Please see commit 3082eb7c72 for an
explanation of this change.
This capability is not used by system_server.
Bug: 34951864
Bug: 38496951
Test: code compiles, device boots, no selinux errors ever reported.
Change-Id: I4242b1abaa8679b9bfa0d31a1df565b46b7b3cc3
(cherry picked from commit 35775783fc)
Commit https://android.googlesource.com/kernel/common/+/f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. system_server uses this capability to collect
smaps from managed processes. Presumably this was done to avoid the
implications of granting CAP_SYS_PTRACE to system_server.
However, with SELinux enforcement, we can grant CAP_SYS_PTRACE but not
allow ptrace attach() to other processes. The net result of this is that
CAP_SYS_PTRACE and CAP_SYS_RESOURCE have identical security controls, as
long as system_server:process ptrace is never granted.
Add CAP_SYS_PTRACE to the set of capabilities granted to system_server.
Don't delete CAP_SYS_RESOURCE for now. SELinux has blocked the use of
CAP_SYS_RESOURCE, but we still want to generate audit logs if it's
triggered. CAP_SYS_RESOURCE can be deleted in a future commit.
Bug: 34951864
Bug: 38496951
Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Change-Id: I2570266165396dba2b600eac7c42c94800d9c65b
(cherry picked from commit 3082eb7c72)
The restriction on system property key length has been lifted.
Update the invoke-with code to first check the full-length property.
Then fall back to the truncated version for backwards-compatibility.
Test: m
Test: manual with long package name (Maps)
Change-Id: I9f714af093a6017307cfef18c84de769f0de7c3e
These classes are only used by android.test classes that are
being removed. As their name suggests they should not be in the
Android API at all so it makes sense to remove them. Especially
as there is java.lang.function.Predicate available now.
It appears as though Predicate was only added in to the API
because it was used by a method in the API as the directory in
which it and Predicates live was not on the list of classes to
explicitly index. Moving it into legacy-test meant that they are
now being indexed explicitly which means that Predicates needs
to be hidden.
Keeps running the tests as part of the existing target.
At runtime apps targeted at the API version before these are
removed will have the legacy-test library automatically added
to their classpath so they should see no effect. Apps that
target a later API will have to include those classes from the
android.legacy.test.jar which will contain all the android.test
classes that depend on it as well.
Bug: 30188076
Test: make checkbuild
Change-Id: Ia8502ec77ac11f85e078d70b68df214a9435eee7
Merged-In: I6f6f5f16fe93bd80227a450c6254166632fc6813
This patch uses the associative structure of the stacked/base interface
collection to avoid the two nested for loops over stacked/base
interfaces and all stats entries when correcting 464xlat traffic stats.
Consequently the list of stats entries is iterated only once.
Test: runtest -x frameworks/base/../NetworkStatsFactoryTest.java
Bug: 33681750
Change-Id: I84ae997fb693b909f431764697627b9957131732
For 464xlat scenarios on IPv6 networks, the clatd interface setup
introduces double counting of apps ipv4 traffic. NetworkStatsFactory was
accounting for this on the tx path, but not on the rx path. Also it did
not accounted for the 20 bytes added by the IPv6 header.
This patch subtract correctly the rx and tx traffic from the root uid on
the underlying interface, and also adds correctly the 20 bytes cost per
packet on the stacked interface for 464xlat traffic.
Test: added several new unit tests, based on synthetic data and real
data also.
Bug: 33681750
Change-Id: I2675643b220acbc6110179fa937d4c313b6f5e32
This patch extracts into BitUtils byte manipulation helper methods
and unsigned type manipulation helper methods from ApfFilter into
an independent and reusable structure.
Test: $ runtest frameworks-net
Change-Id: I0f33af10457a63dbde5983f14353a79b8cd877d9
This patch is a partial cherry-pick from commit
df456e13a1 for the BitUtils and
NetworkCapabilities classes.
Bug: 34901696
Test: none
(cherry picked from commit df456e13a1)
Merged-In: Id04f9080e7f75608deeb49306aec34941e71794c
Change-Id: I64eae49f646365b7cd1683a689315fe03bf0bdd9
This patch is a cherry-pick of the BitUtils class from commit
36e866b8e0.
(cherry picked from commit 36e866b8e0)
Test: none
Change-Id: Iaf33929f6841db273a92d650e84287bf2964fa3d
Merged-In: I0a978787551a1ee5750ec5544b241d3bbfed5a7c
This is done on wear power button doesn't turn off the screen,
when the device wakes from keyguard UI isn't visible yet, so
it needs to react to power press in some way.
Bug: 35147955
Change-Id: I22619ea446770d09b53370e9244215646b60a9db
The current implementation of the toString()
method calls dump(). This causes two problems:
1. toString() may return a large string. This
is at odds with the advice in the documentation
for Object.toString(), which says that the
returned String should be concise, and easy
to read.
2. The dump() method is overriden by many of the
StateMachine subclasses. Some of those subclasses
have dump() implementations that are expensive,
and/or have dependencies on other objects.
To resolve these problems, we simpify
StateMachine.toString().
Along the way: remove a stale comment about
implementing dump() using toString().
Note: only ran the StateMachine tests, since some
other tests are already failing.
Bug: 36661851
Test: tests/utiltests/runtests.sh \
-e class com.android.internal.util.StateMachineTest
Change-Id: I5c16c650f01178c4d018b6a65e4aa95fb905aff6
Preserve the capabilities a zygote fork has across the sh exec in
WrapperInit. Use ambient capabilities.
Test: m
Test: adb shell setprop wrap.com.android.bluetooth logwrapper && adb shell kill `pid com.android.bluetooth`
Merged-In: I3526d6a31aaadf082365c9ce31da0950e17677eb
Change-Id: I3526d6a31aaadf082365c9ce31da0950e17677eb
Root Cause: systemServer's class path is not set
after set wrap.system_server property, and restart system_server,
it shows a java.lang.RuntimeException:
Missing class when invoking static main com.android.server.SystemServer
Solution: Correctly pass and parse a passed classpath.
Bug: 34692265
Test: adb root && adb shell stop && adb shell setprop wrap.system_server logwrapper && adb shell start
Change-Id: Ia6707dc05fa627af6cc28360d26b894487a6eff1
This fixes the unexpected priority 112 of the daemon threads
(eg. HeapTaskDaemon). The problem was that when the zygote main
thread's priority is reset, it directly calls setpriority() and fails
to update the priority value in java.lang.Thread, which in turn causes
any threads created by the thread to unexpectedly inherit the boosted
priority. Calling java.lang.Thread.setPriority instead fixes.
(cherry picked from commit 1e3db871e5)
Bug: 35801778
Bug: 28866384
Test: angler master userdebug boots and thread priorities checked.
Change-Id: I68a6ed7244a9067acc2749feca7f88422bf44b02
Add the getLogRecMaxSize() method, so that
WifiStateMachine tests can verify the log
record buffer size, without having to fill
the buffer.
Bug: 35399013
Test: compile
Change-Id: Ib1bd8d670b7b39e9f740a4dd92ea67463b179ce2
Deprecates com.android.internal.util.Predicate in favour of
java.util.function.Predicate.
Deprecates TestMethod and TestSuiteBuilder in favour of
Android Test Support Library.
Bug: 35089332
Test: make checkbuild
Change-Id: Id8b2be55925d7ca09750fc9681817793517ceb5d
We already does this on start. Now we also do the same when
the list of options changes.
Test: locally on device
Bug: 34470067
Change-Id: Ib184d67b532c5afd584fb9cd52daac69a7c50d0a
