This doesn't help the person who wants CAP_BPF, but we can fix that
better by adding it to our stale glibc (and our future switch to musl
will mean we'll never have similar problems again).
I think this just dates from when we still supported building the OS on
darwin, but those days are long gone, and I think this hack can be put
to rest now...
Test: treehugger
Change-Id: I3c2e56c68a5b00c1ad0aed422c6ce60886063f50
Also adjust permissions on /dev/hw_random to allow prng_seeder group
read access.
Manual testing protocol:
* Verify prng_seeder daemon is running and has the
correct label and uid/gid.
* Verify prng_seeder socket present and has correct
label and permissions
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
(e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance
Bug: 243933553
Test: Manual - see above
Change-Id: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
Introduces new APIs which can be used to simplify application of fdsan
to native_handle_t usage, and applies fdsan protection to
native_handle_clone() by default.
Bug: 244214188
Test: validated alongside sensor service change to use the new APIs
Change-Id: I3be16a09c336bcbe880bdb542d5da2969c2c34d3
It's useful to have a group that shares a numeric id with Linux and
macOS. "root" doesn't count because group 0 is actually called "wheel"
on the BSDs, and macOS has "daemon" and "kmem" as its groups 1 and 2.
This lets us have toybox tar tests that have the same results on all
supported OSes without special handling.
Test: treehugger
Change-Id: I4704d6f9ada84f3065831a099b34d1c20c4c6b03
A suppplementary group to mark which app can write to the security log
buffer. Granted via android.permission.WRITE_SECURITY_LOG and checked by
logd.
Bug: 232283779
Test: manual
Change-Id: I3ad66031ab1c9eef26db0f3e8968659dfa2855cb
Method is needed for further use in statsd mapping process.
Bug: 217695033
Test: atest installd_service_test
Change-Id: I508a58da5f8d2e32264002db515425134d18aece
Ignore-AOSP-First: code is not in AOSP yet
Bug: 220320098
Test: presubmit
Change-Id: I310feb08a903c2ee9cd544e3b9751c2e02ce5951
Merged-In: I310feb08a903c2ee9cd544e3b9751c2e02ce5951
(cherry picked from commit 6e124aac7c)
Every app will now have a corresponding supplemental process associated
with it. We need an utility method to map one to the other.
Implementation details: supplemental process uid will be between range
20k-30k. As such, it will be a 10k offset from app id. See ag/16621743.
Bug: 211763739
Test: atest installd_service_test
Ignore-AOSP-First: Feature is being developed in internal branch
Change-Id: I2b6d6b086985bcb24c837eaa95a937d429d6a583
Merged-In: I2b6d6b086985bcb24c837eaa95a937d429d6a583
(cherry picked from commit 1c7acfdb67)
This functionality is now handled in mainline and has been removed from
netd in Android T.
Test: builds & boots
Change-Id: Ic435eee0d89bda30d733efbc655692c697bbe9e8
Add AID_READTRACEFS and mount tracefs with gid=AID_READTRACEFS
Bug: 209513178
Test: adb shell ls -l /sys/kernel/tracing/events
Change-Id: Ibbfdf8a4b771bd7520ecbaaf15a1153d6bf0e599
We've had two use-after-frees in the last month from this nonsense...
Bug: http://b/204925347
Test: treehugger
Change-Id: I5e1485253224e38ca51a7a077dbe65d19e39f817
Revert "Add systrace tag for system property"
Revert "Add systrace tag for system property"
Revert "Adding system property tracing"
Revert submission 1403568-sysprop_trace
Reason for revert: makes property get/set non-reentrant
Reverted Changes:
I6f85f3f52:Add systrace tag for system property
Id2b93acb2:Adding system property tracing
Id78992d23:Add systrace tag for system property
I1ba9fc7bd:Add systrace tag for system property
Ignore-AOSP-First: b/193050299#comment17
Bug: 193050299
Change-Id: I9305003531c6a86194d55dc72c613337d213b53d
Merged-In: I9305003531c6a86194d55dc72c613337d213b53d
Test: build and boot a device
(cherry picked from commit 18e0f65cbf)
Glibc >=2.32 exposes a gettid() which clashes with libcutils
thread.h, so add a check to not expose it if building against
newer glibc (ChromiumOS will still use glibc 2.27 besides 2.32).
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1182060
Test: Builds without errors on both glibc 2.32 and 2.27.
Change-Id: Ib71fa1bc9fa185e3668002407dbed05a80c87740
This function is no longer necessary, and uses a deprecated API
(mallopt(M_BIONIC_DISABLE_MEMORY_MITIGATIONS)). This function was
provided originally as part of libcutils because the original API was a
private android_mallopt.
The API is being reborn as a memory-init-specific mallopt. Given that
regular system components and apps will be able to call it directly,
it's not necessary to have a wrapper function in libcutils any more.
Bug: 135772972
Test: Build the device.
Change-Id: I4a3185b99702c8e445de6837b154c4a96c8295a1
C++ thread_local is less code to write, and performs better. All known
users have been moved over already.
Test: treehugger
Change-Id: Idaa2a58bf23342dae08dd6b9003d8f532839b351
libcutils' thread local stuff is almost unused already, so let's try
harder to prevent new users. (In parallel I'll try to actually move the
four existing users off it, so we can actually remove this.)
Test: treehugger
Change-Id: Ib5445a43cff1f161ce1c7a45959d5b126f6f6980
Convenience API to disable memory mitigations, where we can specify
logging and also have a single place to update once a related bug is
fixed.
Bug: 166675194
Test: use API to disable memory mitigations
Change-Id: I4a3529ea1911925c49e31cc3809c2743e401c196