This doesn't help the person who wants CAP_BPF, but we can fix that
better by adding it to our stale glibc (and our future switch to musl
will mean we'll never have similar problems again).
I think this just dates from when we still supported building the OS on
darwin, but those days are long gone, and I think this hack can be put
to rest now...
Test: treehugger
Change-Id: I3c2e56c68a5b00c1ad0aed422c6ce60886063f50
Current libcutils checks if memfd is supported with vendor VNDK version,
but this is no longer valid if VNDK is deprecated. As we can assume that
any vendor using this code is supported as long as it is treblelized,
simplify logic to check if memfd is valid to vendor only with
'ro.treble.enabled' property.
Bug: 290159430
Test: Cuttlefish with VNDK deprecated worked without error from
libcutils
Change-Id: I351f0798da99cb4827bc3e424b63a2eaee5c7461
This code is only used in init and vold, so I suspect all the
conditional compilation could be moved into the .bp file instead, but
I'm just trying to clean up duplication today...
Test: treehugger
Change-Id: I97013f5de41e109a0cc377400c396145aed569db
Need to seal the buffer size in align with ashmem if set to PROT_READ
only to prevent untrusted remote process to shrink the buffer size and
crash it.
Bug: 294609150
Test: build
Ignore-AOSP-First: Security
Change-Id: I9288cf30b41e84ad8d3247c204e20482912bff69
Enable ABI dump for libcutils, so ABI can be stabilized from any update
after official release.
Bug: 254141417
Test: abidiff intermediates found from libcutils.vendor build
Change-Id: Ic27c82b908b7836c7bc538a24202ed8adba4d048
The 32-bit variant of libjsoncpp is not always installed
on 64-bit devices, so it must always be statically included.
We should probably collapse libcutils_test with
libcutils_test_static in the future.
Bug: 285357054
Test: libcutils_test
Change-Id: Ic84901ce5af766338b2cab07c3cf10841ba9a150
Upload files to /data/local/tests/unrestricted instead to improve data
collection in the event of a crash.
Bug: 284307085
Bug: 258819618
Bug: 199904562
Test: atest KernelLibcutilsTest
Change-Id: Iff816fd3276b24507c60eddc1bcd3f2c2184c27d
Signed-off-by: Edward Liaw <edliaw@google.com>
where stuff is apparently under /system_ext/apex/...
instead of /system/apex/...
Bug: 277646103
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I947e44af334628d82ca633546f3328319c2bac60
This is a follow-on CL for aosp/2528043
/system/apex/com.android.tethering.inprocess/bin/for-system/clatd
is bind mounted as /apex/com.android.tethering/bin/for-system/clatd
when using inprocess tethering.
Bug: 273821347
Test: `ls -l /apex/com.android.tethering/bin/for-system/clatd` on bertha
Test: Also see aosp/2528043 for how it is tested
Change-Id: Ia20165663e4ff6d9266fe601d25395816792a3f7
get_sched_policy uses the cpuset policy as fallback if the cpu cgroup
is not recognized. Pixel is currently not using the cpu cgroup for
background policy due to b/208895940.
Bug: 265852986
Test: atest libcutils_test:libcutils_test.SchedPolicy#set_sched_policy -- --abi arm64-v8a
Change-Id: Ia77ace7513c48b1a14290c6ecc0222b46d6bf927
Signed-off-by: Edward Liaw <edliaw@google.com>
Resolves a pair of TODO's, and makes a pair of error return
code paths not return null function pointers.
Note that:
system/netd/client/NetdClient.cpp
implements this as:
int checkSocket(int socketFd) {
if (socketFd < 0) {
return -EBADF;
}
int family;
socklen_t familyLen = sizeof(family);
if (getsockopt(socketFd, SOL_SOCKET, SO_DOMAIN, &family, &familyLen) == -1) {
return -errno;
}
if (!FwmarkClient::shouldSetFwmark(family)) {
return -EAFNOSUPPORT;
}
return 0;
}
$define CHECK_SOCKET_IS_MARKABLE(sock) \
do { \
int err = checkSocket(sock); \
if (err) return err; \
} while (false)
extern "C" int tagSocket(int socketFd, uint32_t tag, uid_t uid) {
CHECK_SOCKET_IS_MARKABLE(socketFd);
FwmarkCommand command = {FwmarkCommand::TAG_SOCKET, 0, uid, tag};
return FwmarkClient().send(&command, socketFd, nullptr);
}
extern "C" int untagSocket(int socketFd) {
CHECK_SOCKET_IS_MARKABLE(socketFd);
FwmarkCommand command = {FwmarkCommand::UNTAG_SOCKET, 0, 0, 0};
return FwmarkClient().send(&command, socketFd, nullptr);
}
which means it *already* verifies that the passed in sockfd
is >= 0 and a socket via getsockopt(SOL_SOCKET, SO_DOMAIN),
as such the 'fcntl(sockfd, F_GETFD)' check is spurious.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I91ef68be5b0cc6b1972d514c13a76eaf834a3d5d
