System apps are now installed under their own directory
(system_app_dir/app_dir/app.apk). The new path doesn't pass installd
validation because of obsolete checks which verify that the path does
not contain subdirectories past the system_app_dir.
The CL fixes the validation to accept at most on subdirectory.
Bug: 17109858
(cherry picked from commit c597b6dd89)
Change-Id: Ic5f15d1864c6af9f4c4b07dc27244ebbb521ad5e
System apps are now installed under their own directory
(system_app_dir/app_dir/app.apk). The new path doesn't pass installd
validation because of obsolete checks which verify that the path does
not contain subdirectories past the system_app_dir.
The CL fixes the validation to accept at most on subdirectory.
Bug: 17109858
Change-Id: I13abb52c0016610ff436f6a26bb6b3b85dc4dfb0
In the current directory layout this prevented rm_dex and move_dex
commands to validate the apk path and thus cleaning up resources.
Bug: 16888084
(cherry picked from commit fd88ff2edd)
Change-Id: I1002529b0c35852c67540d3165d1444523460592
In the current directory layout this prevented rm_dex and move_dex
commands to validate the apk path and thus cleaning up resources.
Bug: 16888084
Change-Id: Iba579d075a9c6d7de047e7ffef95441498257086
Writing to trace_clock erases the trace buffer, even if the value
hasn't changed. This prevents use of --async_start and --async_dump
to leave background tracing running and dump after an even that
needs debugging, because --async_dump writes to trace_clock and
resets the buffer before it can read it.
Read and parse the current value from trace_clock before writing,
and skip the write if the value isn't changing.
Change-Id: Ia2ec5bb654fb0bd179771b511ff261731ba47dca
This will allow us to conditionally change the compiler-filter based on other properties.
Bug: 15165413
(cherry picked from commit cf51ba1360)
Change-Id: I6613c9710878d56ed8c121e0caded76a64430f76
Make installd understand a patchoat directive and carry it out.
Bug: 15358152
(cherry picked from commit 7365a10689)
Change-Id: Id84a15e626ddde63876914068d3d9aa037abc65b
1. Explicitly dump IP addresses.
Currently, some IP addresses are dumped using netcfg, but that
only dumps the first IPv4 address on each interface. Instead,
call ip -4 addr and ip -6 addr explicitly to dump all IPv4 and
IPv6 addresses on the system.
2. Disable dumping /proc/net/{ipv6,}route, because:
- We already dump all IPv4 and IPv6 routes in the tables that
we use.
- /proc/net/route is confusing because it only includes routes
in the main table, which are all but unused. It's also in
unreadable host-byte-order hex.
- /proc/net/ipv6_route is confusing because it includes routes
from all tables but does not say what table they are in.
3. Instead of dumping the contents of /proc/net/arp , use
"ip -4 neigh show" and "ip -6 neigh show" to dump the
neighbour caches for both IPv4 and IPv6.
Bug: 16663736
Change-Id: Id3e509b877ab7b00eb2399b6a9868b12245da2f0
This will allow us to conditionally change the compiler-filter based on other properties.
Bug: 15165413
Change-Id: Iff27dc2904f4f0d7c25a684cd6ba16a597f252fd
dumpstate was not dumping any stack traces for vm processes because
it was failing the string compare for /system/bin/app_process.
64-bit devices use app_process32 and app_process64 instead of
app_process, and zygote64 alongside zygote. Change the string
matching to be prefix matching.
(cherry picked from commit 8eb25d552b)
Change-Id: I6b1568161fae278f0e6107990e5b750cf0ca902b
dumpstate was not dumping any stack traces for vm processes because
it was failing the string compare for /system/bin/app_process.
64-bit devices use app_process32 and app_process64 instead of
app_process, and zygote64 alongside zygote. Change the string
matching to be prefix matching.
Change-Id: I6970e1b1fedfcd601f8db6af62852422fcb71d59
Add SELinux MAC for the list and find functionality
to service_manager. By default the list action uses
the service_manager_type attribute as its target
object.
(cherry picked from commit c67e6307ca)
Change-Id: Iaf14b21346822a6b544091a0f4a9949117934b9a
Add SELinux MAC for the list and find functionality
to service_manager. By default the list action uses
the service_manager_type attribute as its target
object.
Change-Id: I7630f21a9f3232ae3d6d8b9a1119230b40899aef
Remove the hardcoded tuples of UIDs and the services that
each is allowed to register. We will rely only on permissions
from SELinux.
