This is the backport of the following commits :
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug: 30963384
(cherry picked from commit c5f27a7cb2ec816f483a65255034a1b57a8aa221)
Fix clang build breakage (-Werror -Wformat).
Use %zd for size_t. Note that this will break only on (-plus-)aosp because
clang is disabled on the N development branches.
bug: 30963384
(cherry picked from commit b334c33d65894f5ca9833fa55c3a1cf75e01c497)
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug: 30963384
(cherry picked from commit 3764a260f0c90dcb323caeda14baf903cc108759)
fd_utils: Remove whitelist for "/dev/pmsg0".
We're now calling __android_log_close prior to a fork, so this file
shouldn't need to be open.
bug: 31243313
bug: 30963384
(cherry picked from commit 8dee0541904e4f792cdebdee4f23f768561cb276)
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug: 31092930
bug: 30963384
(cherry picked from commit 0b76d6a28e6978151bf245a775329cdae5e574d5)
add dri device to zygote whitelisted FDs
The driver can be used just like /dev/ion for graphic buffers.
(cherry picked from commit 8977e424ee2d6d85fec419532ae510131aa88c45)
Devsite handles "redirect this directory tree" differently than DAC
did; as a result, a bunch of redirects were broken. (On Devsite, a
redirect ending in a slash redirects *only* paths that match it;
to redirect that directory and all its contents, end with /...)
Also deleted one redirect that wouldn't work (trying to redirect
foo.html#bar , which wouldn't work--the anchors are ignored on
devsite and there was a separate redirect for just foo.html).
When a redirect pointed *to* a path ending in slash -- but was clearly
meant to point to the directory itself (i.e. the /index.html file) --
I removed the trailing slash.
Redirects staged to https://android-dot-devsite.googleplex.com , so
they should all work there.
bug: 30748799
Change-Id: I6d090de5e6efa6ddb2bbe3e99fdbfb0ae02b88d5
This is the backport of the following commits :
Commit c5f27a7cb2ec816f483a65255034a1b57a8aa22:
-----------------------------------------------
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug: 30963384
Commit 3764a260f0c90dcb323caeda14baf903cc108759:
-----------------------------------------------
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug: 30963384
Commit 0b76d6a28e6978151bf245a775329cdae5e574d5:
-----------------------------------------------
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug: 31092930
bug: 30963384
Plus additional changes:
-----------------------------------------------
- add /dev/__properties__ to the whitelist.
Change-Id: I709a7f4913e807a8fec8a58c81e98fe5b5222820
This is the backport of the following commits :
Commit c5f27a7cb2ec816f483a65255034a1b57a8aa22:
-----------------------------------------------
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug: 30963384
Commit 3764a260f0c90dcb323caeda14baf903cc108759:
-----------------------------------------------
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug: 30963384
Commit 0b76d6a28e6978151bf245a775329cdae5e574d5:
-----------------------------------------------
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug: 31092930
bug: 30963384
Plus additional changes:
-----------------------------------------------
- add /dev/__properties__ to the whitelist.
Change-Id: Ic512be6362c3c5d84767e933884872b7e995dfea
This is the backport of the following commits :
Commit c5f27a7cb2ec816f483a65255034a1b57a8aa22:
-----------------------------------------------
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug: 30963384
Commit 3764a260f0c90dcb323caeda14baf903cc108759:
-----------------------------------------------
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug: 30963384
Commit 0b76d6a28e6978151bf245a775329cdae5e574d5:
-----------------------------------------------
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug: 31092930
bug: 30963384
Plus additional changes:
-----------------------------------------------
- change std::unordered_map to std::tr1::unordered_map.
- add /dev/alarm and /dev/__properties__ to the whitelist.
- map.erase(iterator) returns void prior to C++11, so need the kludge
of calling erase(it++).
Change-Id: I694ff66d5f227239b0190ffc2287882b16e336fa
also update all non-DAC builds to use the "referenceonly" flag for a cleaner output and faster build.
Change-Id: Iebd9791305479c5dc406ba3b81eaf076855bc632
Referred to the "android:resizableActivity" property; should
have been "android:resizeableactivity". English prose, however,
consistently uses the (preferred) spelling "resizable".
See first comment for stage location.
bug: 30566808
Change-Id: I2570ff9269b4d2dc8b11f1c98817e50726be78fc
Use ParcelFileDescriptor only as an IPC transport
to make sure MemoryIntArray manges its backing fd.
Bug:30310689
Change-Id: Ib3cc13ef4ae2a744e5f7a96099570e0431847bce
(cherry picked from commit fe2462f3a60b34ee6b7d8764d92ae58fc0cd7dfd)
Creates Null Build to test OTA failure fix.
This reverts commit 8abcfed8a42a1ca517ee3c8d0448fda669ff9ded.
Change-Id: I64474dad467ce8d8e379e0e2c47814d76ac0ee0d
Add QS tiles to the backup list. Non-system tiles will get removed
since they won't be installed when restore happens.
Change-Id: Iccf6e773384c45bd4d1f10c21aa8af356b3920d2
Bug: 28782938
There is a chance a packet can slip by before we install the filter
on our socket listening for RAs, so add some basic sanity checking
to make sure we've recieved an RA.
Change-Id: I14cf84a0814896a41e00f50af376dfc4988d36cb
Fixes: 29586253
After removing updates for a system package, we weren't updating its
shared libraries when we should have. Make it so.
NOTE: This didn't affect device boot because we update all of the
shared libraries for all system applications after scanning packages.
Bug: 30266503
Change-Id: I8edf4344228fb3e793e7648ea70a041cb5db6af6
(cherry picked from commit 6058df65e645a81bdc7285dcd9f8b12b9f5b534f)
The following changes are in this commit:
Avoid destroying TextureView surfaces for onStop
bug:30238922
TextureViews will hold onto their backing surfaces, which will allow
them to resume gracefully when the app's surfaces are saved.
Now only resources that are destroyed for onStop are DisplayLists.
(cherry picked from commit 391d560402c2902e0fd701f99eabd91025154201)
TextureView: destroy layer on destroyHardwareResources event
bug:30468770
(cherry picked from commit 1c16c37d8646ed25e844af8472eede988ad0c2f0)
Fix NPE in TextureView
Bug: 30651595
(cherry picked from commit 3c2587f26eed32a8723488131d1d8940dc147ee1)
Fix NPE in TextureView
Bug: 30779663
(cherry picked from commit 7e237189c292cdb886733eb95c6069b7ac002527)
Fix maps resume being blank
Bug: 30889568
Fixes an issue where mLayer didn't have
the mSurface set on it in certain resume
scenarios.
(cherry picked from commit 03df0834e63b587dbfb8fdcd0086e3e1e72b9f9d)
