From
https://android-build.googleplex.com/builds/tests/view?testResultId=TR66328435937757440&invocationId=I00700010119503421:
system/core/init/init_test.cpp:219: Failure
Failed
Value of: service->Start()
Actual: createProcessGroup(0, 15611) failed for service 'console'
Expected: is ok
The above error message does not contain enough information to
root-cause the test failure. Hence this CL that makes an error message
more informative.
Bug: 262090304
Change-Id: I09929b2f2aabf1eec4d90ec93234a9e968888da4
Signed-off-by: Bart Van Assche <bvanassche@google.com>
If a service that runs under root doesn't have the capabilities field in
it's definition, then it will inherit all the capabilities that init
has.
This change adds a linter to detect such services and ask developers to
explicitly specify capabilities that their service needs. If service
doesn't require any capabilities then empty capabilities fields should
be added in the service definition.
The actual access control list on what capabilities a process can use is
controlled by the SELinux, so inheriting all the init capabilities is
not a security issue here. However, asking services to explicitly
specify the capabilities they need is a good defense-in-depth mechanism.
So far this linter only checks the services on /system partition.
All currently offending services are added to the exempt list. I will
work on fixing some of them in the follow-up changes.
Bug: 249796710
Test: m dist
Change-Id: I2db06af165ae320a9c5086756067dceef20cd28d
Adjusting attributes that correspond to the `blkio`(v1)/`io`(v2) controller. The migration of the `blkio` v1 controller to v2 requires renaming it to `io`, therefore we want to update the `File` field to point to `blkio` file and `FileV2` to point to `io` file.
Test: Verified with cuttlefish that this works with the `io` controller migration by cherry-picking aosp/2218645
Bug: 263269364
Bug: 213617178
Change-Id: I0aacfc6d74e3eec61ebb2ce443b04c792392aa9e
We will continue to restrict access to /dev/kvm and /dev/vhost-vsock with SELinux.
Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Id4f3e19c18a51bc51e6363d6ffde31c1032cf967
It runs a service with root privilege which can't be done on user
builds. Until the issue is resolved, skip the test on user builds.
Bug: 262090304
Test: N/A
Change-Id: I690ffbd7fdaef688a0c862e0c653e9b21e281ece
Current documentation is misleading: if a service runs as root and
doesn't specify any capabilities, then it will start with all the
capabilities (note that whether it can use them is controlled by
selinux).
Test: n/a
Bug: 249796710
Change-Id: I0d6a884127c6a6c5b651c1222fcf48322065daae
The availability of /dev/console varies across different devices and
even across different build variants (ex: userdebug/user). Instead of
relying on the device-specific condition, use the /dev/null as the
console device for the test.
Bug: 262090304
Test: atest CtsInitTestCases on raven-user
Change-Id: I3b12d66e94609328dfdd6f640d1adb88a773fa38
It makes no sense, because there are no cgroup procs file.
Bug: 257264124
Test: atest MicrodroidBenchmarkApp
Change-Id: I4e3a118d2237afc46aa8fbcbad055afb7d56f464
Say we have mount configurations as follows:
mount <dev> /mnt_point -t ext4 -o ro,context=<se_file_context>
mount overlay /mnt_point2 -t overlay -o lowerdir=/mnt_point,upperdir=...
Overlayfs driver doesn't forward the overridden file context from
/mnt_point to /mnt_point2, thus the same file (same inode) would have
different file context when accessed via /mnt_point and /mnt_point2.
This change makes adb remount to mount filesystem overlays with context=
option if the overlaid mountpoint has it too. This makes the files under
context= mountpoint to retain the same file context after remount.
Also run clang-format on the whole file to fix some formatting issues.
Bug: 243501054
Test: adb remount && check file context with "ls -Z"
Change-Id: Ie4815604c56f1ce81b755cd0569b6577bd5f575f
Early processes can't rely on APEXes anyway. We don't need to run
linkerconfig.
This helps to reduce the storage usage (no
/system/bin/bootstrap/linkerconfig) and the boottime (not running
linkerconfig).
If we need more complicated linker config even for early processes, then
we could generate it at build-time and use it like recovery version.
Bug: 262330207
Bug: 260982509
Test: MicrodroidAppTest
Test: device boots
Change-Id: Iceca5ffdb1655fd94e90b0091f439bd22130185e
Right now fs_mgr_overlayfs_setup() always reads the default fstab and
this makes the "-T" option of remount useless.
Change it so that the fstab is passed in by the caller.
Bug: 243501054
Test: adb remount -vT <path/to/fstab>
Test: and check that overlay is active after reboot
Change-Id: Ia4101938a50c305f105c57018b02aec01f862dec
Const version of GetEntryForMountPoint() accepts a pointer to const
Fstab and returns a pointer to const FstabEntry.
In order to refrain from adding more boilderplate, simplify the
implementation of GetEntryForMountPoint() to "return first entry of
GetEntriesForMountPoint()". The added overhead should be negligible as
fstab is usually small (around dozens of entries max), so iterating the
whole list is not computationally expensive.
Also templatize the implementation of GetEntriesByPred() to reduce the
amount of boilerplate.
Bug: 243501054
Test: Presubmit
Change-Id: I046d61d68385825656bb7bc7177c0d1d3e8b36e1
* changes:
libsnapshot: Test batch writes and threaded compression
libsnapshot: Batch write COW operations in a cluster
libsnapshot: Use two threads to run compression
