Need to seal the buffer size in align with ashmem if set to PROT_READ
only to prevent untrusted remote process to shrink the buffer size and
crash it.
Bug: 294609150
Test: build
Ignore-AOSP-First: Security
Change-Id: I9288cf30b41e84ad8d3247c204e20482912bff69
Merged-In: I9288cf30b41e84ad8d3247c204e20482912bff69
(cherry picked from commit f83c5c8fec)
The 32-bit variant of libjsoncpp is not always installed
on 64-bit devices, so it must always be statically included.
We should probably collapse libcutils_test with
libcutils_test_static in the future.
Bug: 285357054
Test: libcutils_test
Merged-In: Ic84901ce5af766338b2cab07c3cf10841ba9a150
Change-Id: Ic84901ce5af766338b2cab07c3cf10841ba9a150
where stuff is apparently under /system_ext/apex/...
instead of /system/apex/...
Bug: 277646103
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I947e44af334628d82ca633546f3328319c2bac60
This is a follow-on CL for aosp/2528043
/system/apex/com.android.tethering.inprocess/bin/for-system/clatd
is bind mounted as /apex/com.android.tethering/bin/for-system/clatd
when using inprocess tethering.
Bug: 273821347
Test: `ls -l /apex/com.android.tethering/bin/for-system/clatd` on bertha
Test: Also see aosp/2528043 for how it is tested
Change-Id: Ia20165663e4ff6d9266fe601d25395816792a3f7
get_sched_policy uses the cpuset policy as fallback if the cpu cgroup
is not recognized. Pixel is currently not using the cpu cgroup for
background policy due to b/208895940.
Bug: 265852986
Test: atest libcutils_test:libcutils_test.SchedPolicy#set_sched_policy -- --abi arm64-v8a
Change-Id: Ia77ace7513c48b1a14290c6ecc0222b46d6bf927
Signed-off-by: Edward Liaw <edliaw@google.com>
Resolves a pair of TODO's, and makes a pair of error return
code paths not return null function pointers.
Note that:
system/netd/client/NetdClient.cpp
implements this as:
int checkSocket(int socketFd) {
if (socketFd < 0) {
return -EBADF;
}
int family;
socklen_t familyLen = sizeof(family);
if (getsockopt(socketFd, SOL_SOCKET, SO_DOMAIN, &family, &familyLen) == -1) {
return -errno;
}
if (!FwmarkClient::shouldSetFwmark(family)) {
return -EAFNOSUPPORT;
}
return 0;
}
$define CHECK_SOCKET_IS_MARKABLE(sock) \
do { \
int err = checkSocket(sock); \
if (err) return err; \
} while (false)
extern "C" int tagSocket(int socketFd, uint32_t tag, uid_t uid) {
CHECK_SOCKET_IS_MARKABLE(socketFd);
FwmarkCommand command = {FwmarkCommand::TAG_SOCKET, 0, uid, tag};
return FwmarkClient().send(&command, socketFd, nullptr);
}
extern "C" int untagSocket(int socketFd) {
CHECK_SOCKET_IS_MARKABLE(socketFd);
FwmarkCommand command = {FwmarkCommand::UNTAG_SOCKET, 0, 0, 0};
return FwmarkClient().send(&command, socketFd, nullptr);
}
which means it *already* verifies that the passed in sockfd
is >= 0 and a socket via getsockopt(SOL_SOCKET, SO_DOMAIN),
as such the 'fcntl(sockfd, F_GETFD)' check is spurious.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I91ef68be5b0cc6b1972d514c13a76eaf834a3d5d
Signed-off-by: Liu Cunyuan <liucunyuan.lcy@linux.alibaba.com>
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Change-Id: I3dbe6b6d79c2655ab76f48e48fd22ab72d761dfd
Also adjust permissions on /dev/hw_random to allow prng_seeder group
read access.
Manual testing protocol:
* Verify prng_seeder daemon is running and has the
correct label and uid/gid.
* Verify prng_seeder socket present and has correct
label and permissions
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
(e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance
Bug: 243933553
Test: Manual - see above
Change-Id: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
Introduces new APIs which can be used to simplify application of fdsan
to native_handle_t usage, and applies fdsan protection to
native_handle_clone() by default.
Bug: 244214188
Test: validated alongside sensor service change to use the new APIs
Change-Id: I3be16a09c336bcbe880bdb542d5da2969c2c34d3
It's useful to have a group that shares a numeric id with Linux and
macOS. "root" doesn't count because group 0 is actually called "wheel"
on the BSDs, and macOS has "daemon" and "kmem" as its groups 1 and 2.
This lets us have toybox tar tests that have the same results on all
supported OSes without special handling.
Test: treehugger
Change-Id: I4704d6f9ada84f3065831a099b34d1c20c4c6b03
A suppplementary group to mark which app can write to the security log
buffer. Granted via android.permission.WRITE_SECURITY_LOG and checked by
logd.
Bug: 232283779
Test: manual
Change-Id: I3ad66031ab1c9eef26db0f3e8968659dfa2855cb
(cherry picked from commit 7e14d138ae)
Merged-In: I3ad66031ab1c9eef26db0f3e8968659dfa2855cb
A suppplementary group to mark which app can write to the security log
buffer. Granted via android.permission.WRITE_SECURITY_LOG and checked by
logd.
Bug: 232283779
Test: manual
Change-Id: I3ad66031ab1c9eef26db0f3e8968659dfa2855cb
Method is needed for further use in statsd mapping process.
Bug: 217695033
Test: atest installd_service_test
Change-Id: I508a58da5f8d2e32264002db515425134d18aece
Ignore-AOSP-First: code is not in AOSP yet
Bug: 220320098
Test: presubmit
Change-Id: I310feb08a903c2ee9cd544e3b9751c2e02ce5951
Merged-In: I310feb08a903c2ee9cd544e3b9751c2e02ce5951
(cherry picked from commit 6e124aac7c)
Every app will now have a corresponding supplemental process associated
with it. We need an utility method to map one to the other.
Implementation details: supplemental process uid will be between range
20k-30k. As such, it will be a 10k offset from app id. See ag/16621743.
Bug: 211763739
Test: atest installd_service_test
Ignore-AOSP-First: Feature is being developed in internal branch
Change-Id: I2b6d6b086985bcb24c837eaa95a937d429d6a583
Merged-In: I2b6d6b086985bcb24c837eaa95a937d429d6a583
(cherry picked from commit 1c7acfdb67)
This functionality is now handled in mainline and has been removed from
netd in Android T.
Test: builds & boots
Change-Id: Ic435eee0d89bda30d733efbc655692c697bbe9e8
