Age | Commit message (Collapse) | Author |
|
Change-Id: I5cc1af7204ca847469a58027de82b192a04b5469
|
|
Bug: 31466840
Change-Id: I2c2766a2366600def81708d97cf3f3f13e0eb655
(cherry picked from commit 59d6a8cf8a4867a10f56b36057bffcc344715d3f)
|
|
am: 8be42a8040
Change-Id: Ia28483d5847bebc308c87330e1cab47c8daab449
|
|
am: 04bbd5c6dd
Change-Id: I3b83588438a747d5ba202f629fce83ac841f1043
|
|
It's 5 characters shorter, has no runtime costs, can be stored on a
read-only partition, and avoids problems like b/27262109 and b/27204904.
It allows makes some security hardening easier.
(cherry picked from commit c4084c669495fd1b41ce8b6568c71b1f46d26969)
Bug: 27262109
Bug: 27204904
Bug: 32799236
Test: verified new symlink created and old one not present
Change-Id: Ief362e13569ad9c868a7f0f9c4dbd6a328c96c6b
|
|
This will make it possible to start some key services before mounting
data partition
(cherry picked from commit abfbec342fdd2fc9d139a88a2d950953918e1b4e)
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
|
|
|
|
|
|
Start update_verifier in cache group to avoid dac_override
Bug: 30020920
Change-Id: I227b4a0e1c07e7b9bf209b432e9db02275ffe660
|
|
|
|
|
|
The sched_compat_yield option was eliminated in Linux 2.6.38 by commit
ac53db596cc0 ("sched: Use a buddy to implement yield_task_fair()") and
as a result, the following error is printed to the log during boot up.
init: write_file: Unable to open '/proc/sys/kernel/sched_compat_yield':
No such file or directory"
Bug: 30034121
Change-Id: Idbdb68de0cb3ab1f67d82a4d66af880bcfdfe261
(cherry picked from commit 724dfbac70ce69c48d3457229411c1c84e9f1c3d)
|
|
|
|
bug 29512132
Change-Id: If8144bfee0fb30cf11f2bb26494ca5e83c11d4d7
|
|
It isn't allowed to change the cpu.share value for the root cgroup.
See kernel commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec7dc8ac73e4a56ed03b673f026f08c0d547f597
This fixes the following error seen in dmesg:
init: write_file: Unable to write to '/dev/cpuctl/cpu.shares': Invalid argument
BUG: 28735908
Change-Id: I5ef359fb275792f99d13d35c62499026d354f6af
Signed-off-by: Irina Patru <irina.patru@intel.com>
(cherry picked from commit c560c6310fdb6f8d4a44b05c0d15cad7ac6f4bb1)
|
|
bug 29512132
Change-Id: I41ec2dd80a469309f48dbb59fc27fbe43fcd67b3
|
|
Adjust FIFO timings as well as allow SurfaceFlinger to use FIFO.
bug 24503801
Change-Id: I2c21d4c1788777c2d0d77227bb872701b35c4ff6
|
|
Bug: 28845422
Change-Id: I2abcc67176cf94f34706f8f005a24ef5f70e0494
|
|
We will store OTA packages there for both A/B and non-A/B OTAs. The
directory will be accessed by GMSCore (for both), uncrypt (non-A/B),
update_engine (A/B), update_verifier (A/B) and possibly system server
(for non-A/B OTAs to clean up half-way uncrypt'd packages).
Bug: 28944800
Change-Id: I5aa8156ec5052bd15dfadd4d8c28925d464e4401
|
|
(Cherry picked from commit 2b22a66382db8a2fdf5ed7a685085a6d7d67cf12)
This adds a system property for controlling unprivileged access to
perf_event_paranoid. It depends on adding kernel support for
perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to
completely disable unprivileged access to perf. A minimal port of this
feature is used in the vanilla Debian kernel by default.
It hides the non-hardened value as an implementation detail, since while
it is currently 1, it will probably become 2 in the future.
Bug: 29054680
Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
|
|
Bug: 28748264
Change-Id: Ib57ccc570de446e03ea8c27ce8e404929138b213
|
|
|
|
The old way (using triggers) starts defaultcrypto twice because
queue_property_triggers_action retriggers the action.
Bug: 27452459
Change-Id: I48c844836f551673d0dbfed6c33bd8ee1e035f40
|
|
We create per-user directories under this location, so it should
only be created once by init, similar to all the other user-specific
directories.
Bug: 27896918
Change-Id: I9ec55e4fd763c0eda6c6e50483694a6377344586
|
|
"You are in a maze of twisty little symlinks, all alike."
Restore the /mnt/sdcard symlink, for compatibility with older Android
apps. This symlink was suppose to have been removed in the Gingerbread
time frame, but lives on.
Note: The /mnt/sdcard symlink was originally created in device specific
*.rc files in the device/vendor/hardware/* directory. This change moves
the creation of the symlink into the common init.rc file.
