If ashmem accessors are being called with a file descriptor that
belongs to anything other than ashmem, we need to stop it right
now so that they can fix the caller.
Bug: 26871259
Change-Id: Icf9aafc3631a80b9af6fe0fea03599d61e285d21
NB: We decided to not sniff for the constant saved __ashmem_rdev in
the early error path; requiring either the use of atomic operations,
or acquiring a lock to do it correctly. The heroics are not worth it.
Bug: 26871259
Change-Id: I46249838850ae32063eb5b7d08c731c5bb0fbf6b
- collect st_rdev on open, or when required, for /dev/ashmem.
- check in all cases if fd is a character device and matches rdev.
- requires that we have open, read and write access to /dev/ashmem
to check, assumption being that if we can not, then we have no
right playing with the associated misdirected file descriptor.
NB: ashmem libcutil library entry points can no longer be called in
signal context.
Bug: 26871259
Change-Id: I9a17e33317a9be795131473a51c16f761b5f7407
Fixes libcutils multi-buffer write interface to be more friendly and
hooks into it from the fastboot Socket class.
Bug: http://b/26558551
Change-Id: Ibb3a8428fc379755602de52722c1260f9e345bc0
- sort header order and in groups
- remove all tabs, use only spaces
- use TEMP_FAILURE_RETRY in system calls
- preserve errno for -1 return
Bug: 26871259
Change-Id: I94fffbcaeba01fcc18a3ed07c02389c06c54d3b7
Unix and Windows both have functions to write multiple buffers to a
socket with a single call but they have very different signatures. This
CL creates some cross-platform functions to be able to perform these
operations in a uniform way, which will be required for upcoming
fastboot functionality.
This CL also fixes some inconsistent spacing in the touched files.
Bug: http://b/26558551
Change-Id: I8f14d52d3a1de1f3b464267666d6cd3b54263238
Tests that require a local server currently hardcode a test value,
which can run into conflicts depending on what's currently running on
the machine.
This CL adds socket_get_local_port(), which lets us pass 0 so the
system picks an open port and we can query which port it chose.
Bug: http://b/26236380
Change-Id: I01d1558884e7636081d9a357db6faa86929934f6
Allows ActivityManager to use the top-app cpuset to grant the currently
focused app exclusive access to a CPU core.
Change-Id: I45bca5170477e413dec6e5889338399d0859706c
SurfaceFlinger needs some of its threads in the system-background cpuset
and some of its threads (the binder pool) outside of the
system-background cpuset in order to improve UI perf/power
consumption. Remove surfaceflinger from the system-background cpuset in
init.rc and allow a thread to place itself in the system-background
cpuset given enough permissions.
bug 25745866
Change-Id: I85f7e41c5439e6ad7cc2d355e51f5dfb3a0c7088
Now that cutils has cross-platform socket functionality, we can
restructure fastboot to remove platform-dependent networking code.
This CL adds socket_set_receive_timeout() to libcutils and combines the
fastboot socket code into a single implementation. It also adds TCP
functionality to fastboot sockets, but nothing uses it yet except for
the unit tests. A future CL will add the TCP protocol which will use
this TCP socket implementation.
Bug: http://b/26558551
Change-Id: If613fb348f9332b31fa2c88d67fb1e839923768a
Don't spend CPU cycles formatting a bunch of strings if we're
just going to throw them away later. Maybe make booting faster.
Change-Id: I4d8eb99fb3fa873ca91cf776933d0ad01988abf5
This CL moves Windows networking code from fastboot to libcutils so
that it can be shared with other host programs such as adb.
Not all libcutils networking functions have been implemented for
Windows, just those necessary for fastboot. In the next CL I will do
the same for adb, adding any additional required functions.
Unit tests have also been added to test the functions using a loopback
connection.
Bug: http://b/26236380.
Change-Id: Ibc51a67030fe69a04c23512eefa9d19b055c7c12
Certain apps decide that they want to chmod() their private data
directories to gain more security. We still want to carefully
enforce owner UID/GID, but relax the mode check for now.
Bug: 26549892
Change-Id: I362d530ba0b20fb23f427ac082ee003864adc57d
Some callers, such as installd, have stricter requirements around
directory preparation, where they want to assert ownership and mode
without quietly fixing the values.
