It's possible for bad atoms to have negative atom ids. This results in
an OOB write when we note that the atom was logged. This adds a
validation check on the logging.
Also added safetynet logging for negative atoms
Bug: 187957589
Test: POC in bug no longer led to the OOB write & crash
Test: checked event log for safetynet logging
Change-Id: I8a6b094c94309d7b02430fb860891ef814efb426
There is a potential injection by using screencap in case of user handled parameters.
"dumpstate" command launches "screencap", when "-p" is argument is set. At that moment, content of "-o" parameter generates a path with ".png" extension to define "screencap" argument.
"dumpstate" is often run as a service with "root" privileged such as defined in "dumpstate.rc". For instance "bugreportz" call "ctl.start" property with "dumpstatez".
Launching "dumpstate" with "-p" option and a user input as "-o" would result in a root command execution. SE Linux might protect part of this attack.
Cherry-pick from ag/10651695 with fix ag/10700515
Bug: 123230379
Test: please see commands #4 and #5
Change-Id: Icd88cdf4af153e07addb4449cdb117b1a3c881d3
ShellSubscriber is lazily initialized, and multiple threads can attempt
to write the same pointer since it is not initialized in threadsafe
code. Additionally, there is an NPE that crashes statsd when a null
ResultReceiver is passed in, which allows an attacker to repeatedly
crash statsd until the race condition occurs. More details, including a
proof of concept attack, are in the bug.
Bug: 141243101
Test: repro steps in bug no longer crash statsd
Test: with only the lock on iniitiallizing mShellSubscriber, statsd
still crashed but after ~7 minutes, no race condition occurred.
Change-Id: Ib56f888620497fb41d1627c07867693eb251738e
To help with monitoring Mainline releases, log the reason
for a watchdog-initiated rollback. This may be due to
native crashes, app crashes, ANRs or explicit health check
failures.
Add a mapping from PackageWatchdog failure reason to the
new metrics.
Bug: 146415463
Test: atest PackageWatchdogTest
Test: atest StatsdHostTestCases
Change-Id: Ia3e73d955508297004591eac762555665c557b8a
Merged-In: Ia3e73d955508297004591eac762555665c557b8a
(cherry picked from commit dd1dabaef7)
- statsd is handling SIGHUP/SIGQUIT/SIGINT/SIGTERM, but doesn't exit.
- The expected behaviour is that statsd would exit after finalizing log
processing when those signals are received.
Bug: 139817664
Test: Send SIGTERM to statsd and check if it is terminated. (note that
init will revive statsd)
Change-Id: Id1146d772f8c68892256ee7a3eea70837fee5c7a
(cherry picked from commit 2d99718adf)
(cherry picked from commit 931811bda4e52ba74dd17121b514615f2991583f)
Merged-In: Id1146d772f8c68892256ee7a3eea70837fee5c7a
timespec::tv_sec is time_t which is 32bit wide on
32bit platforms. Multipliyng 32bit integers (tv_sec and
1000) produces another 32bit integer which overflows
in this case and turns into a negative value which
confuses the logic downstream. This change makes the
multiplication to be 64bit which prevent the overflow.
Bug: 139320584
Bug: 139538727
Test: GtsIncidentManagerTestCases
Change-Id: Ie956074961c7c1f08e2519920f7ce69d5c9e12d3
Signed-off-by: Roman Kiryanov <rkir@google.com>
(cherry picked from commit e9db937f40)
We see cases where bootanim is IO sleeping on boot and its causing
jank. Change the ioprio to the highest in an attempt to reduce this.
Bug: 138459662
Test: manual - flash and factory reset, looking for artifacts in the boot animation
Change-Id: I9734edea37c92e365a2b359a5180303e9b9284f7
The sample rate of DNS stats(to statsd) is 1/sampling_rate_denom.
Bug: 119862317
Test: ./out/host/linux-x86/bin/statsd_testdrive 116
Merged-In: Iab542b32a8a18ae0bdbd8e005c430a876f056806
Merged-In: I9d37cac0bca53b3d7c6751ca69c1d304dfe17098
(cherry picked from commit 60d4f1a5bd)
Change-Id: If380a730942195db91a66944f103674c539ca7ad
1. refine the enum type Transport
The name of 1st enum value is TRANSPORT_UNKNOWN
2. remove the wrong character "CR"
Bug: 119862317
Test: ./out/host/linux-x86/bin/statsd_testdrive 116
Merged-In: Iaf7abac6170d5818a263392731069d7bf021d981
Merged-In: I8f0e7449036062ecc3827e477ced325d84c1bf54
(cherry picked from commit aee26c026c)
Change-Id: Ie33a2ea58d6f39345d0f1d4141eea8b9c458dcfc
Add logging to record whenever the 10 second guardrail for sending
active configs changed broadcast is met, so that we know when the
broadcast would not have been sent.
Add activation time for configs that are active when the device boots.
This will help determine whether or not statsd thinks configs are active
and will help debug issues like b/133809948
Bug: 133809948
Test: bit statsd_test:*
Test: manually rebooted to make sure activation time was logged
Change-Id: Ifa72202bc52485e4953e49d78dffea685cc3d1e7
The pulling code will be added in the next commit.
Bug: 130526489
Test: statsd_testdrive
Change-Id: I0fea4b6a7a8dbbdc574fb342c1e07aa0165bf797
(cherry picked from commit 77987ed47f)
We are planning to use this metric to detect leaks.
This CL also decouples the actual memory sampling from AM. This means:
- Less time locking the pid list (we used to lock and then read proc)
- Less serialization / deserialization for the parcel
- Simpler to evolve (e.g. removed the HWM-specific method in AM)
Change-Id: I87a7243156dd8c88cfa85038e7e6cf4963e271e1
Test: manual, MemoryStatUtilTest, UidAtomTests
Bug: b/135418017
libhwbinder symbols are being moved into libhidlbase in order to
optimize linking/memory usage. libhwbinder will no longer be
required in the future (however removing references to it will come
separately).
Bug: 134961554
Test: boot
Change-Id: Iab3cc1b3abf8e648254a903c89a4ab9e8eee68c8
Merged-In: I128a007749356d4a8d75eba3e2c678c0f66c59fe
