Commit Graph

14466 Commits

Author SHA1 Message Date
Yin-Chia Yeh 0fdee3938e Merge "graphics: update flexible YUV format gralloc requirement" into mnc-dev 2015-07-14 19:42:24 +00:00
Yin-Chia Yeh e49b696a35 graphics: update flexible YUV format gralloc requirement
Require gralloc accept flexible YUV when SW READ/WRITE usage is
set. Also decouple flexible YUV from camera usage flag.

Bug: 22379456
Change-Id: I5a82a8360b08036c31dc03cd639d449ba1e3ed01
2015-07-14 12:28:38 -07:00
Jim Miller 1ee9d9a8b3 Merge "Fingerprint: Add HAL close() code" into mnc-dev 2015-07-10 23:42:13 +00:00
Sasha Levitskiy dae483764f Fingerprint: Add HAL close() code
Bug 22248856
Bug 22374372

Change-Id: I06a59bc7050a227307c857fc7db0985b84fd293a
Signed-off-by: Sasha Levitskiy <sanek@google.com>
2015-07-10 16:26:32 -07:00
Thierry Strudel 8703bea180 Merge "fs_config: replace getenv('OUT') by new fs_config parameter" into mnc-dev 2015-07-10 18:28:03 +00:00
Andres Morales 787c3764d3 Merge "[gatekeeperd] fix use of uninitialized memory" into mnc-dev 2015-07-10 17:20:31 +00:00
Andres Morales 0b0435ea87 [gatekeeperd] fix file descriptor leak
Bug: 22403703
Change-Id: I65da3b3b3f85db035d79277344beb5460cb025f2
2015-07-10 09:47:09 -07:00
Thierry Strudel df33ffadd2 fs_config: replace getenv('OUT') by new fs_config parameter
Using a getenv('OUT') in such a deep down function is a wrong design
choice. Replacing with explicit parameter that may be NULL in case
device specific files can be accessed from /.
Since TARGET_COPY_OUT_SYSTEM may be defined to something different than
system we also ensure that we use a path relative to TARGET_OUT to
compute path to fs_config_* files.

Bug: 21989305
Bug: 22048934
Change-Id: Id91bc183b29beac7379d1117ad83bd3346e6897b
Signed-off-by: Thierry Strudel <tstrudel@google.com>
2015-07-09 21:47:07 -07:00
Andres Morales fef908e5a5 [gatekeeperd] fix use of uninitialized memory
Bug: 22319772
Change-Id: I3cb83389f11e54867aca132de48a3f6407b7eaf3
2015-07-08 20:33:36 +00:00
Sami Tolvanen eb528dd5a1 Merge "fs_mgr: Use ro.boot.veritymode" into mnc-dr-dev 2015-07-08 15:26:17 +00:00
Sami Tolvanen 3fd58ae7e5 fs_mgr: Use ro.boot.veritymode
If verity state is managed by bootloader, it will pass the verity
mode to the kernel in the androidboot.veritymode command line
parameter. Init copies the value to the ro.boot.veritymode property.

Check for ro.boot.veritymode in fs_mgr and use the value to set
dm-verity mode. If this property is not set, store verity state in
metadata as before, if a storage location is specified in fstab.

Bug: 21605676
Change-Id: Ife3c978c133248432c302583d3b70e179605fe42
(cherry picked from commit ac5c1224cf)
2015-07-08 07:54:24 +00:00
Paul Lawrence 8104616696 Merge "Revert "Change init sequence to support file level encryption"" into mnc-dev 2015-07-07 17:29:00 +00:00
Paul Lawrence 437bc5dcec Revert "Change init sequence to support file level encryption"
This reverts commit d815178b75.

Change-Id: I7e3f55d3092fcd04ea9f62f1971c9d42570f096c
2015-07-07 17:05:58 +00:00
Andres Morales 833f142d20 Merge "[init] start gatekeeperd after device decryption" into mnc-dev 2015-07-06 23:00:09 +00:00
Mark Salyzyn 6b6c1bd996 Gracefully handle ENODEV in sdcard daemon (part deux)
reorder to handle errno correctly and remove log stutter

Bug: 22197797
Bug: 22241640
Change-Id: I81e6b2ff15b6ea6e5e780bd3599bf1019ff36f26
2015-07-06 13:46:49 -07:00
Paul Lawrence a65e402b61 Merge "Change init sequence to support file level encryption" into mnc-dev 2015-07-06 19:33:30 +00:00
Andres Morales 4dd2982dd3 [init] start gatekeeperd after device decryption
gatekeeperd depends on having /data to determine whether
to call setup routines for qcom HALs.

Bug: 22298552
Change-Id: I6c552016dc863bbb04bd5a949a2317a720c8263f
2015-07-06 12:00:22 -07:00
Jeff Sharkey 25aabb9ede Permission to view shared storage for all users.
Typical apps are restricted so they can only view shared storage
belonging to the user they're running as.  However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.

Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps.  Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.

