Reorder the find permission checks. This avoids generating misleading
SELinux denials when a service doesn't exist, or when a service is
prohibited to isolated apps.
The original reason for structuring the code this way is explained
in https://android-review.googlesource.com/#/c/100530/4/cmds/servicemanager/service_manager.c@172
The concern at the time was to avoid leaking a situation where
a caller could probe for the existance of a service. This turns out
to be unnecessary. The same return value is used for both a
permission denied and a service not found. The only side effect
is the generation of an SELinux audit log, which likely won't be
accessible to the calling application.
Change-Id: I9760e1821ed16102fa5f9bec07f8c34944565be9
Call logcat -L to pull any LAST Android logs. If the kernel is not
configured for PSTORE and PSTORE_PMSG, the hopes are the empty
content will pressure vendors to slice up and configure support.
Change-Id: I5fddfa1e0f59f24fccc30b257ba68af8a8cf8640
It turns out dump_file is used on a number of /proc and system files.
In one case, the read of a file stalled and caused a bugreport to
hang forever. It's still possible if there is a kernel bug that this
could stall forever, but less likely.
Also, change the return type of nanotime to uint64_t.
Testing:
- Created a named fifo and verified that dump_file fails with a timeout.
- Created a large /data/anr/traces.txt to verify that large files still
dump properly and that the additional NONBLOCK parameter doesn't cause
a problem.
- Created a dummy /data/tombstones/tombstone_00 to verify that the
dump of these files still works.
- Compared a dump using the old dumpstate to the new dumpstate to verify
nothing obviously different.
Bug: 19117030
Change-Id: I0d3dd27583c853cdaccd2fd278748cb5f9ccd4fb
This option doesn't work with the current selinux protections and
doesn't serve much of a purpose. You can get the same results running
this:
dumpstate | gzip > /data/local/tmp/dump.txt.gz
Bug: 19271141
Change-Id: Icc76200df33dc708e30c556ec8a0f393f995fe7c
Implemented these changes:
- Make this code C++.
- Avoid hangs by adding a timeout.
- Add the necessary TEMP_FAILURE_RETRY calls.
- Restructure the code a bit.
Bug: 18800936
Change-Id: Iba9f86a4c7beee4f0f36e51234855f4c0834db47
Use the native stack dumping functions that allows time outs. If
debuggerd locks up, before a bugreport would hang forever. Now
it will timeout properly and still get all of the other information.
Bug: 18766581
(cherry picked from commit 457731f69e)
Change-Id: I39e8e9c60209e3ef9efac795fedb8e1edce2bd3e
When decrypting a device, a tmpfs is temporarily mounted as /data,
the size of which is usually small. When the zygote, system server
and necessary apps are brought up, they will be compiled into the
tmpfs.
If the system image contains prebuilts, they will be relocated instead
of compiled. This is unnecessary. In this special situation it is
acceptable to run out of the prebuilt oat files without relocation,
which can save space in the tmpfs.
This patch ensures that apps are not being relocated.
Change-Id: I42bfb7e3039574b7e4f2772e0d395f093d59ed1b
Signed-off-by: Hyangseok Chae <neo.chae@lge.com>
Add swap file support for dex2oat to installd. Only use in low-memory
mode.
Bug: 18596910
(cherry picked from commit f68ce4de7f)
Change-Id: I131448f3907115054a592af73db86d2b9257ea33
Mark 2 unused paramters to prevent clang from erroring out
Change-Id: Ifc9b4a5b820bd6318e9259e737e708d25fdb174b
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
Parser does not take into account that the last argument can be empty.
In this case it will skip end of line marker and continue parsing.
Change-Id: I2d029a69ed22cef497893e592ff3275ced97f85f
Signed-off-by: Serguei Katkov <serguei.i.katkov@intel.com>
Copies the /data/misc/keychain/cacert-* directories to all users on
the device, whereas previously they were simply copied to user 0.
This is a shallow copy so anything that wasn't supposed to be there
will disappear.
Bug: 17811821
Change-Id: Iae5909ab8d5efdb83c9c8fdf0e10ab7060d022cc
Sometimes dumping threads takes a long time and bugreport times
out. This change will cause us to accept the bugreport socket connection
before dumping threads and should avoid the failed to connect to dumpstate
service problems we've seen.
Bug: 17758374
Change-Id: I80afa0353cf1c340873f481a8d1d7faffff54120
All extra options are provided as one argument to dex2oat.
The patch splits all options to individual ones.
Change-Id: Ied65bb9cf38b114611e88a8d5d86305021700d0b
Signed-off-by: Serguei Katkov <serguei.i.katkov@intel.com>
Signed-off-by: Yevgeny Rouban <yevgeny.y.rouban@intel.com>
Previously, the vibration was not performed until after stacks
were gathered which takes a long time. Moved the vibration
to happen earlier so we provide better user feedback for the
three-button salute when collecting a bug report.
Deleted some dead code for playing begin/end sounds.
Improved the timing measurement code to help track down why
bug reports are so slow. (They take over a minute now which
can cause us to lose valuable diagnostic information.)
Bug: 17474152
Change-Id: Iac73f7993d7dc85196aad96f459b22fd4a710f94
The clock() function returns the processor time used by the process. This
is not a good timeout mechanism since the code is suspended most of the
time waiting for the forked process to finish. Replace with the time()
function.
Bug: 17154069
(cherry picked from commit 89d4949f86)
Change-Id: I42f0f24ee53ef99955fd482a1089e39d491f3bd5
The clock() function returns the processor time used by the process. This
is not a good timeout mechanism since the code is suspended most of the
time waiting for the forked process to finish. Replace with the time()
function.
Bug: 17154069
Change-Id: Ib383329f9db269445d71a100553b08e71fddda3f
Add /system/priv-app and /oem/app paths to system paths. Also allow
rmdex on system apps, and quietly ignore when it was already removed.
Also relax logging when clearing code cache, since it's optional.
Bug: 17205122
Change-Id: I4fc4d0f63a3596937c4defbd64e1f8a1c563f02d
When relabeling secondary user package directories, we need to use
the uid of the directory rather than the primary package UID;
otherwise, levelFrom=user will not work correctly.
Change-Id: I0d76ec6ec6fe56a566023ca5e1398efdf28fc81e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
