Commit Graph

27543 Commits

Author SHA1 Message Date
Tao Bao b26579f326 Merge "adb: Fix the 'adb reboot sideload' for A/B devices."
am: 9f59a4663c

Change-Id: I9d1998124a38508a5681b0230ad7d11eba3edb60
2017-01-06 17:04:28 +00:00
Tao Bao 9f59a4663c Merge "adb: Fix the 'adb reboot sideload' for A/B devices." 2017-01-06 16:59:39 +00:00
Tao Bao 40e0ec918e adb: Fix the 'adb reboot sideload' for A/B devices.
We used to write the command file (/cache/recovery/command) to trigger
the sideload mode. A/B devices don't support that (may not have /cache
paritition). This CL switches to using libbootloader_message which
writes the command to BCB (bootloader control block) instead.

Test: "adb root && adb reboot sideload" reboots sailfish into recovery
      sideload mode.

Change-Id: I158fd7cbcfa9a5d0609f1f684a2d03675217628f
2017-01-05 18:01:01 -08:00
Jaekyun Seok da100377b0 Merge "Use shared lib of libutils, libz and libbase." am: 4bf9c82857 am: 70f6d5878e
am: 3b00f1cc8f

Change-Id: I2b521fd2f7b275a10d230318189704730cac8f90
2017-01-05 23:35:15 +00:00
Jaekyun Seok 3b00f1cc8f Merge "Use shared lib of libutils, libz and libbase." am: 4bf9c82857
am: 70f6d5878e

Change-Id: I33d1f440eaf0aab019b0c222b44953923f255de9
2017-01-05 23:31:45 +00:00
Jaekyun Seok 70f6d5878e Merge "Use shared lib of libutils, libz and libbase."
am: 4bf9c82857

Change-Id: I7429632c24ca9f7581eb4e4d94640fb222b8d56e
2017-01-05 23:27:45 +00:00
Treehugger Robot 4bf9c82857 Merge "Use shared lib of libutils, libz and libbase." 2017-01-05 23:24:21 +00:00
Sandeep Patil 871c306855 init: split property context into platform & non-platform components
Bug: 33746484
Test: Successfully boot with original service and property contexts.
Test: Successfully boot with split serivce and property contexts.
Test: 'getprop -Z'
Change-Id: I62689b229a67e319c65bf034da804f660f82bd35
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-01-05 13:19:01 -08:00
Mark Salyzyn cd6b2bb4f0 Merge "logd: sepolicy dynamic rate limiting" am: 8954ef987b am: f80377d73a
am: 4ec4e12b87

Change-Id: Ib72ff5d5b6379181eeb55584badc44eed9ffe014
2017-01-05 20:51:58 +00:00
Mark Salyzyn 4ec4e12b87 Merge "logd: sepolicy dynamic rate limiting" am: 8954ef987b
am: f80377d73a

Change-Id: Ia920a417e95a87625775f0ac3a5151b8eb0948f1
2017-01-05 20:48:28 +00:00
Mark Salyzyn f80377d73a Merge "logd: sepolicy dynamic rate limiting"
am: 8954ef987b

Change-Id: Id219bfcf31a621afe0c0109455119da0a29ba2d5
2017-01-05 20:44:58 +00:00
Treehugger Robot 8954ef987b Merge "logd: sepolicy dynamic rate limiting" 2017-01-05 20:28:34 +00:00
Mark Salyzyn 247d682fe1 logd: sepolicy dynamic rate limiting
Processing overhead for selinux violation messages is costly. We want
to deal with bursts of violations, but we have no intent of allowing
that sustained burst to go unabated as there is a cost of processing
and battery usage.

Tunables in libaudit.h are:

AUDIT_RATE_LIMIT_DEFAULT 20        /* acceptable burst rate      */
AUDIT_RATE_LIMIT_BURST_DURATION 10 /* number of seconds of burst */
AUDIT_RATE_LIMIT_MAX     5         /* acceptable sustained rate  */

Since we can only asymptotically handle DEFAULT rate, we set an upper
threshold of half way between the MAX and DEFAULT rate.

