Now that we're treating storage as a runtime permission, we need to
grant read/write access without killing the app. This is really
tricky, since we had been using GIDs for access control, and they're
set in stone once Zygote drops privileges.
The only thing left that can change dynamically is the filesystem
itself, so let's do that. This means changing the FUSE daemon to
present itself as three different views:
/mnt/runtime_default/foo - view for apps with no access
/mnt/runtime_read/foo - view for apps with read access
/mnt/runtime_write/foo - view for apps with write access
There is still a single location for all the backing files, and
filesystem permissions are derived the same way for each view, but
the file modes are masked off differently for each mountpoint.
During Zygote fork, it wires up the appropriate storage access into
an isolated mount namespace based on the current app permissions. When
the app is granted permissions dynamically at runtime, the system
asks vold to jump into the existing mount namespace and bind mount
the newly granted access model into place.
Bug: 21858077
Change-Id: I5a016f0958a92fd390c02b5ae159f8008bd4f4b7
If a thread is created while the parent thread is "Background",
then the default timerslack value gets set to the current
timerslack value of the parent (40ms). The default value is
used when transitioning to "Foreground" -- so the effect is that
the timerslack value becomes 40ms regardless of foreground/background.
This does occur intermittently for systemui when creating its
render thread (pretty often on hammerhead and has been seen on
shamu). If this occurs, then some systemui animations like navbar
ripples can wait for up to 40ms to draw a frame when they intended
to wait 3ms -- jank.
This fix is to explicitly set the foreground timerslack to 50us.
A consequence of setting timerslack behind the process' back is
that any custom values for timerslack get lost whenever the thread
has transition between fg/bg.
See Bug: 19398120
Change-Id: Idc259717f62fa2255f8bafbbf88b68c0043f29cf
Adds the call to wakeup_callback when the write to the /sys/power/state
fails. This will help userspace account for the suspend aborts.
Bug: 17478088
Bug: 18179405
Change-Id: Icd1194cfbaf61044ca0b2fe63a10a4c52e1535bc
(cherry pick from commit ed777e9eec)
Quick low-risk to resolve possible hash table corruption.
Resolved an unlikely path memory leak.
ToDo: replace lock with nested lock so no lock
helpers are required.
Bug: 22068332
Change-Id: I303ab06608502c7d61d42f111a9c43366f184d0c
If the handle version is 0, there's no hardware_backed flag
meaning hardware backed handles will be attempted against
the soft impl. Ensure we don't try to read from hardware_backed
unless the version is > 0.
Bug: 21090356
Change-Id: I65f009c55538ea3c20eb486b580eb11ce93934fc
so that PackageManagerService can iterate over files with a
specific file extension like ".so".
Bug: 21957428
Change-Id: I76ed9560d4d1e00d297a97d518ec357166be1981
Certain devices, like Shamu, are currently running an interim
software-only gatekeeper. When the HAL for those devices is merged,
we need to handle upgrading to the HAL smoothly.
Bug: 21090356
Change-Id: I5352bc547a43671a08249eae532e8b3ce6b90087
Fix the file access permissions and group ownership of
"/data/misc/bluedroid/bt_config.conf" so the file can be reused when
switching users on the device.
For that purpose, we need to do the following:
1. Set the set-group-ID (bit 02000) flag for directory "/data/misc/bluedroid"
so the files created in that directory will have group-id of
"net_bt_stack" .
2. Change the file's permissions of file "/data/misc/bluedroid/bt_config.conf"
to Read/Write by User and Group.
Bug: 21493919
Change-Id: Ie00ab4695198ef2aa299b484ef9d4f17bd41b98a
Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)
Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
(cherry picked from commit 5cba504215)
Some devices fail to send USB string descriptors if you attempt to read more
than 255 bytes
Bug: 21871761
Change-Id: Id5b8865179f80523f0ad5b6028d49dd99db2b36b
This adds the "writepid" option that instructs init to write the child's
pid to the given filenames (such as /dev/cpuctl/bg_non_interactive/cgroup.procs
and/or /dev/cpuset/foreground/cgroup.procs).
