The webview_zygote is a non-root zygote process that creates isolated_app
children for rendering web content. It needs:
- CAP_SETUID and CAP_SETGID to change the UID of the new child process.
- CAP_SETPCAP to clear the capability bounding set after forking.
Test: m
Test: angler boots
Bug: 21643067
Change-Id: I986fa04be54e812f5dd2afa14e5d2d3e474e2b10
Add netlink permissions for the new wifi HAL daemon name.
Bug: 31821133
Test: Compiled and ensured that the permission denials are no longer
present in logs.
Change-Id: If939df4760d9f7e85f0f134617d3a79030e09347
Point to log/log.h where necessary, define LOG_TAG where necessary.
Accept that private/android_logger.h is suitable replacement for
log/logger.h and android/log.h.
Correct liblog/README
Effectively a cleanup and controlled select revert of
'system/core: drop or replace log/logger.h' and
'system/core: Replace log/log.h with android/log.h'.
Test: compile
Bug: 30465923
Change-Id: Ic2ad157bad6f5efe2c6af293a73bb753300b17a2
* changes:
fs_mgr: use __android_log_is_debuggable()
adb: use __android_log_is_debuggable()
debuggerd: use __android_log_is_debuggable()
logd: use __android_log_is_debuggable()
libcutils: use __android_log_is_debuggable()
Test: manual - make sure it works in both IPv4/IPv6 env.
BUG: 31537253
Change-Id: Ica492bff34a8c0441516a213d0e8b78fcdfd3282
Signed-off-by: Tao Wu <lepton@google.com>
HIDL requires file descriptors to be wrapped in native_handle_t. We want
a low overhead way to do that when the number of file descriptors is known
at compile time. Instead of
// wrap an fd in native_handle_t
native_handle_t* fd_handle = native_handle_create(1, 0);
if (!fd_handle) {
// clean up and return error
}
fd_handle->data[0] = fd;
hidl_cb(..., fd_handle);
native_handle_delete(fd_handle);
this change adds native_handle_init to allow for
// wrap an fd in native_handle_t
NATIVE_HANDLE_DECLARE_STORAGE(fd_storage, 1, 0);
native_handle_t* fd_handle = native_handle_init(fd_storage, 1, 0);
fd_handle->data[0] = fd;
hidl_cb(..., fd_handle);
Test: make libcutils
Bug: 32021609
Change-Id: If1fd07482243d37492fdea57c602a1b13c8953cc
Should use android/log.h instead of log/log.h as a good example
to all others. Adjust header order to comply with Android Coding
standards.
Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I33a8fb4e754d2dc4754d335660c450e0a67190fc
Replace references to cutils/log.h and log/log.h with android/log.h.
Point cutils/log.h to android/log.h. Adjust header order to comply
with Android Coding standards.
Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I4b00c0dff3a0a50cbb54301fdc5a6c29c21dab65
libhwbinder's Parcel::readNativeHandleNoDup returns a temporary
native_handle_t. We want a way to save the temporary handle for later
use.
Change-Id: I16f32043aa8b7d2c0aa57d67551500259b411410
android_get_control_socket has a warning from the implicit cast from
long to int. The warning was being hidden because cutils/sockets.h was
included with -isystem. Move android_get_control_socket to sockets.cpp,
since we don't want header only dependencies anyways, and fix the
warning with a range check and a static_cast.
Bug: 31492149
Test: m -j <module that uses sockets.h and -Wall>
Change-Id: I1f394ab26d4ec8a7dd0e7907c10416d7f8647624
Now it always connects to multiple address of same host and just
return one socket while other sockets get leaked.
Also, it cause trouble on machine with dual stack.
adb connect localhost:* just connect to IPv4 and IPv6 at same time
and finally it doesn't work since emulator can only handle one adb
connection.
To test this, start an emulator with non-standar port and killall adb
daemon on linux work station and then do following test.
Test: adb connect localhost:12345;lsof -n -p `pgrep adb`
Change-Id: I1e0f6824efc1db8e179377de068e3b5535aff3f7
system/core/include is included in the global include path using
-isystem, which hides all warnings. cutils/trace.h has an ignored
return value warning, move the implementation to trace-dev.c so it
doesn't cause warnings in every module that includes it in preparation
for moving from -isystem to -I.
Test: m -j native
Bug: 31492149
Change-Id: If8b3fe13059c9e59c2d5208294d427d84fa6e588
Test: CL only adds tests. Ran them to confirm they pass.
Change-Id: Iccc3edaeeabff27f23b3786c3d40b2eb5b02dc83
Signed-off-by: Connor O'Brien <connoro@google.com>
Bug: 30041118
Change-Id: I14d1fd601fc4bce12c563a2004e91bd8ba0f42c3
Test: hostapd can start as the wifi user with these capabilities.
(cherry picked from commit 2502490178)
(cherry picked from commit a76088362e)
If a connection fails to an address that resolves to multiple
sockaddrs, attempt connecting to subsequent addresses if the initial
connection fails to a reason other than timeout. This is primarily
useful for localhost, which can resolve to both an IPv4 and and IPv6
address.
Also, add an adb test to verify that this behavior.
Bug: http://b/30313466
Change-Id: Ib2df706a66cf6ef8c1097fdfd7aedb69b8df2d6e
Test: python test_adb.py (+ the test fails before this patch)
Fixes a bug where USE_CPUSET used access(F_OK)
as a sign that it should try writing to the cpuset
path. It needs to instead use access(W_OK) to
ensure that it has write access as that's what
it would try to open() with.
And stop trying to repeatedly open a file that
doesn't exist.
