Bug: 80422611
Test: m -j succeeded and permissions of files under /product/bin are set
correctly
Change-Id: I83377d809c47c92da6b226d2853ea6a7462fb127
Merged-In: I83377d809c47c92da6b226d2853ea6a7462fb127
(cherry picked from commit 25195daaca)
This commit excludes `qtaguid.cpp` from the VNDK-SP variant of
`libcutils.so` because the interface of `libnetd_client.so` may vary
between AOSP releases.
Besides, these functions don't work in vendor processes either because
VNDK-SP libraries are loaded in an isolated `vndk` linker namespace,
which cannot access `/system/lib[64]/libnetd_client.so` directly. This
change makes it easier to spot the issue at build time and saves several
bytes.
Test: Build aosp_walleye-userdebug and
/system/lib[64]/vndk-sp-$VER/libctuils.so no longer exports qtaguid_*
functions.
Bug: 79329469
Change-Id: Idf6b60f6e58371ea320193641669d1e4412d62b8
Merged-In: Idf6b60f6e58371ea320193641669d1e4412d62b8
(cherry picked from commit 25b742c627)
Normally, the whole configfs is mounted on /config and /config will be
word readable:
sailfish:/ $ ls -ld /config/*
drwxrwx--- 258 system package_info 0 2018-05-08 16:08 /config/sdcardfs
sailfish:/ $ ls -ld /config/
drwxr-xr-x 3 root root 0 1969-12-31 16:00 /config/
On ARC++, we only mount-bind config/sdcardfs, so it is important that
/config is set properly.
It is actually 0500, so system could not see /config/sdcardfs, even if
/config/sdcardfs is set properly:
Although root can, as system uid, we can not reach /config/sdcardfs:
:/ $ ls -ld /config
dr-x------ 3 root root 31 2018-05-02 21:56 /config
:/ $ ls -ld /config/sdcardfs
ls: /config/sdcardfs: Permission denied
With this change, system (and systemservice) is able to reach
/config/sdcardfs:
:/ $ ls -ld /config
dr-xr-xr-x 3 root root 31 2018-05-02 21:56 /config
:/ $ ls -ld /config/sdcardfs
drwxrwx--- 109 system package_info 0 2018-05-08 15:29 /config/sdcardfs
Bug: 63876697
Test: After change, package service is able to create the bindings in
/config/sdcardfs.
Change-Id: I7e9b99d7af2ad001fbb1b95bee35d494e861be78
Signed-off-by: Gwendal Grignou <gwendal@google.com>
Their capability bits are now specified in their associated init .rc
file, which is the proper place for this to be done.
A notice is added to guide developers away from using android_files to
give services Linux capabilities and to guide them away from adding
vendor/ entries.
Bug: 74554159
Test: BT, Wifi, Tethering work on walleye
Merged-In: I13c425d022b4f5c217587cdf601884ef44650ac7
Change-Id: I13c425d022b4f5c217587cdf601884ef44650ac7
(cherry picked from commit b5e5c56401)
This reverts commit 656b75c77c.
Capability bits are moving from fs_config.cpp to the associated init
scripts for daemons on /vendor.
Bug: 74554159
Test: wifi tethering works on walleye
So we can auto-generate tracing code for AIDL interfaces.
Bug: 74416314
Test: inspect atrace output
Change-Id: I91b14b3b16d8d7a29f531101b14ddf10dbc61a5a
This process is now spawned from the main app_process zygote, rather
than being its own binary launched by init.
Bug: 63749735
Test: m
Change-Id: I87e00197e1ce64d77b4c306fcd702c6ad778b236
Now all somewhat time-consuming methods of the VibratorService
are surrounded by traceBegin/traceEnd blocks.
The vibration itself is surrounded with asyncTrace block.
Test: Run "systrace vibrator" and see the time consumption report.
Bug: 73000045
Merged-In: I94172e379354ec3418321b8151e6182cec2e886c
Change-Id: I94172e379354ec3418321b8151e6182cec2e886c
Multiple LTP tests require a "daemon" or "bin" user. These user ids
have been defined since UNIX incept, and even up to the '80s remained
in many of the tools as hard coded values. Add these two ids with
a cautionary note.
Test: compile
Bug: 31152327
Bug: 31226046
Bug: 32385889
Change-Id: Ida2fb6d817b8ada0624870439fcf848667b31fb3
For processes that start very early, atrace initialization can cause
an selinux denial, so make sure it's possible to disable it and avoid
the call to open "trace_marker".
Bug: 63927601
Test: disable atrace early in vold, ensure that selinux denial is
avoided.
