In https://github.com/torvalds/linux/commit/8db6c34f1dbc8 , namespaced
file capabilities were introduced. That change updated VFS_CAP_REVISION
from VFS_CAP_REVISION_2 to VFS_CAP_REVISION_3.
Android code is written assuming v2 capabilities, and the code will
break if we naively try to treat a v2 structure as a v3 structure.
So don't even try.
Android kernels prior to v4.14 will not support this extended capability
structure, so attempting to set such capabilities will ultimately fail.
With 8db6c34f1dbc8, it appears that attempting to read a v3 capabilities
xattr will always downgrade the capability to a v2 capability, so it
really doesn't make sense to look for a v3 capability.
Android capabilities are only created at /system and /vendor filesystem
creation time by host tools. Android processes, within or outside a
namespace, are not permitted CAP_SETFCAP
(https://android-review.googlesource.com/c/platform/system/sepolicy/+/547801/1/public/domain.te
line 1101). So we should never have to deal with a v3 capability other
than those that might appear on the /system / /vendor partition at a
future date by a future author.
Bug: 69617725
Test: build/test/boot/CTS passes
Change-Id: I0378b3f1195dc62dbeb771944ab378c881441118
This commit removes unused class declaration for SharedBuffer and
TextOutput. SharedBuffer has become internal implementation details
since 282efae9c. TextOutput usages have been removed since 9eb2a3b1.
Test: AOSP and master build w/o problems
Change-Id: I1871c4919a46f1ea8f41fb7eb79b4dc800b6f6f4
These are directories used by the system so they should be created by
the system.
Test: treehugger
Change-Id: I2a721ef7871c8842fa912497f5ec6988fcec9e58
If the platform has no bootloader or pstore support, kernel_panic
test should fail if the results are not correct. Drop skipping of
failed test if pstore support is lacking.
If device demonstrably has pstore content support, the result must
be exacting kernel_panic,sysrq. Otherwise accept the less precise
result.
Test: On hikey960 (which currently lacks reliable pstore, or a
compliant bootloader reporting bootreason), expect failure of:
system/core/bootstat/boot_reason_test.sh kernel_panic
Bug: 63736262
Change-Id: I071a2a9c00dc522ec037c8a8997fea524d17e6e4
This change explicitly drops all inheritable capabilities (and, by
extension, ambient capabilities) when there are no explicit capabilities
being set by a service and the user is changed. This prevents Android
running in a container from accidentally granting extra capabilities to
services.
Bug: 69320306
Test: aosp_sailfish still boots
Test: sailfish:/ $ grep Cap /proc/`pidof android.hardware.audio@2.0-service`/status
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
Test: sailfish:/ $ grep Cap /proc/`pidof logd`/status
CapInh: 0000000000000000
CapPrm: 0000000440000000
CapEff: 0000000440000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
Test: Android in Chrome OS still boots
Test: localhost ~ # grep Cap /proc/`pidof android.hardware.audio@2.0-service`/status
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000000006daefdff
CapAmb: 0000000000000000
Test: localhost ~ # grep Cap /proc/`pidof logd`/status
CapInh: 0000000000000000
CapPrm: 0000000040000000
CapEff: 0000000040000000
CapBnd: 000000006daefdff
CapAmb: 0000000000000000
Change-Id: I9218f2e27ff4fb4d91d50f9a98c0fdb4e272952c
Always check to see if the fallback handler has been called and is
not trying to dump a specific thread.
Bug: 69110957
Test: Verified on a system where the prctl value changes, that before the
Test: change it dumps multiple tombstones, and after the change it
Test: works as expected.
Test: Ran debuggerd unit tests.
Test: Dumped process using debuggerd -b <PID> and debuggerd <PID>.
Change-Id: Id98bbe96cced9335f7c3e17088bb4ab2ad2e7a64
Rename Memory::Read to ReadFully to match its semantics with that of
android::base. ReadPartially will be renamed to Read in a follow up
commit, kept intentionally separate so that there aren't any callers
accidentally switched from ReadFully to Read.
Test: treehugger
Change-Id: I7d845ac5244c3025d92c8512e960e5d0d1da05af
Add a way to read while allowing for partial reads.
Test: new tests added to libunwindstack_test, ran 32/64 on hikey960, sailfish
Test: ran unwind on hikey960/sailfish
Change-Id: I8b11d9230fcd3122148ef3f980863ac1404ad70a
* changes:
Allow a service to override another.
Move service name duplication lookup to EndSection
EndSection returns Result<Success>
Fix out of date SectionParser comment.
For instance, on vendor.img:
service foo /vendor/bin/nfc
...