Bug: 26466827
Change-Id: Id44db5f29a3326cfe178b443fb450ad2edeaefd8
Don't clobber errno if mkstemp failed, always unlink, and only count
mkstemp/ftruncate failures as real failures --- if only the unlink
fails, there's no point not using what we have.
Change-Id: I6bc788682c88651a50a6316b9ca07ba07e9fefa2
Codesearch finds no reference to this in the Android tree. It was
added in 2010 in commit bbf1c64527.
Change-Id: I8cd1153912b78b4b23b8f5ba2577a58c5c49e316
Anyone wanting to call /system/xbin/librank can execute "su"
beforehand. There's no need for it to be setuid root.
Bug: 25739721
Change-Id: Ie3d68701397d21e901bf1ec17b4b4a9f12128d2d
am: 8e82180c83
* commit '8e82180c83eb89069716fb790ed0f006e469be1c':
libcutils: turn on -Werror on Win32, fix resulting build break.
libcutils: add prefix to local variables in Android.mk.
Mingw doesn't provide strndup or strtok_r used in str_parms.c, resulting in
-Wimplicit-function-declaration being emitted for the Windows build.
None of the consumers of str_parms.c appear to be compiled for Windows,
so we can just remove it from the Windows build.
Change-Id: I36b66fc54ed261d38f5294bc8662ddb2db4fe64f
Move foreground tasks to /sys/fs/cgroup/stune/boost/tasks (boosted
weight in EAS scheduler). Move background tasks to
/sys/fs/cgroup/stune/tasks (default weight). For services started
with init, set "foreground" services to boosted.
Change-Id: I0e489fad9510727c13e6754dabaf311c2391f395
Move foreground tasks to /sys/fs/cgroup/stune/boost/tasks (boosted
weight in EAS scheduler). Move background tasks to
/sys/fs/cgroup/stune/tasks (default weight). For services started
with init, set "foreground" services to boosted.
Change-Id: I0e489fad9510727c13e6754dabaf311c2391f395
This is not an executable so we have to specifically set its permissions
accordingly.
Bug: 25668833
Change-Id: I502f69bad75b4da4fdc29eb3ebaa42a19ae04d27
This makes native test directories 750 root:shell. This matches the
value for files within those directories, and results in a more usable
access paradigm when (say) unprivileged test tools need to discover
these test binaries.
Bug: 25668833
Change-Id: I9bd2081b2c211b4383b5873238aaf64597756714
Make test files under /data/nativetest{,64} 0750 root:shell
to avoid needing to manually chmod them.
Bug: 25340994
Change-Id: I174cc226195907c0effa99063a8aa0082f85722b
procrank only exists on userdebug/eng builds. For those builds,
procrank can be executed by running "su 0 procrank" instead of
relying on the binary being setuid root. This reduces the number
of setuid binaries on Android and allows for the deletion of
SELinux policy to support this.
Bug: 18342188
Change-Id: I982283f2e0f6fbe5efaffc08501c1ec175f65373
CYGWIN is not supported, USE_MINGW and HOST_OS==windows are being
replaced with LOCAL_..._windows variables.
Bug: 23566667
Change-Id: I3e4a1e4097dc994cf5abdce6939e83a91758fd75
Turn off integer sanitization on android_memset. memset()ing is
expected to be a fast operation.
Avoid the use of the "while (size--) { }" construct, which harmlessly
underflows.
Change-Id: Ia61ff2323c759bf52df7e70b8be2fae0b0366dda
Call abort() on undefined or sketchy integer behavior.
Protects against integer overflow attacks.
Tested on Nexus 5 and Nexus 9 with no obvious problems.
Change-Id: I6cb28b4a0f5feed69ea472dfac8804fb0bf99719
Hash functions rely on overflow behavior, so whitelist them.
ATRACE_TAG_NOT_READY: use an unsigned constant when shifting bits.
Otherwise, the value overflows on shift. The users of this constant
assign it to a uint64_t variable.
Change-Id: I21c437ce2083525e906c3ead3259ec34a1ef4b66
/system/etc/recovery.img defaults to 0644. Change it to 0440.