Change-Id: I1c44555a6e274814282398865b30ee938f40dabb
Removes the dependency on default constructor parameters for
GLConsumer so that a different constructor prototype can safely be
added.
Change-Id: I0da924bbd4c141edbf305598c1be8bc575654680
This requires a companion package manager change to prune
each instruction specific dex cache individually.
bug: 15677279
Change-Id: I5891981512bde20e49bff65b1842c28886f2b177
Add a MAC check to the svc_can_register function in
service_manager. The types are defined in
external/sepolicy/service.te and the mapping from service
names is defined in external/sepolicy/service_contexts.
Currently uses the property context backend to parse the
contexts file.
Bug: 12909011
Change-Id: I5d90a614263c60571c7c70c2882e6fa929911ca5
Profiling information leaks data about how people interact
with apps, so we don't want the data to be available
to other apps. Only the app and system_server need access.
Don't create the /data/dalvik-cache/profiles directory. init.rc
does it for us now.
Change-Id: Ic1b44009faa30d704855e97631006c4b990a4ad3
Add profile-file option to dex2oat only if the profiler is active and
the file exists.
Bug: 12877748
Bug: 15275634
Change-Id: Icef76514c912c88311ed108f2be7a6329131f741
With new CA certificates being stored in /data/misc/user/<userid>/
existing ones need to be moved into the same place.
After this update only the owner user will have custom trusted CAs; all
other users will revert to the default set.
Change-Id: I14a4cd6048685902ad5dd3b53494b03fadc41c04
New command 'mkuser <id>' sets up a user directory in /data/misc/user/,
readable by all apps within that user and writeable by the local system
process.
Change-Id: I5ddde8c4a80f606e723bb41aa64581a0720842d5
At present, the app lib symlinks are created before setting
the package directory security context, and therefore default
to system_data_file. Upon a later restorecon_recursive,
they are relabeled to the same type as the package directory,
e.g. app_data_file. Avoid this inconsistency by setting the
package directory security context before creating the symlink
so that it inherits the same security context.
Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The instruction-set is used to construct the dalvik cache
path and is also passed down to dex2oat.
(cherry picked from commit 791781bfb8)
Change-Id: I43396b16f6eaecacf0fb7d052526fc5a239167ac
Increased the maximum time dumpstate will wait for SIGQUIT process
to finish dumping its thread stacks to the logfile to 5 seconds.
Bug: 14057177
Change-Id: I0b43004512855d202f2fe0ea7b0e934e77a3a070
The instruction-set is used to construct the dalvik cache
path and is also passed down to dex2oat.
Change-Id: Ie480841b3e917dabe23ad4d5f4a0b08990500a51
It's wrong to just concatenate the apk_path and .odex.
The bug prevents the prebuilt odex being used since Kitkat.
The patch is copied from the code of JellyBean.
Change-Id: I0ce8a877e3df8ae1ab9a0e3aeeef2d5253efc223
This is required so that it will be assigned the correct SELinux
security context on first creation by installd.
Bug: 13927667
Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Changes above with PMS and below with libselinux
have resulted in a few changes to the restorecon data
api. This change is needed in order to support the new
way to issue a recursive restorecon of certain
/data/data directories.
The restorecondata function has also been modified to
find all users on the device for a given package name
(argument to the function) and to issue a separate
recursive restorecon call for each.
Change-Id: Ie440cba2c96f0907458086348197e1506d31c1b6
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Otherwise we can't readily see log messages from libselinux calls
made by installd.
Change-Id: I319b30c181470468fe19dd5fbe9251ef03f1163b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Implement new restorecondata function which will allow
the relabeling of /data/data and /data/user directories.
This is needed in the case of certain OTAs. Not every
boot will apply this relabeling however. Consult change
I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1 for
clarification on this issue.
Change-Id: I05e8b438950ddb908e46c9168ea6ee601e6d674f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
This is the old screenshot utility, which relies on direct access
to the framebuffer device. It was replaced a long time ago by
"screencap", which talks to SurfaceFlinger (and includes a fallback
that tries to use the FB dev).
Change-Id: Id75a574bc78033761070b64d528fed06e23a0189
Add args to the installd commands for profiler usage.
Make installd create the profile files and allow apps
to write to them.
The profile files are in /data/dalvik-cache/profiles. This
central location is needed due to permissions issues with
dex2oat reading from an app's data directory. The solution
is to put the profile file in a directory owned by the
install user and make the file writeable by the shared group
id of for the app. The app can read and write to these files
only in the profiles directory. The 'system' user also needs
to be able to read the files in order to determine the amount
of change to the file over time.