Default kernel audit subsystem message rate is set to 20 a second.
If sepolicy exceeds 125 violation messages over up to ten seconds
(>=~12/s), tell kernel audit subsystem to drop the rate to 5 messages
a second.  If rate drops below 50 messages over the past ten seconds
(<5/s), tell kernel it is ok to increase the burst rate back to 20
messages a second.

Test: gTest logd-unit-tests --gtest_filter=logd.sepolicy_rate_limiter_*
Bug: 27878170
Change-Id: I843f8dcfbb3ecfbbe94a4865ea332c858e3be7f2
2017-01-04 14:46:58 -08:00
Alexey Polyudov acfb7c41a6 Merge "gatekeeperd: protect from invalid data passed by HAL" into nyc-mr2-dev
am: d286af0bef

Change-Id: I66655ed41572e91f69d598413fb54d2a30ba43e5
2017-01-04 03:31:21 +00:00
Alexey Polyudov 563ed1672f gatekeeperd: protect from invalid data passed by HAL
am: 8c63536ded

Change-Id: Ie020281e63504ea0b9f27e9e36433d3e137ae018
2017-01-04 03:31:20 +00:00
Alexey Polyudov d286af0bef Merge "gatekeeperd: protect from invalid data passed by HAL" into nyc-mr2-dev 2017-01-04 03:28:42 +00:00
Elliott Hughes 2ebbcb17cf Merge "Don't use bare `noreturn` in log.h." am: fe05f1cde4 am: 3f789b70ea
am: ed5555ed8a

Change-Id: Ie8542e03cd07103643818df2bdba580641b1a911
2017-01-04 00:46:30 +00:00
Elliott Hughes ed5555ed8a Merge "Don't use bare `noreturn` in log.h." am: fe05f1cde4
am: 3f789b70ea

Change-Id: I5f5d65daaf5d6b9e006463960da50a33e9f8bfd3
2017-01-04 00:44:30 +00:00
Elliott Hughes 3f789b70ea Merge "Don't use bare `noreturn` in log.h."
am: fe05f1cde4

Change-Id: I5e1fa172496d2b5c038df9e1f66a7ac3734ed3bc
2017-01-04 00:42:00 +00:00
Elliott Hughes fe05f1cde4 Merge "Don't use bare `noreturn` in log.h." 2017-01-04 00:37:18 +00:00
Adrian Salido 9d4179dada Merge "init/service.cpp: fix access check for console" am: 4a3b03e9e5 am: 7cc669c493
am: 08cbedfb14

Change-Id: I2b82459bcd305feddce157057c8d1e9f5cf22fc9
2017-01-03 23:34:37 +00:00
Adrian Salido 08cbedfb14 Merge "init/service.cpp: fix access check for console" am: 4a3b03e9e5
am: 7cc669c493

Change-Id: I4b8db330cf35d4c227ac1778201dbd4a3bc882a0
2017-01-03 23:32:37 +00:00
Nick Kralevich 7cb4bd8589 Merge "Send property_service AVC messages to the kernel audit system" am: d06f86ced6 am: d4fc568820
am: 7d93c5c036

Change-Id: Ib6e6f1468a43ac3749b5f83420eaf3da16a1802b
2017-01-03 23:30:38 +00:00
Adrian Salido 7cc669c493 Merge "init/service.cpp: fix access check for console"
am: 4a3b03e9e5

Change-Id: I69e33c783d8afb7cd7781a8782504f3307b61435
2017-01-03 23:30:36 +00:00
Nick Kralevich 7d93c5c036 Merge "Send property_service AVC messages to the kernel audit system" am: d06f86ced6
am: d4fc568820

Change-Id: Ica6e9eb7f578953f07f2c37cdbd074ce69f3468a
2017-01-03 23:28:37 +00:00
Treehugger Robot 4a3b03e9e5 Merge "init/service.cpp: fix access check for console" 2017-01-03 23:27:40 +00:00
Nick Kralevich d4fc568820 Merge "Send property_service AVC messages to the kernel audit system"
am: d06f86ced6

