Android init will refuse to read files that are world writable. Since
adb push makes files world writable by default, this means that adb
pushed rc files cannot be read by init. Fix it by adding an fs_config
entry for *.rc that sets their permissions to 644 root:root.
Bug: 343370899
Change-Id: If9c4dd4796caae6d177d9fdeef880949e5639648
These lines were originally added to avoid needing to manually chmod
+x files pushed to these directories on the device, but adb push now
automatically copies the x bit from the host for paths without an
fs_config, so they should no longer be necessary.
Bug: 341415989
Change-Id: I83007dfe05de7b86c26373460af1f199a6d21147
This enables fs_config for /data when pushing files as root. Also,
without this, adb push to /tmp fails as the shell user.
When pushing to a directory that does not have an explicit
fs_config, such as /data/local/tmp or /tmp, use the original
file mode. Because adb copies u permissions into g and o
(and in general because the umask on the host may have
made these files world writable), this requires adding more
fs_config entries to cover directories that may contain dex files
i.e. /{odm,product,system,system_ext,vendor}/{framework,app,priv-app}
to avoid hitting a SecurityException caused by writable dex files, e.g.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: FATAL EXCEPTION: main
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: Process: android.test.app.system_priv, PID: 4815
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: java.lang.SecurityException: Writable dex file '/system/priv-app/loadlibrarytest_system_priv_app/loadlibrarytest_system_priv_app.apk' is not allowed.
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFileNative(Native Method)
04-01 21:22:16.980 10110 4815 4815 E AndroidRuntime: at dalvik.system.DexFile.openDexFile(DexFile.java:406)
Bug: 171233429
Bug: 311263616
Change-Id: I18f70095c793d08a25ff59e1851f6dc7648ce4dc
As of VNDK deprecation, any libraries that defines vndk is no longer
valid anymore. This change removes all VNDK definition(s) from modules
which was VNDK. Any former VNDK-SP libraries will be marked as double-loadable,
so it can keep be able to be referenced by LLNDK libraries.
Bug: 328994089
Test: AOSP CF build succeeded
Change-Id: I1662f16e5e446bb28167b0bb278cd63997267d2a
'sockets_test.cpp' also runs as part of libcutils_test and
libcutils_static_test, so it is redundant to have it be a separate
target.
Test: libcutils_test
Test: libcutils_static_test
Bug: 317884162
Change-Id: Ib2c2f74feb79d1436ca67ae9aca18d3eb7acf5a0
Add a new AID for Virtual Machines so we can grant
capabilities such as CAP_SYS_NICE.
Bug: 322197421
Test: Build and boots, and verified capabilities
Change-Id: Ie893ba8ed6956a554bccfbd00e4e6fe9212ea77d
Signed-off-by: David Dai <davidai@google.com>
This doesn't help the person who wants CAP_BPF, but we can fix that
better by adding it to our stale glibc (and our future switch to musl
will mean we'll never have similar problems again).
I think this just dates from when we still supported building the OS on
darwin, but those days are long gone, and I think this hack can be put
to rest now...
Test: treehugger
Change-Id: I3c2e56c68a5b00c1ad0aed422c6ce60886063f50
Current libcutils checks if memfd is supported with vendor VNDK version,
but this is no longer valid if VNDK is deprecated. As we can assume that
any vendor using this code is supported as long as it is treblelized,
simplify logic to check if memfd is valid to vendor only with
'ro.treble.enabled' property.
Bug: 290159430
Test: Cuttlefish with VNDK deprecated worked without error from
libcutils
Change-Id: I351f0798da99cb4827bc3e424b63a2eaee5c7461
This code is only used in init and vold, so I suspect all the
conditional compilation could be moved into the .bp file instead, but
I'm just trying to clean up duplication today...
Test: treehugger
Change-Id: I97013f5de41e109a0cc377400c396145aed569db
Need to seal the buffer size in align with ashmem if set to PROT_READ
only to prevent untrusted remote process to shrink the buffer size and
crash it.
Bug: 294609150
Test: build
Ignore-AOSP-First: Security
Change-Id: I9288cf30b41e84ad8d3247c204e20482912bff69
