR
netlink messages received on netd's netlink socket and
formatting them them so NetlinkHandler can process them.
Address changes are notified in subsystem "address". Interface
changes, which used to be notified in subsystem "net", are now
notified in subsystem "interface" to avoid confusion.
Bug: 10232006
Change-Id: I93a50e8de17014e118a42f5cc0eb90a0cbfa73cc
