Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Always use LOG() for debug tracing.
Remove useless D_lock. I believe it is useless to lock just before and after fprintf.
I verified the log output both on host and on device. The output looks fine to me.
Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
The existing format was unreadable; putting the pid and tid first helps
somewhat. Also remove the unused qemu tracing which wasn't called anywhere.
Change-Id: I37ef3c556fe17b237ba1d8ca3216e2155ce5d0de
Call getaddrinfo() for connecting to IPv6 destinations.
Winsock APIs do not set errno. WSAGetLastError() returns Winsock errors
that are more numerous than BSD sockets, so it really doesn't make sense
to map those to BSD socket errors. Plus, even if we did that, the
Windows C Runtime (that mingw binaries use) has a strerror() that does
not recognize BSD socket error codes.
The solution is to wrap the various libcutils socket_* APIs with
sysdeps.h network_* APIs. For POSIX, the network_* APIs just call
strerror(). For Windows, they call SystemErrorCodeToString() (adapted
from Chromium).
Also in this change:
- Various other code was modified to return errors in a std::string*
argument, to be able to surface the error string to the end-user.
- Improved error checking and use of D() to log Winsock errors for
improved debuggability.
- For sysdeps_win32.cpp, added unique_fh class that works like
std::unique_ptr, for calling _fh_close().
- Fix win32 adb_socketpair() setting of errno in error case.
- Improve _socket_set_errno() D() logging to reduce confusion. Map
a few extra error codes.
- Move adb_shutdown() lower in sysdeps_win32.cpp so it can call
_socket_set_errno().
- Move network_connect() from adb_utils.cpp to sysdeps.h.
- Merge socket_loopback_server() and socket_inaddr_any_server() into
_network_server() since most of the code was identical.
Change-Id: I945f36870f320578b3a11ba093852ba6f7b93400
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)
Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
d34e407aeb removed support for
running with SELinux completely disabled. SELinux must either be
in permissive or enforcing mode now.
Remove unnecessary calls to is_selinux_enabled(). It always returns
true now.
Change-Id: Ife3156b74b13b2e590afe4accf716fc7776567e5
Document the differences between adb_*() and unix_*() in the function
prototypes in sysdeps.h. See the file for the details (CR/LF
translation, well-known file descriptors, etc.).
Fix adb_read(), adb_write(), and adb_close() calls that should really be
unix_read(), unix_write(), and unix_close(). Note that this should have
no impact on unix because on unix, unix_read/unix_write/unix_close are
macros that map to adb_read/adb_write/adb_close.
Improve sysdeps_win32.cpp file descriptor diagnostic logging to output
the name of the function that was passed a bad file descriptor.
Change-Id: I0a1d9c28772656c80bcc303ef8b61fccf4cd637c
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Any output from the LOG family will now go to stderr and logcat on the
device. stderr is usually redirected to a log file, but that is now
inhibited for adbd if being run from a tty (useful when debugging with
the serial console).
This also fixes sending logs to the file on device for the trace mask
of "all". The "all" tag was specifically handled to return early from
the function, preventing the file initialization from happening.
Change-Id: Id253577bfd1500fbce92dbfba0f9be23dbfd5ee4
The name "client" is somewhat misleading as it also contains the host
side adb server, but it's a part of the client binary.
Change-Id: I128b7bab213e330eb21b5010cd1fec5f7a62c8af
