This change adds init.rc steps to:
* allow kernel tracing to be enabled via adb
* allow a limited set of kernel trace events to be enabled via adb
* allow the kernel trace to be read via adb
* allow all users to write to the kernel trace from userland
Bug: 6513400
Change-Id: Ic3c189b5697aa5edf88d2f507c932971bed6caff
With this change, the audio rr/fifo threads will just run in
the fg cgroup.
Also, the RR budget for the apps fg/bg threads has been bumped
to 80%. Ideally, the bg budget would be much smaller but there
are legacy libraries that seem to be very sensitive to this so
for now keep it at this value.
Bug: 6528015
Change-Id: I08f295e7ba195a449b96cd79d954b0529cee8636
Signed-off-by: Dima Zavin <dima@android.com>
GPS on yakju puts SCHED_RR threads in the fg and bg groups, and
is unhappy with 0.1% limits. Increase the limits to 10%.
Change-Id: I971c9b0a815890d41694b965fdd2b023937a4411
rt_runtime_us=0 can cause deadlocks if a SCHED_FIFO/SCHED_RR thread
is moved into the wrong cgroup.
Change-Id: I4633392fb529039dff6ba5d3a6b672e0de9fc2d9
DRM server process needs to be able to access movies on sdcard
to acquire rights.
related-to-bug: 6414503
Change-Id: If90404e32fd437b8fb7d5a6ec8dfb30a499ef733
Forward locked apps on internal storage will be stored in ASEC
containers using ext4. This way permissions can be preserved whether on
internal or external storage.
Change-Id: I942f8f0743c210330a11e2b1d0204df7a5ddb2ae
This change adds init.rc steps to allow kernel tracing to support inserting
messages from any userland process.
Change-Id: I01970728d7132a25408fed09a213a015ac05ccaf
With newer Android kernels, anyone can read from the files in
/dev/log. If you're in the logs group (have the READ_LOGS) permission,
you'll see all entries. If you're not in that group, you'll see
log messages associated with your UID.
Relax the permissions on the files in /dev/log/ to allow an application
to read it's own log messages.
Bug: 5748848
Change-Id: Ie740284e96a69567dc73d738117316f938491777
This is part of the multi-project commit to move the filter-framework
from system/media/mca to frameworks/base/media/mca.
Note that the filter-framework will soon be replaced with a refactored
version currently under API review (also to go under frameworks/base).
This move is done now to unblock the PDK efforts.
Change-Id: I87d034a30bb4b98a85a028cb728e37fb97256039
Make the drm server run as UID=drm, GID=drm. This ensures that
any files created by the drmserver app do not have GID=system.
Bug: 5834297
Change-Id: I3409ad350e9cc82bb0982cdbe470ec1f10b1ca67
Android developers should never place files in /data/local/tmp.
Files or directories in /data/local/tmp can be minipulated by the
shell user.
Android developers should never create world-writable files
or directories. This is a common source of security vulnerabilities.
Change-Id: I6d2cd620ab49d8ca3f39282f7d2ed682a9ba91c3
The keystore service needs to access hardware crypto devices to
fulfill its function on devices with hardware crypto. This role
was assigned to the (now misnamed) drmrpc group.
Change-Id: Ia32f9e96b4372f0974984451680f9a0f6157aa01
CVE-2011-3918: Address denial of service attack against Android's
zygote process. This change enforces that only UID=system can
directly connect to zygote to spawn processes.
Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
This removes the hardcoding of the file import in init and instead
allows the init.rc file to fully control what is loaded.
Change-Id: I933e5bbab57f1e8705a370d660f92c6508da94d2
Signed-off-by: Dima Zavin <dima@android.com>
Wink Saville