It's no longer specific to make_ext4fs, will be used for mksquashfs as
well.
BUG: 27467028
Change-Id: I41b8c2b168ada45c8378dee522391edfb8f6b9a6
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
BUG: 28704419
- This is considered an Android Private function, not exported
for general use.
- goal is to retreive a file's content from a series of log
messages from pmsg, to be retrieved after a reboot for
transfer to a persistent location.
- files are presented in reverse sorted order, first based on
_any_ numerical content, then by alphanumeric order.
- Add a gTest for this function, relies on gTest for
liblog.__android_log_pmsg_file_write from prior to reboot.
Bug: 27176738
Change-Id: If37ef423009bd28b598b233af3bccef3429bdc22
- This is considered an Android Private function, not exported
for general use.
- goal is to record a file's content into a series of log
messages into pmsg, to be retrieved after a reboot for
transfer to a persistent location.
- filename reference is converted to a tag-unique
"<dirbase>:<filebase>".
- buffer and length representing the filename contents are
recorded, along with a sequence number placed into the nsec
time field to ANDROID_LOG_PMSG_FILE_MAX_SEQUENCE.
- Add a gTest for this function.
Bug: 27176738
Change-Id: If93df3ae8bfc1bb75516d4a1fd8dae0301af644b
This is intended to be used by user space daemons that are part of
access-controlled NVRAM HAL implementations for Brillo. Because there
might be sensitive data flowing through the daemon, we'd like to run
it as a separate user.
BUG: 27764637
Change-Id: If6ad7923af3c650963ee9e926f732001b6a8cb5d
Sometimes new users/groups get added in internal branches, and the list
gets out of sync. Add a comment to prompt developers to add users in
AOSP.
Bug: None
Change-Id: I5b2df391902b842f1af8a377c8eac4cdb36a0518
Brillo is converging on a set of mandatory system services to be
included in all Brillo builds. We'd like these services to run as
separate users just like other native Android/Brillo system services.
Add users for these services:
-Firewalld: Brillo has more granular firewall requirements (think e.g.
Brillo-powered router.) Firewalld exposes a (currently) D-Bus/
(soon to be) Binder API to broker access to IPTables rules.
-Trunksd: Some Brillo product configs will require TPMs. Trunksd
manages TPMs in Chrome OS and Brillo.
Bug: 27299198
Change-Id: Ibe3303acdd9398ea52da0a37dbef73e5c5a948f7
-metrics_collector and metricsd gather and upload device metrics.
-webservd is part of the Weave (Brillo remote setup and management) stack.
Bug: 26337609
Change-Id: Icf6ce75e64293adbe773f2ee65e80629f2eeb737
* Added new kernel GID named "wakelock" (AID_WAKELOCK = 3010)
* Changed the group access for /sys/power/wake_lock and
/sys/power/wake_unlock from "system" to "wakelock"
* Added "wakelock" to the list of groups for the healthd process/service
Bug: 25864142
Change-Id: Ieabee9964cccec3107971a361a43aa9805164aa9
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Brillo will need to run new native system services, so reserve
a reasonable UID range to accomodate them. Having 1000 UIDs will
allow us to sub-partition this range if needed.
The range can be used by any OEM, not just Brillo, so name it
accordingly.
Bug: 22555869
Change-Id: I752428ee5025bf064a35ecbe6da50c041d87b724
Using a getenv('OUT') in such a deep down function is a wrong design
choice. Replacing with explicit parameter that may be NULL in case
device specific files can be accessed from /.
Since TARGET_COPY_OUT_SYSTEM may be defined to something different than
system we also ensure that we use a path relative to TARGET_OUT to
compute path to fs_config_* files.
Bug: 21989305
Bug: 22048934
Change-Id: Id91bc183b29beac7379d1117ad83bd3346e6897b
Signed-off-by: Thierry Strudel <tstrudel@google.com>
C (but not C++) has a concept of a flexible array member, which
is documented at https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html .
Using a flexible array member indicates that the structure is
really a header for a variable length object.
In logd's case, the variable length structure android_event_string_t
was embedded within another structure called
android_log_event_string_t. This makes gcc's __builtin_object_size()
function really confused. When compiling with C++,
__builtin_object_size(android_log_event_string_t.payload.data, 1)
would return 0, whereas if you compiled the code with C, the same
call would (properly) return -1.
Code which does automatic bounds checking, such as the proposed
patch at https://android-review.googlesource.com/145411 , will
cause problems for logd if this syntax is used.
Don't try to embed a variable length structure within another
structure. This doesn't appear to be valid C nor C++, and
while it's worked, it seems problematic.
Instead, inline the structure so it's one big happy structure.
Change-Id: I8ac02b7142a4f6560f5f80df2effcf720f9896fc
(Cherry picked from commit 83e6f2606b)
Resolved conflict in include/private/android_filesystem_config.h, content
already in libcutils/fs_config.c.
Change-Id: I817707721786e9b920fef14ebe836fdcd65a8606
pixelflinger should not be used for new projects and should be moved out
of system/core at some point. As the first step, move all its headers
under system/core/libpixelflinger/include and update its Android.mk
files so they're not referring to the absolute system/core path anymore.
Change-Id: Idead273ab2c0450409d770f5402c4dba916192a9
Signed-off-by: Greg Hackmann <ghackmann@google.com>
pixelflinger should not be used for new projects and should be moved out
of system/core at some point. As the first step, move all its headers
under system/core/libpixelflinger/include and update its Android.mk
files so they're not referring to the absolute system/core path anymore.
Change-Id: I7acc3ef5b2e21d8ba6fe939ea8d3ec4c41959591
Signed-off-by: Greg Hackmann <ghackmann@google.com>
- create a structure to depict the private header
expected at logd end of socket.
- utilize this new structure instead of unscalable
byte stream technique used to unpack in logd.
Change-Id: I2d0e5c3531c279f2dc1fbd74807210ff8d804de0
