be5e446791
In an effort to ensure that our development community does not introduce new code without corresponding SELinux changes, Android closely monitors the number of SELinux denials which occur during boot. This monitoring occurs both in treehugger, as well as various dashboards. If SELinux denials are dropped during early boot, this could result in non-determinism for the various SELinux treehugger tests. Introduce /system/bin/auditctl. This tool, model after https://linux.die.net/man/8/auditctl , allows for configuring the throttling rate for the kernel auditing system. Remove any throttling from early boot. This will hopefully reduce treehugger flakiness by making denial generation more predictible during early boot. Reapply the throttling at boot complete, to avoid denial of service attacks against the auditing subsystem. Delete pre-existing unittests for logd / SELinux integration. It's intended that all throttling decisions be made in the kernel, and shouldn't be a concern of logd. Bug: 118815957 Test: Perform an operation which generates lots of SELinux denials, and count how many occur before and after the time period. Change-Id: I6c787dbdd4a28208dc854b543e1727ae92e5eeed |
||
---|---|---|
.. | ||
Android.bp | ||
OWNERS | ||
README.md |
README.md
Android's shell and utilities
Since IceCreamSandwich Android has used mksh as its shell. Before then it used ash (which actually remained unused in the tree up to and including KitKat).
Initially Android had a very limited command-line provided by its own "toolbox" binary. Since Marshmallow almost everything is supplied by toybox instead.
We started moving a few of the more important tools to full BSD implementations in JellyBean, and continued this work in Lollipop. Lollipop was a major break with the past in many ways (LP64 support and the switch to ART both having lots of knock-on effects around the system), so although this was the beginning of the end of toolbox it (a) didn't stand out given all the other systems-level changes and (b) in Marshmallow we changed direction and started the move to toybox.
Not everything is provided by toybox, though. For the bzip2 command-line tools we use the ones that are part of the bzip2 distribution. The awk added in Android P is Brian Kernighan's "one true" awk.
The lists below show what tools were provided and where they came from in
each release starting with Gingerbread. This doesn't tell the full story,
because the toolbox implementations did have bugs fixed and options added
over the years. Gingerbread's rm, for example, supported -r
/-R
but not
-f
. But this gives you an idea of what was available in any given release,
and how usable it was likely to be.
Also note that in any given release toybox
probably contains more
commands than there are symlinks for in /system/bin
. You can get the
full list for a release by running toybox
directly.
Android 2.3 (Gingerbread)
BSD: cat dd newfs_msdos
toolbox: chmod chown cmp date df dmesg getevent getprop hd id ifconfig iftop insmod ioctl ionice kill ln log ls lsmod lsof mkdir mount mv nandread netstat notify printenv ps reboot renice rm rmdir rmmod route schedtop sendevent setconsole setprop sleep smd start stop sync top umount uptime vmstat watchprops wipe
Android 4.0 (IceCreamSandwich)
BSD: cat dd newfs_msdos
toolbox: chmod chown cmp date df dmesg getevent getprop hd id ifconfig iftop insmod ioctl ionice kill ln log ls lsmod lsof mkdir mount mv nandread netstat notify printenv ps reboot renice rm rmdir rmmod route schedtop sendevent setconsole setprop sleep smd start stop sync top touch umount uptime vmstat watchprops wipe
Android 4.1-4.3 (JellyBean)
BSD: cat cp dd du grep newfs_msdos
toolbox: chcon chmod chown clear cmp date df dmesg getenforce getevent getprop getsebool hd id ifconfig iftop insmod ioctl ionice kill ln load_policy log ls lsmod lsof md5 mkdir mount mv nandread netstat notify printenv ps reboot renice restorecon rm rmdir rmmod route runcon schedtop sendevent setconsole setenforce setprop setsebool sleep smd start stop sync top touch umount uptime vmstat watchprops wipe
Android 4.4 (KitKat)
BSD: cat cp dd du grep newfs_msdos
toolbox: chcon chmod chown clear cmp date df dmesg getenforce getevent getprop getsebool hd id ifconfig iftop insmod ioctl ionice kill ln load_policy log ls lsmod lsof md5 mkdir mkswap mount mv nandread netstat notify printenv ps readlink renice restorecon rm rmdir rmmod route runcon schedtop sendevent setconsole setenforce setprop setsebool sleep smd start stop swapoff swapon sync top touch umount uptime vmstat watchprops wipe
Android 5.0 (Lollipop)
BSD: cat chown cp dd du grep kill ln mv printenv rm rmdir sleep sync
toolbox: chcon chmod clear cmp date df dmesg getenforce getevent getprop getsebool hd id ifconfig iftop insmod ioctl ionice load_policy log ls lsmod lsof md5 mkdir mknod mkswap mount nandread netstat newfs_msdos nohup notify ps readlink renice restorecon rmmod route runcon schedtop sendevent setenforce setprop setsebool smd start stop swapoff swapon top touch umount uptime vmstat watchprops wipe
Android 6.0 (Marshmallow)
BSD: dd du grep
toolbox: df getevent iftop ioctl ionice log ls lsof mount nandread newfs_msdos ps prlimit renice sendevent start stop top uptime watchprops
