ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
80140 commits 1 branch 0 tags 217 MiB
Commit graph

80140 commits

This branch
This branch
All branches
Author SHA1 Message Date
David Drysdale
d7fb5e8d16 Merge "Allow selection of Trusty KeyMint HAL implementation" am: bf6ac3534e 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2328294

Change-Id: Ie2456dbe49290ce4b32baa6b9100adb4a7747775
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-05 07:02:56 +00:00
David Drysdale
bf6ac3534e Merge "Allow selection of Trusty KeyMint HAL implementation" 2023-01-05 06:23:29 +00:00
Florian Mayer
bafed8b81d Merge "static_assert to catch struct mismatches earlier" am: c3a7e4862c 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2366630

Change-Id: I0866af35ccfcba1f0662614b0eda22ddfeb02cfe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-05 00:23:10 +00:00
Florian Mayer
c3a7e4862c Merge "static_assert to catch struct mismatches earlier" 2023-01-04 23:46:59 +00:00
Chih-hung Hsieh
3978b344da Merge "Disable clang-tidy on crash test." am: f5d9cc6bb2 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2374694

Change-Id: Ifcc1d317c618dd04e282df9d595e7547edaee621
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-04 03:56:49 +00:00
Chih-hung Hsieh
f5d9cc6bb2 Merge "Disable clang-tidy on crash test." 2023-01-04 03:30:25 +00:00
Chih-Hung Hsieh
7e575a07be Disable clang-tidy on crash test. 
Bug: 263274255
Test: presubmit; make tidy-system-core-debuggerd_subset
Change-Id: I2eb5dcb87894b3282ff19e006f6a0209c9153519
 2023-01-03 15:58:29 -08:00
Maciej Żenczykowski
d3ff1ab4bc Merge "qtaguid.h - remove qtaguid_setPacifier declaration" am: e28f0ecebc 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2362423

Change-Id: If33872bceec6fe750da2f0f5d611240e116227d3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-03 22:23:19 +00:00
Maciej Żenczykowski
e28f0ecebc Merge "qtaguid.h - remove qtaguid_setPacifier declaration" 2023-01-03 21:53:54 +00:00
Bart Van Assche
f4d365b3c7 Merge "Make an error message more informative" am: b333a400c9 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2370568

Change-Id: I3811d34b5d6c7c3d7a64cae3089201035c1eb938
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-01-01 16:50:36 +00:00
Bart Van Assche
b333a400c9 Merge "Make an error message more informative" 2023-01-01 16:16:41 +00:00
Bart Van Assche
f85317fb43 Make an error message more informative 
From
https://android-build.googleplex.com/builds/tests/view?testResultId=TR66328435937757440&invocationId=I00700010119503421:

system/core/init/init_test.cpp:219: Failure
Failed
Value of: service-&gt;Start()
  Actual: createProcessGroup(0, 15611) failed for service 'console'
  Expected: is ok

The above error message does not contain enough information to
root-cause the test failure. Hence this CL that makes an error message
more informative.

Bug: 262090304
Change-Id: I09929b2f2aabf1eec4d90ec93234a9e968888da4
Signed-off-by: Bart Van Assche <bvanassche@google.com>
 2022-12-31 23:41:29 +00:00
Vamsidhar reddy Gaddam
c4513372a3 Merge "Revert "host_init_verifier: add check for root services and linux capabilities"" am: 433dae11ce 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2371448

Change-Id: I9e6fc59a00603718b805fbd63cc36673c09ab033
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-28 16:57:48 +00:00
Vamsidhar reddy Gaddam
433dae11ce Merge "Revert "host_init_verifier: add check for root services and linux capabilities"" 2022-12-28 16:19:58 +00:00
Nikita Ioffe
24d1c238ce Revert "host_init_verifier: add check for root services and linux capabilities" 
This reverts commit f1e3bfff40.

Reason for revert: Breaks builds

Bug: 263874232
Change-Id: Iabe5cd01114bf4a3731ace4345da8009e6b86f74
 2022-12-28 16:18:20 +00:00
Nikita Ioffe
90fd2d35f7 Merge "host_init_verifier: add check for root services and linux capabilities" am: 9d984772b3 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2367734

Change-Id: If822dd90cda7c9d0f40c5cd4b5b7fcadbf16e7be
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-28 16:10:56 +00:00
Nikita Ioffe
9d984772b3 Merge "host_init_verifier: add check for root services and linux capabilities" 2022-12-28 15:38:51 +00:00
Inseob Kim
0d7762d31f Merge "Don't retry kill if cgroups isn't available" am: eb3912ea73 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2352942

Change-Id: I11198e6d710b5ad13b2fe40db30a0a5a879629a4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-27 02:22:22 +00:00
Inseob Kim
eb3912ea73 Merge "Don't retry kill if cgroups isn't available" 2022-12-27 01:48:37 +00:00
Bart Van Assche
ab4683b3d2 Merge "Updating Attributes on task_profiles.json" am: 91bc6d30dd 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2365175

Change-Id: I50537f68a02b3a1f3c90329f72a1340d4fb21b77
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-26 01:52:27 +00:00
Bart Van Assche
91bc6d30dd Merge "Updating Attributes on task_profiles.json" 2022-12-26 01:31:14 +00:00
Nikita Ioffe
f1e3bfff40 host_init_verifier: add check for root services and linux capabilities 
If a service that runs under root doesn't have the capabilities field in
it's definition, then it will inherit all the capabilities that init
has.

