where stuff is apparently under /system_ext/apex/...
instead of /system/apex/...
Bug: 277646103
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I947e44af334628d82ca633546f3328319c2bac60
This is a follow-on CL for aosp/2528043
/system/apex/com.android.tethering.inprocess/bin/for-system/clatd
is bind mounted as /apex/com.android.tethering/bin/for-system/clatd
when using inprocess tethering.
Bug: 273821347
Test: `ls -l /apex/com.android.tethering/bin/for-system/clatd` on bertha
Test: Also see aosp/2528043 for how it is tested
Change-Id: Ia20165663e4ff6d9266fe601d25395816792a3f7
get_sched_policy uses the cpuset policy as fallback if the cpu cgroup
is not recognized. Pixel is currently not using the cpu cgroup for
background policy due to b/208895940.
Bug: 265852986
Test: atest libcutils_test:libcutils_test.SchedPolicy#set_sched_policy -- --abi arm64-v8a
Change-Id: Ia77ace7513c48b1a14290c6ecc0222b46d6bf927
Signed-off-by: Edward Liaw <edliaw@google.com>
Resolves a pair of TODO's, and makes a pair of error return
code paths not return null function pointers.
Note that:
system/netd/client/NetdClient.cpp
implements this as:
int checkSocket(int socketFd) {
if (socketFd < 0) {
return -EBADF;
}
int family;
socklen_t familyLen = sizeof(family);
if (getsockopt(socketFd, SOL_SOCKET, SO_DOMAIN, &family, &familyLen) == -1) {
return -errno;
}
if (!FwmarkClient::shouldSetFwmark(family)) {
return -EAFNOSUPPORT;
}
return 0;
}
$define CHECK_SOCKET_IS_MARKABLE(sock) \
do { \
int err = checkSocket(sock); \
if (err) return err; \
} while (false)
extern "C" int tagSocket(int socketFd, uint32_t tag, uid_t uid) {
CHECK_SOCKET_IS_MARKABLE(socketFd);
FwmarkCommand command = {FwmarkCommand::TAG_SOCKET, 0, uid, tag};
return FwmarkClient().send(&command, socketFd, nullptr);
}
extern "C" int untagSocket(int socketFd) {
CHECK_SOCKET_IS_MARKABLE(socketFd);
FwmarkCommand command = {FwmarkCommand::UNTAG_SOCKET, 0, 0, 0};
return FwmarkClient().send(&command, socketFd, nullptr);
}
which means it *already* verifies that the passed in sockfd
is >= 0 and a socket via getsockopt(SOL_SOCKET, SO_DOMAIN),
as such the 'fcntl(sockfd, F_GETFD)' check is spurious.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I91ef68be5b0cc6b1972d514c13a76eaf834a3d5d
Signed-off-by: Liu Cunyuan <liucunyuan.lcy@linux.alibaba.com>
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Change-Id: I3dbe6b6d79c2655ab76f48e48fd22ab72d761dfd
Also adjust permissions on /dev/hw_random to allow prng_seeder group
read access.
Manual testing protocol:
* Verify prng_seeder daemon is running and has the
correct label and uid/gid.
* Verify prng_seeder socket present and has correct
label and permissions
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
(e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance
Bug: 243933553
Test: Manual - see above
Change-Id: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
Introduces new APIs which can be used to simplify application of fdsan
to native_handle_t usage, and applies fdsan protection to
native_handle_clone() by default.
Bug: 244214188
Test: validated alongside sensor service change to use the new APIs
Change-Id: I3be16a09c336bcbe880bdb542d5da2969c2c34d3
It's useful to have a group that shares a numeric id with Linux and
macOS. "root" doesn't count because group 0 is actually called "wheel"
on the BSDs, and macOS has "daemon" and "kmem" as its groups 1 and 2.
This lets us have toybox tar tests that have the same results on all
supported OSes without special handling.
Test: treehugger
Change-Id: I4704d6f9ada84f3065831a099b34d1c20c4c6b03
A suppplementary group to mark which app can write to the security log
buffer. Granted via android.permission.WRITE_SECURITY_LOG and checked by
logd.
Bug: 232283779
Test: manual
Change-Id: I3ad66031ab1c9eef26db0f3e8968659dfa2855cb
Method is needed for further use in statsd mapping process.
Bug: 217695033
Test: atest installd_service_test
Change-Id: I508a58da5f8d2e32264002db515425134d18aece
Ignore-AOSP-First: code is not in AOSP yet
Bug: 220320098
Test: presubmit
Change-Id: I310feb08a903c2ee9cd544e3b9751c2e02ce5951
Merged-In: I310feb08a903c2ee9cd544e3b9751c2e02ce5951
(cherry picked from commit 6e124aac7c)
Every app will now have a corresponding supplemental process associated
with it. We need an utility method to map one to the other.
