Before this change, it was possible for the code to suffer an out of
bound error.
Bug: 150706572
Test: make
Change-Id: I3e8d37f2ee3c942bc9b176edee043557b005c757
(cherry picked from commit 8ff5315e989c1348e313bcb8170b77adc80b2fce)
(cherry picked from commit e592700068db0335c83934f191fc9efcbd8037ec)
The [&] capture does not handle smart pointers (unique_ptr, unique_fd
etc) well, which lead to leaked pointers. Fix by explicitly move the
smart pointers.
Bug: 158097879
Test: Build, flash and take an incident report. Verify no crash
Change-Id: I5150aa3dddf9d59c1c9d6d32370370e8cde23946
The referenced object could be destroyed and result in native crash when
mCallback is used.
Bug: 156536687
Test: manual test with registering a section from an app
Change-Id: Ie36c0e6e64be1246539f12999f037c24377686dd
Hold mLock when accessing mBatch and mHandlerLooper in ReportHandler.
Fixes: 147326028
Test: Take an incident report. Verify no race condition.
Change-Id: I9d6da0067731f253532f60e5abb12dfb238b5411
EncodedBuffer is used a lot in incidentd. EncodedBuffer uses malloc
internally to acquire memory. Frequently creating and destroying
EncodedBuffer creates memory fragmentation, leading to high memory
usage after taking an incident report.
Also fixes a few other places with lots of malloc/free operations.
This change:
* Creates a pool of EncodedBuffer in incidentd. The saving is
significant. It reduces EncodedBuffer creation from 3 per section to
3 per report.
* Replaces malloc with mmap inside EncodedBuffer. mmap is guaranteed
to be mem page aligned, so there will be no mem fragmentation after
destroying EncodedBuffer.
* Replaces new with mmap inside TombstoneSection
* Forks a process to execute LogSection, because liblog malloc & free
significant amount of memory
Result:
PSS before taking a report: 1295 KB
PSS after taking a report: 1336 KB
Bug: 150311553
Test: heapprofd
Change-Id: I83bd9c969b751c80b2f42747020799bd85d8aae6
TextDumpsysSection used to inherent WorkerThreadSection, which
allocates 2x more memory than the dumped content. This change saves
the extra allocation by writing dumpsys content directly to FdBuffer.
Bug: 150311553
Test: Manually run "incident -p EXPLICIT 4000"
Change-Id: I9c0c0db75c8595822ee0711040e8865dd69378b6
The detached thread may live longer than the caller, and then "data"
goes out of scope. Fix it by managing data using a strong pointer.
Fixes: 151335416
Test: turn on hwasan, tweak WorkerThreadSection timeout, verify no
hwasan error
Change-Id: I179204b17c381e4e920b9aee07900150d9497639
Enable Incidentd to dump any existing dumpsys section in plain text
(as dumpsys.proto), only in eng or userdebug build. This is for a
few dumpsys services that are prohibitively expensive to migrate to
protobuf dumpsys or will undergo a major rewrite (thus render the
previously defined proto completely useless).
Bug: 149816498
Bug: 146085372
Bug: 146086519
Test: $ incident -p EXPLICIT 4000 4001
Change-Id: I0693d9bace0055cfeb63d7c8d48995d57dc0b733
(cherry picked from commit 95ba73f9c9815da08cdb7015195939a3c1b250bd)
Mark incident report section registration and unregistration as public
APIs, and protect them with
android.permission.REGISTER_INCIDENT_REPORT_SECTION.
Bug: 144789854
Test: Build
Change-Id: I0d79ca12054292412e10a63ba2e6f45a149066a9
Add an API for priv and system app to register a dump callback with
Incident Service.
Bug: 145924375
Test: Register a callback dumping a string. Capture an incident report
and verify that the customized section exist.
Change-Id: I6fff6c1ee97e25963068d284ba37adce1bb5ec31
on go device when try to get timestamp, the value over-followed sometimes
as a result, GtsIncidentManagerTestCases would fail due to a negative timestamp
Bug: 142513252
Change-Id: I7d5e701bb8bf4e788a718e093681f97b95cb8551
FileDescriptor type in AIDL was translated into const unique_fd& in C++.
Now, it is unique_fd, i.e. passed by value, to make it easier to keep it
beyond the scope of the call.
Bug: 144943748
Test: m
Exempt-From-Owner-Approval: cherry-pick from internal
Merged-In: I2b87761401361f9cf96cdda070f26e70a5c6c935
(cherry picked from commit b8ba23418aa6868ec14e82c29311021e382a19bc)
Change-Id: I2b87761401361f9cf96cdda070f26e70a5c6c935
FileDescriptor type in AIDL was translated into const unique_fd& in C++.
Now, it is unique_fd, i.e. passed by value, to make it easier to keep it
beyond the scope of the call.
Bug: 144943748
Test: m
Change-Id: I2b87761401361f9cf96cdda070f26e70a5c6c935
Instead of just relying on the regular iteration through the system
services inside dumpstate, add another API to IIncidentManager
dedicated for dumpstate.
- It is only callable by dumpstate() (check the calling uid)
- It has the same behavior as the current call inside dump()
Advantages:
- More explicit function name, right next to takeIncidentReport will
make it easier to keep them in sync.
