Update the logic for system server profiles to work without disabling
SELinux policies.
Test: check that system_server profile is created without disabling
SElinux
Bug: 74081010
(cherry picked from commit 3f3a08ad0d)
Merged-Id: I63ffadfbe6850992634d0720fb077a4dc65b5736
Change-Id: I63ffadfbe6850992634d0720fb077a4dc65b5736
Pass an explicit flag to the runtime when we need to profile the system
server. This ensures that we only start the ProfileSaver and allocate the
code cache when needed.
Test: manual, on a device with system server profiling enabled
Bug: 74081010
Change-Id: I5647e0bfb47d31c0e39bb3f59650cc956f49c4db
With the new xt_bpf support for iface stats. We no longer need to parse
the per interface stats from /proc/net/dev. And since the old xt_qtaguid
code path also not depend on it, we can completly remove that helper
function since no caller is depending on it now.
Bug: 72111305
Test: runtest frameworks-net -c com.android.internal.net.NetworkStatsFactoryTest
Change-Id: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
After adding the xt_bpf module and ifaceStatsMap, eBPF tool can now
support reading per interface data. So networkStatsFactory should move
away from parsing proc/net/dev and use the eBPF map stats instead.
Bug: 72111305
Test: atest com.android.server.net.NetworkStatsServiceTest
Change-Id: Ibcc6150d00835b3bd33af22a72e4a86e172581cf
In the KillApplicationHandler for uncaught exceptions ensure that the
LoggingHandler has been run. This ensures logging when code directly
calls getUncaughtExceptionHandler().uncaughtException().
Bug: 29624607
Bug: 73380984
Test: m
Test: manual
Change-Id: I9c9216714b4cf029d7ed21e29313c0e802345337
Usage stats corrections for 464xlat in NetworkStatsFactory are not applied
to tethered traffic. Add adjustments in NetworkStatsService. After
migrating external callers off NetworkStatsFactory, we will be able to
only apply adjustments in NetworkStatsService and remove stacked
interface tracking from NetworkStatsFactory.
Bug: 72107146
Fixes: 72107146
Test: runtest frameworks-net & manual - checked corrected network usage
Change-Id: I5ce450e616b4fddf21f2a491fe5d0c9e9f969bda
Extend the existing hidden_api_blacklist_exemptions config to support a
list of API signature prefixes to exclude from hidden API enforcement.
Push this list down to the zygote process when that process is created,
and when the list changes. This minimizes overhead, but should also ensure
that all new processes get the latest whitelist.
Test: $ adb shell settings put global hidden_api_blacklist_exemptions \
Test: Landroid/view/RemoteAnimationDefinition\\\;:Landroid/app/ActivityManager\\\$TaskDescription\\\;
Test: Manually verify logcat output from app which uses named APIs
Bug: 73337509
Change-Id: Ib1245b69da4dac50c6968f1be62f1a74591dc433
This CL adds the basics to set black, dark gray or light gray list
enforcement, rather than just black as before. It's not possible to
actually set the policy per-package yet.
PackageDexOptimizer still uses a single bit, for API checks on/off, rather
than the new enum. It assumes blacklist enforcement internally. This can
be improved in a follow up CL.
(cherry-picked from commit e52130ae4c)
Test: m
Test: Boot device
BUG: 73337509
Change-Id: Ic0d5b8fa631c2bd583b6fc52b2ee3708c8113f59
Merged-In: Idd73c9938592c5c4d67cfb9efefdffed0dd5f262
Debuggable apps enable mini-debug-info after fork, however, this does not
work with apps with wrap.sh script since they follow different code path.
Enable mini-debug-info generation for those as well.
Bug: 74070426
Test: check that app with wrap.sh generates debug info for JIT now
Change-Id: I489ac3c82bcced8fc0448ed5666f67009cbb043d
Useful for clients such as BatteryStats which currently rely
on NetworkStatsFactory. Data at that stage is incomplete as
it does not account for tethering, VT data and corresponding
464xlat corrections.
Test: runtest frameworks-net, CTS tests pass.
Change-Id: I763b77f601c827fd2963204694fb5b45425cc791
API to obtain cellular battery stats for power
drain diagnostics.
Test: Manual
BUG:67647477
Merged-In: Iffdb1471cd55847b6454313c94497ab2cd6533cc
Change-Id: Iffdb1471cd55847b6454313c94497ab2cd6533cc
Some packages in the system image are not built against the SDK, so
enforcing hiddenapi checks for these will break them. Add a whitelist
for such packages.
For now, just add the contacts provider to the whitelist. The list will be
further populated later.
Test: Added test app package name to whitelist to verify.
Bug: 73244707
Merged-In: I94746b7f12dd9371d5068bb235eb853f63ee4d97
Change-Id: I1cbbd220c61b1b4b767c301f97096607ee902a7b
This uses the new ZygoteProcess.startChildZygote() method to launch the
webview_zygote, rather than having init start it. This will share more
memory between the app_process and the webview_zygote, reducing the
overall system footprint.