Bug: 22641135
Change-Id: I45cdb0cc1b58f35fbcd0f16e7cc6c4eef63b0b74
(cherry picked from commit b602e6f9a3)
and run fsck with -f on clean shutdown instead.
With -f, fsck.f2fs always performs a full scan of the /data
partition regardless of whether the partition is clean or not.
The full scan takes more than 2 seconds on volantis-userdebug
and delays the OS boot.
With -a, the command does almost nothing when the partition
is clean and finishes within 20-30ms on volantis-userdebug.
When the partition has an error or its check point has
CP_FSCK_FLAG (aka "need_fsck"), the command does exactly the
same full scan as -f to fix it.
Bug: 21853106
Change-Id: I126263caf34c0f5bb8f5e6794454d4e72526ce38
Using a getenv('OUT') in such a deep down function is a wrong design
choice. Replacing with explicit parameter that may be NULL in case
device specific files can be accessed from /.
Since TARGET_COPY_OUT_SYSTEM may be defined to something different than
system we also ensure that we use a path relative to TARGET_OUT to
compute path to fs_config_* files.
Bug: 21989305
Bug: 22048934
Change-Id: Id91bc183b29beac7379d1117ad83bd3346e6897b
Signed-off-by: Thierry Strudel <tstrudel@google.com>
When the ramdisk is built into the system image, we need to create
those folders during the build.
Change-Id: I40881940c75e379d7599dc1f743b35fbc7cc66e8
If a thread is created while the parent thread is "Background",
then the default timerslack value gets set to the current
timerslack value of the parent (40ms). The default value is
used when transitioning to "Foreground" -- so the effect is that
the timerslack value becomes 40ms regardless of foreground/background.
This does occur intermittently for systemui when creating its
render thread (pretty often on hammerhead and has been seen on
shamu). If this occurs, then some systemui animations like navbar
ripples can wait for up to 40ms to draw a frame when they intended
to wait 3ms -- jank.
This fix is to explicitly set the foreground timerslack to 50us.
A consequence of setting timerslack behind the process' back is
that any custom values for timerslack get lost whenever the thread
has transition between fg/bg.
See Bug: 19398120
Change-Id: Idc259717f62fa2255f8bafbbf88b68c0043f29cf
If /dev/kmsg already exists, it's unnecessary for klog_init()
to create it's own copy. This avoids needing to grant the mknod
permission to everyone who uses kmsg. Typically the only time
/dev/kmsg doesn't exist is before ueventd starts.
(cherrypicked from commit 4d32a486fe)
Bug: 21242418
Change-Id: I0c88d80feca6899fcdbc8c9f2f99448ee0a3422d
If /dev/kmsg already exists, it's unnecessary for klog_init()
to create it's own copy. This avoids needing to grant the mknod
permission to everyone who uses kmsg. Typically the only time
/dev/kmsg doesn't exist is before ueventd starts.
Bug: 21242418
Change-Id: I0c88d80feca6899fcdbc8c9f2f99448ee0a3422d
User specified values of numInts and numFds can overflow
and cause malloc to allocate less than we expect, causing
heap corruption in subsequent operations on the allocation.
Bug: 19334482
Change-Id: I43c75f536ea4c08f14ca12ca6288660fd2d1ec55
Also simplifies the Darwin implementation of gettid, because
apparently libbacktrace had a better way of doing it.
Bug: 19517541
(cherry picked from commit 23f750b068)
Change-Id: I2f888e8ed7a2f5719973786cbcbb399a81867ee9
Accidentally had this all hidden by an #ifndef _WIN32 when I wrote it.
Bug: 19517541
(cherry picked from commit b3a36ca5ee)
Change-Id: Ifbd5d19e506e7313700e2e29a2dae5736e049844
Also simplifies the Darwin implementation of gettid, because
apparently libbacktrace had a better way of doing it.
Change-Id: I9e14f9176b167405a5aaa5b8a0db0327c7126271
Fix broken mips64 build by replacing mips32r2-only android_memset.S.
Use HW-bonded pairs of 64-bit stores to fill 128 bits/cycle.
Rely on HW automatic cache prefetch optimizations.
Software cache prefetching is counterproductive on next mips cores.
New method is coded in C, and also works okay on non-Mips architectures.
