If the system has enough memory the pressure events are ignored or
downgraded from critical to medium.
Bug: 65642829
Test: tested on gobo
Change-Id: I44e66d2e35508aceee5c1719313db217b80d582e
ExpandArgs() was factored out of Service::Start() to clean up init,
however this introduced a bug: the scope of expanded_args ends when
ExpandArgs() returns, yet pointers to the c strings contained within
those std::strings are returned from the function. These pointers are
invalid and have been seen to cause failures on real devices.
This change moves the execv() into ExpandArgs() and renames it
ExpandArgsAndExecv() to keep the clean separation of Service::Start()
but fix the variable scope issue.
Bug: 65303004
Test: boot fugu
Change-Id: I612128631f5b58d040bffcbc2220593ad16cd450
(cherry picked from commit 5e405cacb1)
Child processes inherit the signal handlers from their parent process.
In the case of init, fork()'ed processes, will attempt to reboot the
system if they receive a fatal signal). This is not the correct behavior;
these processes should terminate due to the provided signal like other
processes on the system.
This is particularly important as there are multiple LOG(FATAL) calls
in service.cpp for failures after fork() but before execv() when a
service is started.
Note, that pthread_atfork() is not a viable solution since clone() is
used in some cases instead of fork() and atfork handlers are not
called with clone().
Bug: 65637054
Test: LOG(FATAL) from a child process of init and see that it
terminates due to a signal correctly
Test: LOG(FATAL) from init proper and see that it reboots to the
bootloader
Change-Id: I875ebd7a5f6b3f5e3e2c028af3306917c4409db3
For Go devices fallback to memcg/memory pressure events for LMK.
Go devices will use memcg pressure events while inkernel module
is disabled.
Bug: 64852905
Test: tested on gobo
Change-Id: I267ab00be85e324331f6c91551ba013184de817e
Without an explicit check, the return value can wrap around and return
a value that is far too small to hold the data from the resulting
conversion.
No CTS test is provided because it would need to allocate at least
SSIZE_MAX / 2 bytes of UTF-16 data, which is unreasonable on 64-bit
devices.
Bug: 37723026
Test: run cts -p android.security
Change-Id: Ie2606b92b9eab1acfe8ce4663b43b81156a4cad7
Merged-In: I56ba5e31657633b7f33685dd8839d4b3b998e586
Video threads have soft realtime requirements that
must be met in order to maintain reliable frame delivery
even when the system is under high load. This CL
defines a new priority that can be used by video
threads, enabling them to be scheduled appropriately
relative to other system threads.
Change-Id: Idd57207e30309dfdff24389db0acf107532f9e5a
related-to-bug:63898080
Turns on the derive_gid feature for sdcardfs. This was moved
under a mount flag in the kernel.
Test: If the derive_gid flag is supported, the first mount
should succeed. If the flag is not, the second should
succeed.
Bug: 63245673
Change-Id: If1c1bce13d14120732e420252cb5605d33ce7c40
For devices where VNDK restrictions are all enforced, vendor apks are
recognized as unbundled; since system partition and vendor partition can
be updated independently from each other.
However, since vendor apks are still bundled in the vendor partition,
they are allowed to do more than ordinaly unbundled apks that are
downloaded and installed to the data partition.
1) /vendor/lib is allowed. So the path is added to the search_paths and
permitted paths of the classloader namespace.
2) LLNDK libs are allowed in addition to the NDK libs. So, LLNDK lib list
from llndk.libraries.txt is added to the list from public.libraries.txt.
3) VNDK-SP libs are allowed. To do so, the classloader namespace is
linked to the 'vndk' namespace where VNDK-SP libs are searched and
loaded from. The list of available VNDK-SP libs is read from
vndksp.libraries.txt file.
4) Name of the namespace is changed to 'vendor-classloader-namespace'
since the namespace is configured differently from the ordinary
'classloader-namespace'.
Bug: 63553457
Test: 2017 pixel devices build and boots to the UI
Test: a vendor apk (e.g. TimeService.apk) works. Turn the airplain mode on.
Set time. Reboot the device. The time is not reset.
Test: 1) set target as 2017 pixel
2) m -j CtsVendorJniTestCases
3) copy the built apk into /vendor/app/CtsVendorJniTestCases
4) reboot / factory reset
5) adb shell am instrument -w android.jni.vendor.cts
Change-Id: I447452eb025c0a0fd076b5c9ac081d453dc6074e
Without an explicit check, the return value can wrap around and return
a value that is far too small to hold the data from the resulting
conversion.
No CTS test is provided because it would need to allocate at least
SSIZE_MAX / 2 bytes of UTF-16 data, which is unreasonable on 64-bit
devices.
Bug: 37723026
Test: run cts -p android.security
Change-Id: I56ba5e31657633b7f33685dd8839d4b3b998e586
List of llndk and vndk-sp libraries are written in the txt file so that
they can be available at run-time. The information is used by
libnativeloader to configure the classloader-namespace specially for
vendor apks.
Bug: 64882323
Test: build 2017 pixel devices. check that the two files exist on
/system/etc.
Change-Id: Ifbe339a5862f6ef57a8213a14a022765ccf77283
In the future, the sizes of tv_sec and tv_nsec (or even the size of
log_time struct itself) can change due to the 32-bit overflow expected
to happen in the year 2138. In order to hide such implementation details
to the clients of liblog, the two macros LOG_TIME_SEC and LOG_TIME_NSEC
are introduced.