Bug: 12877748
Change-Id: I9b8e59e3bd7df8a1bf60fa7ffd376a24ba0eb42f
Conflicts:
cmds/installd/commands.c
We would occassionally pass in an empty arg "" instead of a NULL.
This caused problems since dex2oat isn't made to handle empty args.
(cherry picked from commit f53dbfeda3)
Change-Id: Ia2d60b895391bf83b5d250c20ddb8a4917d347a6
We would occassionally pass in an empty arg "" instead of a NULL.
This caused problems since dex2oat isn't made to handle empty args.
Change-Id: Ibb1aed64a4aa17459b2a75a5a2abcf13c7fa8ac7
installd project has moved from frameworks/base to frameworks/native
and so its test project's c_include path defined in Android.mk
has to match the change.
Change-Id: I597125ff659f51edbd9fc95371790e2d567c78be
libselinux selinux_android_restorecon API is changing to the more
general interface with flags and dropping the older variants.
Also get rid of the old, no longer used selinux_android_setfilecon API
and rename selinux_android_setfilecon2 to it as it is the only API in use.
Change-Id: I1e71ec398ccdc24cac4ec76f1b858d0f680f4925
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* commit 'c93865de80a16d3638936890fb42eb175284044b':
ServiceManager: Implement PING_TRANSACTION
ServiceManager: Use 32/64 bit types from new binder header
Binder: Use 64 bit pointers in 32 processes if selected by the target
Add BINDER_IPC_32BIT to CFLAGS unless TARGET_USES_64_BIT_BINDER is true
Binder: Make binder portable
ServiceManager: Fix the binder interface
ServiceManager: Store handles in uint32_t instead of void *
ServiceManager: Generic Fixes
ServiceManager: Add extra error handling
ServiceManager: Fix Android.mk
ServiceManager: Make use of kernel exported structures
* commit '58242fc29881cf29d56ee6e5fde6d73b16d0b67c':
ServiceManager: Implement PING_TRANSACTION
ServiceManager: Use 32/64 bit types from new binder header
Binder: Use 64 bit pointers in 32 processes if selected by the target
Add BINDER_IPC_32BIT to CFLAGS unless TARGET_USES_64_BIT_BINDER is true
Binder: Make binder portable
ServiceManager: Fix the binder interface
ServiceManager: Store handles in uint32_t instead of void *
ServiceManager: Generic Fixes
ServiceManager: Add extra error handling
ServiceManager: Fix Android.mk
ServiceManager: Make use of kernel exported structures
Support any number of overlay packages. Support any target package.
UPDATED PACKAGE MATCHING
------------------------
In Runtime resource overlay, iteration 1, only a single overlay package
was considered. Package matching was based on file paths:
/vendor/overlay/system/framework-res.apk corresponded to
/system/framework-res.apk. Introduce a more flexible matching scheme
where any package is an overlay package if its manifest includes
<overlay targetPackage="com.target.package"/>
For security reasons, an overlay package must fulfill certain criteria
to take effect: see below.
THE IDMAP TOOL AND IDMAP FILES
------------------------------
Idmap files are created by the 'idmap' binary; idmap files must be
present when loading packages. For the Android system, Zygote calls
'idmap' as part of the resource pre-loading. For application packages,
'idmap' is invoked via 'installd' during package installation (similar
to 'dexopt').
UPDATED FLOW
------------
The following is an outline of the start-up sequences for the Android
system and Android apps. Steps marked with '+' are introduced by this
commit.
Zygote initialization
Initial AssetManager object created
+ idmap --scan creates idmaps for overlays targeting 'android', \
stores list of overlays in /data/resource-cache/overlays.list
AssetManager caches framework-res.apk
+ AssetManager caches overlay packages listed in overlays.list
Android boot
New AssetManager's ResTable acquired
AssetManager re-uses cached framework-res.apk
+ AssetManager re-uses cached 'android' overlays (if any)
App boot
ActivityThread prepares AssetManager to load app.apk
+ ActivityThread prepares AssetManager to load app overlays (if any)
New AssetManager's ResTable acquired as per Android boot
SECURITY
--------
Overlay packages are required to be pre-loaded (in /vendor/overlay).
These packages are trusted by definition. A future iteration of runtime
resource overlay may add support for downloaded overlays, which would
likely require target and overlay signatures match for the overlay to
be trusted.
LOOKUP PRIORITY
---------------
During resource lookup, packages are sequentially queried to provide a
best match, given the constraints of the current configuration. If any
package provide a better match than what has been found so far, it
replaces the previous match. The target package is always queried last.
