To quickly answer the question of "how much data is a UID using?" we
need a GID range to label files on external storage, similar to
the GID ranges already defined for cached and shared data.
Also define a new GID that will be used to label the OBB files shared
between all users under /data/media/obb.
Test: builds, newly added tests pass
Bug: 34263266
Change-Id: I16fb7d166c3dcdeafbf477162d191d3b73ae8ac2
Remove debuggerd in favor of a helper process that gets execed by
crashing processes.
Bug: http://b/30705528
Test: debuggerd_test
Change-Id: I9906c69473989cbf7fe5ea6cccf9a9c563d75906
To support upcoming disk usage calculation optimizations, this change
creates a new GID for each app that will be used to mark its cached
data. We're allocating these unique GIDs so that we can use
quotactl() to track cached data on a per-app basis.
This change also tightens up the implementation of both the cache
and shared GID calculation to ensure that they stay inside the valid
ranges, and includes tests to verify.
Test: builds, boots, tests pass
Bug: 27948817
Change-Id: Ie4377e5aae267f2da39a165888139228995987cb
Prevent others from using android_ids and force them
to use grp.h and pwd.h family of functions.
Test: Build and boot, verify services are running properly.
Bug: 27999086
Change-Id: Idcd75cf7e91a49ef07a0ed3bdb514ad61aa82e69
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Add a comment to android_filesystem_config.h
about AID and OEM Range "scraping" done by
build/tools/fs_config.
Test: Build and boot.
Change-Id: I2d4845d91546ae967a1ee5166b73d119938faccc
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Currently, all internal media storage files (under /data/media) are
given the same "media_rw" GID. To support an upcoming optimization
to disk usage calculation, this CL defines three new GIDs that can be
used to quickly identify common types: audio, video, and images.
Test: builds
Bug: 27948817
Change-Id: I8548459c3d3ccbf7d822431c6e2ebd1c2e309d70
Allows us to compose an event message for our own in-memory purposes.
Will be used to compose an event message in logd and directly write
it to just the pmsg buffer. Provide an internal enhanced C++ wrapper
for event handling.
Test: gTest liblog-unit-tests --gtest_filter=liblog.android_log_write_list_buffer
Bug: 31456426
Change-Id: I98246898ba580f9e506baba8af2fd1b26a2a8aae
log/logger.h pieces moved into log/log.h. Correct for some
minor Android Coding standards.
Test: gTests liblog-unit-tests, logd-unit-tests and logcat-unit-tests
Bug: 19235719
Bug: 26552300
Bug: 31289077
Bug: 31456426
Change-Id: I0a19fd8788eec20a582e72e4c62c04534bdb1b9a
Add private function __android_logger_get_buffer_size() to read
properties and compose the default buffer size. This interface
complements the existing android_looger_get_size() which returns
the logd setting which can differ at runtime. For use in logd
and dumpstate. Side effect is we also add the private functions
__android_logger_property_get_bool() and
__android_logger_valid_buffer_size() for reuse in logd.
Test: gTest liblog-unit-test, logd-unit-tests and logcat-unit-tests in
combination with commit 'logd: Use private interfaces for
buffer size properties'
Bug: 31750617
Change-Id: Id95cb68f775ef6b427c122e10f6f8291d336d184
Allow our own libraries to use this privately instead of
running the less efficient get_properties and doing the math.
Test: compile and boot smoke test
Bug: 27566046
Bug: 31456426
Change-Id: I2f677276d27fbcb6af01b600ac1d9891c8938d43
debuggerd does not require log/logger.h, can use android/log.h
In some cases, mark why log/logger.h was required.
Test: Compile and boot smoke test
Bug: 26552300
Bug: 31289077
Bug: 31456426
Change-Id: Ia34987e25a01d81971ec8d785415f732b8376c4f
Move all liblog related content into android/log.h, and make
log/log.h points to android/log.h.
Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I858e0ebe047b86f2a8530a99bc9c380d3d58edbb
Always used in combination with log/logger.h except in log_time.cpp,
and not used externally. As a result liblog has to support stl, a
small price to pay since goal is to convert liblog to C++ internally.
Test: compile
Bug: 31456426
Bug: 26552300
Bug: 31289077
Change-Id: I72828ec807d0a2c8e40bbdebd7a69f147a7ca5a9
It's no longer specific to make_ext4fs, will be used for mksquashfs as
well.
BUG: 27467028
Change-Id: I41b8c2b168ada45c8378dee522391edfb8f6b9a6
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
BUG: 28704419
- This is considered an Android Private function, not exported
for general use.
