unique_fd's implicit conversion to int has led to tons of problems (see
all of the overloads for close, fdopen, fdopendir, etc.). Add a switch
that can turn it off, and reduce the ridiculous amount of work to fix up
callers by introducing a borrowed_fd type that can be constructed from
either int or unique_fd.
Test: treehugger
Change-Id: If77cf5cbcaddacdaec5919a15b3520fb68f51a62
In the future, property service may run in its own thread or process,
which means that PropertyChildReap() needs to be refactored to not run
as part of the init signal handler.
The new method spawns a new thread that handles the queue of paths
that require restorecon. It then communicates back to property service
via android::base::SetProperty(). Property service distinguishes the
thread from other callers of SetProperty() by checking the pid in the
credentials for the socket connection, thus avoiding dependencies on
the rest of init.
The new method also drops the genericness, since restorecon is the
only function that we should ever need to run asynchronously
Test: async restorecon works, including with queued requests
Change-Id: I2ca00459969e77b1820776dac23d0a0d974e330b
ion_4.12.h is ported from old Linux Kernel Driver.
According to the header comment, this is licensed under GPLv2.
This header is referred from ion.c.
To clarify license matter just in case, let's convert it using
update_all.py in bionic repository.
The original header is moved under original-kernel-headers/linux
directory.
Found this during FOSSID trial.
Test: build and boot
Change-Id: Iabd46f33968a0fbce14a501238730714c4f2cfc6
Signed-off-by: Yoshitaka Seto <yoshitaka.seto@sony.com>
If the matching string contains a [, \ or *, then it is also checked
with a regex match. Exact match is always tried firsts. If we do
not find an exact string match, switch to iterate through the entire
list for regex strings to find a match.
This allows us to scale with details without consuming a large
number of enums, permitting details that we do not necessarily want
resolution on to propagate to TRON. The hierarchical nature of the
boot reason <reason>,<subreason>,<detail>... can cause scenarios
where the <detail> does not matter to TRON, but does matter to
bugreport collection.
Add a bootstat --boot_reason_enum function to expose and test the
kBootReasonMap matchihg algorithm.
Add a kBootReasonMap test that exhaustively tests all built-in
entries, and an example of one regex entry. New regex entries added
to bootstat.cpp will need a series of exact match examples added into
filter_kBootReasonMap() function.
Test: boot_reason_test.sh kBootReasonMap (or all tests)
Bug: 116838876
Bug: 128929506
Change-Id: I3f7b5de22f99195b7ce99672a212174365960b3f
The first stage init skips mounting the mount points defined in
skip_mount.cfg, but these mount points still return from
ReadDefaultFstab(). The behavior causes some error logic which
try to access the partition which had been skipped.
After applying the patch. ReadDefaultFstab() will not contain the
skipped mount points.
Bug: 128961335
Test: `fastboot delete-logical-partition product_a`
Test: `fastboot flash system aosp_arm64-userdebug`
Test: `fastboot -w reboot` and boot to home screen
Change-Id: I3156260b5d37647dbecf98ca90601a089bea5c46
Though unlikely, it is possible for getpeercon() to fail. This change
adds code to handle this case gracefully.
Bug: 130209483
Test: boots, properties are set
Change-Id: I3b3fb76b2312a5cbc87c0da2a044be3ddf8aa400
Limit libprocessgroup VNDK API to the minimum set required for task
profiles usage. This API allows vendors to use cgroups without accessing
cgroup files directly, therefore allowing Android to change cgroup
arrangement details without breaking vendor code.
Bug: 131098932
Test: build and boot
Change-Id: I92463dfb44a108a133bafd2fe52237b6b1d50a69
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
The setup of SelinuxAuditCallback() was happening after property files
are loaded, and now that these property files can trigger audits, the
audit messages did not contain all of the correct information. This
change moves the setup of SelinuxAuditCallback() to immediately before
the property area is initialized, to ensure that this can not happen
again.
Bug: 130979265
Test: audits work early
Change-Id: I9eb43269317c74e041626ee7b2bb7fea49250e09
The debug ramdisk can only be used if the device is unlocked.
When it's used, init will load adb_debug.prop and the userdebug
sepolicy from the debug ramdisk, to allow adb root on a user build.
Bug: 126493225
Test: 'make' and checks the file is installed
Change-Id: Id6962414197fc8f47f7c07818e8fb16107dc17a3
This reverts commit bee9f5718b
"libprocessgroup: Disable file descriptor caching temporarily" and adds
option to use SetTaskProfiles and SetProcessProfiles without file caching.
This option is used from JNI to avoid access denials because cached files
are not whitelisted for JNI usage.
Bug: 123868658
Bug: 123043091
Test: boot using svelte target
Change-Id: I76b9d6af8a1dd4464cb3cf3e6dc327980efdf361
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
In previous implementation, userdebug sepoilcy and property files are
loaded from the system.img. This CL changes this to:
- first-stage init copies userdebug files from ramdisk to /debug_ramisk/*
- second-stage init loads files from /debug_ramdisk/*.
Note: same as before, the above can only be triggered, if the device
is UNLOCKED
With this, we don't have to put userdebug related files into the USER
system.img.
Bug: 126493225
Test: boot device with a ramdisk with /force_debuggable, checks related
files are loaded
Change-Id: I63f5f846e82ba78427062bf7615c26173878d8f3
unique_fd's implicit conversion to int allows the following code to
compile without error, leading to a double close:
std::function<void(unique_fd)> func = [](int x) { close(x); };
func(unique_fd(42));
Test: treehugger
Change-Id: I948ecda3a12738b3af6444fe2902d2f7b80e1b4c
right now vendor_init is forked before we set oom_adj for init which
leaves a chance vendor_init could be killed in heavy memory pressure.
this CL set the oom_adj before forking everything to ensure all native
have correct oom_adj settings.
Fixes: 130824864
Test: procrank -o
Change-Id: I8af129076c3efa29f7b781459449f8f2dc853c98
Modify the unwinder library to indicate that at least one of the stack
frames contains an elf file that is unreadable.
Modify debuggerd to display a note about the unreadable frame and a possible
way to fix it.
Bug: 129769339
Test: New unit tests pass.
Test: Ran an app that crashes and has an unreadable file and verified the
Test: message is displayed. Then setenforce 0 and verify the message is
Test: not displayed.
Change-Id: Ibc4fe1d117e9b5840290454e90914ddc698d3cc2
Remove an unimplemented function from the header and clean up some
slight syntax mistakes.
Test: build
Change-Id: Ia82c6aee24fa0889a7595aabc564bef970a0863b