Change-Id: Id7153a8fe11538fe25287e101375661b0e99e2a2
cutils/endian.h provides the helpers defined in endian(3), either by
pulling in the OS's built-in endian.h (where available) or recreating
them using GCC builtins.
Change-Id: Ic8965f67e1efdc03f884dbe6b7fe0276f840e4fc
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Intention is to read from ${OUT}/system/etc/fs_config_dirs and
${OUT}/system/etc/fs_config_files on host. And
/system/etc/fs_config_dirs and /system/etc/config_files
on target systems.
Bug: 19908228
Change-Id: Ieaedd99e88c7f7f717878d9344c387ddf335ccbb
Intention is to read from ${OUT}/system/etc/fs_config_dirs and
${OUT}/system/etc/fs_config_files on host. And
/system/etc/fs_config_dirs and /system/etc/config_files
on target systems.
Bug: 19908228
Change-Id: I0966a94f79a3fae4f7325056c701ea355370f9df
Several people have been independently confused about when this gets
built and why over the past couple of days.
Change-Id: I2d4a02f66e24c0734327585b7d27e50a344b1e94
This also fixes the bug where we were always testing against the fake
strlcpy we provide for glibc/Windows rather than the Android one.
This also removes some unnecessary library dependencies.
This also builds all the cutils tests for the host (static and dynamic).
Change-Id: Icd129d5b025c0ca801be5acf31a54ecd88608df9
Also make important events in init's life NOTICE rather than INFO,
and ensure that NOTICE events actually make it to the kernel log.
Also fix the logging so that if you have a printf format string
error, the compiler now catches it.
Also give messages from init, ueventd, and watchdogd distinct tags.
(Previously they'd all call themselves "init", and dmesg doesn't
include pids, so you couldn't untangle them.)
Also include the tag in SELinux messages.
Bug: 19544788
Change-Id: Ica6daea065bfdb80155c52c0b06f346a7df208fe
This change defines atrace_* functions for the host that act as
no-ops, which makes it easier to add tracing in ART.
Change-Id: I89397e83986686a2b6a6f245c25017eb379081b1
This was supposedly used to enable logging when !HAVE_ANDROID_OS
but it's only used in a file that's target specific.
Change-Id: Id83f2597e48a66b4821fc3b1237e212872b909fb
On 64 bit systems, calls to dump_backtrace_to_file or dump_tombstone
try and directly contact the correct debuggerd (32 bit vs 64 bit)
by reading the elf information for the executable.
Unfortunately, system_server makes a call to dump_backtrace_to_file
and it doesn't have permissions to read the executable data, so it
defaults to always contacting the 64 bit debuggerd.
This CL changes the code so that all dump requests go to the 64 bit
debuggerd, which reads the elf information and redirects requests for
32 bit processes to the 32 bit debuggerd.
Testing:
- Forced the watchdog code in system_server to dump stacks and
verified that all native stacks are dumped correctly.
- Verified that dumpstate and bugreport still properly dump the native
processes on a 64 bit and 32 bit system.
- Intentionally forced the 64 bit to 32 bit redirect to write only a
byte at a time and verified there are no errors, and no dropped data.
- Used debuggerd and debuggerd64 to dump 32 bit and 64 bit processes
seemlessly.
- Used debuggerd on a 32 bit system to dump native stacks.
Bug: https://code.google.com/p/android/issues/detail?id=97024
Change-Id: Ie01945153bdc1c4ded696c7334b61d58575314d1
Under some unknown circumstances, debuggerd could become unresponsive.
If you try and take a bugreport during this time, it will hang forever.
Adding functions that have a timeout will allow dumpstate to stop if
dumping is taking too long.
Bug: 18766581
(cherry picked from commit 5f2ff6a910)
Change-Id: I39e8e9c60209e3ef9efac795fedb8e1edce2bd3e
Packets captured and logged by the NFLOG target are unicast, so
extend to catch and decode them. To avoid escaping issues, the raw
contents are passed around as hex strings.
Bug: 18335678
Change-Id: Ib7299500baa00080a1f000f9da843eb527363353
Under some unknown circumstances, debuggerd could become unresponsive.
If you try and take a bugreport during this time, it will hang forever.
Adding functions that have a timeout will allow dumpstate to stop if
dumping is taking too long.
