New "mvuserdata" command will move all private app data from one
volume UUID to another. It leverages the existing "cp" toybox
command to do the heavy lifting for all known users, preserving
details like timestamps and permissions. It invokes restorecon()
to correctly label the new location when the copy is finished.
Changes installd to no longer drop capabilities, so we run as root
again. This also allows us to exec "cp" with CAP_DAC_OVERRIDE and
CAP_FOWNER still in effect.
Bug: 19993667
Change-Id: I1f407a7c4a1af97ca5afc27b04eb16b4936cbdef
We're now parsing and passing through volume UUIDs sent across the
command socket. The "!" argument value is treated as null, which
means internal storage.
Bug: 19993667
Change-Id: I17729a769ce687a2e94e85991a6338c77ded0b66
Teach free_cache() and restorecon_data() about building per-volume
paths. Also clean up restorecon_data() by using std::string when
building paths.
Clearer names for path building utility methods, and tests to verify.
Bug: 19993667
Change-Id: Iacfbcdaa5b901cc2490bc8eba366dfdeb44f1d93
Since app data paths can live on expanded storage devices, accept the
target volume UUID when building paths. The null UUID indicates the
default internal storage.
To improve readability, start using std::string in several places,
which throws when allocations fail. For now, perform last-second
sanity checks on incoming path arguments, but we'll eventually want
to check arguments as they come through installd.cpp, instead of
crashing the entire daemon.
Also remove "lib" symlink code from install() and make_user_data(),
since we're no longer supporting /data/app-lib. The framework
already uses linklib() to create the right symlink for the selected
ISA-specific library dir.
Bug: 19993667
Change-Id: Ib9343575ffb62bf3981e19375de8f3822fc31e28
This is the minimal change needed to switch it over to C++, which
paves the way for using more robust utilities like std::string.
Change-Id: I80ed6280146875eb6ddbbb340c05450388ca13f0
Apps on expanded storage live at /mnt/expand/<uuid>/app/com.example,
so we need to relax one more directory level.
Bug: 19993667
Change-Id: I347ec7b92435ea69e632ed5d5fdfabe38ce0b56e
Previously AID_INSTALL was used, which was causing permission denied errors
when PackageManager was trying to recursively rename staging directory
Bug: 19550105
Bug: 20087446
Change-Id: I3a9e3056c1fbc1ce0077a3ce52cf77ea6b5085ee
Also use the 'ptr' union member rather than 'handle'.
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
Change-Id: I68e5336cd3af3bc61dbddd2b33d7e1512c0c329c
This patch adds extra logging for the binder version in case the userspace
and kernel versions differ.
Change-Id: I9859b29099726cfcfe5ca23d88ed2e101a06af1a
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
service_manager.c gets string.h inherited from
private/android_filesystem_config.h it should
not rely on this in the future. The intent is
to move fs_config function into libcutils and
thus deprecate any need for string.h in this
include file.
Bug: 19908228
Change-Id: Icc95ee02bf02c596463868b1330d209d1bd5c58a
Changes to installd:
- dexopt now allows oat_dir param for custom output directory
- Added helper method calculate_oat_file_path for calculating oat file
output location based on oat_dir and apk_path.
Bug: 19550105
Change-Id: I6b079207310583adeb6dad918a58034a059e34c4
Previously odex files were stored alongside the dex location as:
dex location: /foo/bar/base.apk
odex location: /foo/bar/<isa>/base.odex
This changes where odex files are stored, adding an "oat" directory:
dex location: /foo/bar/base.apk
odex location: /foo/bar/oat/<isa>/base.odex
See also the corresponding changes in platform/art and platform/build.
Bug: 19550105
Change-Id: I4c6be4f0c41ff175904846db8e360c4af815b265
Add O_CLOEXEC to various file descriptor calls, to avoid
leaking file descriptors to dumpstate's child processes.
Bug: 18342188
Change-Id: I74c47a98dfddc29c618067ad53d879b98ed1d87a
Reorder the find permission checks. This avoids generating misleading
SELinux denials when a service doesn't exist, or when a service is
prohibited to isolated apps.
The original reason for structuring the code this way is explained
in https://android-review.googlesource.com/#/c/100530/4/cmds/servicemanager/service_manager.c@172
The concern at the time was to avoid leaking a situation where
a caller could probe for the existance of a service. This turns out
to be unnecessary. The same return value is used for both a
permission denied and a service not found. The only side effect
is the generation of an SELinux audit log, which likely won't be
accessible to the calling application.
Change-Id: I9760e1821ed16102fa5f9bec07f8c34944565be9
Call logcat -L to pull any LAST Android logs. If the kernel is not
configured for PSTORE and PSTORE_PMSG, the hopes are the empty
content will pressure vendors to slice up and configure support.
Change-Id: I5fddfa1e0f59f24fccc30b257ba68af8a8cf8640
It turns out dump_file is used on a number of /proc and system files.
In one case, the read of a file stalled and caused a bugreport to
hang forever. It's still possible if there is a kernel bug that this
could stall forever, but less likely.
Also, change the return type of nanotime to uint64_t.
Testing:
- Created a named fifo and verified that dump_file fails with a timeout.
- Created a large /data/anr/traces.txt to verify that large files still
dump properly and that the additional NONBLOCK parameter doesn't cause
a problem.
- Created a dummy /data/tombstones/tombstone_00 to verify that the
dump of these files still works.
- Compared a dump using the old dumpstate to the new dumpstate to verify
nothing obviously different.
Bug: 19117030
Change-Id: I0d3dd27583c853cdaccd2fd278748cb5f9ccd4fb
This option doesn't work with the current selinux protections and
doesn't serve much of a purpose. You can get the same results running
this:
dumpstate | gzip > /data/local/tmp/dump.txt.gz
Bug: 19271141
Change-Id: Icc76200df33dc708e30c556ec8a0f393f995fe7c