In the namespace with "isolated = false", "permitted.paths" is not
used.
Bug: 71727966
Test: walleye device boot
Change-Id: I6f624be3c4e2c4070bb784632d0757408ec12db0
This drops the *TOOLS automated logic, though since there are only
three tools now, that seems less important. It would have been possible
to implement that logic in a Go plugin, but that seems like a lot of
overkill to fix a few duplicated entries.
See build/soong/README.md for more information.
Test: mmma system/core/toolbox
Test: List of installed files is the same
Test: input.h-labels.h and tools.h are the same
Change-Id: I9753083c3f689e689e40001b998b39ad20509598
Add a non-toybox version of getprop, so that we can interface with the
new C++ PropertyInfoAreaFile class to return property context
information.
Bug: 36001741
Test: Compared toolbox getprop results with toybox getprop
Change-Id: I5f98f9e895d0620a2d9686bc0608490e7d9c3120
We recently created a new GID that can be granted to critical system
processes, so that the system is usable enough for the user to free
up disk space used by abusive apps.
Test: builds, boots
Bug: 62024591
Change-Id: Ia5af7535cc05a214f8720ac08c594c6db888597a
If we're setting up the number of reserved blocks, we also want to
set our new AID_DISK_RESERVED as the GID that's allowed to use those
blocks.
Test: builds, boots
Bug: 62024591
Change-Id: Iaabfa7d63ad9ff0b9732e2b9996937607d622fe2
Filesystems allow the setting of the "resgid" parameter to designate
a GID that is allowed to use the "reserved" disk space (in addition
to UID 0). We'll be granting this GID to critical system processes,
so that the system is usable enough for the user to free up disk
space used by abusive apps.
Test: builds, boots
Bug: 62024591
Change-Id: I2d166f3b730f0a3e7279fb40f12db7413c1dadad
property_info_checker is packaged with CTS, therefore it should be a
static exectuable to not require shared libraries.
Bug: 36001741
Test: CTS SELinuxHostTest#testValidPropertyContexts
Change-Id: Ib139094f8217e3d829677ab92b8450287a65d3f7
Some devices, such as android on chromebooks, don't need an fstab.
Test: Ensure no error messages are seen from fs_mgr when fstab is
missing.
Change-Id: Ifadb2193743a61d03f1becefd6bc81a61eb45081
This doesn't seem to work. All other projects restrict sanitization,
too.
Mac build not actually tested.
Test: m
Test: linux host build still contains ubsan symbols
Change-Id: I60532a46177632320ba3b15b4a7c2d5e31ef2bfc
The fstab struct wasn't properly being freed.
Test: Ensure a user of fs_mgr (vold) runs without errors.
Change-Id: I4dcb8ae2ab3e831fbdb13372eb31a67a5d9fb735
The odm partition will eventually be required. Prepare for this by
creating its mount point.
Bug: 37322799
Test: run cts-dev -m CtsPermissionTestCases
Change-Id: Ibd031b68dd7328c853ded401bb2690dbd6675141
There is a 2s timeout for system property set that currently
uses boot_clock as its clock source. If the system goes to sleep
during a property set, it may erroneously cause the timeout to
be reached as boot_clock increments during sleep. This patch
changes from boot_clock to steady_clock to ignore time spent
asleep when determining this timeout.
bug: 71497234
Test: 1. System service process try to set a system property
with timeout 2s
2. At the same time, the system go into sleep mode more
than 2s
3. System property set will be ok.
Change-Id: I808b9af16974a0f4de60a4ca30ae64d095a13422
Select a low rate-limit to cut down on logspam and resulting
performance regressions.
Functionally reverts 247d682fe1
(logd: sepolicy dynamic rate limiting) and sets a static low
rate-limit. Before 247d682f, the limit was statically set to 20.
247d682f continued to support 20, but if sustained dropped the limit
to 5. This revert leaves us at 5 so as not to impact performance.
Test: /data/nativetest/logd-unit-tests/logd-unit-tests \
--gtest_filter=logd.sepolicy_rate_limiter
[ PASSED ] 1 test.
Bug: 71538411
Change-Id: I6c92f4ba825cc24beb8f1f1b79258fa8097c837b
We pin lmkd in memory so that we don't take page faults (and thus
requisition memory) while we're in the process of responding to a
low-memory condition. mlockall(2) is the right primitive for this
pinning. Previously, we used the MCL_FUTURE flag to mlockall: used
this way, mlockall doesn't actually pin all pages in memory, since
MCL_FUTURE affects only the default flags for future mappings and
doesn't affect mapping already in existence at the time of the
mlockall call --- like the lmkd executable itself.
This patch adds the MCL_CURRENT flag, which also pins all pages
already mapped.
Test: code inspection
Change-Id: I4563959367a2f0a9cadc3ea41731b7f311326685
Attempt to (somewhat) support the given library path on a non-Android
device. Iterate through the given list and construct a complete path.
This will of course not handle dependencies correctly and is best
effort.
Required (and enough) for agent-related testing in ART.
Bug: 70901841
Test: m
Change-Id: I9ecb27d662c8a2c79a70b6c5464483c449c5d034
Set and restore PR_SET_PTRACER when performing a dump, so that when
Android is running on a kernel that has the Yama LSM enabled (and the
value of ptrace_scope is > 0), crash_dump can attach to processes and
print nice, symbolized stack traces.
Bug: 70992745
Test: kill -6 `pidof surfaceflinger` && logcat -d -b crash
# in both sailfish and Chrome OS
Change-Id: If4646442c6000fdcc69cf4ab95fdc71ae74baaaf
Fix failures in DataDescriptor related tests due to to a bad call to
SetZipString (undefined behaviour). Also fix a typo in the test for
invalid descriptors, we were asserting things on the wrong array.
Test: zip_archive_test
Change-Id: I8c9a632443fdf1d5c115670d6e9317e1f4bf6ef4
Tom Cherry