Bug: 33241851
Test: No changes needed for modules not using VNDK.
For VNDK, enable BOARD_VNDK_VERSION in BoardConfig.mk
and add libcutils to modules that need these headers.
Change-Id: I6102778aab35ed26a5ddde11230502dcd4edc852
Recent changes to OTA updates started "blaming" network usage on the
system UID, which makes it difficult to triage incoming bugreports
that claim heavy network usage. Instead, this change gives OTA
updates an explicit UID to make triage easier.
Test: builds, boots
Bug: 36130264
Change-Id: I0a0cc009f3d891b19b419bc12cd237ef8ac64519
This is used by components that communicate with the embedded secure
element.
Test: Boot system with a daemon and device using this AID.
Bug: 35628284
Change-Id: I1fd1a300c69fefbd19fda69add5d3b098be873c2
Moved headers from include/libcutils and include/liblog to
libcutils/include and liblog/include respectively, so they can be
exported via these libs. They needed to be moved since Soong does
not allow export from external folder.
Added symlink from old locations. They are needed since Soong
includes system/core/include by default. Once all modules are
cleaned up to explicitly add the required libs, the symlinks will be
removed.
Also added liblog_vndk_headers that exports a special log/log.h for
VNDK.
Moved headers of libcutils to libcutils_headers. They should be used
by modules for header-only inlines. Added libcutils_headers as
dependency of libcutils.
Added libcutils_vndk_headers that exports a special cutils/log.h
deprecating usage of the file. A later CL will deprecate the one in
libcutils_headers
Test: Add above libs to shared lib of local module
Change-Id: I6e1f9c5f23d8b6eae13dc3b7e5dfe7fae93b8510
To quickly answer the question of "how much data is a UID using?" we
need a GID range to label files on external storage, similar to
the GID ranges already defined for cached and shared data.
Also define a new GID that will be used to label the OBB files shared
between all users under /data/media/obb.
Test: builds, newly added tests pass
Bug: 34263266
Change-Id: I16fb7d166c3dcdeafbf477162d191d3b73ae8ac2
Remove debuggerd in favor of a helper process that gets execed by
crashing processes.
Bug: http://b/30705528
Test: debuggerd_test
Change-Id: I9906c69473989cbf7fe5ea6cccf9a9c563d75906
To support upcoming disk usage calculation optimizations, this change
creates a new GID for each app that will be used to mark its cached
data. We're allocating these unique GIDs so that we can use
quotactl() to track cached data on a per-app basis.
This change also tightens up the implementation of both the cache
and shared GID calculation to ensure that they stay inside the valid
ranges, and includes tests to verify.
Test: builds, boots, tests pass
Bug: 27948817
Change-Id: Ie4377e5aae267f2da39a165888139228995987cb
Prevent others from using android_ids and force them
to use grp.h and pwd.h family of functions.
Test: Build and boot, verify services are running properly.
Bug: 27999086
Change-Id: Idcd75cf7e91a49ef07a0ed3bdb514ad61aa82e69
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Add a comment to android_filesystem_config.h
about AID and OEM Range "scraping" done by
build/tools/fs_config.
Test: Build and boot.
Change-Id: I2d4845d91546ae967a1ee5166b73d119938faccc
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Currently, all internal media storage files (under /data/media) are
given the same "media_rw" GID. To support an upcoming optimization
to disk usage calculation, this CL defines three new GIDs that can be
used to quickly identify common types: audio, video, and images.
Test: builds
Bug: 27948817
Change-Id: I8548459c3d3ccbf7d822431c6e2ebd1c2e309d70
Allows us to compose an event message for our own in-memory purposes.
Will be used to compose an event message in logd and directly write
it to just the pmsg buffer. Provide an internal enhanced C++ wrapper
for event handling.
Test: gTest liblog-unit-tests --gtest_filter=liblog.android_log_write_list_buffer
Bug: 31456426
Change-Id: I98246898ba580f9e506baba8af2fd1b26a2a8aae
log/logger.h pieces moved into log/log.h. Correct for some
minor Android Coding standards.
Test: gTests liblog-unit-tests, logd-unit-tests and logcat-unit-tests
Bug: 19235719
Bug: 26552300
Bug: 31289077
Bug: 31456426
Change-Id: I0a19fd8788eec20a582e72e4c62c04534bdb1b9a
Add private function __android_logger_get_buffer_size() to read
properties and compose the default buffer size. This interface
complements the existing android_looger_get_size() which returns
the logd setting which can differ at runtime. For use in logd
and dumpstate. Side effect is we also add the private functions
__android_logger_property_get_bool() and
__android_logger_valid_buffer_size() for reuse in logd.
Test: gTest liblog-unit-test, logd-unit-tests and logcat-unit-tests in
combination with commit 'logd: Use private interfaces for
buffer size properties'
Bug: 31750617
Change-Id: Id95cb68f775ef6b427c122e10f6f8291d336d184
Allow our own libraries to use this privately instead of
running the less efficient get_properties and doing the math.
