| Age | Commit message (Collapse) | Author |
|---|
|
The bug proposes to 'move' the /proc/self/fd/ readlink/stat/etc checks
performed by the FileDescriptorAllowlist from before-fork to an earlier
stage.
The original aim was to allow the app zygote Preload hook to open
ashmem/memfd read-only regions to save more RAM (around 5MiB on aarch64)
via sharing more across processes. Potentially other files/sockets can
be opened - the app zygote takes responsibility of managing file
descriptor access controls across its own processes. App Zygote Preload
does not run 3rd party code.
Unfortunately a straightforward move of the checks to
just-before-preload has disadvantages:
* opens more codepaths for potential accidental misuse (the zygote
accepts commands between preload and fork, there are valid usecases
for extending these commands)
* this way FileDescriptorAllowlist would need to support more file
descriptor types (sockets and maybe pipes), which is not needed now
because these FDs are closed right before forking
The solution proposed here is to:
1. Determine the set of file descriptors open before preload
2. Run the preload hook
3. Determine FDs opened by the hook and allow them to remain open across
fork
4. Hypothetical new attempts to preload (if ever supported) will not
affect the allowed FDs - the preload will be able to toss its own FDs
the way it wants, but not open the new-new ones
Bug: 184808875
Test: Manual: unreleased Chrome patch: while in app zygote preload,
create ashmem region, passes it to 'untrusted_app' (=browser
process), and call mmap(2) on it.
Change-Id: Ie302eabca83a0e4f409cb131e4308b73e5f6a580
Merged-In: Ie302eabca83a0e4f409cb131e4308b73e5f6a580
|
|
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1615382
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ief019f6e8ee38664c5319e1756ca2c72065cd1af
|
|
This CL contains changes made by the autoformatter to make these files
conform to the C++ style guide.
BYPASS_INCLUSIVE_LANGUAGE_REASON="compatability with vendor files"
Test: None
Change-Id: I04ac8fba3a2038133689c456a8d8e2c7bd856541
|
|
Changed "whitelist" to "allowlist" in many Zygote files.
BYPASS_INCLUSIVE_LANGUAGE_REASON="compatability with vendor files"
Test: cts
Change-Id: Ia0a8548f2e254fc36a9dce7e50af8284ed0caa47
|
|
Cherry-picked from http://ag/12996359.
Test: build & boot
Bug: 148517954
Change-Id: I2cbe75381c3032e56dd0cd2934bda3f027cb65bf
Merged-In: I2cbe75381c3032e56dd0cd2934bda3f027cb65bf
|
|
Test: build & boot
Bug: 148517954
Change-Id: I2cbe75381c3032e56dd0cd2934bda3f027cb65bf
Merged-In: I2cbe75381c3032e56dd0cd2934bda3f027cb65bf
|
|
|
|
am: 86ded66764 am: 3d1df73a5d am: c09ff3f909
Change-Id: I4d63dc6a9e591387be6fc33e7341ee0defef1dd5
|
|
Change-Id: Ie55b9bfda1ca724610e5f9fb232f581153349de3
|
|
|
|
ec82e99ca6 am: 1f3fa889d4 am: e0e5f15a12
Change-Id: Iecc48ad20eec19aeaa1157c7e9a2928a299573e8
|
|
Change-Id: I470d4f21af77265926ceb3a9b2bcfd08809e813b
|
|
This reverts commit bc6062afc0052170a6225fd65a5d67aa6b92def8.
Reland https://r.android.com/1283938
Bug: 138994281
Test: device boots
Change-Id: Iad4df3651d82a806151f64655f7d623851ce40a3
|
|
d2a8ef3962 am: aad1392313 am: 64f02c1e28
Change-Id: Ib2e8224bbc5d27f6616c15323a916922aa8c17ce
|
|
Change-Id: I6c4fc2fc9103cc8df2afdee2b5db36aa51ef2c7b
|
|
Revert "Move ICU from ART APEX to i18n APEX"
Revert "Move v8 and libpac into i18n APEX"
Revert "Move core-icu4j into I18n APEX"
Revert "Move ICU from ART APEX into i18n APEX"
Revert "Move core-icu4j into i18n APEX"
Revert "Move libpac into i18n APEX"
Revert "Add shared library into i18n APEX and add the required s..."
Revert "Make com_android_i18n namespace visible"
Revert submission 1299494-i18nApex
Reason for revert: Breaking aosp_x86-eng on aosp-master
Reverted Changes:
I30fc3735b:Move ICU from ART APEX to i18n APEX
Icb7e98b5c:Calling @IntraCoreApi from core-icu4j should not c...
Ic7de63fe3:Move core-icu4j into I18n APEX
I65b97bdba:Make com_android_i18n namespace visible
Ia4c83bc15:Move v8 and libpac into i18n APEX
I10e6d4948:Move core-icu4j into i18n APEX
I8d989cad7:Move ICU from ART APEX into i18n APEX
I72216ca12:Move ICU into i18n APEX
Ief9dace85:Add shared library into i18n APEX and add the requ...