When loading a package with more than one overlay, the order in which
the overlays are added become significant if several packages overlay
the same resource.
Had downloaded overlays been supported, the install time could have been
used to determine the load order. Regardless, for pre-installed
overlays, the install time is randomly determined by the order in which
the Package Manager locates the packages during initial boot. To support
a well-defined order, pre-installed overlay packages are expected to
define an additional 'priority' attribute in their <overlay> tags:
<overlay targetPackage="com.target.package" priority="1234"/>
Pre-installed overlays are loaded in order of their priority attributes,
sorted in ascending order.
Assigning the same priority to several overlays targeting the same base
package leads to undefined behaviour. It is the responsibility of the
vendor to avoid this.
The following example shows the ResTable and PackageGroups after loading
an application and two overlays. The resource lookup framework will
query the packages in the order C, B, A.
+------+------+- -+------+------+
| 0x01 | | ... | | 0x7f |
+------+------+- -+------+------+
| |
"android" Target package A
|
Pre-installed overlay B (priority 1)
|
Pre-installed overlay C (priority 2)
Change-Id: If49c963149369b1957f7d2303b3dd27f669ed24e
Introduce a new tool 'idmap' to handle generation and verification of
idmap files. The tool is modelled on 'dexopt', and is intended to be
used similarly, notably by 'installd'.
See cmds/idmap/idmap.cpp for further documentation on 'idmap'.
Note: this commit is interdependent on a commit in project build/ to add
'idmap' to PRODUCT_PACKAGES.
Note: the changes to androidfw are only stubs. The actual implementation
will be provided in Runtime resource overlay, iteration 2.
Change-Id: I7131b74ece1e46c8a9c0a31d103e686aa07da2bb
Stop printing "invalid id " to stderr every time a process tries to
connect to the servicemanager.
Change-Id: Ib0e5a0375bfa2dec2c2f9cd668bd5dda46ed6588
This patch adds support for binder transactions on 64bit systems
without breaking the existing 32bit ABI. It has been tested on
the Android emulator and ARMv8 Model.
Most of the changes in this patch just follow the binder ABI.
Change-Id: I8c37b847ea65008d56554d34d4696fe3d22f7533
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
This patch corrects the types used for storing handles.
Change-Id: If9c10782345f1de9e12b4b3fd6be9e02e6b568cd
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
This patch fixes some of the ServiceManager issues. The following patches
of the series add fixes to the ABI.
Change-Id: Ib479234c8704e12592f1b149ddec67881bc50230
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
This patch extends the error handling. It also adds a check for a matching
binder version - kernel/userspace.
Change-Id: I43a262934b38c5711536aaa42754fed1ef04b39e
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
This patch fixes Android.mk and enables building bctest as an optional
module without any extra hacks.
Change-Id: Icaf8bf9452776db2ea4a2ba75f3abf05b4e2cdab
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
This patch switches ServiceManager to use the structures exported in the
kernel headers rather then redefining its own.
struct binder_txn is replaced with struct binder_transaction_data and struct
binder_object with struct flat_binder_object, both defined in the binder driver
header <linux/binder.h>.
Change-Id: I3b3e97918173ea35a289e184774ae06193192da3
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
Add seinfo paramater to appropriate make directory
functions. This allows proper labeling for multi-user
scenarios.
Change-Id: Iaba7c40645bc7b6cc823d613da0c3782acf6ddd5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Restarting installd upon policy reloads has reportedly caused
stability problems for some users. Stop restarting installd
and instead handle policy reloads within it.
Change-Id: I697a736d8e414cfc6cfa131ed7b97c7f7694d022
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
this is the first step of a series of improvements to
BufferQueue. A few things happen in this change:
- setSynchronousMode() goes away as well as the SynchronousModeAllowed flag
- BufferQueue now defaults to (what used to be) synchronous mode
- a new "controlled by app" flag is passed when creating consumers and producers
those flags are used to put the BufferQueue in a mode where it
will never block if both flags are set. This is achieved by:
- returning an error from dequeueBuffer() if it would block
- making sure a buffer is always available by replacing
the previous buffer with the new one in queueBuffer()
(note: this is similar to what asynchrnous mode used to be)
Note: in this change EGL's swap-interval 0 is broken; this will be
fixed in another change.
Change-Id: I691f9507d6e2e158287e3039f2a79a4d4434211d
This is a duplicate of the associated human-readable dumps
of these services, but much better for automated parsing.
Change-Id: I902b768b03aeac1472f03f96913f9b8ada5dba9c