Implementation details: supplemental process uid will be between range
20k-30k. As such, it will be a 10k offset from app id. See ag/16621743.
Bug: 211763739
Test: atest installd_service_test
Ignore-AOSP-First: Feature is being developed in internal branch
Change-Id: I2b6d6b086985bcb24c837eaa95a937d429d6a583
Merged-In: I2b6d6b086985bcb24c837eaa95a937d429d6a583
(cherry picked from commit 1c7acfdb67)
This functionality is now handled in mainline and has been removed from
netd in Android T.
Test: builds & boots
Change-Id: Ic435eee0d89bda30d733efbc655692c697bbe9e8
Previously, each file/dir in a filesystem had to have exactly one
matching entry in the canned fs_config file. With this change, the
config file can have multiple entries for the same path. e.g.
/lib/libfoo.so 1000 1000 0644
/lib/libfoo.so 1000 2000 0644 capabilities=0x30
In this case, the last matching entry is chosen and used. This is to
make it possible to customize system-provided (and thus generic)
fs_config file with a user-provided (and thus context-specific) one.
Bug: 209971551
Test: m
Change-Id: I43902fed08db1b4968d02c75fac0a47976fff72a
This re-writes the file using C++, in preparation for a follow-up
change.
Also, removes debugging code that is no longer used.
Bug: 209971551
Test: m
Change-Id: I82a793cfdd7abd10024e304df7bd4ae323ffeabf
Add AID_READTRACEFS and mount tracefs with gid=AID_READTRACEFS
Bug: 209513178
Test: adb shell ls -l /sys/kernel/tracing/events
Change-Id: Ibbfdf8a4b771bd7520ecbaaf15a1153d6bf0e599
We've had two use-after-frees in the last month from this nonsense...
Bug: http://b/204925347
Test: treehugger
Change-Id: I5e1485253224e38ca51a7a077dbe65d19e39f817
A lot of things had moved out of system/core/ without their TEST_MAPPING
entries having gone with them, reducing the amount of presubmit coverage
for those things.
In order to reduce the likelihood of that happening again, I've pushed
all that remained in the system/core/ TEST_MAPPING down into the
individual subdirectories.
Test: treehugger
Change-Id: Ib75d65f9200fa64ae1552471da6fbe5b7023cf94
Revert "Add systrace tag for system property"
Revert "Add systrace tag for system property"
Revert "Adding system property tracing"
Revert submission 1403568-sysprop_trace
Reason for revert: makes property get/set non-reentrant
Reverted Changes:
I6f85f3f52:Add systrace tag for system property
Id2b93acb2:Adding system property tracing
Id78992d23:Add systrace tag for system property
I1ba9fc7bd:Add systrace tag for system property
Ignore-AOSP-First: b/193050299#comment17
Bug: 193050299
Change-Id: I9305003531c6a86194d55dc72c613337d213b53d
Merged-In: I9305003531c6a86194d55dc72c613337d213b53d
Test: build and boot a device
(cherry picked from commit 18e0f65cbf)
Revert submission revert-1660531-max-boot-level-crypto-KFMCEDKSIV
Reason for revert: topic:vold-use-keystore2 has landed fixing the bug
Reverted changes:
Ibf63734a: Revert "Set earlyBootEnded before apex starts"
Id02f63a7: Revert "Expose AID_KEYSTORE"
Ibcedeff4: Revert "Cryptographic security for MAX_BOOT_LEVEL"
Restored changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Reverted-SHA1: a801eabe11
Original commit message:
Keystore uses this as the user ID for keys that it creates for its
own use.
Bug: 176450483
Test: atest com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles
Change-Id: I0e2baa8807281ec9e5cc0a9ff8daff191285a600
Revert "Cryptographic security for MAX_BOOT_LEVEL"
Revert submission 1660531-max-boot-level-crypto
Reason for revert: broken test com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles on aosp-master on aosp_cf_x86_64_phone-userdebug at 7261517
Reverted Changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Bug: 184635938
Change-Id: Id02f63a794544d650abb95c8e7f201eea03391eb
Test: forrest run for the broken test
Keystore uses this as the user ID for keys that it creates for its
own use.
Bug: 176450483
Test: keystore2_test
Change-Id: Ia698912917cd209eebcfc007a8badce7a39159d6
This reverts commit 66bfb9adac, and
instead includes a header that has a definition of TEMP_FAILURE_RETRY
for macOS.
Bug: http://b/181852591
Test: N/A
Change-Id: I63ccdcb58a2b2806217e3faedde9ba33936c8189
The Mac doesn't need fs_config (there's a `darwin: { enabled: false } }`
at the only caller), so stop trying to build it here rather than fix it
so it builds again.
