In zygote wrapping mode, ZygoteConnection does a check to see if the pid
reported by the wrapped process is either child process that was
forked, or a decendent of it. This requires read access to other
processes /proc files. Grant zygote AID_READPROC to allow this access.
Bug: 32610632
Test: manual inspection of /proc files to verify group.
Test: manual inspection of zygote's children to make sure they do not
inherit AID_READPROC
Change-Id: I3619a9ae33c8077e068e8024f7c7d44cfca6fb76
Ambient capabilities are inherited in a straightforward way across
execve(2):
"
If you are nonroot but you have a capability, you can add it to pA.
If you do so, your children get that capability in pA, pP, and pE.
For example, you can set pA = CAP_NET_BIND_SERVICE, and your
children can automatically bind low-numbered ports.
"
This will allow us to get rid of the special meaning for AID_NET_ADMIN
and AID_NET_RAW, and if desired, to reduce the use of file capabilities
(which grant capabilities to any process that can execute the file). An
additional benefit of the latter is that a single .rc file can specify
all properties for a service, without having to rely on a separate file
for file capabilities.
Ambient capabilities are supported starting with kernel 4.3 and have
been backported to all Android common kernels back to 3.10.
I chose to not use Minijail here (though I'm still using libcap) for
two reasons:
1-The Minijail code is designed to work in situations where the process
is holding any set of capabilities, so it's more complex. The situation
when forking from init allows for simpler code.
2-The way Minijail is structured right now, we would not be able to
make the required SELinux calls between UID/GID dropping and other priv
dropping code. In the future, it will make sense to add some sort of
"hook" to Minijail so that it can be used in situations where we want
to do other operations between some of the privilege-dropping
operations carried out by Minijail.
Bug: 32438163
Test: Use sample service.
Change-Id: I3226cc95769d1beacbae619cb6c6e6a5425890fb
This function is always called by the frameworks in order to
initialize vulkan layer path. For NB apps returning nullptr
disables vulkan layer library lookup as expected.
Bug: http://b/32542970
Test: mm
Change-Id: I426b2b9f5ea7227b00f063ed6040f37bb2b4f21f
bootcharts currently only show root's processes, which isn't very
useful. To investigate and track boot duration issues, we need a way for
init to see all the pids. Add init to GID 3009 (aka AID_READPROC)
Ensure that init's children don't inherit this GID by always clearing
supplementary group IDs on fork.
Bug: 32506197
Test: Device boots and /proc/1/status says init is in gid 3009
Test: zygote starts and the Group: line in /proc/ZYGOTEPID/status is empty
Change-Id: Iba90717aaa591f1d6030a379a272aee003600c0a
Not-Tested: bootchart actually works. Speculative fix.
Add a command to reconnect offline/unauthorized devices, mainly for use
with the inotify-monitoring of vendor key directories added by 2e671202.
Bug: http://b/29273531
Test: manually tested with a sailfish + copying vendor keys
Change-Id: If34cccee4ae553ada65d128b57d03cba8c0d7c46
The CL adds FuseBridgeLoop class to libappfuse, which is used in the
system service to proxy fuse commands to applications.
Bug: 29970149
Test: libappfuse_test
Change-Id: I0708f608b3868721ab16ba4028fd2c17a6735af7
The CL adds utility functions to framework to parse FUSE messages
from the kernel. The library will be used from framework JNI and service
JNI.
Bug: 32260320
Test: libappfuse_test
Change-Id: Ib89b26d34789e6c26a3288beceb3ea145c1ae780
But not for Windows, because even dealing with environment variables is
too hard there (and no Windows user has complained yet).
Bug: http://b/30184452
Test: manual
Change-Id: I2d60049ed0049a9532414a7cdecbd0687e06aba7
Services implementing HIDL HALs must be named the same as the HIDL
package, e.g. android.hardware.nfc@1.0. Allow init to accept names
containing '.' and '@'.
Also combined logic for legal property names and legal service names.
Bug: 31458381
Bug: 32109611
Test: Tested creating service nfc@1.0-service which creates property
'init.svc.nfc@1.0-service' with and without this change. This service
successfully started only with this change.
Change-Id: Ie7a4310742bc03498d774d37b3b5fafa7c6068cc
Signed-off-by: Iliyan Malchev <malchev@google.com>
Bug: http://b/31320715
Test: No regression in 32-bit and 64-bit backtrace_test on host and
angler.
Change-Id: Ic5c5511e89ca7707ed9c13d5ba0539e09310dfe3
getTag() becomes invalid when entry is dropped because mMsg
disappears to save space; but the per-tag spam filter depends on it
still being valid. Conserve space in LogBufferElement by optimizing
the size of the fields, then add a new mTag field that is set in the
object constructor. Add an isBinary() method.
SideEffects: save 12 bytes/log message overhead on 64-bit.
Test: define DEBUG_CHECK_FOR_STALE_ENTRIES and look for stale entries
Bug: 32247044
Change-Id: Iaa5f416718a92c9e0e6ffd56bd5260d8b908d5c0
Native bridge implements namespace related interfaces in version 3.
The namespace semantic here is same as Android dynamic linker's.
Native loader wraps library loading functions of dynamic linker and
native bridge. Thus, Android runtime is able to load native library
of different ISA on one device by calling native loader directly.
Bug: http://b/28242460
Test: mm && make test-art-host -j48
Change-Id: Idde2b9d99fb6ebe547407c716b5478a231f745a7
Signed-off-by: Zhenhua WANG <zhenhua.wang@intel.com>
Commit 807e40ecc9 'liblog: logd: Add
android_lookupEventTag_len()' which addressed a Dirty Shared memory
leak resulted in a regression. Most notably logcat <tag> stopped
working for the events log buffer.
AndroidLogEntry::tag also requires callers to check out
AndroidLogEntry::tagLen as tag is no longer guaranteed to be
nul terminated.
Test: logcat-unit-tests --gtest_filter=logcat.event_tag_filter
Bug: 31456426
Change-Id: Ibe5236131b640eb5b7e3df0ab4b5f3e25b85ad45
Nick Kralevich