Split healthd section from init.rc into its own. This allows
healthd.rc to be excluded from the build when healthd is excluded.
Test: builds
Test: exclude healthd from build, healthd.rc is not installed
Bug: 77541952
Change-Id: I1c055f14c5862631f359fd0029289da8f43af063
This change increases the default expiration length of an SA to 1h. The
IPsec API expects that SPIs are allocated indefinitely, but potential
for instability requires that these get cleaned up automatically. As
such, the duration was chosen as a sane, but long timeout value.
Bug: 72316671
Test: Added CTS tests to enforce this behavior
Merged-In: I47aef9cea4a09da253b2ec048a8797af5fa25529
Change-Id: I47aef9cea4a09da253b2ec048a8797af5fa25529
(cherry picked from commit 00308f8554)
This change adds some additional flags to the /config mount. This is to
reduce the number of mounts with unnecessary privileges.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {ExternalStorageHostTest,StorageHostTest}
Change-Id: If3409d917cdf76a67ebfb7c4035a3ae8fee6189f
This change adds some additional flags to /mnt. This is to reduce
the number of mounts with unnecessary flags.
Bug: 73255020
Test: aosp_sailfish still boots
Test: CtsAppSecurityHostTestCases {StorageHostTest,ExternalStorageHostTest}
Test: CtsOsTestCases StorageManagerTest
Test: find /mnt | egrep -v '^/mnt/runtime/(default|read|write)/emulated' | \
xargs ls -lZd # Shows no character devices or executable files
Change-Id: I54739133119d9626ebeb2ef9a1c127f7a90fa098
Since we only want to change the ro flag on / (and leave all other mount
flags alone), this can also be achieved by passing MS_REMOUNT|MS_BIND,
even if the mount is not a bind-mount.
This aims to make running Android within a user namespace easier, since
remounts without the MS_BIND flag are forbidden.
Bug: 73255020
Test: aosp_sailfish still boots
Test: rootfs on / type rootfs (rw,seclabel)
/dev/root on / type ext4 (ro,seclabel,relatime,data=ordered)
Change-Id: I2f89a8badfc467db47304c9355648e8fd8ad1272
This change adds some additional flags to some mounts. This is to reduce
the number of mounts with these flags.
Bug: 73255020
Test: aosp_sailfish still boots
Change-Id: I285e6d7b3dcc19f691a3d6780e7d3a3a5d7cb3de
shipping API version:
For devices shipped before Android P nothing changes, data
is stored under /data/system/users/<user-id>/fpdata/...
Devices shipped from now on will instead store
fingerprint data under /data/vendor_de/<user-id>/fpdata.
Support for /data/vendor_de and /data/vendor_ce has been added to vold.
Bug: 36997597
Change-Id: I83f87e88d1731e515b459a3d6d5bf3104afe6cfe
Test: manually
Traceur app is being split out of shell user. Previously it logged to
shell's bugreports directory. It no longer has access, so it needs a
new, user-friendly file location to store trace data.
Bug:68126425
Test: Traceur can write and shell can read from this directory
Change-Id: I9e344973fd43eb5699f7a848524e20b06458fb77
Mount the eBPF file system under /sys/fs/bpf to allow netd to pin and
retrieve persistent eBPF map object from the file system. It helps the
system to maintain a consistent eBPF data store when netd crashed and
restart. Mount the cgroupv2 module and use the root folder of it to
monitor network statistics through eBPF program attached.
Test: eBPF map object show up under /sys/fs/bpf after netd start.
Bug: 30950746
Change-Id: Ie475112116603798fe75a75c5a84f4bbe5b942ec
Setting up infanstructure for vendor tombstone in dir:
/data/vendor/tombstones
Wifi specific dumps will go into:
/data/vendor/tombstones/wifi
Bug: 70170285
Test: compile, run on device.
Change-Id: Ie16dd8236d9b5df19adb9818b4c62ce01e0d0b10
We already have /etc and /sbin. As the Android world moves towards / being
on the system partition, the circumstances under which a /bin symlink
won't work are reduced. This should already be usable most of the time.
Bug: http://b/63142920
Test: `adb shell /bin/date`
Change-Id: I81c2209ae808ced186d05fbe1d5417ce8dd93ea7
These are directories used by the system so they should be created by
the system.
Test: treehugger
Change-Id: I2a721ef7871c8842fa912497f5ec6988fcec9e58
because it serves health 2.0 HAL. This forces it to restart when
hwservicemanager dies.
Bug: 69069765
Test: kill hwservicemanager, lshal shows backup instance
Change-Id: Ib51caa0e718031a0f8797d8af4c2459b4958a62e
Partners require to access update_engine's logs on the file system with
non-root permission.
Bug: 65568605
Test: directory created with the correct permission on boot
Change-Id: I1c1fb4acb8b0f2e7352ffa9e7d05a864940b5986
Bug: 67678999
Test: Run serial console on Hikey
Change-Id: Ia5fa9c2af4771508d96545f6a8814a81d5ccee3c
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
We've seen crashes due to processes exceeding the current soft limit
for open FDs of 1024, mainly due to increases in using FDs for shared
memory and gralloc memory objects.
There is not a compelling reason to keep this limit artificially low,
so we raise it to 32K. This matches my desktop linux limit, so it is
with precedent.
Bug: 64894637
Test: open 32K FDs in a process without failure then fail after 32K
Change-Id: Ibecfc486e9c61f273a432a108893137d2d13a530
Make /proc/net/fib_trie only readable to root.
Bug: 31269937
Test: Device boots, file has appropriate permissions.
Change-Id: I0d01ce5c043d576344a6732b0b9ff93d62fcaa34
