When a new process is launched it ensures that all files under its uid/
and uid/pid hierarchy are accessible by the user/group of that process.
If the directory already exists that means the access permissions have
been already set before, therefore we do not need to reset them again.
This also avoids a race between two processes in the same uid with one
process being launched and walking the uid/ directory while the other
process is being killed and changing the content of that directory. In
such a race the process walking uid/ might find the uid/pid directory of
the process being killed but by the time it tries to set its permissions
the directory might be removed because the process got killed. The
change eliminates the possibility of this race.
Bug: 192421915
Bug: 192512069
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I182298c36f6b0b4580ab59e440bd3aea16f5fbfe
This change includes the code necessary to communicate to the
IRemotelyProvisionedComponent backend implementation running in Trusty.
It also makes the relevant changes to the manifest XML file to add the
IRemotelyProvisionedComponent HAL.
Ignore-AOSP-First: Will cherry-pick to AOSP
Bug: 192228022
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I32c30ce2dc44e95ff91574ce405f10e3b5dc9699
In some rare cases, race happens between 2 processes in the same uid.
1. Process A is dying
2. system_server calls RemoveProcessGroup() for A
3. Zygote forks Process B with the same uid of A
4. system_server calls MkdirAndChown(uid) for B
5. system_server calls MkdirAndChown(uid, pid) for B
As 2 & 4/5 belong to different threads, 2 might happens before or after
step 4/5, or even in the middle of 4/5. In such a case, 4 or 5 will
fail, leaving process B in wrong (Zygote) group.
The uid dir is only created when the corresponding apps have been
launched at least once. It's reasonable to assume one of them is going
to be launched again. Deleting and recreating the uid dir just slows
down applaunch.
Introducing a new lock in libprocessgroup can also solve the race issue.
But that will slow down the applaunch further.
Therefore, reusing the uid dir is an optimized way to solve the race.
Ignore-AOSP-First: Freezer is not a public feature yet
Bug: 192512069
Bug: 168907513
Test: Kill corresponding apps and check the uid cgroupfs dir
Change-Id: I2e91088f21f45e4eda6c709a4af65ace7e135801
The Trusty KeyMint HAL did not forward auth tokens and confirmation
tokens to the TA. This broke all per-op-bound key operations.
Ignore-AOSP-First: No mergepath from AOSP.
Test: CtsVerifier biometrics tests.
Bug: 192201272
Change-Id: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
This has kept adb_debug.prop from being installed.
Ignore-AOSP-First: fixes sc-release test breakage
Bug: 192432810
Test: build ramdisk-debug.img and see contents
Change-Id: I254579d2c6427213f40e9ae8e50d046e19390ba5
This test requires running test services, which causes test to crash
(and still incorrectly be reported as passing) when running on
non-rooted device.
Ignore-AOSP-First: reboot_test is not in AOSP yet
Bug: 190958734
Test: atest CtsInitTestCases
Change-Id: I3c5c9917d0a787d66272ccf4aefc57e6573841bc
This reverts commit 0a799bdfd6.
Now that the kernel bootconfig feature has been to updated to handle
mixed subkeys and values, androidboot.hardware parameter is supported.
Test: build and boot Cuttlefish with "androidboot.hardware=cutf_vm"
Bug: 191502832
Merged-In: I0e436a27730d20689bc6974562c3e88d744385db
Change-Id: I0e436a27730d20689bc6974562c3e88d744385db
We never use CONFIG_RT_GROUP_SCHED in GKI kernel, but that could be set
on legacy devices. Remove system cgroup migration and also RT settings
as we should not have any task under those groups.
Bug: 191925901
Test: Build
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I492833975e28e9888e412711e80670ca0901010d
If for some reason the COW state is not fully synced to disk, but
dm-snapshot has flushed its pending merges, we do not want to delete
snapshots. Doing so could potentially leave blocks unmerged.
This situation is quite unexpected so we label it as a merge failure.
The device can recover by completely syncing the COW state, and then
rebooting, which will attempt to make forward progress on the merge.
Bug: 190582627
Test: vts_libsnapshot_test
full OTA on bramble
incremental OTA on bramble
Change-Id: Ib887f1d9e4397a712ed2f800cc1222cf9305a039
Merged-In: Ib887f1d9e4397a712ed2f800cc1222cf9305a039
Androidboot parameters have moved from /proc/cmdline to /proc/bootconfig
so we need to check both places in reboot_utils.
"ro.boot.*" properties can not be used because this is initialized
before the properties are set.
Test: boot Cuttlefish with init_fatal_panic and
init_fatal_reboot_target in bootconfig and in cmdline
Bug: 191494101
Merged-In: I6c230496ec1c3632470d20ff4a31f28db96ea71b
Change-Id: I6c230496ec1c3632470d20ff4a31f28db96ea71b
adb_debug.prop is migrated too. And ramdisk_available is added to all
dependencies.
Bug: 187196593
Test: boot
Change-Id: I59cd149e0021211b8fd59c44b93bbf18dc8637bf
Merged-In: I59cd149e0021211b8fd59c44b93bbf18dc8637bf
Due to aosp/1708274, ref data directory is now world accessible.
We need to fix ref data directory so that it does not leak app
visibility information.
Bug: 189787375
Test: AppDataIsolationTests
Merged-In: I716852478ce0734c7038934c88c36a567c06393f
Change-Id: I351fd9763c4bdb6d3c0c9a9047de9a4f9986bd03
This allows the relevant IPC code to be included in the provisioner tool
easily as it's shuffled over into a non-AOSP component due to
chip specific requirements in provisioning Device IDs.
Bug: 178796950
Test: Stuff builds
Change-Id: I57482e89035e8648544f87291ec14c6aece09bd0
In some platforms, setting a different cpuset (or remove it) and/or
uclamp setting is beneficial to both performance and power. Adding 2
separate profiles for vendor to override surfaceflinger scheduling
policies.
Bug: 170507315
Test: build and boot
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: Ib313fd67c6ccd701109c5683d8dbab9ecd1580d8
The code in the fallback path calls pthread_key_create when using the
normal thread cache. However, this code is executed out of the linker,
which means that the call doesn't see keys created by the libc version
of pthread_key_create. As of now, simply avoid using the thread cache
to avoid this problem.
Bug: 189803009
Test: debuggerd -b on a media process on a 32 bit Android Go device
Test: and observe no crash.
Test: debuggerd unit tests pass.
Change-Id: I9ca1a55e44d3bb69d49450826d7d64d7a64145c3
ART wants to optimize the time when the profile information
is saved for an app. To do so, it needs access to both, the current
profile, and the reference profile. This will allow ART to access
the ref profiles, which previously was not needed.
Test: m & flash
Bug: 185979271
Merged-In: Ie07bce81d2fba9c0b0ae4f322418e960c024e15d
Change-Id: Ie07bce81d2fba9c0b0ae4f322418e960c024e15d
(cherry picked from commit 11197dd8a8)
