GPS on yakju puts SCHED_RR threads in the fg and bg groups, and
is unhappy with 0.1% limits. Increase the limits to 10%.
Change-Id: I971c9b0a815890d41694b965fdd2b023937a4411
rt_runtime_us=0 can cause deadlocks if a SCHED_FIFO/SCHED_RR thread
is moved into the wrong cgroup.
Change-Id: I4633392fb529039dff6ba5d3a6b672e0de9fc2d9
DRM server process needs to be able to access movies on sdcard
to acquire rights.
related-to-bug: 6414503
Change-Id: If90404e32fd437b8fb7d5a6ec8dfb30a499ef733
Forward locked apps on internal storage will be stored in ASEC
containers using ext4. This way permissions can be preserved whether on
internal or external storage.
Change-Id: I942f8f0743c210330a11e2b1d0204df7a5ddb2ae
This change adds init.rc steps to allow kernel tracing to support inserting
messages from any userland process.
Change-Id: I01970728d7132a25408fed09a213a015ac05ccaf
This is part of the multi-project commit to move the filter-framework
from system/media/mca to frameworks/base/media/mca.
Note that the filter-framework will soon be replaced with a refactored
version currently under API review (also to go under frameworks/base).
This move is done now to unblock the PDK efforts.
Change-Id: I87d034a30bb4b98a85a028cb728e37fb97256039
Make the drm server run as UID=drm, GID=drm. This ensures that
any files created by the drmserver app do not have GID=system.
Bug: 5834297
Change-Id: I3409ad350e9cc82bb0982cdbe470ec1f10b1ca67
Android developers should never place files in /data/local/tmp.
Files or directories in /data/local/tmp can be minipulated by the
shell user.
Android developers should never create world-writable files
or directories. This is a common source of security vulnerabilities.
Change-Id: I6d2cd620ab49d8ca3f39282f7d2ed682a9ba91c3
The keystore service needs to access hardware crypto devices to
fulfill its function on devices with hardware crypto. This role
was assigned to the (now misnamed) drmrpc group.
Change-Id: Ia32f9e96b4372f0974984451680f9a0f6157aa01
CVE-2011-3918: Address denial of service attack against Android's
zygote process. This change enforces that only UID=system can
directly connect to zygote to spawn processes.
Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
This removes the hardcoding of the file import in init and instead
allows the init.rc file to fully control what is loaded.
Change-Id: I933e5bbab57f1e8705a370d660f92c6508da94d2
Signed-off-by: Dima Zavin <dima@android.com>
This removes the hardcoding of the file import in init and instead
allows the init.rc file to fully control what is loaded.
Change-Id: I933e5bbab57f1e8705a370d660f92c6508da94d2
Signed-off-by: Dima Zavin <dima@android.com>
Set dmesg_restrict to 1 to help limit inadvertent information leaks
from the kernel to non-privileged programs. Root and programs with
CAP_SYSLOG will continue to have access to dmesg output.
See "dmesg_restrict" in Documentation/sysctl/kernel.txt from the
Linux kernel source code.
Bug: 5585365
Change-Id: Iffcf060ea4bd446ab9acf62b8b61d315d4ec4633
Colin Cross