The Bluetooth HAL has threads that process Bluetooth audio. They need
to be scheduled as RT priority, so allow the Bluetooth HAL to set its
threads to RT scheduling.
Bug 37518404
Test: play Bluetooth audio, confirm priority via systrace
Change-Id: I4928cf182a0805c0714e4d073cba15c864fbe328
This reverts commit 5e801e7bd5.
The file permissions don't allow access to the lock on devices
where vendor code runs with UID root and GID radio. They are
no longer necessary because we have a more flexible selinux-based
solution in https://android-review.googlesource.com/#/c/354223/ .
Test: strace -f -e flock -p <netmgrd_pid> on angler shows flock succeeds
Test: strace -f -e flock -p <netmgrd_pid> on marlin shows flock succeeds
Test: netd_unit_test passes on marlin
Test: strace -f -e flock -p <netd_pid> on marlin shows flock succeeds
Bug: 36108349
Bug: 37483189
Change-Id: Ia1bbf8d93ec6777514be66cbd1a32dfc95df95c0
Strip off trailing / then /system and then add back the appropriate
config directory. This fixes an issue with reading vendor, oem or odm
partitions.
Test: manual build successfully interprets all etc/fs_config_* files.
Test: manual incremental build successfully interprets all etc/fs_config_* files.
Bug: 36071012
Change-Id: Iba363f0731bb8d15e595bb45c56db97722edabc2
private/fs_config.h is required in order to build an independent
test that requires internal binary knowledge of the
etc/fs_config_(files|dirs) files.
Test: compile
Bug: 36071012
Change-Id: I268bcfdbb6d45b7bf6040cbf307a4e34812f5fef
Add reading of vendor file-system config files
/odm/etc/fs_config_dirs and /odm/etc/fs_config_files.
Order of interpretation (for dirs and files respectively):
- /system/etc/fs_config_dirs or /system/etc/fs_config_files
- /vendor/etc/fs_config_dirs or /vendor/etc/fs_config_files
- /oem/etc/fs_config_dirs or /oem/etc/fs_config_files
- /odm/etc/fs_config_dirs or /odm/etc/fs_config_files
- internal android_dirs[] or android_files[] structures.
No restrictions are placed on the odm file-system config files,
although the developer is advised to restrict the scope to the /odm
file-system since the intent is to provide support only for
customized portions of odm.img.
Test: full build and install smoke test and inspection
Bug: 36071012
Change-Id: Ic3afb5bb4ea20b15bd5df728be9f16045bf5b039
Anyone who can read this file can call flock(..., LOCK_EX) on it,
thereby blocking any future iptables commands from running.
Restrict it to user AID_RADIO, which includes device-specific
network management daemons, and group root.
Bug: 36108349
Test: see https://android-review.googlesource.com/#/c/348939/
Change-Id: I4dae4b5a835fabdc1a61a330e0446b39651f8156
Add reading of vendor file-system config files
/oem/etc/fs_config_dirs and /oem/etc/fs_config_files.
Order of interpretation (for dirs and files respectively):
- /system/etc/fs_config_dirs or /system/etc/fs_config_files
- /vendor/etc/fs_config_dirs or /vendor/etc/fs_config_files
- /oem/etc/fs_config_dirs or /oem/etc/fs_config_files
- internal android_dirs[] or android_files[] structures.
No restrictions are placed on the oem file-system config files,
although the developer is advised to restrict the scope to the /oem
file-system since the intent is to provide support only for
customized portions of oem.img.
Test: full build and install smoke test and inspection
Bug: 36071012
Change-Id: I56f3fed5efa44d622a9a110937dbc949083d44ae
Add reading of vendor file-system config files
/vendor/etc/fs_config_dirs and /vendor/etc/fs_config_files.
Order of interpretation (for dirs and files respectively):
- /system/etc/fs_config_dirs or /system/etc/fs_config_files
- /vendor/etc/fs_config_dirs or /vendor/etc/fs_config_files
- internal android_dirs[] or android_files[] structures.
No restrictions are placed on the vendor file-system config files,
although the developer is advised to restrict the scope to the /vendor
file-system since the intent is to provide support only for
customized portions of vendor.img.
Test: full build and install smoke test and inspection
Bug: 36071012
Change-Id: I4077bd6afcda2ee16189b2eb3c322af15205bbb9
Sort android_files[] first by requirements, grouping, specificity and
finally by alphanumeric order.
Test: full build and install smoke test and inspection
Bug: 36071012
Change-Id: I92c4090eac0067e0327ac7c8dde229747893d585
Sort android_dirs[] first by requirements, grouping, specificity and
finally by alphanumeric order.
Test: full build and install smoke test and inspection
Bug: 36071012
Change-Id: Iff579600b05d7b2a0b9fc7d9e9d897e0bb69aebd
Comply with clang-format. Adjust some comments.