Bug: http://b/21163745
Change-Id: I121bb22aa208bc99c4fb334eb552fdd5bcc47c1a
(cherry picked from commit d62f0608d9)
to make the function faster on average. Since killing a process
takes about 40-60ms on a recent device, the previous logic tends
to sleep too long. This CL does not significantly change the total
timeout (old code: 204ms, new code: 200ms).
Bug: 21813611
Change-Id: Ica44b2437ccccaebadcf585d7a09d993ce71a499
(cherry pick from commit ee49c6a670)
- regression in log_strtok_r (part deux) In commit
'logd: fix kernel logline stutter'
2c3b300fd8 we introduced log_strtok_r.
as a replacement for strtok_r that dealt with a problem with
some kernel log messages. Fix is to refine definition of
is_timestamp to not match on patterns like [0], requiring
a single period. Another fix is to refine definition of
is_prio to properly escape non-digit content.
- Missing content because SYSLOG_ACTION_SIZE_BUFFER with added logging
is too short for full read of SYSLOG_ACTION_READ_ALL dropping
initial content. Add a margin for additional 1024 bytes.
- Absolute _first_ log entry has sequence number of 1, which is
specifically dropped, start sequence count at 1 rather than 0.
- Remove trailing space for efficiency.
- If tag exists but no content, trick into kernel logging.
Bug: 21851884
Change-Id: I0867a555a3bca09bbf18d18e75e41dffffe57a23
(cherry pick from commit e59c469fa8)
- Default level when not specified is ANDROID_LOG_VERBOSE
which is inert.
Bug: 20416721
Bug: 19544788
Bug: 17760225
Change-Id: Icc098e53dc47ceaaeb24ec42eb6f61d6430ec2f6
(cherry pick from commit c158456f50)
- Add support for "log.tag" and "persist.log.tag" global
logging properties, effectively a runtime default minimum
logging level.
- Add a thread-safe single level cache plus selective logic for the
four properties being checked to help speed up logging decision
on subsequent identical calls.
- Using new __system_property_area_serial() to make for
efficient (<100ns) handling of cache misses. Despite adding
two new properties, we are 8 times faster on subsequent calls
even if the properties do not exist.
- A NULL or blank tag is no longer directed to return default,
it will check the pair of global logging properties first.
- Add liblog.is_loggable gTest
- Fixup liblog.android_logger_get_, allow no content in crash buffer
- Fixup liblog.max_payload, lowered logd priority increases latency
Bug: 19544788
Bug: 21696721
Change-Id: Ideb887755aa3f1fd14a2603bda1fe23cba49642c
This error message has no meaning and makes it look like an unwinding
failure occurred. These messages are showing up more often now
that a lot more of debuggerd is using the ReadWord and Read calls.
If a higher level function wants to indicate there is an error, then
it can add a more meaningful error.
Bug: 21818730
(cherry picked from commit 35c8136d96)
Change-Id: Ie6e20fbc18702fde935f2cf8cbf1b297fda43282
The issue is that adb uses fopen() with "e" (presumably to open the file
with O_CLOEXEC), but that flag causes MSVCRT.DLL to return an error. So
when adb_auth_host.cpp goes to read or write the adbkey files, it fails.
The quick fix is to not use the "e" option on adb host code since it
isn't necessary there, compared to adbd.
An alternative fix would be to have a fopen() wrapper on Windows that
filters out the "e" option.
Bug: http://b/21806456
Bug: https://code.google.com/p/android/issues/detail?id=175077
Change-Id: I7d8ba2847dab0ed558ffe156e79093251eb253c9
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
(cherry picked from commit 9b9603148b)
1. Calculate AID for spawned process as (100000 * $user) + uid_from_packages.list
2. Use /data/user/$user/$packageDir as a root of a new process if $user != 0.
Change-Id: I761dfb481114bd51e5a950307fcaf403e96eef10
(cherry picked from commit da31778f3b)