This change adds a linter to detect such services and ask developers to
explicitly specify capabilities that their service needs. If service
doesn't require any capabilities then empty capabilities fields should
be added in the service definition.

The actual access control list on what capabilities a process can use is
controlled by the SELinux, so inheriting all the init capabilities is
not a security issue here. However, asking services to explicitly
specify the capabilities they need is a good defense-in-depth mechanism.

So far this linter only checks the services on /system partition.

All currently offending services are added to the exempt list. I will
work on fixing some of them in the follow-up changes.

Bug: 249796710
Test: m dist
Change-Id: I2db06af165ae320a9c5086756067dceef20cd28d
 2022-12-22 22:08:49 +00:00
Zhi Dou
f82ea3b04c Merge "Replace "apex_inherit" min_sdk_version" am: 94cc82cfc8 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2365248

Change-Id: I9135782900929788b4e2d7f512f4ce3d81080166
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-22 15:41:13 +00:00
Zhi Dou
94cc82cfc8 Merge "Replace "apex_inherit" min_sdk_version" 2022-12-22 14:59:33 +00:00
Florian Mayer
ab644a0e6e static_assert to catch struct mismatches earlier 
Change-Id: Ia6294c6f8848d0d3d0d7d901e3b78ac3babdf7ac
 2022-12-21 17:39:54 -08:00
Carlos Galo
92153fb955 Updating Attributes on task_profiles.json 
Adjusting attributes that correspond to the `blkio`(v1)/`io`(v2) controller. The migration of the `blkio` v1 controller to v2 requires renaming it to `io`, therefore we want to update the `File` field to point to `blkio` file and `FileV2` to point to `io` file.

Test: Verified with cuttlefish that this works with the `io` controller migration by cherry-picking aosp/2218645
Bug: 263269364
Bug: 213617178
Change-Id: I0aacfc6d74e3eec61ebb2ce443b04c792392aa9e
 2022-12-22 00:53:00 +00:00
Chih-hung Hsieh
7321f63578 Merge "Fix uninitialized value warnings." am: dd75c27f26 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2365014

Change-Id: I05f4a10e16148c1d638f21afb5152964ddddccf0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 20:18:35 +00:00
Chih-hung Hsieh
dd75c27f26 Merge "Fix uninitialized value warnings." 2022-12-21 19:54:22 +00:00
David Brazdil
f9afcb64a7 Merge "Make /dev/{kvm,vhost-vsock} accessible to all UIDs" am: cc2e7c21a2 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2269826

Change-Id: I048314a075721f96004be11609dca9cdae23785a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-21 06:19:25 +00:00
David Brazdil
cc2e7c21a2 Merge "Make /dev/{kvm,vhost-vsock} accessible to all UIDs" 2022-12-21 05:51:54 +00:00
Chih-Hung Hsieh
0ebbc62c63 Fix uninitialized value warnings. 
* Also applied clang-format.

Bug: 263274255
Test: presubmit; make tidy-system-core_subset
Change-Id: I63149572b3e1af6ef33ce19c8d3f18b4f28a3eab
 2022-12-20 11:56:40 -08:00
Zhi Dou
ff9e640e43 Replace "apex_inherit" min_sdk_version 
Replace "apex_inherit" min_sdk_version to a conditional setting. If
environment veriable KEEP_APEX_INHERIT is set, using "apex_inherit" as
the min_sdk_version, otherwise set the number to "29". For more detail
please refer
https://docs.google.com/document/d/1R2vZw0cQa-haAMgFyQ682uSq9aGBNQrzMHKIsU17-XY/edit?usp=sharing&resourcekey=0-gUbs463r9LCKs7vdP_Xkmg

Test: build APEX uses this library, and presubmit
Bug: 254634795
Change-Id: If7acfce5fb2e1cb1cc7208a8c57b1e1cd1499c11
Merged-In: Ie6984128e6b84ba73de3f4c08eca5560657c5ca2
 2022-12-20 16:05:54 +00:00
David Brazdil
8faa47c3ec Make /dev/{kvm,vhost-vsock} accessible to all UIDs 
We will continue to restrict access to /dev/kvm and /dev/vhost-vsock with SELinux.

