Since we're in much worse trouble if `/data/system/packages.list` is
attacker-controlled, there doesn't seem like much benefit to having
the little bit of [incomplete] range checking we had on the uid
field (by using a wider type than `uid_t` actually is), and
apparently we're now abusing `-1` to mean "apex or sdk library",
despite `uid_t` being an unsigned type.
Bug: http://b/336659478
Change-Id: I7a270eea937d21fc1d7fcda8654054210cf631fe
This change introduces a new mode to `subsystem.devname` in `ueventd.rc`
configuration files, which sets the file name to the contents of
`/sys/DEVNAME/name`.
The objective of this change is to help Cuttlefish distinguish between
console devices, which are only different in uevents by initialization
order. Cuttlefish currently relies on `/dev/hvc##` devices which are
created for non-multiport virtio-console devices.
https://cs.android.com/android/platform/superproject/main/+/main:device/google/cuttlefish/shared/config/ueventd.rc;l=18;drc=5204f119d859d3ae5f1a2ee1c6a05ee68d6a28ed
On Cuttlefish we're considering moving to multiport virtio-console
devices ( https://fedoraproject.org/wiki/Features/VirtioSerial ). It
would be possible to rely on device order here as well, but using names
to distinguish devices makes it possible to drop unused devices in the
future, rather than reserving indexes indefinitely.
Multiport virtio-console devices create uevents with DEVNAME=vport#p#
and DEVPATH=.../vport#p#, only exposing the name in a sysfs file.
Bug: 336663898
Test: Attach multiport console, run with `-DLOG_UEVENTS=1`
Test: Introduce ueventd policy using `devname sys_name`
Change-Id: I59632b556db4a47883eab97e90c0e6ca81a9c650
Upgrading to clang-r522817's new libc++ requires that <vector> be
included here.
Bug: 333165689
Test: treehugger
Flag: EXEMPT, fix build error
Change-Id: Ib9a072ddb39477b98c79879da6354557695ba350
we consume load_sequential only in libmodprobe, so remove this parameter
before sending them into kernel layer
Bug: 332435366
Test: Built and boot husky targets
Change-Id: I37e63723d3c8d4fd8ca1fda682b344a721b9a637
Signed-off-by: Chungkai Mei <chungkai@google.com>
When setting property with setprop, a property name which starts with
"ro." could be set no matter how long the value name is.
Change-Id: Ia035ef009952db08ae8a6d4a2b8b9567d86124fc
U requires 4.14+
V requires 4.19+
as such this is no longer useful
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I39d01cc16897c6c9174cf074e27c888bc758f1cc
which has been fully replaced by eBpf
(started in android P, finished in android S)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie38e54600a9bb01c7ecdde63d9a9256bed047f41
std::array<T, N> takes exactly N * sizeof(T) bytes, leaving no room for
the null terminator.
Bug: 335047945
Test: re-run the GSI test
Change-Id: Ic3aca5f409021c78a7eb965c5ed610e6a51e42cb
Remove hard coded global variables referencing cow version in
libsnapshot. This value should stem from the build system, or set
individually in test cases.
Bug: 307452468
Test: th
Change-Id: I3d536246008acca92cd93e77886e5f7d17a131e0
* changes:
libprocessgroup: Check validity of uid and pid arguments for createProcessGroup
Revert "libprocessgroup: Check validity of uid and pid arguments"
killProcessGroup already checks for validity of the uid and pid input
arguments. Also add this checking to createProcessGroup.
Bug: 333261173
Change-Id: Ie74b9c2716978cb5eb434af12e27945e29af876e
If the COW device is allocated only from /data, then
the COW device name will end with -cow-img. Hence, check
that path as well.
Bug: 335552315
Test: snapshotctl apply-update
Change-Id: Id3c5cf8afd77994da117de41bb98a226b350f8e4
Signed-off-by: Akilesh Kailash <akailash@google.com>
init_second_stage_defaults provides properties that are common to both
Android's init and Microdroid's init. Before this CL, it included
target.product.required and target.recovery.required properties. The
required dependencies were Android-specific; the dependencies included
Android-only init.rc. Microdroid has its own init.rc (microdroid_init_rc
module).
This was problematic but so far it didn't cause an issue because those
Android-only dependencies were not installed to Microdroid due to a bug
in the build system.
As we fix the build system bug, the Android-only dependencies started
get installed to Microdroid, effectively overriding the Microdroid-only
init.rc file. This made Microdroid fail to boot.
Fixing this issue by moving the Android-only dependencies out of the
defaults module and putting them on the Android's init.
In addition to that, this CL removes the recovery variant for the
Microdroid's init because it's not used.
Bug: N/A
Test: run AVF tests
Change-Id: I09748f1123125cac74ce54fd5c360c9a3ba2f996
* changes:
Add build flag to split the cgroup v2 hierarchy into apps/system
Add build flag to force memcg to the v2 cgroup hierarchy
Use ConvertUid{Pid}ToPath for all path generation
Fix unused params and remove unneeded cflags
Background:
* -f = Allows mapping files in the format `-f file:backing_file`. This
can be used for mapping secure storage files like `0` and `persist/0`
to block devices. Storageproxyd will handle creating the appropriate
symlinks in the root datapath
* -m = Allows specifying the the max size constraint for file backed storages.
The constraint is chosen by giving a file, this allows for passing a
block device for which a max file size can be queried. File based
storages will be constrained to that size as well.
Bug: 324989972
Test: File sizes are restricted as specified, and mappings are created
Change-Id: I8ff550afafbd372288daa9e27c4db3451948b25d
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
Compiler still requires the LLNDK symbols even if they are removed
when compiling. Still the unavailable symbols break the build in
linking if called with wrong api level.
Bug: 333973388
Bug: 320347314
Test: TH
Change-Id: I79cb921cf6f2789e97f11b88cddf7ca1325998a5
Found out that increasing the threshold to 20 crashes pushes the file
system based rollbacks as well. So introducing a throttling behaviour
instead. Now native watchdog performs reboot with ramdump at 5 restarts.
After that packageWatchdog/ RescueParty takes over to perform other
mitigations. Ram dump + reboot will not be performed more than once
in 24hrs.
Test: manual
Bug: 291137901
Change-Id: Ia192411dad94e8e25c26f700d2fe7f94d41439b8