Change-Id: Ib391ee6f08345051c48a986a732eda30143cb614
Bug: 30041118
Change-Id: I14d1fd601fc4bce12c563a2004e91bd8ba0f42c3
Test: hostapd can start as the wifi user with these capabilities.
(cherry picked from commit 2502490178)
This is broken on all devices other than N9, and has no real path to fixing
it because there are so many different values already in use (41, 43, 47,
127), with no way to tell which you should use on any given device.
Bug: http://b/30597190
Change-Id: I07eeaaf6f5dc03c5532ffbfbb85ef2ad750206a0
The PR_SET_TIMERSLACK_PID number has collided with upstream
changes a number of times, and thus the number is not consistent
between AOSP common kernel versions.
In 4.6+, the upstream kernel added equivalent functionaity via
the /proc/<tid>/timerslack_ns entry.
This patch changes the sched_policy logic to support
/proc/<tid>/timerslack_ns if its available, falling back to the
older PR_SET_TIMERSLACK_PID method if not.
NOTE: Eventually PR_SET_TIMERSLACK_PID usage will need to be
removed as it is likely to conflict with valid future upstream
PR_* entries.
Also add missing O_CLOEXEC to other open calls in this file.
Change-Id: Iec0b8a62de0dc8bdd57b60df82bd4d31c5d64709
Signed-off-by: John Stultz <john.stultz@linaro.org>
Remove the /dev/__kmsg__ workarounds (which can then be removed
from sepolicy), and fix confusion in the translation between
android-base logging and kernel logging priorities (in particular,
where 'notice' comes in the hierarchy).
Bug: http://b/30317429
Change-Id: I6eaf9919904b6b55bc402c20bf1a4ae269014bc7
Test: adb shell dmesg | grep init
Default permission bits are 771. It causes permission denied errors when
MediaProvider tries to scan /data/preloads. We have to allow read for others.
Bug: 29940807
Change-Id: I45645cf1154501ccb64bef08b9ad7bf7709dfd8e
The ioprio.h header is not a uapi header, so remove it's use and
add the two values that this code needs to use.
Bug: 30072483
Change-Id: I5c8b6f40bd60a43f50ac26792f96d2fa3f6db020
System-background tasks can be either in bg_schedboost_fd or fg_schedboost_fd.
It is better to set the right cgroup via init.rc and not dynamically in
set_cpuset_policy.
BUG: 29533997
BUG: 29512132
Change-Id: If5dab78eafbe2d0d03fd7fd3f36d794cb4a7645f
I'll come back and remove klog_init when I've removed other calls to it.
Change-Id: Iad7fd26d853b4ddc54e9abd44516b6f138cbbfcb
Test: booted N9, looked at "adb shell dmesg" output.
am: 65d7c4722c
* commit '65d7c4722c7cfe5d8bd98bbd3f38bca97901a06a':
Add utility to prepare files in a similar way to directories
Change-Id: Ibb9a117e02605f1164d220e58fc84b143e55b9c2
am: 6a29fe931d
* commit '6a29fe931d9fd3bf7f2aad3713dc70c080970763':
Add utility to prepare files in a similar way to directories
Change-Id: I288024d55e8cead1c902950938b03bfa8dcc3df3
am: 6a29fe931d
* commit '6a29fe931d9fd3bf7f2aad3713dc70c080970763':
Add utility to prepare files in a similar way to directories
Change-Id: I7516ecd90c2ba9025e58af184e83b61b5cad9341
am: b927c6c39d
* commit 'b927c6c39d5f43b0bd68c3f85f5bf3786f081378':
Add /vendor/xbin to the list of directories of executables
Change-Id: I491fd8ec7cfa611ee63ac51c657d70636ed392c2
am: 088f0e7c40
* commit '088f0e7c40a1cc66505f2bd73c54f3bab9908986':
Add /vendor/xbin to the list of directories of executables
Change-Id: Ib1172d5a5f0f0f1a82ce5ca260ef4539761ef679
am: 088f0e7c40
* commit '088f0e7c40a1cc66505f2bd73c54f3bab9908986':
Add /vendor/xbin to the list of directories of executables
Change-Id: Ia48ba1bdab767ddd146aeb090c2c1a9bbc304e3d
When using EAS, the foreground tasks were all getting boosted
during touchboosts. Limit it to top-app tasks.
BUG: 28378389
Change-Id: I72b7158a614bfd9b6c61024774e408ceba61fc9c
It's no longer specific to make_ext4fs, will be used for mksquashfs as
well.
BUG: 27467028
Change-Id: I41b8c2b168ada45c8378dee522391edfb8f6b9a6
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
BUG: 28704419
am: 23e1312720
* commit '23e1312720c45944646f68379c1f15fcd8434da8':
<cutils/atomic.h> has been inlined for two years now.
Change-Id: Ia4205030c07494149b8392abf74ec29ebd463724
am: e05688a
* commit 'e05688a176c27025d59c0a512501a411b56f1bb1':
More secure and compiler warning fix for sprintf into snprintf
Change-Id: I93d4ff6d1c2674113d481ff06170d19f31951346
To fix GCC WARNINGS while building.
or
To support error free -D_FORTIFY_SOURCE=2 strict mode compilation.
Change-Id: I999bd83785456a77247e5e1d708e2bdde2eb057b
It's no longer specific to make_ext4fs, will be used for mksquashfs as
well.
BUG: 27467028
Change-Id: I41b8c2b168ada45c8378dee522391edfb8f6b9a6
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
Currently get_sched_policy() would only return foreground
or background, but not TOP_APP, since it's not looking
at CPUsets at all.
Fixing this makes testing easier, and it also corrects
the output of "ps -P" to show "ta" for current top app.
Bug: 27857142
Change-Id: I589cacc107f355de15750f01b06f404b59a0f99b