When the libcutils constant was added there a merge conflict, which
caused the AID_WEBVIEW_ZYGOTE value to land with a different value than
the Java-side Process value. Nothing yet uses the Process constant, so
there were no ill effects.
Test: m
Change-Id: I8cc87bce1ddbdcdaf79d85c828d86837e96cce21
Add classloader support to android.os.Debug.attachJvmtiAgent. For
the original version without a given classloader, look up the
application's main classloader.
Bug: 65016018
Bug: 70901841
Test: m
Test: cts-tradefed run commandAndExit cts-dev
Change-Id: I649b6883e05dc2f75073fe1f978423f6a7b880df
Before this change, seccomp filter setup is as early as in zygote's main
function. To make it possible to split app and system server's filter,
this postpone the setup to after fork. It also starts to call app
specific and system server specific setup function.
The filter setup is done in Zygote's ForkAndSpecializeCommon. This is
because adding a seccomp filter must be done when either the caller has
CAP_SYS_ADMIN or after the PR_SET_NO_NEW_PRIVS bit is set. Given that
setting PR_SET_NO_NEW_PRIVS breaks SELinux domain transition
(b/71859146), this must be done after Zygote forks but before
CAP_SYS_ADMIN is droppped.
Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Test: no selinux denial flood in dmesg with selinux enforced
Test: debuggerd -b `pidof com.android.phone` # logcat shows tombstoned
received crash request
Bug: 63944145
Bug: 71859146
Change-Id: I8215c8530d3d0de504a270488f8e29635805e8b0
In future, managing DNS-over-TLS hostname lookup and netd programming
can be encapsulated here.
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes
Bug: 64133961
Change-Id: I47ccfa99c30c780524c45c4af605e720ccba34a0
Before this change, seccomp filter setup is as early as in zygote's main
function. To make it possible to split app and system server's filter,
this postpone the setup to after fork. It also starts to call app
specific and system server specific setup function.
In terms of performance since this happens at fork, the measure shows
the overhead is negligible. Assuming 130 instruction in the BPF, on
walleye, even when running on little core with fixed low frequency, each
setup took about 60.9us on average. When it runs on big core with
higher frequency, it took about 39.3us.
Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Bug: 63944145
Change-Id: I748735b478405098beac1e200d911c13ea60e380
Merged-In: I748735b478405098beac1e200d911c13ea60e380
Add a method to compute the size of a ProxyMap without cleared
references. Use it in the crash decision. Report both counts, as
well as the count after a forced GC before actually crashing.
Rename the histogram generating function after a small refactoring
to make that easier.
When we crash, we now generate a message like the following
(generated here with reduced thresholds):
01-03 01:40:52.273 4793 4947 E JavaBinder: java.lang.AssertionError:
Binder ProxyMap has too many entries: 277 (total), 275 (uncleared),
257 (after GC). BinderProxy leak?
after the histogram. Unfortunately, the intervening GC may take some
time, and other intervening messages may sneak into the log between
them.
Experiments so far suggest that none of this greatly affects the
decision when to die. But this eliminates uncertainty as to whether
there was really a problem.
Bug: 71353150
Test: Tested with reduced thresholds, and then booted AOSP.
Change-Id: I53f24bae23eedcdb78a1c32296c65692b7bb2c42
In general, using Mutable inside of structures
or as API arguments is a code smell. However, it
is the most syntactically clean way of fetching
something out of a lambda or inner class.
Using this, one can do:
Mutable<Result> res = new Mutable<>();
hidlObject.foo((...) -> {
res.value = ...;
});
There is an alternative:
Result a[] = new Result[1];
hidlObject.foo((...) -> {
a[0] = ...;
});
However, this alternative syntax is relatively messy.
Bug: N/A
Test: boot, use w/ wifi
Change-Id: Ibff13c653cc17bd25ddbb0534ba21ef485bff7aa
To help investigate potential BinderProxy leaks, attempt to log a
histogram of BinderProxy descriptors to the logcat before asserting.
Bug: 71353150
Test: m
Change-Id: I47313814160678369b15e7dc5851d8096c286b9d
Settings application shows internal storage size using API getTotalBytes in StorageStatsManager.
This API calls getPrimaryStorageSize() in StorageManager.
getPrimaryStorageSize() returns /data parition size calculated API roundStorageSize() in FileUtils.
Using this API, total primary storage size returns 8GB if 16GB emmc size device has /data partition size below 8GB.
So we should modify getting of primary storage size close to real emmc size.
getPrimaryStorageSize() will be calculated sum of /data and /system partition size.
Test: Check primary storage size in Settings application
Change-Id: I3ad33534b1c55d09afbb0e9be1c408c02c442842
Signed-off-by: hj.seo <hj.seo@lge.com>
GSI disables AVB by overriding vbmeta partition.
When a device can run runtime vintf checking, it should already
pass AVB, so we don't need to check AVB in runtime vintf.
We cannot change the original VintfObject.verify() because AVB check is
still needed for android.os.RecoverySystem to verify a newly downloaded
OTA package.
Bug: 68016134
Test: Boot with GSI and there is no Android System dialog
Change-Id: Ie1efa6f1abd8fa8f495aededd145c0ab2c0c1fae
Merged-In: Ie1efa6f1abd8fa8f495aededd145c0ab2c0c1fae
This fails when trying to run the AOSP mailer with CRASH_AT_SIZE = 500,
when the check interval is reduced sufficiently so that the test is
actually executed. System server has been observed to use more than
1000 BinderProxies. Thus 5000 seems like roughly the lowest safe limit.
Note that the test is executed somewhat rarely, so we may exceed
this number by quite a few before we actually crash.
Bug: 65760710
Test: Builds, AOSP boots & works for a few tasks. Fails as expected
with reduced limit.
Change-Id: I1c999b85e1ba1bd1d166a9ffba4f0b3992ffee45
Added note within getSerial() in android.os.Build class. Device
identifiers, such as hardware serial numbers, can be modified if a
device is rooted. Others can use key attestation to discover these
changes. Added a note to this effect within this method.
Test: make ds-docs -j8
Bug: 38312326
Change-Id: I76e3f6a15b9a8673ca3304218653e8cd26da38d7
Original-Change-Id: Ibd2dab621c14683e12a213957b567ee49b8d00fd
... that returns PID of the process for debuggable builds.
This calls into the C++ equivalent of the function.
Test: lshal
Bug: 68992575
Change-Id: Ia177c709c6930510035cff33dc2389441a76351d
For fresh installs the PM does not set the app uid before invoking
dexopt; so we would always get a bogus GID.
This is a temporary workaround which fixes the GID of newly
installed apps to an arbitrary UNKNOWN gid.
Test: adb install
Bug: 64548938
Bug: 69331247
(cherry picked from commit a73e165c2e)
Change-Id: I6438ec8cfca88df813e166f9ef5821e62faf524a
Bluetooth service needs to natively access id of parent profile. Add
method exposing it.
Test: cts-tradefed run cts-dev -m DevicePolicyManager --test
com.android.cts.devicepolicy.ManagedProfileTest#testBluetooth
Bug: 69284968
Change-Id: I697906f2959b0736c1d3cc6af7560c27d77ce11b