Change-Id: I2422e6d0db323bc13c6d6ed1896435151fca21f7
There may be evidence of ashmem_valid(fd) reporting that the file
descriptor is an ashmem node. Increase testing of ashmem_valid(fd),
reporting that the node _is_ ashmem, to inspire confidence in the
positive result. Scan all file descriptors in the system, and for
those that pass ashmem_valid, get a non-zero size reference back.
Some clang-format-isms applied.
Test: libcutils-test --gtest_filter=AshmemTest.*
Bug: 72021458
Change-Id: I77d746b57a89a6afa1b829dddfdc4dd319f6b684
This CL will enable reading /product/build.prop and add product paths
into ld.config.txt.in.
Bug: 64195575
Test: tested with 'PRODUCT_PRODUCT_PROPERTIES := ro.product.abc=abc' on
sailfish
Change-Id: Ie996def20e25dc1afe0c74af2096af844934b2dc
Filesystems allow the setting of the "resgid" parameter to designate
a GID that is allowed to use the "reserved" disk space (in addition
to UID 0). We'll be granting this GID to critical system processes,
so that the system is usable enough for the user to free up disk
space used by abusive apps.
Test: builds, boots
Bug: 62024591
Change-Id: I2d166f3b730f0a3e7279fb40f12db7413c1dadad
We should have done this from the beginning. Thanks to Windows, we're not
going to be able to switch libbase over to std::string_view any time soon.
Bug: N/A
Test: ran tests
Change-Id: Iff2f56986e39de53f3ac484415378af17dacf26b
AID_SHARED_GID is a GID shared by a specific app across all users on
the same device. Bring the UserHandle and multiuser.c implementations
into agreement, and copy/paste the unit tests that verify that both
behave identically.
This fixes a regression where multiuser_get_shared_gid() was applying
per-user isolation when it shouldn't have.
Test: adb shell /data/nativetest64/libcutils_test/libcutils_test64
Bug: 34151068, 64548938
Change-Id: I491dd79d23a214425a68865d1d0f8269916aad4c
Just the minimial changes to get this to actually build, because otherwise
we always bog down trying to rewrite everything (when the real answer
is usually "stop using libcutils, it's awful").
This doesn't move a handful of files: two are basically just BSD libc
source, a couple have outstanding code reviews, and one can be deleted
(but I'll do that in a separate change).
I'm also skipping the presubmit hooks because otherwise clang-format
wants to reformat everything. I'll follow up with that...
Bug: N/A
Test: builds
Change-Id: I06403f465b67c8e493bad466dd76b1151eed5993
In order to replace qtaguid module with new eBPF network monitoring
module. We firstly move the current qtaguid userspace implementation
into netd and hide the detail from other processes. The current API will
talk to netd fwmark client to pass down the qtaguid related request from
high level framework and netd will use the proper method to complete the
request.
Test: Current TrafficStats CTS tests should not fail.
Bug: 30950746
Change-Id: Ie90c28f3594ab2877746b2372a1b6944768bfb18
The qtaguid kernel module will be deprecated on devices running 4.9
kernel or above and we need to support both old and new module in
userspace. Netd is responsible for choosing which kernel module to use
and all the current qtaguid native implementation need to be hided
behind it. So the current qtaguid native API implementation will be
moved to a isolate library under system/core and only netd can access to
it. The libcutils qtaguid API will become a wrapper to send request to
netd module. This modification will make sure the apps that currently
using this native API will not be broken.
Bug: 30950746
Test: All cts and vts test related should not fail.
Change-Id: I9de98a25ed5dc71bbf520ee0aadd16d59025699a
The parent change ran into an issue where enabling UBSan on an i686
build caused it to use __mulodi4.
https://github.com/android-ndk/ndk/issues/184 documents linking against
libclang_rt.builtins-i686.a, but that's not available from soong either.
Bug: 62378620
Bug: 29412086
Test: x86 builds work again
Change-Id: I730d59558aa4ed28f8a11b5393e037111e320f29
This change adds user namespace-awareness to uevent_kernel_* in
libcutils. Instead of assuming that root is always uid 0, it detects
whether the uid 0 is mapped in the current user namespace and returns
the appropriately mapped uid (or the kernel's "overflowuid" in case it
is not mapped).
In older kernels, or those where user namespaces are not enabled, this
still uses uid 0 for root.
Bug: 62378620
Test: bullhead networking still works
Test: Android in Chrome OS can now receive netlink-related messages
Change-Id: I7ea3454e8f38b9c70c65294d6b2a99e5a88f9d70
