Reorder the find permission checks. This avoids generating misleading
SELinux denials when a service doesn't exist, or when a service is
prohibited to isolated apps.
The original reason for structuring the code this way is explained
in https://android-review.googlesource.com/#/c/100530/4/cmds/servicemanager/service_manager.c@172
The concern at the time was to avoid leaking a situation where
a caller could probe for the existance of a service. This turns out
to be unnecessary. The same return value is used for both a
permission denied and a service not found. The only side effect
is the generation of an SELinux audit log, which likely won't be
accessible to the calling application.
Change-Id: I9760e1821ed16102fa5f9bec07f8c34944565be9
Call logcat -L to pull any LAST Android logs. If the kernel is not
configured for PSTORE and PSTORE_PMSG, the hopes are the empty
content will pressure vendors to slice up and configure support.
Change-Id: I5fddfa1e0f59f24fccc30b257ba68af8a8cf8640
It turns out dump_file is used on a number of /proc and system files.
In one case, the read of a file stalled and caused a bugreport to
hang forever. It's still possible if there is a kernel bug that this
could stall forever, but less likely.
Also, change the return type of nanotime to uint64_t.
Testing:
- Created a named fifo and verified that dump_file fails with a timeout.
- Created a large /data/anr/traces.txt to verify that large files still
dump properly and that the additional NONBLOCK parameter doesn't cause
a problem.
- Created a dummy /data/tombstones/tombstone_00 to verify that the
dump of these files still works.
- Compared a dump using the old dumpstate to the new dumpstate to verify
nothing obviously different.
Bug: 19117030
Change-Id: I0d3dd27583c853cdaccd2fd278748cb5f9ccd4fb
This option doesn't work with the current selinux protections and
doesn't serve much of a purpose. You can get the same results running
this:
dumpstate | gzip > /data/local/tmp/dump.txt.gz
Bug: 19271141
Change-Id: Icc76200df33dc708e30c556ec8a0f393f995fe7c
Implemented these changes:
- Make this code C++.
- Avoid hangs by adding a timeout.
- Add the necessary TEMP_FAILURE_RETRY calls.
- Restructure the code a bit.
Bug: 18800936
Change-Id: Iba9f86a4c7beee4f0f36e51234855f4c0834db47
Use the native stack dumping functions that allows time outs. If
debuggerd locks up, before a bugreport would hang forever. Now
it will timeout properly and still get all of the other information.
Bug: 18766581
(cherry picked from commit 457731f69e)
Change-Id: I39e8e9c60209e3ef9efac795fedb8e1edce2bd3e
Use the native stack dumping functions that allows time outs. If
debuggerd locks up, before a bugreport would hang forever. Now
it will timeout properly and still get all of the other information.
Bug: 18766581
Change-Id: I85053b8dcfe6224e2b64b4d8f7f2ef448b3cda34
The previous version printed out the nanoseconds elapsed, not seconds.
Bug: 18766581
(cherry picked from commit 67c5a8af9e)
Change-Id: Icbaaee83a92767694fd98e3c790f36f4d24681b0
When decrypting a device, a tmpfs is temporarily mounted as /data,
the size of which is usually small. When the zygote, system server
and necessary apps are brought up, they will be compiled into the
tmpfs.
If the system image contains prebuilts, they will be relocated instead
of compiled. This is unnecessary. In this special situation it is
acceptable to run out of the prebuilt oat files without relocation,
which can save space in the tmpfs.
This patch ensures that apps are not being relocated.
Change-Id: I42bfb7e3039574b7e4f2772e0d395f093d59ed1b
Signed-off-by: Hyangseok Chae <neo.chae@lge.com>
Add swap file support for dex2oat to installd. Only use in low-memory
mode.
Bug: 18596910
(cherry picked from commit f68ce4de7f)
Change-Id: I131448f3907115054a592af73db86d2b9257ea33
Mark 2 unused paramters to prevent clang from erroring out
Change-Id: Ifc9b4a5b820bd6318e9259e737e708d25fdb174b
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
The availability of these sysfs entries will vary based on the kernel's
supported filesystems, so don't block the disk category if some of them
are missing.
Bug: 18467498
Change-Id: I96200f1b5cf3f1a8fa8186602552adc96ddffc04
Signed-off-by: Greg Hackmann <ghackmann@google.com>
This fixes jank caused by dex2oat while installing an application in the
background.
Bug: 17497551
Change-Id: I5a69b00c0fd76ae22a0d1adb242bef6c18a75743
Parser does not take into account that the last argument can be empty.
In this case it will skip end of line marker and continue parsing.
Change-Id: I2d029a69ed22cef497893e592ff3275ced97f85f
Signed-off-by: Serguei Katkov <serguei.i.katkov@intel.com>
Both Sync Manager tracing and kernel sync tracing were using "sync" to
enable tracing and since Sync Manager was found first, this prevented
enabling kernel sync tracing.
To fix this, use "syncman" to enable Sync Manager tracing.
Change-Id: Id3b799e01e5041c582cd752c8c40d3e36954f821
Signed-off-by: Iliyan Malchev <malchev@google.com>
Copies the /data/misc/keychain/cacert-* directories to all users on
the device, whereas previously they were simply copied to user 0.
This is a shallow copy so anything that wasn't supposed to be there
will disappear.
Bug: 17811821
Change-Id: Iae5909ab8d5efdb83c9c8fdf0e10ab7060d022cc
Sometimes dumping threads takes a long time and bugreport times
out. This change will cause us to accept the bugreport socket connection
before dumping threads and should avoid the failed to connect to dumpstate
service problems we've seen.
Bug: 17758374
Change-Id: I80afa0353cf1c340873f481a8d1d7faffff54120
All extra options are provided as one argument to dex2oat.
