Revert submission revert-1660531-max-boot-level-crypto-KFMCEDKSIV
Reason for revert: topic:vold-use-keystore2 has landed fixing the bug
Reverted changes:
Ibf63734a: Revert "Set earlyBootEnded before apex starts"
Id02f63a7: Revert "Expose AID_KEYSTORE"
Ibcedeff4: Revert "Cryptographic security for MAX_BOOT_LEVEL"
Restored changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Reverted-SHA1: a801eabe11
Original commit message:
Keystore uses this as the user ID for keys that it creates for its
own use.
Bug: 176450483
Test: atest com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles
Change-Id: I0e2baa8807281ec9e5cc0a9ff8daff191285a600
Revert "Cryptographic security for MAX_BOOT_LEVEL"
Revert submission 1660531-max-boot-level-crypto
Reason for revert: broken test com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles on aosp-master on aosp_cf_x86_64_phone-userdebug at 7261517
Reverted Changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Bug: 184635938
Change-Id: Id02f63a794544d650abb95c8e7f201eea03391eb
Test: forrest run for the broken test
Keystore uses this as the user ID for keys that it creates for its
own use.
Bug: 176450483
Test: keystore2_test
Change-Id: Ia698912917cd209eebcfc007a8badce7a39159d6
This reverts commit 66bfb9adac, and
instead includes a header that has a definition of TEMP_FAILURE_RETRY
for macOS.
Bug: http://b/181852591
Test: N/A
Change-Id: I63ccdcb58a2b2806217e3faedde9ba33936c8189
The Mac doesn't need fs_config (there's a `darwin: { enabled: false } }`
at the only caller), so stop trying to build it here rather than fix it
so it builds again.
Test: treehugger
Change-Id: I88d6b3a44b1ab823a419789d8545fcf10061079c
Glibc >=2.32 exposes a gettid() which clashes with libcutils
thread.h, so add a check to not expose it if building against
newer glibc (ChromiumOS will still use glibc 2.27 besides 2.32).
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1182060
Test: Builds without errors on both glibc 2.32 and 2.27.
Change-Id: Ib71fa1bc9fa185e3668002407dbed05a80c87740
We don't have any right now. Let's keep it that way.
Also remove a bunch of duplication/cruft in the build file.
Test: treehugger
Change-Id: I406985592c175f45660e87adb05231bce0804893
This function is no longer necessary, and uses a deprecated API
(mallopt(M_BIONIC_DISABLE_MEMORY_MITIGATIONS)). This function was
provided originally as part of libcutils because the original API was a
private android_mallopt.
The API is being reborn as a memory-init-specific mallopt. Given that
regular system components and apps will be able to call it directly,
it's not necessary to have a wrapper function in libcutils any more.
Bug: 135772972
Test: Build the device.
Change-Id: I4a3185b99702c8e445de6837b154c4a96c8295a1
C++ thread_local is less code to write, and performs better. All known
users have been moved over already.
Test: treehugger
Change-Id: Idaa2a58bf23342dae08dd6b9003d8f532839b351
vendor_available modules were available to product modules.
However, not all vendor_available modules are required to be
available to product modules. Some modules want to be available only
to product modules but not vendor modules.
To cover the requirement, we separate product_available from
vendor_available.
vendor_available will not provide product available module.
Rename libcutils/include_vndk to libcutils/include_outside_system as
it provides the headers to the modules outside the system partition
including /product.
Bug: 150902910
Test: build
Change-Id: I791b5a6a1dc99442065debfce6fa0f54a335fcea
libcutils' thread local stuff is almost unused already, so let's try
harder to prevent new users. (In parallel I'll try to actually move the
four existing users off it, so we can actually remove this.)
Test: treehugger
Change-Id: Ib5445a43cff1f161ce1c7a45959d5b126f6f6980
Now that tune2fs and resize2fs may be dynamic, add linker[64] to
first_stage_ramdisk/system/bin.
Test: boot and examine serial output, ensure tune2fs and resize2fs
can be executed.
Bug: 173425293
Change-Id: I35699b38ddf5004c04ec0adc1b0c54d5d9c92ae6
Convenience API to disable memory mitigations, where we can specify
logging and also have a single place to update once a related bug is
fixed.
Bug: 166675194
Test: use API to disable memory mitigations
Change-Id: I4a3529ea1911925c49e31cc3809c2743e401c196
Added missing partitions (/product and /vendor).
APEXes can be put in /system, /system_ext, /product, and /vendor.
Binaries within "flattened" apexes should be marked as executable.
Bug: 167383491
Bug: 169025459
Test: OVERRIDE_TARGET_FLATTEN_APEX=true m vendorimage with a vendor apex
simg2img $OUT/vendor.img vendor.img
debugfs -R 'ls -l /vendor/apex/com.android.foo/bin' vendor.img
=> check if binaries are executable
Change-Id: I67284166d70c98a2a184b47e7052ade8b9039df9
android_filesystem_config.h is found since system/core/include is on
the include path for all projects and contains a symlink to the real
android_filesystem_config.h. This is fragile and the below bug seeks
to remove this symlink and have users correctly depend on
libcutils_headers.
Bug: 165825252
Test: build
Change-Id: I1aad6a2e8fbe87635e97b0ac1be3414403353382
Currently it falls back to /sys/kernel/tracing if debugfs is not found.
/sys/kernel/tracing must be checked first since debugfs is not allowed
to be mounted in user builds starting with Android R launching devices.
Test: manual
Change-Id: I2fb5ec91bbf7d5304a1a6efcb06530969485e78f
Fix the memfd_create(2) path and add the missing unit test.
Bug: https://issuetracker.google.com/165667331
Test: treehugger
Change-Id: Ibb5c1d0f9d7caba1df04d1f03e82e55026d9f86a
Introduce a new systrace tag, TRACE_TAG_SYSPROP, for use with
system property.
Bug: 147275573
Test: build
Change-Id: I6f85f3f52f6580bab4ff43fc1dc0e87c689b054e
Merged-In: I6f85f3f52f6580bab4ff43fc1dc0e87c689b054e
(cherry picked from commit 573fc58bad)
This directory contains only the su binary which is executable only by
root and shell uids, so need not be accessible to other users.
Test: Device boots
Test: adb shell ls -ld /system/xbin
Change-Id: I4c9daab68b29832ef0ace2dec274687e4496da81
AudioHAL and SoundtriggerHAL is separeted HAL but running in thread with
same process id.
So, if both HAL try to open netlink socket using uevent_open_socket(),
secondly opening socket receives already-in-use error.
To prevent situation, set 0 to socket port id.
By the LINUX man page, "The kernel assigns the process ID to the first
netlink socket the process opens and assigns a unique nl_pid to every
netlink socket that the process subsequently creates."
Bug:163008274
Test: tested by opening netlink socket in AudioHAL and
SoundtriggerHAL both.
Signed-off-by: Gyeongtaek Lee <gt82.lee@samsung.com>
Change-Id: I5f9859e8dac749bf5d0998e825043c9988c202ba