toybox: acpi basename blockdev bzcat cal cat chcon chgrp chmod chown chroot cksum clear comm cmp cp cpio cut date dirname dmesg dos2unix echo env expand expr fallocate false find free getenforce getprop groups head hostname hwclock id ifconfig inotifyd insmod kill load_policy ln logname losetup lsmod lsusb md5sum mkdir mknod mkswap mktemp modinfo more mountpoint mv netstat nice nl nohup od paste patch pgrep pidof pkill pmap printenv printf pwd readlink realpath restorecon rm rmdir rmmod route runcon sed seq setenforce setprop setsid sha1sum sleep sort split stat strings swapoff swapon sync sysctl tac tail tar taskset tee time timeout touch tr true truncate umount uname uniq unix2dos usleep vmstat wc which whoami xargs yes
Android 7.0 (Nougat)
BSD: dd grep
toolbox: getevent iftop ioctl log nandread newfs_msdos ps prlimit sendevent start stop top
toybox: acpi base64 basename blockdev bzcat cal cat chcon chgrp chmod chown chroot cksum clear comm cmp cp cpio cut date df dirname dmesg dos2unix du echo env expand expr fallocate false find flock free getenforce getprop groups head hostname hwclock id ifconfig inotifyd insmod ionice iorenice kill killall load_policy ln logname losetup ls lsmod lsof lsusb md5sum mkdir mknod mkswap mktemp modinfo more mount mountpoint mv netstat nice nl nohup od paste patch pgrep pidof pkill pmap printenv printf pwd readlink realpath renice restorecon rm rmdir rmmod route runcon sed seq setenforce setprop setsid sha1sum sleep sort split stat strings swapoff swapon sync sysctl tac tail tar taskset tee time timeout touch tr true truncate tty ulimit umount uname uniq unix2dos uptime usleep vmstat wc which whoami xargs xxd yes
Android 8.0 (Oreo)
BSD: dd grep
bzip2: bzcat bzip2 bunzip2
toolbox: getevent newfs_msdos
toybox: acpi base64 basename blockdev cal cat chcon chgrp chmod chown chroot chrt cksum clear cmp comm cp cpio cut date df diff dirname dmesg dos2unix du echo env expand expr fallocate false file find flock free getenforce getprop groups gunzip gzip head hostname hwclock id ifconfig inotifyd insmod ionice iorenice kill killall ln load_policy log logname losetup ls lsmod lsof lspci lsusb md5sum microcom mkdir mkfifo mknod mkswap mktemp modinfo modprobe more mount mountpoint mv netstat nice nl nohup od paste patch pgrep pidof pkill pmap printenv printf ps pwd readlink realpath renice restorecon rm rmdir rmmod runcon sed sendevent seq setenforce setprop setsid sha1sum sha224sum sha256sum sha384sum sha512sum sleep sort split start stat stop strings swapoff swapon sync sysctl tac tail tar taskset tee time timeout top touch tr true truncate tty ulimit umount uname uniq unix2dos uptime usleep uudecode uuencode vmstat wc which whoami xargs xxd yes zcat
Android 9.0 (Pie)
BSD: dd grep
bzip2: bzcat bzip2 bunzip2
one-true-awk: awk
toolbox: getevent getprop newfs_msdos
toybox: acpi base64 basename blockdev cal cat chcon chgrp chmod chown chroot chrt cksum clear cmp comm cp cpio cut date df diff dirname dmesg dos2unix du echo env expand expr fallocate false file find flock fmt free getenforce groups gunzip gzip head hostname hwclock id ifconfig inotifyd insmod ionice iorenice kill killall ln load_policy log logname losetup ls lsmod lsof lspci lsusb md5sum microcom mkdir mkfifo mknod mkswap mktemp modinfo modprobe more mount mountpoint mv netstat nice nl nohup od paste patch pgrep pidof pkill pmap printenv printf ps pwd readlink realpath renice restorecon rm rmdir rmmod runcon sed sendevent seq setenforce setprop setsid sha1sum sha224sum sha256sum sha384sum sha512sum sleep sort split start stat stop strings stty swapoff swapon sync sysctl tac tail tar taskset tee time timeout top touch tr true truncate tty ulimit umount uname uniq unix2dos uptime usleep uudecode uuencode vmstat wc which whoami xargs xxd yes zcat
Android Q
BSD: grep fsck_msdos newfs_msdos
bzip2: bzcat bzip2 bunzip2
one-true-awk: awk
toolbox: getevent getprop
toybox: acpi base64 basename bc blkid blockdev cal cat chattr chcon chgrp chmod chown chroot chrt cksum clear cmp comm cp cpio cut date dd df diff dirname dmesg dos2unix du echo egrep env expand expr fallocate false fgrep file find flock fmt free freeramdisk fsfreeze getconf getenforce getfattr grep groups gunzip gzip head help hostname hwclock i2cdetect i2cdump i2cget i2cset iconv id ifconfig inotifyd insmod install ionice iorenice iotop kill killall ln load_policy log logname losetup ls lsattr lsmod lsof lspci lsusb makedevs md5sum microcom mkdir mkfifo mknod mkswap mktemp modinfo modprobe more mount mountpoint mv nbd-client nc netcat netstat nice nl nohup nproc nsenter od partprobe paste patch pgrep pidof ping ping6 pivot_root pkill pmap printenv printf prlimit ps pwd pwdx readlink realpath renice restorecon rev rfkill rm rmdir rmmod runcon sed sendevent seq setenforce setfattr setprop setsid sha1sum sha224sum sha256sum sha384sum sha512sum sleep sort split start stat stop strings stty swapoff swapon sync sysctl tac tail tar taskset tee time timeout top touch tr traceroute traceroute6 true truncate tty tunctl ulimit umount uname uniq unix2dos unlink unshare uptime usleep uudecode uuencode uuidgen vconfig vmstat watch wc which whoami xargs xxd yes zcat