Test: full build and install smoke test and inspection
Bug: 36071012
Change-Id: I459a08b4dc4333ab3d75207621a27587849386a5
Bug: 35328775
Test: works in both binderized and passthrough modes
Merged-In: I61f1ff6b777089d7aad5184c0aee4f653897b32e
Change-Id: I61f1ff6b777089d7aad5184c0aee4f653897b32e
There's no reason for SELinux policy compiler to be accessible by
anybode other than root.
Test: Device boots -- secilc isn't used yet anyway
Bug: 31363362
Change-Id: I26cf34f1412b8dd471f79271c491b473617a6df6
CAP_SYS_PTRACE is needed to ptrace processes that have capabilities
greater than their bounding set. Eventually, this will still be an
improvement, because we can ptrace attach, and then turn on a seccomp
filter that blocks further attaches.
Bug: http://b/34694637
Test: debuggerd `pidof system_server`
Change-Id: I4b9da164ec1fbb5060fdba590e886ac24b6a0785
The following files will be loaded additionally.
- /odm/default.prop and /vendor/default.prop for default props.
- /odm/build.prop for build props.
The props files must follow the following priority order.
- /default.prop > /odm/default.prop > /vendor/default.prop
- /system/build.prop > /odm/build.prop > /vendor/buid.prop
Test: tested default/build prop files with enabling early mount, but
didn't test files of odm partition because odm partition doesn't
exist now.
Bug: 34116668
Change-Id: I946d076dae38f2288865dd986fb16d801d4abcc0
Remove debuggerd in favor of a helper process that gets execed by
crashing processes.
Bug: http://b/30705528
Test: debuggerd_test
Change-Id: I9906c69473989cbf7fe5ea6cccf9a9c563d75906
Enforce that the only API for reading properties is through the property
server, not by reading the (system|vendor|rootfs) *.prop files.
Test: Device boots and no property errors.
Change-Id: Ibb6ed4e74a80cac00010c707d7574f8e92fc6448
Add CAP_SYSLOG, CAP_AUDIT_CONTROL and CAP_SETGID, set
uid and gid to AID_LOGD, and permissions user and group
read and execute only.
Fix up indents for in table for clarity.
Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Manually inspect owner and group for /system/bin/logd
Bug: 32450474
Change-Id: I5183ab200dbcd13efb0727cb91db5b12018ae804
The webview_zygote is a non-root zygote process that creates isolated_app
children for rendering web content. It needs:
- CAP_SETUID and CAP_SETGID to change the UID of the new child process.
- CAP_SETPCAP to clear the capability bounding set after forking.
Test: m
Test: angler boots
Bug: 21643067
Change-Id: I986fa04be54e812f5dd2afa14e5d2d3e474e2b10
Add netlink permissions for the new wifi HAL daemon name.
Bug: 31821133
Test: Compiled and ensured that the permission denials are no longer
present in logs.
Change-Id: If939df4760d9f7e85f0f134617d3a79030e09347
Replace references to cutils/log.h and log/log.h with android/log.h.
Point cutils/log.h to android/log.h. Adjust header order to comply
with Android Coding standards.
Test: Compile
Bug: 26552300
Bug: 31289077
Change-Id: I4b00c0dff3a0a50cbb54301fdc5a6c29c21dab65
Bug: 30041118
Change-Id: I14d1fd601fc4bce12c563a2004e91bd8ba0f42c3
Test: hostapd can start as the wifi user with these capabilities.
(cherry picked from commit 2502490178)
(cherry picked from commit a76088362e)
Bug: 30041118
Change-Id: I14d1fd601fc4bce12c563a2004e91bd8ba0f42c3
Test: hostapd can start as the wifi user with these capabilities.
(cherry picked from commit 2502490178)
Default permission bits are 771. It causes permission denied errors when
MediaProvider tries to scan /data/preloads. We have to allow read for others.
Bug: 29940807
Change-Id: I45645cf1154501ccb64bef08b9ad7bf7709dfd8e
Codesearch finds no reference to this in the Android tree. It was
added in 2010 in commit bbf1c64527.
Change-Id: I8cd1153912b78b4b23b8f5ba2577a58c5c49e316
Anyone wanting to call /system/xbin/librank can execute "su"
beforehand. There's no need for it to be setuid root.
Bug: 25739721
Change-Id: Ie3d68701397d21e901bf1ec17b4b4a9f12128d2d
This is not an executable so we have to specifically set its permissions
accordingly.
Bug: 25668833
Change-Id: I502f69bad75b4da4fdc29eb3ebaa42a19ae04d27
This makes native test directories 750 root:shell. This matches the
value for files within those directories, and results in a more usable
access paradigm when (say) unprivileged test tools need to discover
these test binaries.
Bug: 25668833
Change-Id: I9bd2081b2c211b4383b5873238aaf64597756714
Philip Cuadra