Test: treehugger
Change-Id: I88d6b3a44b1ab823a419789d8545fcf10061079c
Glibc >=2.32 exposes a gettid() which clashes with libcutils
thread.h, so add a check to not expose it if building against
newer glibc (ChromiumOS will still use glibc 2.27 besides 2.32).
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1182060
Test: Builds without errors on both glibc 2.32 and 2.27.
Change-Id: Ib71fa1bc9fa185e3668002407dbed05a80c87740
We don't have any right now. Let's keep it that way.
Also remove a bunch of duplication/cruft in the build file.
Test: treehugger
Change-Id: I406985592c175f45660e87adb05231bce0804893
This function is no longer necessary, and uses a deprecated API
(mallopt(M_BIONIC_DISABLE_MEMORY_MITIGATIONS)). This function was
provided originally as part of libcutils because the original API was a
private android_mallopt.
The API is being reborn as a memory-init-specific mallopt. Given that
regular system components and apps will be able to call it directly,
it's not necessary to have a wrapper function in libcutils any more.
Bug: 135772972
Test: Build the device.
Change-Id: I4a3185b99702c8e445de6837b154c4a96c8295a1
C++ thread_local is less code to write, and performs better. All known
users have been moved over already.
Test: treehugger
Change-Id: Idaa2a58bf23342dae08dd6b9003d8f532839b351
vendor_available modules were available to product modules.
However, not all vendor_available modules are required to be
available to product modules. Some modules want to be available only
to product modules but not vendor modules.
To cover the requirement, we separate product_available from
vendor_available.
vendor_available will not provide product available module.
Rename libcutils/include_vndk to libcutils/include_outside_system as
it provides the headers to the modules outside the system partition
including /product.
Bug: 150902910
Test: build
Change-Id: I791b5a6a1dc99442065debfce6fa0f54a335fcea
libcutils' thread local stuff is almost unused already, so let's try
harder to prevent new users. (In parallel I'll try to actually move the
four existing users off it, so we can actually remove this.)
Test: treehugger
Change-Id: Ib5445a43cff1f161ce1c7a45959d5b126f6f6980
Now that tune2fs and resize2fs may be dynamic, add linker[64] to
first_stage_ramdisk/system/bin.
Test: boot and examine serial output, ensure tune2fs and resize2fs
can be executed.
Bug: 173425293
Change-Id: I35699b38ddf5004c04ec0adc1b0c54d5d9c92ae6
Convenience API to disable memory mitigations, where we can specify
logging and also have a single place to update once a related bug is
fixed.
Bug: 166675194
Test: use API to disable memory mitigations
Change-Id: I4a3529ea1911925c49e31cc3809c2743e401c196
Added missing partitions (/product and /vendor).
APEXes can be put in /system, /system_ext, /product, and /vendor.
Binaries within "flattened" apexes should be marked as executable.
Bug: 167383491
Bug: 169025459
Test: OVERRIDE_TARGET_FLATTEN_APEX=true m vendorimage with a vendor apex
simg2img $OUT/vendor.img vendor.img
debugfs -R 'ls -l /vendor/apex/com.android.foo/bin' vendor.img
=> check if binaries are executable
Change-Id: I67284166d70c98a2a184b47e7052ade8b9039df9
android_filesystem_config.h is found since system/core/include is on
the include path for all projects and contains a symlink to the real
android_filesystem_config.h. This is fragile and the below bug seeks
to remove this symlink and have users correctly depend on
libcutils_headers.
Bug: 165825252
Test: build
Change-Id: I1aad6a2e8fbe87635e97b0ac1be3414403353382
Currently it falls back to /sys/kernel/tracing if debugfs is not found.
/sys/kernel/tracing must be checked first since debugfs is not allowed
to be mounted in user builds starting with Android R launching devices.
Test: manual
Change-Id: I2fb5ec91bbf7d5304a1a6efcb06530969485e78f
Fix the memfd_create(2) path and add the missing unit test.
Bug: https://issuetracker.google.com/165667331
Test: treehugger
Change-Id: Ibb5c1d0f9d7caba1df04d1f03e82e55026d9f86a
Introduce a new systrace tag, TRACE_TAG_SYSPROP, for use with
system property.
Bug: 147275573
Test: build
Change-Id: I6f85f3f52f6580bab4ff43fc1dc0e87c689b054e
Merged-In: I6f85f3f52f6580bab4ff43fc1dc0e87c689b054e
(cherry picked from commit 573fc58bad)
This directory contains only the su binary which is executable only by
root and shell uids, so need not be accessible to other users.
Test: Device boots
Test: adb shell ls -ld /system/xbin
Change-Id: I4c9daab68b29832ef0ace2dec274687e4496da81