- Nobody else can call it, make security easier.
- If dumpstate calls it explicitly, it can skip the 10 second timeout
- The regular dump() call should provide debugging data about
incidentd itself, for example timestamps for the most recent N
incident reports taken and the current state of the work directory,
allowing us to debug incidentd itself.
Bug: 137493082
Test: Manually trigger a bug report, and verify
/proto/incident_log.proto in the zip file.
Change-Id: I19139c765b53ede63d3beb3ea3ac40ada1aba42d
Merged-In: I19139c765b53ede63d3beb3ea3ac40ada1aba42d
timespec::tv_sec is time_t which is 32bit wide on
32bit platforms. Multipliyng 32bit integers (tv_sec and
1000) produces another 32bit integer which overflows
in this case and turns into a negative value which
confuses the logic downstream. This change makes the
multiplication to be 64bit which prevent the overflow.
Bug: 139320584
Bug: 139538727
Test: GtsIncidentManagerTestCases
Change-Id: Ie956074961c7c1f08e2519920f7ce69d5c9e12d3
Signed-off-by: Roman Kiryanov <rkir@google.com>
(cherry picked from commit e9db937f4008f097f4ee9dc341a3afc219a96fd9)
Protobuf 3.9.1 redefines google::protobuf::int64 from long long
to int64_t, which is sometimes long and sometimes long long. Use
PRIi64 to print it. Also temporarily cast to int64_t to decouple
this change from the change that updates protobuf.
Bug: 117607748
Test: m checkbuild
Change-Id: I482b957d2262e5001140ed1153c7de2b17facae2
This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.
This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.
This will introduce at most two more linked files at the same time.
Bug: 130543265
Tested: manually on crosshatch-userdebug
Merged-In: Iaaa312d2d9da73ca329807211227a8c7a049102c
Change-Id: Iaaa312d2d9da73ca329807211227a8c7a049102c
(cherry picked from commit 09a847902fa428f97841c3689b9f11243cc60460)
- The buffer size increased, and the CTS test that checked that
was triggering.
- Privacy filtering wasn't working for the stack trace sections
- The incident command was not handling the default arguments correctly
- The throttler was throttling streaming reports, which made the
test flaky.
Bug: 126253679
Test: atest CtsIncidentHostTestCases
Change-Id: I342cd7d0421ea8c22b7796fc99e779f21855af73
+ Sections which require encryption will be encryted on disk.
+ When the sections are requested by clients (e.g., permission controller, report assignee),
incidentd will decrypte the data.
+ For efficiency, encryption is done ONLY for sections that require encryption.
+ Use Keystore API for key management.
Bug: 131084614
Test: incidentd_test
Change-Id: I84d6b86807ba5bbde1051e847b2df6e79e6b5be5
+ Remove the spawned thread inside the ReportFile for filter_and_write_report
because it leads to accessing freed memory
Instead, let the caller of ReportFile::startFileteringData create the thread.
ReportFile class shouldn't care about whether it's writing to a pipe for IPC
or regular file.
+ Add uri building in incidentd
+ Add metadata and headers to incident reports
Test: existing passed tests in incidentd_test still pass.
Manually tested with statsd
Change-Id: I5fef900d31f5d181275814f1e1c8c98443f201a7
Previously, the decision to include or not include them was
done at runtime. This changes them to be behind a compile
time flag. It's just safer, because the code just isn't there
instead of being dependent on a system property.
Test: bit GtsIncidentManagerTestCases:*
Bug: 123543706
Change-Id: If4e611914a7b0acd399ae27e55af8f718aee3ec8
Added or changed some error messages and logging for easier debugging.
Log a few section errors to incident metadata in addition to logcat.
Also let incident reporting continue instead of failing when non-fatal
error occurs.
Bug: 119417232
Test: Take an incident report, and logcat.
Change-Id: Id18b7b690100923a8074d99b2312ee80c0bcd760
Implement dump() function in IncidentService so that it can be dumped by
default. Dumpstate calls it twice, one with and one without '--proto'.
dump() ignores the former.
Dumpsys allows 10s max for each service. Hence, section 1200, 1201, 1202
are skipped because they take too long. Section 3008 and 3015 are
skipped temporarily due to errors. All sections should be enabled once
we find a workaround.
A follow-up change in SELinux is needed to allow dumpstate to access
incidentd.
Bug: 119417232
Test: Run `adb shell dumpsys incident --proto`, inspect result and logs
Test: Run `adb bugreport`, make sure incident.proto is in the zip file
Check the proto for validity via aprotoc:
cat incident.proto | ./out/soong/host/linux-x86/bin/aprotoc --decode_raw
Exempt-From-Owner-Approval: The original owners no longer work on this
project.
Change-Id: I7d08f6b644cb6751b201fb7ba37ac5e1c42fd3c5
A few switches didn't have explicit breaks in them, which was causing
warnings. They were all benign, as the logic did not necessitate a
break. But this is will stop the warnings and perhaps prevent future
bugs.
Change-Id: Idb293a4896f4df8d3f11d748e0e716efc26bbd6a
Fixes: 119047812
Test: N/A