Bug: 19995822
Change-Id: Id2fe846aefbf13fc050e9b00ddef120021e817f4
2015-07-06 10:54:53 -07:00
Paul Lawrence d815178b75 Change init sequence to support file level encryption
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.

Split property loaded into system and data, and load in right order.

Bug: 22233063
Change-Id: I8a6c40d44e17de386417a443c9dfc3b4e7fe59a5
2015-07-06 07:52:06 -07:00
Sasha Levitskiy d5a84845e6 Merge "Fingerprintd: Add post_enroll() API." into mnc-dev 2015-06-30 23:52:46 +00:00
Jeff Sharkey 4a48581851 Gracefully handle ENODEV in sdcard daemon.
When someone force-unmounts our target endpoint, gracefully handle by
terminating, instead of looping on the same errno forever.

Bug: 22197797
Change-Id: I7e71632f69d47152ea78a94431c23ae69aba9b93
2015-06-30 16:02:52 -07:00
Todd Kjos 1fb6e24f19 Merge "Fix janky navbar ripples -- incorrect timerslack values" into mnc-dev 2015-06-29 22:29:54 +00:00
Adam Lesinski 1eb38187af Merge "Adds a parameter to the wakeup_callback to report sucessful wakeup or suspend aborts." into mnc-dev 2015-06-27 00:40:28 +00:00
Jeff Sharkey 169944afdf Remove unused methods to fix build.
Change-Id: I6e1f85a7cc3428d558460737da3b3193d035b73e
2015-06-26 09:43:52 -07:00
Jeff Sharkey f38f29c87d Let's reinvent storage, yet again!
Now that we're treating storage as a runtime permission, we need to
grant read/write access without killing the app.  This is really
tricky, since we had been using GIDs for access control, and they're
set in stone once Zygote drops privileges.

The only thing left that can change dynamically is the filesystem
itself, so let's do that.  This means changing the FUSE daemon to
present itself as three different views:

/mnt/runtime_default/foo - view for apps with no access
/mnt/runtime_read/foo - view for apps with read access
/mnt/runtime_write/foo - view for apps with write access

There is still a single location for all the backing files, and
filesystem permissions are derived the same way for each view, but
the file modes are masked off differently for each mountpoint.

During Zygote fork, it wires up the appropriate storage access into
an isolated mount namespace based on the current app permissions.  When
the app is granted permissions dynamically at runtime, the system
asks vold to jump into the existing mount namespace and bind mount
the newly granted access model into place.

Bug: 21858077
Change-Id: I5a016f0958a92fd390c02b5ae159f8008bd4f4b7
2015-06-25 22:27:04 -07:00
Sasha Levitskiy 7ded5799a9 Fingerprintd: Add post_enroll() API.
Change-Id: Ia50460c4fa7a5b9112f411970ab96af070863f6f
Signed-off-by: Sasha Levitskiy <sanek@google.com>
2015-06-25 15:59:55 -07:00
Todd Kjos 4cdce427f9 Fix janky navbar ripples -- incorrect timerslack values
If a thread is created while the parent thread is "Background",
then the default timerslack value gets set to the current
timerslack value of the parent (40ms). The default value is
used when transitioning to "Foreground" -- so the effect is that
the timerslack value becomes 40ms regardless of foreground/background.

This does occur intermittently for systemui when creating its
render thread (pretty often on hammerhead and has been seen on
shamu). If this occurs, then some systemui animations like navbar
ripples can wait for up to 40ms to draw a frame when they intended
to wait 3ms -- jank.

This fix is to explicitly set the foreground timerslack to 50us.

A consequence of setting timerslack behind the process' back is
that any custom values for timerslack get lost whenever the thread
has transition between fg/bg.

See Bug: 19398120

Change-Id: Idc259717f62fa2255f8bafbbf88b68c0043f29cf
2015-06-25 14:29:07 -07:00
Ruchi Kandoi d3027d85f3 Adds a parameter to the wakeup_callback to report sucessful wakeup or suspend aborts.
Adds the call to wakeup_callback when the write to the /sys/power/state
fails. This will help userspace account for the suspend aborts.

Bug: 17478088
Bug: 18179405
Change-Id: Icd1194cfbaf61044ca0b2fe63a10a4c52e1535bc
2015-06-25 13:15:22 -07:00
Andres Morales 9a53bb0f80 Merge "[gatekeeperd] fix issue with SW->HW upgrades" into mnc-dev 2015-06-25 15:43:02 +00:00
Mark Salyzyn e27ee08abb Merge "logd: serialize accesses to stats helpers" into mnc-dev 2015-06-25 15:35:45 +00:00
Mark Salyzyn 5803b79528 logd: serialize accesses to stats helpers
(cherry pick from commit ed777e9eec)

Quick low-risk to resolve possible hash table corruption.
Resolved an unlikely path memory leak.

ToDo: replace lock with nested lock so no lock
      helpers are required.