Bug: 245727626
Test: atest -p packages/modules/Virtualization:avf-presubmit
Change-Id: Id4f3e19c18a51bc51e6363d6ffde31c1032cf967
 2022-12-20 08:20:26 +00:00
Jiyong Park
63b4c4d4b6 Merge "Skip StartConsole test on user builds." am: 3e951a7758 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2361146

Change-Id: Ic6e82a9ee6d23a69d58c521ec8ef1c4b964239a7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-20 07:39:04 +00:00
Jiyong Park
3e951a7758 Merge "Skip StartConsole test on user builds." 2022-12-20 07:08:23 +00:00
Jiyong Park
5b7a51a59a Skip StartConsole test on user builds. 
It runs a service with root privilege which can't be done on user
builds. Until the issue is resolved, skip the test on user builds.

Bug: 262090304
Test: N/A
Change-Id: I690ffbd7fdaef688a0c862e0c653e9b21e281ece
 2022-12-20 10:46:31 +09:00
Maciej Żenczykowski
65d416a18f qtaguid.h - remove qtaguid_setPacifier declaration 
There does not appear to be *any* implementation...

Additionally in a non-qtaguid eBPF world, this API simply appears meaningless...

cs/p:aosp-master qtaguid_setPacifier -file:system/core/libcutils/include.*/cutils/qtaguid[.]h$

finds nothing, except for:
  test/vts/specification/lib/ndk/bionic/1.0/libcutilsV1.vts

  api: {
    name: "qtaguid_setPacifier"
    return_type: {
      type: TYPE_SCALAR
      scalar_type: "int32_t"
    }
    arg: {
      type: TYPE_SCALAR
      scalar_type: "int32_t"
    }
  }

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I0b7def936920d4dacf90d6bb0a8efb7b09811c6a
 2022-12-18 20:40:09 +00:00
Treehugger Robot
56dac45ee5 Merge "Run the console test with /dev/null" am: fd98382506 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2357424

Change-Id: I833e3ad9a053e7ffc70280e9b362f7982ebdd613
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-16 02:40:41 +00:00
Treehugger Robot
fd98382506 Merge "Run the console test with /dev/null" 2022-12-16 01:54:14 +00:00
Carlos Galo
9b2d8d218a Merge "Updating owners of libprocessgroup" am: ce318e8818 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2359681

Change-Id: I6fbf0bf501589471e20e58fb847abceefd135f70
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-16 00:41:42 +00:00
Carlos Galo
ce318e8818 Merge "Updating owners of libprocessgroup" 2022-12-16 00:02:01 +00:00
Treehugger Robot
6cf486cd75 Merge "Update docs around capabilities and root processes" am: 583b616ba8 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2356702

Change-Id: Ie18aeb7b4ae79adcebaa545bc2b796f07afcfdf6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 20:03:43 +00:00
David Anderson
7ca8e27031 Merge "Update vts_fs_test to reflect VSR." am: 1c34ae8864 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2357842

Change-Id: Icb0cf238b1b72f1b07a3369aa3de2ee9baf85526
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 20:02:43 +00:00
Treehugger Robot
583b616ba8 Merge "Update docs around capabilities and root processes" 2022-12-15 19:31:37 +00:00
David Anderson
1c34ae8864 Merge "Update vts_fs_test to reflect VSR." 2022-12-15 19:17:03 +00:00
Carlos Galo
8ceaf0c636 Updating owners of libprocessgroup 
Adding tjmercier@google.com and carlosgalo@google.com, and removing
ccross@google.com, in the OWNERS file. Adding buganizer component to
OWNERS.

Bug: 262738363
Test: N/A
Change-Id: I7f8cdc513232b46eb341f3c98f64dfb1d9bd9d7a
 2022-12-15 19:12:33 +00:00
David Anderson
1ab0351252 Merge "libdm: Add a helper function for creating placeholder devices." am: 3460b75289 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2357843

Change-Id: I99d9fa79092b0980136236aebc47b743bdf4675a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-12-15 18:08:05 +00:00
Nikita Ioffe
cc0e90a964 Update docs around capabilities and root processes 
Current documentation is misleading: if a service runs as root and
doesn't specify any capabilities, then it will start with all the
capabilities (note that whether it can use them is controlled by
selinux).

Test: n/a
Bug: 249796710
Change-Id: I0d6a884127c6a6c5b651c1222fcf48322065daae
 2022-12-15 18:04:21 +00:00
David Anderson
3460b75289 Merge "libdm: Add a helper function for creating placeholder devices." 2022-12-15 17:26:59 +00:00
Jiyong Park
ae412804ca Run the console test with /dev/null 
The availability of /dev/console varies across different devices and
even across different build variants (ex: userdebug/user). Instead of
relying on the device-specific condition, use the /dev/null as the
console device for the test.

Bug: 262090304
Test: atest CtsInitTestCases on raven-user
Change-Id: I3b12d66e94609328dfdd6f640d1adb88a773fa38
 2022-12-15 16:32:38 +09:00