For now, remove linux/capability.h . We're haven't started using
capabilities yet, and this file doesn't exist on mac builds.
Change-Id: Id6ec7fdb408bcdfdd538dac65187194c8ee226ff
If a device has an ext4 partition that contains the radio
firmware, and that filesystem is not mounted in normal
operation, we need a flag to prevent mount_all from
mounting it, so the new flag recoveryonly was added.
Change-Id: I361800c494e751b04c4faf956870f15fd0d8fe20
* commit 'f6451116423c6195a464b69b6e07aa8ef743e6b1':
charger: Do not suspend when disconnecting from charger
charger: suspend enable in charger mode
libsuspend: compile as a static library
Allow userspace programs to create IPPROTO_ICMP sockets.
This socket type allows an unprivileged program to safely
send ICMP_ECHO messages and receive the corresponding
ICMP_ECHOREPLY messages, without relying on raw sockets or
setuid programs.
Please see http://lwn.net/Articles/443051/ for details.
In particular, this allows us to use a version of ping
which doesn't have any capabilities
(https://android-review.googlesource.com/52072).
In addition, this allows us to safely implement an IPv4 ICMP
based version of InetAddress.isReachable()
(https://code.google.com/p/android/issues/detail?id=20106)
Change-Id: I876718151efa8219c4f34f573e35e21256fe2316
Modify android_filesystem_config.h and add a capabilities
field. This field can be used to add filesystem capabilities
to a particular file.
Change-Id: If8953a322457ea7275aa6df75660b714e6dc678a
run-as: don't require CAP_DAC_OVERRIDE.
Prevent an adb spawned application from acquiring capabilities
other than
* CAP_NET_RAW
* CAP_SETUID
* CAP_SETGID
The only privileged programs accessible on user builds are
* /system/bin/ping
* /system/bin/run-as
and the capabilities above are sufficient to cover those
two programs.
If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.
Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a
bionic's __stack_chk_fail was preventing debuggerd from dumping
stacks, which was not helpful.
Bug: 2487269
Change-Id: Idba2a274037b960dfb2ac1c21686323268c4b372
The default is 1024 files, and in some testing, the limit has been
hit. This raises the limit to 8192. Going higher starts to cause
performance issues (I started to notice that around 16K open files
in my testing) as sdcard does linear searches. If a higher max
is needed, then the sdcard daemon will need some optimizations.
Bug: 7442187
Change-Id: I7aba7f4556ed70651f36244294a6756f3d6b8963
This reverts commit 87980b5c9f
Getting more reports of app crashes (e.g. 7990090), so given timeline for MR2, want to revert.
Change-Id: Ic2d101d2d1156b3864d5c9b88aa8c94cd5aa345f
When passing a NULL status to android_fork_execvp the return
status will now be the return value of the child if it exited
properly, otherwise a non-0 value will be returned.
Change-Id: I13309c61b37b6b3f9d5507f7d6484e7b6baaf8d0