Change-Id: I6a1b06620029935bedc28b69ec46eff0bade140b
2017-01-03 23:26:06 +00:00
Treehugger Robot d06f86ced6 Merge "Send property_service AVC messages to the kernel audit system" 2017-01-03 23:24:48 +00:00
Nick Kralevich 196969f951 Merge "LogAudit.cpp: replace newlines with spaces in audit messages" am: 5badada997 am: 5083c589fa
am: 48ff04f986

Change-Id: I760273682cdc1ad7a5b0191bffc7c7a43e3b23c1
2017-01-03 22:47:02 +00:00
Nick Kralevich 48ff04f986 Merge "LogAudit.cpp: replace newlines with spaces in audit messages" am: 5badada997
am: 5083c589fa

Change-Id: Ic41ed573f2ee717edb347ef1db28daa6ab20de07
2017-01-03 22:38:31 +00:00
Nick Kralevich 5083c589fa Merge "LogAudit.cpp: replace newlines with spaces in audit messages"
am: 5badada997

Change-Id: Ic19c090caafa110a88eded401015d1eebfede58d
2017-01-03 22:30:01 +00:00
Treehugger Robot 5badada997 Merge "LogAudit.cpp: replace newlines with spaces in audit messages" 2017-01-03 22:21:37 +00:00
Josh Gao b1dbfb5862 adb: fix IOKit handle leaks on OS X.
am: 6c533a7fb9

Change-Id: I2be1631b57e8a959a26a18e7635529aa622a3f1f
2017-01-03 22:06:57 +00:00
Nick Kralevich 8adb4d9d12 Send property_service AVC messages to the kernel audit system
The property service uses an SELinux userspace check to determine if a
process is allowed to set a property. If the security check fails, a
userspace SELinux denial is generated. Currently, these denials are only
sent to dmesg.

Instead of sending these denials to dmesg, send it to the kernel audit
system. This will cause these userspace denials to be treated similarly
to kernel generated denials (eg, logd will pick them up and process
them). This will ensure that denials generated by the property service
will show up in logcat / dmesg / event log.

After this patch, running "setprop asdf asdf" from the unprivileged adb
shell user will result in the following audit message:

  type=1107 audit(39582851.013:48): pid=1 uid=0 auid=4294967295
  ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for
  property=asdf pid=5537 uid=2000 gid=2000 scontext=u:r:shell:s0
  tcontext=u:object_r:default_prop:s0 tclass=property_service'

Test: manual
Bug: 27878170
Change-Id: I0b8994888653501f2f315eaa63d9e2ba32d851ef
2017-01-03 13:50:13 -08:00
Mark Salyzyn 5ec0bfdea2 Merge "logd: Add support for ro.logd.auditd.[main|events]" am: 891df1c410 am: 0236379593
am: 3322aaf11d

Change-Id: Ibae988c6e3d5f0a7dea63b2d72b32339af5677b0
2017-01-03 21:33:57 +00:00
Mark Salyzyn 3322aaf11d Merge "logd: Add support for ro.logd.auditd.[main|events]" am: 891df1c410
am: 0236379593

Change-Id: I06f4f668092c256d728d1a57a2e3ccd95587d4d2
2017-01-03 21:25:27 +00:00
Elliott Hughes 9b3b119912 Don't use bare `noreturn` in log.h.
toybox has a #define noreturn that trips over this.

Also move `format` out of the way, just in case.

Bug: https://github.com/android-ndk/ndk/issues/271
Test: builds
Change-Id: Ib8811136b4b422ff74625509539a5464a3c9af18
2017-01-03 13:17:42 -08:00
Mark Salyzyn 0236379593 Merge "logd: Add support for ro.logd.auditd.[main|events]"
am: 891df1c410

Change-Id: I1321ebbe91c492efc1e2173f2c5ff29e015ab6de
2017-01-03 21:16:56 +00:00
Adrian Salido 24ef8601c2 init/service.cpp: fix access check for console
Commit 9596d2b95d changes how
availability of console is checked by only checking access bits for
the console device. However, in cases where there is no console it
defaults to /dev/console. This device is always enumerated by tty
driver (i.e. file and access bits may be correct), but it doesn't
always map to an underlying console driver. Because the lookup for the
underlying console driver happens during the open system call, checking
only the access bits is not sufficient and need to make sure open
system call is successful, we can safely close the FD afterwards to
avoid FD leaks.