I7d97a10ba:Move libpac into i18n APEX
I90fff9c55:Move ICU from ART APEX into i18n APEX
Change-Id: I74223119f0e90e928a3d5364ffd359ddf953c30c
|
|
rvc-dev-plus-aosp am: b2121bfbf7 am: c04b0ee5a9 am: 45dc25524d
Change-Id: Ieecf077fd6795cfe723dc61d5809864cf6962e1f
|
|
Change-Id: Ic870204b76c67177030e535f765fd7f7ad9fba71
|
|
Bug: 148385042
Test: Built and booted Pixel 3a both with and without a boot jar in system_ext.
Change-Id: I14274b6906eaf6ff1999f8aa0232f7fc0e8aec0b
|
|
Bug: 138994281
Test: device boots
Change-Id: I72216ca12c895c9bed05849d6b1a4163d24c0457
|
|
Test: presubmit
Bug: 150249538
Change-Id: Idb86be6586ae400552f8ceeca5c667fba8e0c43a
|
|
679c324ba7 am: e444680c96
Change-Id: I3fbd4d1644d8fa170532edefee9833b904175ba5
|
|
Add /sys/kernel/tracing/trace_marker to whitelist of paths
that the zygote is allowed to keep open. It currently contains
/sys/kernel/debug/tracing/trace_marker which is only created when
debugfs is mounted. tracefs will be mounted at /sys/kernel/tracing
when debugfs is not mounted.
Test: AtraceHostTest
Bug: 148436518
Change-Id: I734120e8c88ba9d5451a1bd1589e084323824285
|
|
Add below nodes so that device could boot to home.
/dev/stune/foreground/tasks
/dev/blkio/tasks
Bug: 139521784
Test: device boot to home
Change-Id: I6b52aced0ac5daaabb3b5c8d482f200bd7566ea1
|
|
Along with two empty classes to make build happy.
Bug: 136503238
Test: presubmit
Change-Id: Ib706a7ac4d09374ce220961f9439f712a38f7c0c
|
|
It's a better name.
Bug: 137191822
Test: presubmit
Change-Id: Icc39779d49bf31f911f9f72bd7610e84c5f49466
Merged-In: Icc39779d49bf31f911f9f72bd7610e84c5f49466
(cherry picked from commit 5b97269cffa587d1c1d73163a9cabb0cc8c7ec05)
|
|
It's a better name.
Bug: 137191822
Test: presubmit
Change-Id: Icc39779d49bf31f911f9f72bd7610e84c5f49466
|
|
Reason for revert: Crashes telephony process when saving XML config from carrier apps (b/146727232)
Reverted Changes:
Ieaeec41f1: Whitelist telephony-common, ims-common.
I5588f7615: Add telephony-common, ims-common to telephony apex...
I81e922c0d: Add telephony-common, ims-common to telephony apex...
Change-Id: Ia925fad255fec002cb3d5c66ee41394d6355df2d
Merged-In: Ia925fad255fec002cb3d5c66ee41394d6355df2d
|
|
Reason for revert: Crashes telephony process when saving XML config from carrier apps (b/146727232)
Reverted Changes:
Ieaeec41f1: Whitelist telephony-common, ims-common.
I5588f7615: Add telephony-common, ims-common to telephony apex...
I81e922c0d: Add telephony-common, ims-common to telephony apex...
Change-Id: Ia925fad255fec002cb3d5c66ee41394d6355df2d
|
|
Recent work has paved the way to get MediaStore.java building against
"core_platform", and this change is actually shifting MediaStore.java
inside the MediaProvider APEX boundary.
This involves defining a new "updatable-mediaprovider" library JAR
and ensuring that it's spliced into classpaths where needed to keep
everything building and working.
Note that the MediaProvider APK itself is still bundled, so we're
manually including the MediaStore.java when building that APK so that
we can continue referencing @hide symbols, but there's a STOPSHIP
comment to remove that once we get the APK building against
"system_current".
Bug: 144247087
Test: atest --test-mapping packages/providers/MediaProvider
Change-Id: I27ed3fde40751d9ac136a31710c62004b1b8962f
|
|
Allow putting tethering-client into bootclass path.
Bug: 144320246
Test: -build, flash, boot
Change-Id: I42c0f340d11045fbd8ae99fa60a467e643386eff
Merged-In: I42c0f340d11045fbd8ae99fa60a467e643386eff
|
|
Allow putting tethering-client into bootclass path.