Bug: 63749735
Test: m
Test: Launch "Third-party licenses" activity from Settings, and it
renders correctly via the WebView.
Change-Id: I3e39cd8adb9c099c92ee34640428916d90cb2b8f
This adds a new --start-child-zygote argument that instructs the main
zygote to create a new child process that will also be a zygote. The
system_server generates a random name in the abstract socket namespace
for it and the child-zygote to communicate over, and that is passed as
an argument to the new process.
A child-zygote bypasses the normal post-fork-child of the zygote process
in order to preserve itself as a zygote. This means not starting the
Binder threadpool nor launching into ActivityThread. Instead, a
child-zygote calls into its own main function. The main function runs a
ZygoteServer select loop, listening on the socket name specified by the
system_server when it was forked.
Unlike the system zygotes, a child-zygote can be killed without bringing
down the system. Killing a child-zygote will not terminate its child
processes, which will be reparented to init for reaping when they
eventually exit.
Bug: 63749735
Test: m (with multi-project commits landed)
Change-Id: I3e7ebbdba498f8fec1d84cdf927dc43a92be4b68
Record the compilation reason in the oat files to enable better
performance monitoring.
Test: DexoptOptionsTest
manual
Bug: 73102540
Change-Id: Ifa487d4bc33dcd06f12af6bdd1d9a9c5f4562f4b
Extend the installd profile interface to take the profile name as
argument. This shifts the responsibility for choosing the names of
profiles for primary apks completely to PackageManager. Each of the
application code paths will get an unique profile name based on their
split name.
All the profile operations will now work on a specific profile name rather
than assuming a default global name.
Also, move dumpProfiles and clearProfiles functionality to the
ArtManagerService so that we can re-use profileName computations easier.
(cherry picked from commit 6ae39fc2e5)
Test: manual (dexopt apps, merge profiles, clear profiles)
gts GtsAndroidRuntimeManagerHostTestCases
Bug: 30934496
Merged-In: Ie65d45eed7de0844edf4b7af918d7eaa74ec1f2c
Change-Id: Ie65d45eed7de0844edf4b7af918d7eaa74ec1f2c
Add support in the package installer to install dex metadata files
alongside the application apks (base or splits).
During installation or update the dex metadata files will need to have a
matching apk file. The matching is done by checking the file extension
(e.g. base.apk -> base.dm, split_a.apk -> split.dm).
On disk, the metadata files are placed next to the apks.
The .dm files will be used during install-time optimizations and passed
verbatim to dex2oat.
Test: adb shell am instrument -w \
1) adb shell am instrument -w \
-e class android.content.pm.DexMetadataHelperTest
com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
2) adb install-multiple CtsClassloaderSplitApp.apk
CtsClassloaderSplitApp.dm CtsClassloaderSplitAppFeatureA.apk
CtsClassloaderSplitAppFeatureA.dm CtsClassloaderSplitAppFeatureB.apk
3) gts-tradefed -m GtsAndroidRuntimeManagerHostTestCases
(cherry picked from commit 3fc56c3000)
Bug: 30934496
Merged-In: I86f0a8307705ff3d6a5a85c2fcaae085dd62d4af
Change-Id: I86f0a8307705ff3d6a5a85c2fcaae085dd62d4af
There are only two situations in which we want to enable hidden API
access flag checks. Turning the flag from DISABLE_ to ENABLE_
simplifies logic in ART and reduces the number places where the flag
had to be passed down to ART.
Bug: 64382372
Test: boot device, install and run apps, check log messages
(cherry picked from commit f7e31c0a2b)
Change-Id: Ib2f70696d98c6e1500d1d419d6acf0a8d0487213
There will be the following situations about mApplicationObject:
1) fork app process will invoke ActivityThread.main(),
then set mApplicationObject.
2) fork system_server, don't set mApplicationObject value.
3) using app_process fork process except zygote, will inovke RuntimeInit,
don't set mApplicationObject value。
For example using command as below:
app_process /system/bin com.android.commands.am.Am "$@",
if this process throw uncaught exception,will output FATAL EXCEPTION IN SYSTEM PROCESS log,
it's not in system process but in normal process。
so should add condition: Process.SYSTEM_UID == Process.myUid()
BUG: 72759350
Test: manual
Change-Id: Ie8d769e4149cd9b938577058de871c4f8db9efe5
Signed-off-by: yuanhuihui <yuanhuihui@xiaomi.com>
Based on https://android-review.googlesource.com/574843.
Added APCT coverage to verify the fix and prevent regressions.
Bug: 70920189
Test: android.view.menu.ContextMenuTest
Change-Id: Id9ee500751fe6f3da07bf10fb510ac49487104d0
When forking a process for a system app, pass a flag to ART that
will disable enforcement of hidden API access checks.