Test: compile and boot smoke test
Bug: 27566046
Bug: 31456426
Change-Id: I2f677276d27fbcb6af01b600ac1d9891c8938d43
debuggerd does not require log/logger.h, can use android/log.h
In some cases, mark why log/logger.h was required.
Test: Compile and boot smoke test
Bug: 26552300
Bug: 31289077
Bug: 31456426
Change-Id: Ia34987e25a01d81971ec8d785415f732b8376c4f
Move all liblog related content into android/log.h, and make
log/log.h points to android/log.h.
Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I858e0ebe047b86f2a8530a99bc9c380d3d58edbb
Always used in combination with log/logger.h except in log_time.cpp,
and not used externally. As a result liblog has to support stl, a
small price to pay since goal is to convert liblog to C++ internally.
Test: compile
Bug: 31456426
Bug: 26552300
Bug: 31289077
Change-Id: I72828ec807d0a2c8e40bbdebd7a69f147a7ca5a9
It's no longer specific to make_ext4fs, will be used for mksquashfs as
well.
BUG: 27467028
Change-Id: I41b8c2b168ada45c8378dee522391edfb8f6b9a6
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
BUG: 28704419
- This is considered an Android Private function, not exported
for general use.
- goal is to retreive a file's content from a series of log
messages from pmsg, to be retrieved after a reboot for
transfer to a persistent location.
- files are presented in reverse sorted order, first based on
_any_ numerical content, then by alphanumeric order.
- Add a gTest for this function, relies on gTest for
liblog.__android_log_pmsg_file_write from prior to reboot.
Bug: 27176738
Change-Id: If37ef423009bd28b598b233af3bccef3429bdc22
- This is considered an Android Private function, not exported
for general use.
- goal is to record a file's content into a series of log
messages into pmsg, to be retrieved after a reboot for
transfer to a persistent location.
- filename reference is converted to a tag-unique
"<dirbase>:<filebase>".
- buffer and length representing the filename contents are
recorded, along with a sequence number placed into the nsec
time field to ANDROID_LOG_PMSG_FILE_MAX_SEQUENCE.
- Add a gTest for this function.
Bug: 27176738
Change-Id: If93df3ae8bfc1bb75516d4a1fd8dae0301af644b
This is intended to be used by user space daemons that are part of
access-controlled NVRAM HAL implementations for Brillo. Because there
might be sensitive data flowing through the daemon, we'd like to run
it as a separate user.
BUG: 27764637
Change-Id: If6ad7923af3c650963ee9e926f732001b6a8cb5d
Sometimes new users/groups get added in internal branches, and the list
gets out of sync. Add a comment to prompt developers to add users in
AOSP.
Bug: None
Change-Id: I5b2df391902b842f1af8a377c8eac4cdb36a0518
Brillo is converging on a set of mandatory system services to be
included in all Brillo builds. We'd like these services to run as
separate users just like other native Android/Brillo system services.
Add users for these services:
-Firewalld: Brillo has more granular firewall requirements (think e.g.
Brillo-powered router.) Firewalld exposes a (currently) D-Bus/
(soon to be) Binder API to broker access to IPTables rules.
-Trunksd: Some Brillo product configs will require TPMs. Trunksd
manages TPMs in Chrome OS and Brillo.
Bug: 27299198
Change-Id: Ibe3303acdd9398ea52da0a37dbef73e5c5a948f7
-metrics_collector and metricsd gather and upload device metrics.
-webservd is part of the Weave (Brillo remote setup and management) stack.
Bug: 26337609
Change-Id: Icf6ce75e64293adbe773f2ee65e80629f2eeb737
* Added new kernel GID named "wakelock" (AID_WAKELOCK = 3010)
* Changed the group access for /sys/power/wake_lock and
/sys/power/wake_unlock from "system" to "wakelock"
* Added "wakelock" to the list of groups for the healthd process/service
Bug: 25864142
Change-Id: Ieabee9964cccec3107971a361a43aa9805164aa9
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Brillo will need to run new native system services, so reserve
a reasonable UID range to accomodate them. Having 1000 UIDs will
allow us to sub-partition this range if needed.
The range can be used by any OEM, not just Brillo, so name it
accordingly.
Bug: 22555869
Change-Id: I752428ee5025bf064a35ecbe6da50c041d87b724