Bug: 144320246
Test: -build, flash, boot
Change-Id: I42c0f340d11045fbd8ae99fa60a467e643386eff
Merged-In: I42c0f340d11045fbd8ae99fa60a467e643386eff
|
|
Test: CtsAppSearchTestCases
Bug: 146218515
Change-Id: I55a8732e54e46877ee448973d735ded2870d9443
|
|
Bug: 140299412
Test: device boots up and connects to Wifi
Change-Id: I17e09a7f9b680719189baf96aa22f94f1e8160de
|
|
Create framework-statsd jar in statsd apex.
Move StatsEvent to framework-statsd.jar.
Right now, frameworks jar links against framework-statsd directly. This
should be changed to link against framework-statsd-stubs.
Bug: 145923096
Bug: 145923116
Bug: 142810493
Test: m
Test: flashes successfully
Test: adb shell cmd stats print-logs && adb logcat "*:S statsd:*"
Change-Id: Ife224abd5c9b9b0eeab681dc4b7f71c0bdb856b1
|
|
These need to be whitelisted because they are not part of the jars
in /system/framework/ now. Earlier they were, due to which this was
not required since libs under /system/framework are already
whitelisted (through a separate rule).
Test: basic telephony sanity
Test: m com.android.telephony && adb install com.android.telephony.apex
Bug: 145555313
Change-Id: Ieaeec41f1db527f1dd8568a542697c5ba4a4c419
|
|
Allows adding this jar to the bootclasspath.
Bug: 137191822
Test: boot
Change-Id: Ia8d77270eb4cd43d47ada6ab1df050110d168e99
|
|
This change adds the IKE apex to the whitelist of open paths. Without
this change, adding IKE to the boot classpath will fail.
Bug: 143905344
Test: Compiles, doesn't fail.
Change-Id: I63a2531e88b9d715e5089a6dc9fec721970d0de5
|
|
A memfd file can be created with any name, but to protect ourselves
from unintended leakage, check that it's the name ART uses.
Test: boots
Bug: 119800099
Change-Id: Ibc684d09dd05f38933c6808b72fb402fc9d5e4eb
|
|
ART has the need of creating such a file descriptor.
Bug: 119800099
Test: Device boots
Change-Id: Iefeab88e9f1b2dcf963ea913e416863191a52e8f
|
|
When there is overlay package in system_ext, turn on POLICY_SYSTEM_PARTITION.
In other words, overlay pacakge in /system_ext is considered as system's one
Test: mv vendor/overlay/framework-res__auto_generated_rro.apk system_ext/overlay
and then check if it works properly.
Bug: 136715327
Change-Id: Ib225368eae41203a8630f4310d26e9cf1afa706a
Merged-In: Ib225368eae41203a8630f4310d26e9cf1afa706a
(cherry picked from commit cba9579158cc70bf8eadb6e8a239e0ab2dc073d2)
|
|
am: 0a4cf715f6
Change-Id: I7ab8cd227ce571041293880dfaca4e2ebb68e536
|
|
Test: atest CtsJniTestCases
Bug: 135753770
Exempt-From-Owner-Approval: Approved internally
Change-Id: Ica35fc7f6adade19160cbb16adf5647d189ecc45
Merged-In: Ica35fc7f6adade19160cbb16adf5647d189ecc45
|
|
am: 5127a760db
Change-Id: I3504cb8d53c852a46a63a54acba778a8db55f59c
|
|
Helps diagnosing issues.
Test: boots
(cherry picked from commit a83cad6ac5fab5d1536563dd29d9b5d68421e3cd)
Change-Id: I85eb5ea0e29a101ad0d4227e782778f51f614ea0
Merged-In: I6fb4d40b28233a07e679dda91978a4bdec6c2a24
|
|
|
|
This patch removes several debugging log messages. These messages were
useful when the `FDs to ignore` list was usually empty, but with the
addition of USAPs this has become spammy.
(cherry picked from commit da0a9cd05c4e2860c91e2ac31285526c041a5b85)
Test: Build
Bug: 130172109
Change-Id: Id166990a63f20efb3bf6ffd5b697efd436d50921
Merged-In: Id166990a63f20efb3bf6ffd5b697efd436d50921
|
|
Add support for runtime resource overlay (RRO) APKs in /oem/overlay.
Bug: 121033532
Test: manual (adb push apk to /oem/overlay, reboot, cmd overlay list)
Change-Id: I70b23b11831d57b3241e6057c745aa4ce9f795ef
|
|
This patch removes several debugging log messages. These messages were
useful when the `FDs to ignore` list was usually empty, but with the
addition of USAPs this has become spammy.
Test: Build
Bug: 130172109
Change-Id: Id166990a63f20efb3bf6ffd5b697efd436d50921
|
|
Add support for runtime resource overlay (RRO) APKs in /odm/overlay.
Bug: 121033532
Test: manual (adb push apk to /odm/overlay, reboot, cmd overlay list)
Change-Id: I0918d276dfa6a43054068d3f84ecd0d1639f1d0b
|