Test: manual
Bug: 64382372
Change-Id: I5ba81d84a44c9467613f060428b11e1d9d725bd3
For now, system apps will be exempt from hidden API access checks.
Pass the appropriate flag to dexopt.
Test: manual
Bug: 64382372
Bug: 72305689
Merged-In: I5676ffa3a5ba680bf5f6bab0b62f0acf4a933097
Change-Id: Idc3067d2c6040f15fe0f051090ba45efe591ebae
If the qtaguid proc file is no longer exist, the device is running new
eBPF module to do traffic accounting. So the NetworkStatsFactory need to
use the proc/net/dev interface to get the per interface traffic stats
summary. Also, adding a test to verify the helper function work properly
Bug: 30950746
Test: run NetworkStatsFactoryTest
Change-Id: Ia36808bf02f1637dd41a3e7c50917b91b1a77524
Add the native method used to read the detail information of network
stats from bpf maps. The native method of NetworkStatsFactory should
choose the correct implementation to get the stats detail depending on
the kernel version. Currently the bpf result is printed as a reference
and the actual behavior of NetworkStatsFactory should not change.
Test: NetworkStatsFactory related cts test should not fail.
Bug: 30950746
Change-Id: I4715a23559b5b2306bd556cea0431f0ed172a993
This allows us to maintain NetworkStats entries that track
whether the traffic was on the default network.
At the moment, the stats collection code always passes in
DEFAULT_NETWORK_NO. However, this value is a no-op, since it is
not persisted to disk. Only the ident, the uid/set/tag, and the
packet/byte/operation counters are persisted.
A future change will add defaultNetwork to the ident and start
persisting it.
Bug: 35142602
Test: runtest frameworks-net
Change-Id: Ifa291c62c0fa389b88e5561086a29dcd7cee2253
Before this change, seccomp filter setup is as early as in zygote's main
function. To make it possible to split app and system server's filter,
this postpone the setup to after fork. It also starts to call app
specific and system server specific setup function.
The filter setup is done in Zygote's ForkAndSpecializeCommon. This is
because adding a seccomp filter must be done when either the caller has
CAP_SYS_ADMIN or after the PR_SET_NO_NEW_PRIVS bit is set. Given that
setting PR_SET_NO_NEW_PRIVS breaks SELinux domain transition
(b/71859146), this must be done after Zygote forks but before
CAP_SYS_ADMIN is droppped.
Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Test: no selinux denial flood in dmesg with selinux enforced
Test: debuggerd -b `pidof com.android.phone` # logcat shows tombstoned
received crash request
Bug: 63944145
Bug: 71859146
Change-Id: I8215c8530d3d0de504a270488f8e29635805e8b0
Dex2oat now accepts targetSdkVersion as a parameter to determine
whether ART should treat the app as "legacy" and allow or restrict
access to private APIs.
We also bump arguments of otapreopt to v4 to accommodate the new value.
Bug: 64382372
Test: manual
Change-Id: Iae3867325dfaf8deaba51626ab04b97ad797d3b6
Before this change, seccomp filter setup is as early as in zygote's main
function. To make it possible to split app and system server's filter,
this postpone the setup to after fork. It also starts to call app
specific and system server specific setup function.
In terms of performance since this happens at fork, the measure shows
the overhead is negligible. Assuming 130 instruction in the BPF, on
walleye, even when running on little core with fixed low frequency, each
setup took about 60.9us on average. When it runs on big core with
higher frequency, it took about 39.3us.
Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Bug: 63944145
Change-Id: I748735b478405098beac1e200d911c13ea60e380
Merged-In: I748735b478405098beac1e200d911c13ea60e380
ResolverActivity sort the list resolved intent with AsyncTask.
The method sort hold CountDownLatch to wait the time-consuming
operation. In some case, the operation doesn't end and the
CountDownLatch can't be released.The default excutor of AsyncTask
is serial. There should release CountDownLatch in destroy()
to avoid this case.
Change-Id: Ie10126f735d9f511dfe086c21f3f5ffaeb831086
Signed-off-by: gaochong <gaochong@xiaomi.com>
Test: manual - repeatedly test ResolverActivity show correctly
Bug: 71730061
Also remove 'build.master@android.com' which is deprecated, not
declared by anybody else, and makes the linter unhappy.
Bug: 70394432
Test: built
Merged-In: I9c0ba41386129379f82259fcc5e745562b014fae
(cherry pick from commit 626eed2ac8)
Change-Id: Ie802113d61f693d73f7234b44ac2a9bd462b3fbf
The log can be used to test if LAST KMSG or other items are copied
to dropbox successfully, especially in user builds without root
privilege.
BUG: 69685635
Test: manually verified the desired log from bugreport on user
and userdebug builds.
Change-Id: I6570d95538d678c98d261690ca3c20416d7a31c6
Merged-In: Ie6033bf04c7f79fc596761ab751aa5fcea2c1130
(cherry-picked from commit bafcd7b595)