Furthermore, vendors are provided with a simplified version of log_time.h
without C++ APIs. In doing so, log_time.h no longer includes time.h.
This breaks several modules that implicitly relied on the hidden
dependency, which should be fixed.
Bug: 37629934
Test: build with BOARD_VNDK_VERSION=current
Change-Id: I01b36078c1d8f3f44824be20ae769ba1465b6feb
One must explicitly include what it need.
time.h for clock_gettime
Bug: 37629934
Test: build
Merged-In: I992eac637f373b204aa161b0b26f5563e952c27e
Change-Id: I992eac637f373b204aa161b0b26f5563e952c27e
The library is used by both platform (e.g. libminui) and vendors (for
theor HW composer HAL impl).
Bug: 64050301
Test: 2017 pixel devices build
Test: libadf.so is in /system/lib[64]/vndk directory
Change-Id: I20b8b9728cdc56a7491266070740c3330d4324dc
This reverts commit 8f63b6cfca.
Reason for revert: the use of cutils/log.h is discouraged. clients should use log/log.h. aosp/420955
Bug: 37342627
Change-Id: I6605aa89b0ef2b9afd0fdd52c1dee1ee0021debd
cutils/log.h includes log/log.h. Therefore, libcutils_headers needs to
export the liblog_headers so that the clients of libcutils don't have to
explicitly include liblog (or liblog_headers).
Bug: 37342627
Test: build sdk_gphone_x86 userdebug with BOARD_VNDK_VERSION=current
Change-Id: I8875855222b4d073fac4a22bff488c9d082d39df
Fix the bug that caused boot failure on ASAN builds with VNDK
restriciton. The major cause is because incorrect (old) ld.config.txt
was used when the build is sanitized, which prevented the dynamic linker
to find some VNDK libs that only exist in /system/lib/vndk; the old
ld.config.txt does not have the directory in its search paths. So, this
CL fixes the problem by having the same ld.config.txt for both sanitized
and non-sanitizied builds.
Furthermore, ld.config.txt is modified so that dependency to
libclang_rt* libs are redirected to those in /system/lib directory. This
ensures that the sanitizer runtime libs are not dual loaded but are
provided for both platform and vendors.
Bug: 65217017
Test: SANITIZE_TARGET=integer_overflow SANITIZE_TARGET_DIAG=integer_overflow m
on 2017 pixel devices. The build is successful and the device boots to
the UI.
Change-Id: I0e21e20d9aca340b984968e07d4ce542ae10fd31
Lists of libraries in between the linker namespaces are no longer
hard-coded in ld.config.txt, but instead come from Soong.
Bug: 37139976
Test: build 2017 pixel device with BOARD_VNDK_VERSION=current m -j
Test: the device is bootable, basic functionalities (camera, camcorder,
wifi, bt, gps, etc.) work.
Change-Id: I8170e6c3f6ee04b16359791d64cc46bd2714a073
For 2016 pixel devices, where VNDK is not fully enforced, move libz back
to LLNDK so that we can pass the CTS without requiring the default
namespace to be isolated.
If we have libz in vndk-sp directory, test_linker_namespaces fails
because /system/lib/vndk-sp/libz.so becomes accessible. In order to make
the lib inaccessible, we have to make the default namespace isolated,
but this can't be done for 2016 pixel devices where VNDK is not fully
enforced. So, we choose to remove /system/lib/vndk-sp/libz.so and keep
the single copy at /system/lib.
Bug: 65018779
Test: android.jni.cts.JniStaticTest#test_linker_namespaces successful on
2016 pixel devices
Change-Id: Ib6b6560b02be69d2015c0afb86acf07c02b30c2f
This reverts commit f1d3dbc32f.
With the following changes to move /sbin/adbd to /system/bin/adbd,
we don't need this workaround anymore.
https://android-review.googlesource.com/#/q/topic:move-adbd-to-system+(status:open+OR+status:merged)
Bug: 63313955
Bug: 63381692
Bug: 64822208
Test: 'adb root' works in VTS for a non-A/B device (userdebug GSI + user boot.img)
Change-Id: Ic1249d6abd7d6e6e7380a661df16d25447853a48
Merged-In: Ic1249d6abd7d6e6e7380a661df16d25447853a48
(cherry picked from commit 0603ec4294)
The default namespace for system process now becomes isolated, which
means it can load only the libs that are in search.paths and under
permitted.paths.
/system/framework, /system/app, /system/priv-app, /vendor/app, /data,
etc are added to the permitted paths since libart should be able to
dlopen odex files under the locations.
Following directories become unavailable:
/system/lib/vndk
/system/lib/vndk-sp
Bug: 37013858
Bug: 64888291
Bug: 64950640
Test: 2017 pixel devices builds and boots
Test: android.jni.cts.JniStaticTest#test_linker_namespaces passes
Change-Id: I2bbe9cc19940c3633c2fb901f9bf8ab813e38c13
Bug: http://b/64508974
Bug: 64709603 (presubmit balking at the line above)
Test: mma
Change-Id: Ifba6a9dea3138b6d2a62c91cc0532f63986c048a
(cherry picked from commit 1d6c01b53d)
TreeHugger Robot