And then on odm.img:
service foo /odm/bin/super-nfc
override
Allows a service on ODM to override a HAL on vendor.
Bug: 69050941
Test: boot, init_tests
Change-Id: I4e908fb66e89fc6e021799fe1fa6603d3072d62a
This is paving the way to allow an "override" tag
in init services. This also means that errors for
part of a service definition in its section will
be shown in addition to the fact that the service
is duplicated.
Bug: 69050941
Test: boot, init_tests
Change-Id: Ic1ea8597789f45ead1083451b3e933db1524bdc9
Allow it to fail. When there is an error for a section ending,
print the error pointing to the line where the section starts.
Bug: 69050941
Test: boot, init_tests
Change-Id: I1d8ed25f4b74cc9ac24d38b8075751c7d606aea8
AID_SHARED_GID is a GID shared by a specific app across all users on
the same device. Bring the UserHandle and multiuser.c implementations
into agreement, and copy/paste the unit tests that verify that both
behave identically.
This fixes a regression where multiuser_get_shared_gid() was applying
per-user isolation when it shouldn't have.
Test: adb shell /data/nativetest64/libcutils_test/libcutils_test64
Bug: 34151068, 64548938
Change-Id: I491dd79d23a214425a68865d1d0f8269916aad4c
This change ensures that the logcatd binary is properly
included into builds which contain logpersist. logcatd
is required for logpersist to actually work.
Bug: 69171565
Test: make checkbuild
Test: verified that logcatd binary is present in build
Change-Id: I78161998763a4694ba88af43113fef39a5fbd8c8
+ quota support
This patch fixes broken f2fs_format by replacing the existing flow with calling
legacy mkfs.f2fs binary explicitly likewise ext4.
This removes obsolete ext4 stuffs as well.
Bug: 67009570
Change-Id: Ia81bcbc7adc3a8b57ada860f7f7871602ac1c6e9
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
... if they are not available. Use weak symbols and do not call the
following functions when they are not defined:
* android_dlopen_ext
* android_get_exported_namespace
Test: links
Test: boots
Change-Id: I653548bac61a0eba001f72bab969b5b858bd1553
Just the minimial changes to get this to actually build, because otherwise
we always bog down trying to rewrite everything (when the real answer
is usually "stop using libcutils, it's awful").
This doesn't move a handful of files: two are basically just BSD libc
source, a couple have outstanding code reviews, and one can be deleted
(but I'll do that in a separate change).
I'm also skipping the presubmit hooks because otherwise clang-format
wants to reformat everything. I'll follow up with that...
Bug: N/A
Test: builds
Change-Id: I06403f465b67c8e493bad466dd76b1151eed5993
PRODUCT_FULL_TREBLE is being deprecated in favor
of smaller flags. Use the appropriate one instead.
Bug: 62019611
Test: manual
Change-Id: Id5d127c29f908cd3011031b3b698ddec3dcba9c1
Before:
extracting android-info.txt (0 MB)...
extracting boot.img (29 MB)...
target reported max download size of 536870912 bytes
archive does not contain 'boot.sig'
archive does not contain 'boot_other.img'
archive does not contain 'dtbo.img'
archive does not contain 'dt.img'
archive does not contain 'recovery.img'
extracting system.img (1928 MB)...
archive does not contain 'system.sig'
extracting system_other.img (574 MB)...
archive does not contain 'system.sig'
archive does not contain 'vbmeta.img'
After:
extracting android-info.txt (0 MB) to RAM...
extracting boot.img (29 MB) to disk... took 0.232s
target reported max download size of 536870912 bytes
archive does not contain 'boot.sig'
archive does not contain 'boot_other.img'
archive does not contain 'dtbo.img'
archive does not contain 'dt.img'
archive does not contain 'recovery.img'
extracting system.img (1928 MB) to disk... took 10.122s
archive does not contain 'system.sig'
extracting system_other.img (574 MB) to disk... took 3.424s
archive does not contain 'system.sig'
archive does not contain 'vbmeta.img'
Bug: http://b/69128980
Test: ran manually
Change-Id: Ib190d1cc56ad9da06a4f9a9e822f7dad4a9a53b7
The client of FirstStageMount class should check the existence of fstab
in device-tree prior to using it. So raising a FATAL error inside
FirstStageMount when failed to parsing the fstab, in order to expose
more accurate error messages.
Also fixing a comment in fs_mgr, where it might happen in either
non-A/B or A/B.
Bug: 69102431
Test: boot sailfish
Change-Id: Ifb525beaa3423b118644778bfe0f84bff9465303
Nick Kralevich