The patch splits all options to individual ones.
Change-Id: Ied65bb9cf38b114611e88a8d5d86305021700d0b
Signed-off-by: Serguei Katkov <serguei.i.katkov@intel.com>
Signed-off-by: Yevgeny Rouban <yevgeny.y.rouban@intel.com>
Previously, the vibration was not performed until after stacks
were gathered which takes a long time. Moved the vibration
to happen earlier so we provide better user feedback for the
three-button salute when collecting a bug report.
Deleted some dead code for playing begin/end sounds.
Improved the timing measurement code to help track down why
bug reports are so slow. (They take over a minute now which
can cause us to lose valuable diagnostic information.)
Bug: 17474152
Change-Id: Iac73f7993d7dc85196aad96f459b22fd4a710f94
The clock() function returns the processor time used by the process. This
is not a good timeout mechanism since the code is suspended most of the
time waiting for the forked process to finish. Replace with the time()
function.
Bug: 17154069
(cherry picked from commit 89d4949f86)
Change-Id: I42f0f24ee53ef99955fd482a1089e39d491f3bd5
The clock() function returns the processor time used by the process. This
is not a good timeout mechanism since the code is suspended most of the
time waiting for the forked process to finish. Replace with the time()
function.
Bug: 17154069
Change-Id: Ib383329f9db269445d71a100553b08e71fddda3f
Add /system/priv-app and /oem/app paths to system paths. Also allow
rmdex on system apps, and quietly ignore when it was already removed.
Also relax logging when clearing code cache, since it's optional.
Bug: 17205122
Change-Id: I4fc4d0f63a3596937c4defbd64e1f8a1c563f02d
When relabeling secondary user package directories, we need to use
the uid of the directory rather than the primary package UID;
otherwise, levelFrom=user will not work correctly.
Change-Id: I0d76ec6ec6fe56a566023ca5e1398efdf28fc81e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
It should nuke everything under the data directory. PMS will come
around and generate the lib symlink after we're finished.
Bug: 16739202
Change-Id: Ib70af2e1450e3bed6781fb497b9cc67e1e594c49
The flag enforces interpret-only flag for dex2oat.
Bug: 12457423
(cherry picked from commit b1efac1035)
(cherry picked from commit 97477d203e)
Change-Id: I215339527e998b24e274c8df42a5024839e6a9fa
Leave default signal handler (terminate) for parent process,
add SIG_IGN as signal handler for children and let them
go down when the parent gets SIGPIPE.
Bug: 17109154
Change-Id: Id33db3e97a32f289eb2a9a1a0ca8acbe3dcd285d
System apps are now installed under their own directory
(system_app_dir/app_dir/app.apk). The new path doesn't pass installd
validation because of obsolete checks which verify that the path does
not contain subdirectories past the system_app_dir.
The CL fixes the validation to accept at most on subdirectory.
Bug: 17109858
(cherry picked from commit c597b6dd89)
Change-Id: Ic5f15d1864c6af9f4c4b07dc27244ebbb521ad5e
System apps are now installed under their own directory
(system_app_dir/app_dir/app.apk). The new path doesn't pass installd
validation because of obsolete checks which verify that the path does
not contain subdirectories past the system_app_dir.
The CL fixes the validation to accept at most on subdirectory.
Bug: 17109858
Change-Id: I13abb52c0016610ff436f6a26bb6b3b85dc4dfb0
In the current directory layout this prevented rm_dex and move_dex
commands to validate the apk path and thus cleaning up resources.
Bug: 16888084
(cherry picked from commit fd88ff2edd)
Change-Id: I1002529b0c35852c67540d3165d1444523460592
In the current directory layout this prevented rm_dex and move_dex
commands to validate the apk path and thus cleaning up resources.
Bug: 16888084
Change-Id: Iba579d075a9c6d7de047e7ffef95441498257086
Writing to trace_clock erases the trace buffer, even if the value
hasn't changed. This prevents use of --async_start and --async_dump
to leave background tracing running and dump after an even that
needs debugging, because --async_dump writes to trace_clock and
resets the buffer before it can read it.
Read and parse the current value from trace_clock before writing,
and skip the write if the value isn't changing.
Change-Id: Ia2ec5bb654fb0bd179771b511ff261731ba47dca
This will allow us to conditionally change the compiler-filter based on other properties.
Bug: 15165413
(cherry picked from commit cf51ba1360)
Change-Id: I6613c9710878d56ed8c121e0caded76a64430f76
Make installd understand a patchoat directive and carry it out.
Bug: 15358152
(cherry picked from commit 7365a10689)
Change-Id: Id84a15e626ddde63876914068d3d9aa037abc65b
1. Explicitly dump IP addresses.
Currently, some IP addresses are dumped using netcfg, but that
only dumps the first IPv4 address on each interface. Instead,
call ip -4 addr and ip -6 addr explicitly to dump all IPv4 and
IPv6 addresses on the system.
2. Disable dumping /proc/net/{ipv6,}route, because:
- We already dump all IPv4 and IPv6 routes in the tables that
we use.
- /proc/net/route is confusing because it only includes routes
in the main table, which are all but unused. It's also in
unreadable host-byte-order hex.
- /proc/net/ipv6_route is confusing because it includes routes
from all tables but does not say what table they are in.
3. Instead of dumping the contents of /proc/net/arp , use
"ip -4 neigh show" and "ip -6 neigh show" to dump the
neighbour caches for both IPv4 and IPv6.
Bug: 16663736
Change-Id: Id3e509b877ab7b00eb2399b6a9868b12245da2f0
This will allow us to conditionally change the compiler-filter based on other properties.
Bug: 15165413
Change-Id: Iff27dc2904f4f0d7c25a684cd6ba16a597f252fd