- goal is to retreive a file's content from a series of log
messages from pmsg, to be retrieved after a reboot for
transfer to a persistent location.
- files are presented in reverse sorted order, first based on
_any_ numerical content, then by alphanumeric order.
- Add a gTest for this function, relies on gTest for
liblog.__android_log_pmsg_file_write from prior to reboot.
Bug: 27176738
Change-Id: If37ef423009bd28b598b233af3bccef3429bdc22
- This is considered an Android Private function, not exported
for general use.
- goal is to record a file's content into a series of log
messages into pmsg, to be retrieved after a reboot for
transfer to a persistent location.
- filename reference is converted to a tag-unique
"<dirbase>:<filebase>".
- buffer and length representing the filename contents are
recorded, along with a sequence number placed into the nsec
time field to ANDROID_LOG_PMSG_FILE_MAX_SEQUENCE.
- Add a gTest for this function.
Bug: 27176738
Change-Id: If93df3ae8bfc1bb75516d4a1fd8dae0301af644b
This is intended to be used by user space daemons that are part of
access-controlled NVRAM HAL implementations for Brillo. Because there
might be sensitive data flowing through the daemon, we'd like to run
it as a separate user.
BUG: 27764637
Change-Id: If6ad7923af3c650963ee9e926f732001b6a8cb5d
Sometimes new users/groups get added in internal branches, and the list
gets out of sync. Add a comment to prompt developers to add users in
AOSP.
Bug: None
Change-Id: I5b2df391902b842f1af8a377c8eac4cdb36a0518
Brillo is converging on a set of mandatory system services to be
included in all Brillo builds. We'd like these services to run as
separate users just like other native Android/Brillo system services.
Add users for these services:
-Firewalld: Brillo has more granular firewall requirements (think e.g.
Brillo-powered router.) Firewalld exposes a (currently) D-Bus/
(soon to be) Binder API to broker access to IPTables rules.
-Trunksd: Some Brillo product configs will require TPMs. Trunksd
manages TPMs in Chrome OS and Brillo.
Bug: 27299198
Change-Id: Ibe3303acdd9398ea52da0a37dbef73e5c5a948f7
-metrics_collector and metricsd gather and upload device metrics.
-webservd is part of the Weave (Brillo remote setup and management) stack.
Bug: 26337609
Change-Id: Icf6ce75e64293adbe773f2ee65e80629f2eeb737
* Added new kernel GID named "wakelock" (AID_WAKELOCK = 3010)
* Changed the group access for /sys/power/wake_lock and
/sys/power/wake_unlock from "system" to "wakelock"
* Added "wakelock" to the list of groups for the healthd process/service
Bug: 25864142
Change-Id: Ieabee9964cccec3107971a361a43aa9805164aa9
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Brillo will need to run new native system services, so reserve
a reasonable UID range to accomodate them. Having 1000 UIDs will
allow us to sub-partition this range if needed.
The range can be used by any OEM, not just Brillo, so name it
accordingly.
Bug: 22555869
Change-Id: I752428ee5025bf064a35ecbe6da50c041d87b724
Using a getenv('OUT') in such a deep down function is a wrong design
choice. Replacing with explicit parameter that may be NULL in case
device specific files can be accessed from /.
Since TARGET_COPY_OUT_SYSTEM may be defined to something different than
system we also ensure that we use a path relative to TARGET_OUT to
compute path to fs_config_* files.
Bug: 21989305
Bug: 22048934
Change-Id: Id91bc183b29beac7379d1117ad83bd3346e6897b
Signed-off-by: Thierry Strudel <tstrudel@google.com>
C (but not C++) has a concept of a flexible array member, which
is documented at https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html .
Using a flexible array member indicates that the structure is
really a header for a variable length object.
In logd's case, the variable length structure android_event_string_t
was embedded within another structure called
android_log_event_string_t. This makes gcc's __builtin_object_size()
function really confused. When compiling with C++,
__builtin_object_size(android_log_event_string_t.payload.data, 1)
would return 0, whereas if you compiled the code with C, the same
call would (properly) return -1.
Code which does automatic bounds checking, such as the proposed
patch at https://android-review.googlesource.com/145411 , will
cause problems for logd if this syntax is used.
Don't try to embed a variable length structure within another
structure. This doesn't appear to be valid C nor C++, and
while it's worked, it seems problematic.
Instead, inline the structure so it's one big happy structure.
Change-Id: I8ac02b7142a4f6560f5f80df2effcf720f9896fc
Jeff Sharkey