Bug: 22068332
Change-Id: I303ab06608502c7d61d42f111a9c43366f184d0c
2015-06-25 08:34:06 -07:00
Yusuke Sato 5c8f6f22c5 Merge "Add |optional_suffix| to StartIteration()" into mnc-dev 2015-06-25 15:22:10 +00:00
Andres Morales 7f6dcf6576 [gatekeeperd] fix issue with SW->HW upgrades
If the handle version is 0, there's no hardware_backed flag
meaning hardware backed handles will be attempted against
the soft impl. Ensure we don't try to read from hardware_backed
unless the version is > 0.

Bug: 21090356
Change-Id: I65f009c55538ea3c20eb486b580eb11ce93934fc
2015-06-24 18:40:24 -07:00
Dan Albert 262be42687 Merge "Add missing include. Clang build fix." into mnc-dev 2015-06-24 21:41:13 +00:00
Andres Morales 3c2086dabd [gatekeeperd] clear state and mark on cold boot
required to initialize state by certain HAL impls

Bug: 22011857
Change-Id: Ibb01a799da983e1a930aae946c331b23f571861d
2015-06-24 10:22:45 -07:00
Yusuke Sato a4a80693d9 Add |optional_suffix| to StartIteration()
so that PackageManagerService can iterate over files with a
specific file extension like ".so".

Bug: 21957428
Change-Id: I76ed9560d4d1e00d297a97d518ec357166be1981
2015-06-23 17:31:16 -07:00
Andres Morales b2856ddbd3 Merge "[gatekeeperd] invalidate stale password cache" into mnc-dev 2015-06-23 18:41:38 +00:00
Andres Morales 9ea9a06b06 [gatekeeperd] invalidate stale password cache
password may change offline, invalidate the cache if it is
stale

Bug: 22019187
Change-Id: I2aaae978c8bd4629a0f93df3778d8679ae9b53d5
2015-06-23 11:29:57 -07:00
Sasha Levitskiy fbf61b1f76 Merge "Fingerprint: Safeguard against empty paths." into mnc-dev 2015-06-23 00:20:42 +00:00
Pavlin Radoslavov 4caa9f39bb Merge "Fix the file permissions of /data/misc/bluedroid/bt_config.conf" into mnc-dev 2015-06-22 22:03:20 +00:00
Tim Murray 98c6de6926 Merge "Don't set cgroup policy when updating cpusets." into mnc-dev 2015-06-22 21:31:14 +00:00
Tim Murray 999102664c Don't set cgroup policy when updating cpusets.
bug 21782794

Change-Id: I3b2cf8ae4f3ed0c14f206584ae7fa2b1a1d11ad0
2015-06-22 14:00:56 -07:00
Sasha Levitskiy 99115b9148 Fingerprint: Safeguard against empty paths.
Bug 21930029

Change-Id: I116f4ec333d25406ba811fec7331cbf9ff1a4027
Signed-off-by: Sasha Levitskiy <sanek@google.com>
2015-06-22 13:16:51 -07:00
Andres Morales 835d96eae5 [gatekeeperd] handle upgrades from software version to HAL
Certain devices, like Shamu, are currently running an interim
software-only gatekeeper. When the HAL for those devices is merged,
we need to handle upgrading to the HAL smoothly.

Bug: 21090356
Change-Id: I5352bc547a43671a08249eae532e8b3ce6b90087
2015-06-22 13:12:41 -07:00
Andres Morales c7ab1e8177 [gatekeeperd] add fast path for SW password verification
Bug: 21445004
Change-Id: I5e36ddbefaf1fa8de8623858fd785ac8fb651a4f
2015-06-22 12:05:57 -07:00
Pavlin Radoslavov 8175bb2352 Fix the file permissions of /data/misc/bluedroid/bt_config.conf
Fix the file access permissions and group ownership of
"/data/misc/bluedroid/bt_config.conf" so the file can be reused when
switching users on the device.
For that purpose, we need to do the following:

1. Set the set-group-ID (bit 02000) flag for directory "/data/misc/bluedroid"
   so the files created in that directory will have group-id of
   "net_bt_stack" .

2. Change the file's permissions of file "/data/misc/bluedroid/bt_config.conf"
   to Read/Write by User and Group.

Bug: 21493919
Change-Id: Ie00ab4695198ef2aa299b484ef9d4f17bd41b98a
2015-06-22 10:19:30 -07:00
Elliott Hughes 1cddc2092f Ignore ro.adb.secure in user builds.
Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)

Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
(cherry picked from commit 5cba504215)
2015-06-19 13:26:02 -07:00
Mike Lockwood 6ee7ff4268 Merge "libusbhost: Fix problem reading USB string descriptors on some quirky devices" into mnc-dev 2015-06-18 22:24:42 +00:00
Mike Lockwood 0dd1aab7b5 libusbhost: Fix problem reading USB string descriptors on some quirky devices
Some devices fail to send USB string descriptors if you attempt to read more
than 255 bytes

Bug: 21871761
Change-Id: Id5b8865179f80523f0ad5b6028d49dd99db2b36b
2015-06-18 13:38:31 -07:00
Erik Kline 60adb5fac8 Merge "Qualify IPv6 link-local DNS servers with an interface name" into mnc-dev 2015-06-18 08:35:30 +00:00