Add SANITIZE_LITE_SERVICES to drive usage of asan.options for a
large set of native services.
Test: m SANITIZE_TARGET=address SANITIZE_LITE=true
Test: m SANITIZE_TARGET=address SANITIZE_LITE=true SANITIZE_LITE_SERVICES=true
Change-Id: I84458dcc1b193b762daeb3004cf6c49e2fd8fae2
Current init doesn't order the triggeres it scaned, and there is no
guarantee that general event trigger exec first and then event+property
triggers.
This CL will make sure netd started after post-fs-data trigger is done.
Bug: 35110957
Test: marlin boots
Change-Id: I7bb55af4e00f336682388abfa8a06eac2136b7d4
When native coverage is enabled, add a global GCOV_PREFIX
environment variable specifying that gcda files be output
with path prefix /data/local/tmp.
Bug: 35635587
Test: make NATIVE_COVERAGE=true; check init.environ.rc
Change-Id: I40972aea3ca3168d0687bdc93e9d4b7b3a1071b9
Parts of this change were accidentally reverted by an incorrect
manual merge conflict resolution.
Bug: 35306127
Test: manual
Change-Id: I8e6d6b07dcaa548775213dd42ba9def7431c62d3
This prevents the shell user from injecting input as if it were coming
from an existing input device, which in turn makes it easier for malware
/ abuse analysis to detect when someone is injecting input via the
command line vs a real user using a device.
(cherrypick of 95637eb2a332b9a09914b1bf32c10fccfba4a175.)
Bug: 30861057
Test: ran getevent, saw correct output, played with device
Change-Id: Ib53eea1b7767f25510b5d36fe6109101a9fad8e0
When vold mounts the encrypted /data partition, it first checks for and
kills processes that have open fds to the tmpfs placeholder at /data.
This resulted in a 20 second boot-time regression (vold's timeout period)
when tombstoned was started before vold.
Bug: http://b/34461270
Test: boot is faster, no messages from vold in console spew
Test: tombstoned still started by init
Change-Id: Ib5e9ddb05f40c9da852f00e103861c6ff2d94888
Also ensure that it uses the highest supported value, and
abort if the value is not above a minimum threshold.
Test: Tested against the curent kernel (maximum value of 2,
set to 0 by the kernel initially) and against a
modified kernel (maximum value of 4, set to 4 by the
kernel initially)
Bug: 30368199
Change-Id: I608db577258b68b390ffe96f452e1f7c0bc9ad8a
for audio_source function instance, there exist 2 function name here:
"audio_source.gs2" and "audio_source.gs3"
I believe this usb accessory audio name "audio_source.gs2" is a typo,
as there is no need to create another audio_source instance.
Test: Manual
Change-Id: I70b513db474632eb990131c285c8d5105c17970f
Signed-off-by: Winter Wang <wente.wang@nxp.com>
Since splitting tracefs out from debugfs, we now need to set the
attributes explicitly on tracing folder.
Test: Run adb shell atrace -c -b 16000 -t 5 gfx
Bug: 34197733
Change-Id: If2a962332b6d1ec227e289bdf952213756e26186
Everything should be using the functionfs interface instead by now.
Bug: http://b/34228376
Test: grepping for f_adb, android_adb in source tree
Test: m
Change-Id: I6bc41049c49a867499832588dac8ed108c636c11
This helps to avoid tearDownInterfaces call from WiFiStateMachine's
constructor.
Bug: 33752168
Test: on device
(cherry picked from commit 0db195d0757e36c73b9da5a95d9b9986386f0f2e)
Change-Id: I55f56dd8daa5089073ff8dd424e92d09326c7d00
The SO_RCVBUFFORCE option requires the caller of uevent_create_socket()
to have net_admin capabilities.
Set platform default rcv/snd buffer sizes to 256kb that will always be
overridden by the device/target. However, it will allow
ueventd / healthd to use the uevent_create_socket() API w/o requiring
the net_admin capability.
Note: All devices override the buffer sizes according to the technology
maximum to at least ~8MB. So, the init.rc change here is to make sure
platform code can work w/o any overrides.
Test: no SELinux failures for healthd with 'net_admin' removed.
Bug: https://b/32733887
Change-Id: Ida346468cd550ad07901bf3a78ad508939849906
Signed-off-by: Sandeep Patil <sspatil@google.com>
Most notably, there's no longer any need to guess an end time.
Bug: http://b/23478578
Bug: http://b/33450491
Test: rebooted with bootcharting on/off
Change-Id: Icb7d6859581da5526d77dfc5aa4d57c9bfbfd7e2
It's 5 characters shorter, has no runtime costs, can be stored on a
read-only partition, and avoids problems like b/27262109 and b/27204904.
It allows makes some security hardening easier.
Bug: 27262109
Bug: 27204904
Bug: 32799236
Test: verified new symlink created and old one not present
Change-Id: Ief362e13569ad9c868a7f0f9c4dbd6a328c96c6b
Use to solve the problem of tracefs conditionally being mounted
under debugfs and needing restorecon'd without boot performance
penalty.
Also move skip-ce to a flag for consistency.
Test: Check that trace_mount has correct attributes after boot
Bug: 32849675
Change-Id: Ib6731f502b6afc393ea5ada96fa95b339f14da49
Start update_verifier in cache group to avoid dac_override
Bug: 30020920
Change-Id: I227b4a0e1c07e7b9bf209b432e9db02275ffe660
Test: mma
(cherry picked from commit 1e4635f0a8)
restorecon_recursive doesn't traverse filesystem boundaries. On
tracefs systems, tracing is a separate filesystem, so restorecon
this as well
Bug: 30963384
Test: Boot hikey, and check that there are no debugfs_tracing denials in dmesg
Change-Id: I24abd3ad80d2cfdab4f64fecee799fc0c24ed238
In zygote wrapping mode, ZygoteConnection does a check to see if the pid
reported by the wrapped process is either child process that was
forked, or a decendent of it. This requires read access to other
processes /proc files. Grant zygote AID_READPROC to allow this access.
Bug: 32610632
Test: manual inspection of /proc files to verify group.
Test: manual inspection of zygote's children to make sure they do not
inherit AID_READPROC
Change-Id: I3619a9ae33c8077e068e8024f7c7d44cfca6fb76
This will make it possible to start some key services before mounting
data partition
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
(cherry picked from commit abfbec342f)
This will make it possible to start some key services before mounting
data partition
(cherry picked from commit abfbec342f)
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
Andreas Gampe