Jeffrey Vander Stoep noted the permissions for the system dmabuf
heap should be 444 instead of 666, as we only need to open and
call ioctl on the device.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I650c9fabfffd1eac5f59bbc7fa1e0ae1f5646bd9
In first-stage init, during the selinux transition, no socket is needed.
It's even advantageous not to create one, since it greatly reduces the
amount of avc audits. This patch allows starting snapuserd with a preset
list of socket commands that it can run on startup.
Bug: 173476209
Test: manual test
Change-Id: I758d99097372e4dffb252e2836fd859b7fed162a
This is in preparation for expanding the command-line features of
snapuserd.
Bug: N/A
Test: builds
Change-Id: Id33c4f190dc0f99cd436f0e9a6b1d6ee92e245e4
Simplifies development flow because libtrusty_test.so doesn't need to be
pushed with the fuzzer.
Bug: 171750250
Test: m trusty_gatekeeper_fuzzer && adb sync data && \
adb shell /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: I7c83b5784ede4881dcd9c2dd33c97bf49fcde6ff
Change-Id: Iba60f03000bfca15b00e484ef3a168604c65554a
Add ExtraCounters to Confirmationui fuzzer so that the fuzzer can
grab the coverage information of the Confirmationui TA.
Bug: 174402999
Bug: 171750250
Test: /data/fuzz/arm64/trusty_confirmationui_fuzzer/trusty_confirmationui_fuzzer
Change-Id: I2e287281e7c8100f0d48413fbe0ff99d397a74c1
This makes it easier to associate logs written during the test with the
test case that was running.
Test: atest CtsInitTestCases
Change-Id: I832f1c9ba8358341c934fdd91a65f5739bc98e37
... as being able to use cc_library in header_libs is not
intended.
Bug: 173252016
Test: m checkbuild
Change-Id: I624ee84728c59744c89ab51db567900c8eaf0571
This hasn't helped investigating the issue, and the issue itself isn't
a problem anymore, so we remove these logs.
Bug: 155203339
Test: reboot
Change-Id: I20e51d8fcad5572906a8d556bec8a8dee4522834
Package verifiers (e.g, phonesky) needs to access the folders inside
/data/app-staging to be able to verify them. Without the execute
permission on app-staging folder, it cannot stat any of the sub-dirs
inside app-staging.
This also aligns with permission of /data/app folder.
Bug: 175163376
Test: manual
Test: installed a staged session and observed that Phonesky did not log
about not finding the apks in /data/app-staging folder
Change-Id: I9774ed800da9f15401d3cee653142a37bf54ef4a
* changes:
Add /metadata to ramdisk.
Also create dirs under /first_stage_ramdisk for GKI.
Refactor the list of empty dirs in ramdisk in its own list.
Revert "Move e2fsck into /first_stage_ramdisk."
qemu_pipe is an Android Studio Emulator (aka goldfish)
implementation detail.
Bug: 175046060
Test: none
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I7a80cdf1a2cd6b5af0d9544648b9d25e6abf9fad
Vendors have an interest in importing ueventd files based on certain
property values. Instead of baking this logic in the ueventd binary,
add the import option from the init parser to the ueventd parser, to
allow vendors to expand as needed.
Test: imported files are parsed
Change-Id: I674987fd48f3218e4703528c6d905b1afb5fb366
Now that GKI may not be writeable, also create /metadata at build time
to avoid error log at boot time.
Note that this also creates /first_stage_ramdisk/metadata in GKI.
[ 1.891172] init: [libfs_mgr]check_fs():
mount(/dev/block/by-name/metadata,/metadata,ext4)=-1: No such
file or directory
Bug: 173425293
Test: boots
Change-Id: I62d23c382ed1ad165c1d6598b3df41bd92206733
If the device uses GKI and generic ramdisk, also create
empty directories under /first_stage_ramdisk so that they
won't have to be created at runtime. This allows generic
ramdisk to be not writable.
Test: boots
Bug: 173425293
Change-Id: If987cb1d4af9f9ee94a43a4523f9e1465b01b16a
This reverts commit 3337e782e6.
Reason for revert: e2fsck is moved into vendor ramdisk and installed
to / or /first_stage_ramdisk depending on the device, so there is no
need to move it.
Bug: 173425293
Change-Id: I1eb431e6b2a1e0ba7d0da0278d076b6682a0156d
Test: boots
If a `*` appears within (but not at the end) of a /dev or /sys path in
a ueventd.rc file, then that path is matched with fnmatch() using the
FNM_PATHNAME, which means `*` will not match `/`. That is not always
the intended behavior and this change creates the no_fnm_pathname
option, which will not use the FNM_PATHNAME flag and will have `*`
match `/`.
Bug: 172880724
Test: these unit tests
Change-Id: I85b813d89237dbf3af47564e5cbf6806df5d412f
C++ thread_local is less code to write, and performs better. All known
users have been moved over already.
Test: treehugger
Change-Id: Idaa2a58bf23342dae08dd6b9003d8f532839b351