Bug: 25801877
Bug: 28108983
Change-Id: I2f9bf71bddffadb587d7376dfdfc8a546c84ec28
|
|
Bug: 19160983
Change-Id: I8fddf11fb6124950dfa2528a4f420abd9d461df6
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
|
The new top level directory /postinstall is used by the A/B updater to
mount the new partition and run a post-install program before rebooting
into that new system.
init.rc was extended to label this new directory since the initrd has
no extended attributes.
Bug: 27177071
TEST=`ls -laZ /` shows the /postinstall directory on edison-eng
(cherry picked from commit bb968fb04db3ec5227e84571e1c6bfd265836085)
Change-Id: Iff993135c7ce3a1a0f6450892ef7382da408fd5e
|
|
cameraserver from nyc uses cameraserver as its username.
thus this change is needed for AVD (android virtual device)'s
camera HAL which is attached to cameraserver to work as that
HAL writes some files to /data/misc/media. the backward compatibility
issue should be handled as separate changes. this approach is
preferred for finer-grained security isolation.
Change-Id: If028667d62df8fcac634ff1001759c39703b00dd
|
|
|
|
Bug: 27323882
Change-Id: I1131c0537942c8f7cbf9ff6cc6847ab7e93e6187
|
|
Make stune consistent with the other cgroups mounted under /dev
Change-Id: I0fe7120ad2afbe8e6a3c9f72cc3f465de618d344
|
|
|
|
Bug: 27262109
Change-Id: I011da38f8ad1eeaf717dc03a0fb6f9fdc5654c4c
|
|
Current profiles (the ones which have not been used for
compilation) are stored in /data/misc/profiles/cur/0/pkgname/.
Reference profiles (the merged of all user profiles, used for
compilation) are stored in /data/misc/profiles/ref/pkgname/.
Add a method to get the shared app gid from an uid or appid.
Bug: 26719109
Bug: 26563023
Change-Id: I89601d7dbeb3041df882c141a9127dac200a645e
|
|
libprocessgroup checks whether it can use memory
cgroups for keeping track of forked processes by
seeing whether /dev/memcg/apps is writable. However,
on systems with memory cgroups disabled, SELinux
(correctly) no longer classifies this directory as a cgroup,
and starts denying zygote access. To fix this,
first check whether /dev/memcg/apps/tasks exists to
see if the cgroup is mounted; only then check whether
we can write to the directory.
Bug: 27046965
Change-Id: I6e44cd62d8c396e20ceb162c50606b3e86f2cb3e
|
|
The Shell app that stores bugreports now lives under DE storage for
all devices, both FBE and non-FBE.
Bug: 26668510
Change-Id: Iead1dcb98181a5caccf4d0c1e86de62abc6dc990
|
|
This ensures that all users on device follow a consistent path for
setup and validation of encryption policy.
Also add remaining user-specific directories and fix linking order.
Bug: 25796509
Change-Id: I8c2e42a78569817f7f5ea03f54b743a6661fdb9c
|
|
am: d8e0e52099
* commit 'd8e0e520998e83ae16fcff317704bb6c00b7fb31':
init.rc: too many start logd
|
|
am: 989daeaf5b
* commit '989daeaf5b2f50d96da69ad476adf434522e35e7':
init.rc: too many start logd
|
|
|
|
Bug: 26934873
Change-Id: Ia00da6253a50bedc8ba825df1cf641b86cdebeed
|
|
am: 1ef5b78a2f
* commit '1ef5b78a2ffc471e5ac2e30b424f00d15d581a8c':
Start debuggerd as soon as logd is up.
|
|
am: 1b729b3e04
* commit '1b729b3e04b210d096ee2d447945f6b2c53b6029':
Start debuggerd as soon as logd is up.
|
|
Makes debugging early boot crashes easier.
Bug: http://b/26918597
Change-Id: I5bb883f1350ea5f7a545cb0e9f1034ecfcf47cdb
|
|
|
|
|
|
Allows ActivityManager to use the top-app cpuset to grant the currently
focused app exclusive access to a CPU core.
Change-Id: I45bca5170477e413dec6e5889338399d0859706c
|
|
am: ef605cb749
* commit 'ef605cb7495cec368f7be015f924479969dd8fc2':
init.rc: add missing /dev/fd symlink
|
|
am: 54bf0718f4
* commit '54bf0718f4eb1b170f55bbd07207cd6ad2e7e0f5':
init.rc: add missing /dev/fd symlink
|
|
It turns out we were using the CPU accounting
cgroups for keeping track of processes that were
forked by an app without the framework's knowledge,
so we could kill all of them reliably (see b/15313911
for context).
Since we want to use memory cgroups for other purposes,
we might as well use memory cgroups for tracking forked
PIDs if they're enabled. This also gets us automatic cleanup
of empty mem cgroups.
Also, removed old mem cgroup mount point that is no
longer used, as well as cgroup release agent code that
we're not using.
Change-Id: I69d5cc31c162ffa49ef6945755f41381e306cc8b
|