This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
'sockets_test.cpp' also runs as part of libcutils_test and
libcutils_static_test, so it is redundant to have it be a separate
target.
Test: libcutils_test
Test: libcutils_static_test
Bug: 317884162
Change-Id: Ib2c2f74feb79d1436ca67ae9aca18d3eb7acf5a0
Add a new AID for Virtual Machines so we can grant
capabilities such as CAP_SYS_NICE.
Bug: 322197421
Test: Build and boots, and verified capabilities
Change-Id: Ie893ba8ed6956a554bccfbd00e4e6fe9212ea77d
Signed-off-by: David Dai <davidai@google.com>
This doesn't help the person who wants CAP_BPF, but we can fix that
better by adding it to our stale glibc (and our future switch to musl
will mean we'll never have similar problems again).
I think this just dates from when we still supported building the OS on
darwin, but those days are long gone, and I think this hack can be put
to rest now...
Test: treehugger
Change-Id: I3c2e56c68a5b00c1ad0aed422c6ce60886063f50
Current libcutils checks if memfd is supported with vendor VNDK version,
but this is no longer valid if VNDK is deprecated. As we can assume that
any vendor using this code is supported as long as it is treblelized,
simplify logic to check if memfd is valid to vendor only with
'ro.treble.enabled' property.
Bug: 290159430
Test: Cuttlefish with VNDK deprecated worked without error from
libcutils
Change-Id: I351f0798da99cb4827bc3e424b63a2eaee5c7461
This code is only used in init and vold, so I suspect all the
conditional compilation could be moved into the .bp file instead, but
I'm just trying to clean up duplication today...
Test: treehugger
Change-Id: I97013f5de41e109a0cc377400c396145aed569db
Need to seal the buffer size in align with ashmem if set to PROT_READ
only to prevent untrusted remote process to shrink the buffer size and
crash it.
Bug: 294609150
Test: build
Ignore-AOSP-First: Security
Change-Id: I9288cf30b41e84ad8d3247c204e20482912bff69
Enable ABI dump for libcutils, so ABI can be stabilized from any update
after official release.
Bug: 254141417
Test: abidiff intermediates found from libcutils.vendor build
Change-Id: Ic27c82b908b7836c7bc538a24202ed8adba4d048
The 32-bit variant of libjsoncpp is not always installed
on 64-bit devices, so it must always be statically included.
We should probably collapse libcutils_test with
libcutils_test_static in the future.
Bug: 285357054
Test: libcutils_test
Change-Id: Ic84901ce5af766338b2cab07c3cf10841ba9a150
Upload files to /data/local/tests/unrestricted instead to improve data
collection in the event of a crash.
Bug: 284307085
Bug: 258819618
Bug: 199904562
Test: atest KernelLibcutilsTest
Change-Id: Iff816fd3276b24507c60eddc1bcd3f2c2184c27d
Signed-off-by: Edward Liaw <edliaw@google.com>