Bug: 18766581
Change-Id: I85053b8dcfe6224e2b64b4d8f7f2ef448b3cda34
This means that code that uses libcutils no longer has to ensure that
it's set ANDROID_SMP in the calling code's Android.mk for this to
function correctly.
Change-Id: I80c7ff170cd621106f34d6b74689d6b4f03e4eb7
The static libcutils tests cannot be built when using libc++ because
there are multiple symbol definition errors between libc++ and libgcc.
Bug: 18389856
Change-Id: I6f41c561f97b3a37477f844e9abf6551524a0fa3
This should not be committed until win_sdk and aarch64 builds are
fixed in the presence of this CL.
This reverts commit 2789faabfa.
We additionally remove uniprocessor support from the earlier CL,
thus avoiding a potential compiler code reordering issue.
Change-Id: I7207a5ca2efa907a6f757f172d7090a62b2311fe
The build system is still linking both libgcc and libcompiler-rt,
which is causing duplicate symbol errors on some architectures. This
requires a fix in the build system, so reverting for now.
This reverts commit e3cccbfd47.
When atrace_* functions are inlined,
the rarely used 1024-byte buffers are allocated on stack.
BUG: 17444504
Change-Id: I773512aeb70e8b79f3803c6d59cba064d2aa65b6
All kernel services will now be in the same cgroup as
foreground applications. This will now make kernel threads
not implicitly higher priority than android foreground
services.
Bug 17681097
Change-Id: I28e81c7aade50428d5395df86f00ce01c1e7af02
Replace atomic-inl.h with a file that just includes atomic.h.
Remove platform specific implementations.
Change-Id: If16d74fbe0af7836ed8c1296c17e13a2d0d20f64
On 64 bit systems, calling dump_backtrace_to_file will automatically
call debuggerd64. If the process to dump is actually 32 bit, this
creates an unrecognizable dump backtrace. Modify the code to check the
type of the process and connect to the appropriate debuggerd process.
This change refactors both the tombstone and backtrace functionality to
allow both to work properly on 64 bit systems when dealing with mixed
processes.
Bug: 17487122
(cherry picked from commit a9fa7b87f1)
Change-Id: I3c9e0212c8720877a6af092071a3695df2a36df8
On 64 bit systems, calling dump_backtrace_to_file will automatically
call debuggerd64. If the process to dump is actually 32 bit, this
creates an unrecognizable dump backtrace. Modify the code to check the
type of the process and connect to the appropriate debuggerd process.
This change refactors both the tombstone and backtrace functionality to
allow both to work properly on 64 bit systems when dealing with mixed
processes.
Bug: 17487122
Change-Id: Icf123a6f4508b1aeec073663aa1a0ceae5380aa1
Use expected inline behavior with clang.
GCC defaults to -std=gnu90, giving C89 inline semantics with GNU
extensions. Clang defaults to C99. Explicitly use gnu90.
Mark an unused parameter as __unused.
Fix some incorrect casts.
Change-Id: I05b95585d5e3688eda71769b63b6b8a9237bcaf4
Bug: 16408818
These targets are no longer in use, since we have a proper way to create both
32-bit and 64-bit host libraries in a single build now.
Cherry-pick from AOSP: 03cc1f747c
Change-Id: Icd09f795acd220de5b5e956a8d8e1b4ab4864fa9
Bug: 16408818
These targets are no longer in use, since we have a proper way to create both
32-bit and 64-bit host libraries in a single build now.
Change-Id: Icd09f795acd220de5b5e956a8d8e1b4ab4864fa9
* Read out system properties with same syntax as SystemProperties.java
* Also adds unit test suite to validate correctness of properties
* Also fixes buffer overrun in property_get
(cherry picked from commit d4507e9246)
Change-Id: Ifd42911f93e17da09e6ff1298e8875e02f3b6608
Don't follow symlinks. Suggestion from Jann Horn.
Also, add O_CLOEXEC. This prevents file descriptor leakage should
this code ever run in a multithreaded environment.
I'm not sure if either of these changes actually address any
security concerns, but it's harmless, so go ahead and add it.
Bug: 15675141
Change-Id: I7ba4e9d10439b7150f59759b54e3ad8ccba411e3
