This is to read profile guide compiled oat files of debuggable apps, which is
needed by simpleperf for profiling.
Bug: none
Test: run run-as manually.
Change-Id: I8ec8897b882be650f02124413c7d20ed8b1b444b
It notifies libselinux that the setcontext request is from run-as.
And libselinux will set current process to runas_app domain, which
can execute app data files.
Bug: 118737210
Test: run CtsSimpleperfTestCases.
Change-Id: Ib94087f910786dd5d2a2b2e3b1bf76dfa7131ced
This change adds the ro.boot.disable_runas system property, that when
set, disables the run-as command. This is done to reduce the surface
area of programs that have file based capabilities in Chrome OS, and
what they can do when running in non-developer mode.
Bug: 31630024
Test: run-as still works in aosp_sailfish
Test: run-as still works in Android in Chrome OS (in developer mode)
Change-Id: Iaf1d6f9ceb65081b7a9e17b9b91d8855e4080133
This broke TCP debugging because processes don't inherit the AID_INET
group.
Bug: 67058466
Test: adb shell run-as com.example.native_activity groups prints "inet".
Change-Id: Ieb461dccda8611057bb2d16334e584eb5e57c8b1
To support upcoming disk usage calculation optimizations, this change
creates a new GID for each app that will be used to mark its cached
data. We're allocating these unique GIDs so that we can use
quotactl() to track cached data on a per-app basis.
This change also tightens up the implementation of both the cache
and shared GID calculation to ensure that they stay inside the valid
ranges, and includes tests to verify.
Test: builds, boots, tests pass
Bug: 27948817
Change-Id: Ie4377e5aae267f2da39a165888139228995987cb
Arguably, we don't need a ScopedMinijail for a program that only execs,
but I'd rather keep the code consistent and have all uses of Minijail
be good examples.
Bug: 30156807
Change-Id: I08a968835e0f3e2afcd5e7736626edbed658cde2
We already have to have a Java and a native implementation; we don't
need _two_ native implementations.
Change-Id: I0201205ce5079ef9c747abc37b0c8122cf8fb136