Test: boot device and check console svc doesn't continuously restart
Bug: 33691649
Change-Id: Ia51a8a2f56c345b70db55e95f61a057a98b52895
2017-01-03 13:11:29 -08:00
Treehugger Robot 891df1c410 Merge "logd: Add support for ro.logd.auditd.[main|events]" 2017-01-03 21:03:55 +00:00
Nick Kralevich 2e58867771 LogAudit.cpp: replace newlines with spaces in audit messages
Some kernels have a bug which causes a newline to show up in audit
messages. The embedded newlines cause one message to look like two due
to prefix controls.

Replace any newlines with spaces. Duplicate spaces are further
consolidated in code immediately after this newly added code.

Test: create an audit message with a newline, and watch it be cleaned up.
Bug: 27878170
Change-Id: Id90c29ab9e10d3be96f51403b0293622d782422a
2017-01-03 12:39:28 -08:00
Josh Gao 6c533a7fb9 adb: fix IOKit handle leaks on OS X.
Bug: https://code.google.com/p/android/issues/detail?id=219085
Test: Removed sleep in RunLoopThread, compared before/after this patch

Bug: http://b/33283523
(cherry picked from commit b6a2f59515)
Change-Id: Ia65bbedfb7d47bdb02bdfb69778784e5e855900b
2017-01-03 11:54:03 -08:00
David Pursell de27e86a73 Merge "fastboot: update getvar documentation." am: fd979edb57 am: d4158aab30
am: 83c3badb27

Change-Id: I02015e1c14c706dbec828fc674b514578abbfa5a
2017-01-03 18:15:58 +00:00
David Pursell 83c3badb27 Merge "fastboot: update getvar documentation." am: fd979edb57
am: d4158aab30

Change-Id: Ia3b23bd908824991652b9444e7830560a5010e24
2017-01-03 18:03:44 +00:00
David Pursell d4158aab30 Merge "fastboot: update getvar documentation."
am: fd979edb57

Change-Id: Ib972ea7b1ec4c61df056e7c394fe0a995f91d09e
2017-01-03 17:55:43 +00:00
David Pursell fd979edb57 Merge "fastboot: update getvar documentation." 2017-01-03 17:45:05 +00:00
Mark Salyzyn ce80da3018 logd: Add support for ro.logd.auditd.[main|events]
log selinux audit messages boolean (true or false, default true)
selection for logging destinations:

ro.logd.auditd - turn on logd.auditd to pick up violations.
ro.logd.auditd.dmesg - to the kernel log.
ro.logd.auditd.main - to the "main" log buffer.
ro.logd.auditd.events - to the "events" log buffer.

We used to also read logd.auditd.dmesg and persist.logd.auditd.dmesg
which do not get refreshed when /data mounts internally.  This is a
confusing state as these properties will be read after a logd crash
and restart, adjusting the behavior of the logger.  Same can be said
for logd.auditd as well.  Drop reading these other parameters.

Test: manual set r/o parameters, stop/start logd to confirm behavior
Bug: 33969000
Bug: 27878170
Change-Id: I1a6bb4a903074c9aa7b227cf583a0094d49cbefd
2017-01-03 09:44:42 -08:00
Elliott Hughes 3d42d99996 Merge "libziparchive: use _FILE_OFFSET_BITS=64" am: 10a7b9bb8b am: d9bd95e1c1
am: 45c7500b9a

Change-Id: I2ca5eb8c65ed61a25e8e7d57da880ad2700b9ce6
2016-12-30 20:42:41 +00:00
Elliott Hughes 45c7500b9a Merge "libziparchive: use _FILE_OFFSET_BITS=64" am: 10a7b9bb8b
am: d9bd95e1c1

Change-Id: If3d14483f410b885958ec2bf42e3e111c9245841
2016-12-30 20:34:41 +00:00
Elliott Hughes d9bd95e1c1 Merge "libziparchive: use _FILE_OFFSET_BITS=64"
am: 10a7b9bb8b

Change-Id: I024b1e1134da7362eeb137581bf69d2b38a147ca
2016-12-30 20:26:09 +00:00