The analyzer is known to be very conservative in the face of atomic
operations (e.g. https://bugs.llvm.org/show_bug.cgi?id=34365); this case
is no different.
It's concerned that `delete this;` might read a different value for
`flags`, and proceed to delete `refs`. Since there are many comments
explaining why this won't happen (and it all looks sane to me), use a
NOLINT to silence this warning.
Analyzer warning:
system/core/libutils/RefBase.cpp:445:5: warning: Use of memory after it
is freed
Bug: 27101951
Test: mma. Use-after-free warning is gone.
Change-Id: Ic1623971bd1bad546fbb12a79439116c89a6762d
Cts tests can run in appdomain, which have access to /data/backup/
which leads to zero injection of sepolicy signal to check the logd
and kernel rate limiter. Switch to /data/drm/ as a better choice
to inject a sepolicy denial either due to dac_override or
dac_read_search because owned by the drm uid and gid, or due to
create sepolicy denial to u:object_r:drm_data_file:s0 to all but
select services.
Test: gTest
Bug: 65843095
Change-Id: I2d72b1407a930c270636a206066d2d15fdec2f77
libdl is part of system_shared_libs now. -ldl -lpthread -lm are now defaults
for host_ldlibs on Linux and Darwin. -lrt is a default for host_ldlibs on
Linux.
Test: m host
Change-Id: I0b3c147b00a8ab6ff289b85db55b88836c905f5c
Exempt-From-Owner-Approval: build system cleanup
One of the major aspects of treble is the compartmentalization of system
and vendor components, however init leaves a huge gap here, as vendor
init scripts run in the same context as system init scripts and thus can
access and modify the same properties, files, etc as the system can.
This change is meant to close that gap. It forks a separate 'subcontext'
init that runs in a different SELinux context with permissions that match
what vendors should have access to. Commands get sent over a socket to
this 'subcontext' init that then runs them in this SELinux context and
returns the result.
Note that not all commands run in the subcontext; some commands such as
those dealing with services only make sense in the context of the main
init process.
Bug: 62875318
Test: init unit tests, boot bullhead, boot sailfish
Change-Id: Idf4a4ebf98842d27b8627f901f961ab9eb412aee
This broke TCP debugging because processes don't inherit the AID_INET
group.
Bug: 67058466
Test: adb shell run-as com.example.native_activity groups prints "inet".
Change-Id: Ieb461dccda8611057bb2d16334e584eb5e57c8b1
If -p flag specified, return immediately so that scripting code
can progress. Shutdown is unique in that if it does happen,
the device will never come back, but if it fails one can continue
diagnosis (without the need for a script to send a SIGINT to break
out of the indefinite pause on the reboot -p command).
Yes, this will break adb shell reboot -p ; adb wait-for-device as
noted in the comment, but no one should ever expect the device to
come back if a shutdown is requested. We do not break adb reboot ;
adb wait-for-device sequence though as we retain the pause forever.
Test: manual
Bug: 63736262
Bug: 38446744
Bug: 66912053
Change-Id: I028cd873a7193a78c6b3c342eca1e08b6b296fd2
Name each service thread specifically to improve debuggability.
Bug: http://b/65648324
Test: adb shell debuggerd -b `adb shell pidof adbd` during a sync
Change-Id: I644e25fc2f14a26eafd19f596e4e8f3c2bb79967
No fs_mgr client is using fs_mgr_get_entry_for_mount_point_after(), which
supports matching a mount point iteratively by specifying a starting entry
in the fstab. So removes it.
Also switch the public API from C/C++ to C++-only:
fs_mgr_get_entry_for_mount_point(struct fstab* fstab, const char* path);
==> fs_mgr_get_entry_for_mount_point(struct fstab* fstab, const std::string& path);
Bug: 67024518
Test: boot sailfish, manually test fs_mgr_get_entry_for_mount_point().
Change-Id: I38e18fa6bd9485b6cd31b55474406a511df3f506
This has moved to being serialized with libprotobuf.
Test: persistent properties work on bullhead
Test: init unit tests
Change-Id: I26ebe135e37d352f9c53612301bde703144853e7
Change HandleSigtermSignal() handler to report shutdown,container. Add
the new reason to bootstat. Remove log stutter as
HandlPowerctlMessage will also do a LOG(INFO) reporting
shutdown,container as reason.
Sending SIGTERM to init is to allow a host OS to ask an Android
Container instance to shutdown. The temptation is to report
shutdown,sigterm but that does not accurately describe the usage
scenario.
Test: compile
Bug: 63736262
Change-Id: I3c5798921bdbef5d2689ad22a2e8103741b570b4
Primarily, this fixes a bug where a forked child of property service
uses exit() instead of _exit, which has the unintended consequences of
running the global destructors of init proper, which leads to
unintended cleanup.
Secondly, this replaces the remaining calls of exit() that really
should be LOG(FATAL).
Test: boot sailfish
Change-Id: I779228e7d44a73186bc7685bb723c4b9278a0a2d
George Burgess IV