Typical apps are restricted so they can only view shared storage
belonging to the user they're running as. However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.
Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps. Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.
Bug: 19995822
Change-Id: Id2fe846aefbf13fc050e9b00ddef120021e817f4
Prior to the documentation told users to pass 0 in as
the first argument to write messages, when they should
be outting in their local-id. It is now corrected.
Change-Id: Ia2c6c84f95383baa5ca471493a29a39e5173b604
Signed-off-by: Derrick Bonafilia <dbonafilia@google.com>
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.
Split property loaded into system and data, and load in right order.
Bug: 22233063
Change-Id: I8a6c40d44e17de386417a443c9dfc3b4e7fe59a5
When someone force-unmounts our target endpoint, gracefully handle by
terminating, instead of looping on the same errno forever.
Bug: 22197797
Change-Id: I7e71632f69d47152ea78a94431c23ae69aba9b93
It's easier for people to debug, and side-steps the problem that errno
values differ between architectures.
Bug: http://b/17458391
Change-Id: I1db9b2cbb653839d3936b91e37e5cff02671318a
Linking against both libziparchive-host and libz-host results in
libz loaded twice (because it is also linked statically in
libziparchive).
Change-Id: Ib34eef60200a702c2d7fbca3589b324992e78eab
since the struct is now used for other purposes. Also add some
comparator functions to the struct to simplify zip_archive.cc.
This is a follow-up CL for f1d3d3b247.
Bug: 21957428
Change-Id: I60d4171eeacc561d59226d946e9eb5f9c96d80cf
Now that we're treating storage as a runtime permission, we need to
grant read/write access without killing the app. This is really
tricky, since we had been using GIDs for access control, and they're
set in stone once Zygote drops privileges.
The only thing left that can change dynamically is the filesystem
itself, so let's do that. This means changing the FUSE daemon to
present itself as three different views:
/mnt/runtime_default/foo - view for apps with no access
/mnt/runtime_read/foo - view for apps with read access
/mnt/runtime_write/foo - view for apps with write access
There is still a single location for all the backing files, and
filesystem permissions are derived the same way for each view, but
the file modes are masked off differently for each mountpoint.
During Zygote fork, it wires up the appropriate storage access into
an isolated mount namespace based on the current app permissions. When
the app is granted permissions dynamically at runtime, the system
asks vold to jump into the existing mount namespace and bind mount
the newly granted access model into place.
Bug: 21858077
Change-Id: I5a016f0958a92fd390c02b5ae159f8008bd4f4b7
If a thread is created while the parent thread is "Background",
then the default timerslack value gets set to the current
timerslack value of the parent (40ms). The default value is
used when transitioning to "Foreground" -- so the effect is that
the timerslack value becomes 40ms regardless of foreground/background.
This does occur intermittently for systemui when creating its
render thread (pretty often on hammerhead and has been seen on
shamu). If this occurs, then some systemui animations like navbar
ripples can wait for up to 40ms to draw a frame when they intended
to wait 3ms -- jank.
This fix is to explicitly set the foreground timerslack to 50us.
A consequence of setting timerslack behind the process' back is
that any custom values for timerslack get lost whenever the thread
has transition between fg/bg.
See Bug: 19398120
Change-Id: Idc259717f62fa2255f8bafbbf88b68c0043f29cf
so that PackageManagerService can iterate over files with a
specific file extension like ".so".
(cherry picked from commit a4a80693d9)
Bug: 21957428
Change-Id: I36ba3c33a8b366a65f67cb6d156067c5caca1151
Adds the call to wakeup_callback when the write to the /sys/power/state
fails. This will help userspace account for the suspend aborts.
Bug: 17478088
Bug: 18179405
Change-Id: Icd1194cfbaf61044ca0b2fe63a10a4c52e1535bc
