See https://source.android.com/setup/contribute/respectful-code for reference
BUG=161896447
Test: make (change is only comments + 1 log message)
Change-Id: I8a21ef4ce19c517853388d8f7542f3a0cf8d91d5
Merged-In: I26ef8e079bf13f19bdc3bbc8219f572a43b68090
The [&] capture does not handle smart pointers (unique_ptr, unique_fd
etc) well, which lead to leaked pointers. Fix by explicitly move the
smart pointers.
Bug: 158097879
Test: Build, flash and take an incident report. Verify no crash
Change-Id: I5150aa3dddf9d59c1c9d6d32370370e8cde23946
The referenced object could be destroyed and result in native crash when
mCallback is used.
Bug: 156536687
Test: manual test with registering a section from an app
Change-Id: Ie36c0e6e64be1246539f12999f037c24377686dd
Hold mLock when accessing mBatch and mHandlerLooper in ReportHandler.
Fixes: 147326028
Test: Take an incident report. Verify no race condition.
Change-Id: I9d6da0067731f253532f60e5abb12dfb238b5411
EncodedBuffer is used a lot in incidentd. EncodedBuffer uses malloc
internally to acquire memory. Frequently creating and destroying
EncodedBuffer creates memory fragmentation, leading to high memory
usage after taking an incident report.
Also fixes a few other places with lots of malloc/free operations.
This change:
* Creates a pool of EncodedBuffer in incidentd. The saving is
significant. It reduces EncodedBuffer creation from 3 per section to
3 per report.
* Replaces malloc with mmap inside EncodedBuffer. mmap is guaranteed
to be mem page aligned, so there will be no mem fragmentation after
destroying EncodedBuffer.
* Replaces new with mmap inside TombstoneSection
* Forks a process to execute LogSection, because liblog malloc & free
significant amount of memory
Result:
PSS before taking a report: 1295 KB
PSS after taking a report: 1336 KB
Bug: 150311553
Test: heapprofd
Change-Id: I83bd9c969b751c80b2f42747020799bd85d8aae6
TextDumpsysSection used to inherent WorkerThreadSection, which
allocates 2x more memory than the dumped content. This change saves
the extra allocation by writing dumpsys content directly to FdBuffer.
Bug: 150311553
Test: Manually run "incident -p EXPLICIT 4000"
Change-Id: I9c0c0db75c8595822ee0711040e8865dd69378b6
The detached thread may live longer than the caller, and then "data"
goes out of scope. Fix it by managing data using a strong pointer.
Fixes: 151335416
Test: turn on hwasan, tweak WorkerThreadSection timeout, verify no
hwasan error
Change-Id: I179204b17c381e4e920b9aee07900150d9497639
Enable Incidentd to dump any existing dumpsys section in plain text
(as dumpsys.proto), only in eng or userdebug build. This is for a
few dumpsys services that are prohibitively expensive to migrate to
protobuf dumpsys or will undergo a major rewrite (thus render the
previously defined proto completely useless).
Bug: 149816498
Bug: 146085372
Bug: 146086519
Test: $ incident -p EXPLICIT 4000 4001
Change-Id: I0693d9bace0055cfeb63d7c8d48995d57dc0b733
(cherry picked from commit 95ba73f9c9815da08cdb7015195939a3c1b250bd)
Add SensorServiceProto for protobuf dumpsys of sensorservice. Primarily
used by incident service to capture an incident report proto.
Also add a gensrc rule to generate cpp headers of frameworks proto to
be used by native services like sensorservice. Added "static" qualifier
to a few generated fields in the header to avoid linker conflict.
Command to invoke (any of the following after lunch and env setup):
$ adb shell dumpsys sensorservice --proto
$ adb shell incident 3053
$ incident_report 3053
Bug: 146086105
Test: Execute the above commands and compare the output against dumpsys
sensorservice
Change-Id: I282ff37bd3e845464d0693d69fc0d82943cc9855
Mark incident report section registration and unregistration as public
APIs, and protect them with
android.permission.REGISTER_INCIDENT_REPORT_SECTION.
Bug: 144789854
Test: Build
Change-Id: I0d79ca12054292412e10a63ba2e6f45a149066a9
Add an API for priv and system app to register a dump callback with
Incident Service.
Bug: 145924375
Test: Register a callback dumping a string. Capture an incident report
and verify that the customized section exist.
Change-Id: I6fff6c1ee97e25963068d284ba37adce1bb5ec31
on go device when try to get timestamp, the value over-followed sometimes
as a result, GtsIncidentManagerTestCases would fail due to a negative timestamp
Bug: 142513252
Change-Id: I7d5e701bb8bf4e788a718e093681f97b95cb8551
FileDescriptor type in AIDL was translated into const unique_fd& in C++.
Now, it is unique_fd, i.e. passed by value, to make it easier to keep it
beyond the scope of the call.
Bug: 144943748
Test: m
Exempt-From-Owner-Approval: cherry-pick from internal
Merged-In: I2b87761401361f9cf96cdda070f26e70a5c6c935
(cherry picked from commit b8ba23418aa6868ec14e82c29311021e382a19bc)
Change-Id: I2b87761401361f9cf96cdda070f26e70a5c6c935
FileDescriptor type in AIDL was translated into const unique_fd& in C++.
Now, it is unique_fd, i.e. passed by value, to make it easier to keep it
beyond the scope of the call.
Bug: 144943748
Test: m
Change-Id: I2b87761401361f9cf96cdda070f26e70a5c6c935
Instead of just relying on the regular iteration through the system
services inside dumpstate, add another API to IIncidentManager
dedicated for dumpstate.
- It is only callable by dumpstate() (check the calling uid)
- It has the same behavior as the current call inside dump()
Advantages:
- More explicit function name, right next to takeIncidentReport will
make it easier to keep them in sync.
- Nobody else can call it, make security easier.
- If dumpstate calls it explicitly, it can skip the 10 second timeout
- The regular dump() call should provide debugging data about
incidentd itself, for example timestamps for the most recent N
incident reports taken and the current state of the work directory,
allowing us to debug incidentd itself.
Bug: 137493082
Test: Manually trigger a bug report, and verify
/proto/incident_log.proto in the zip file.
Change-Id: I19139c765b53ede63d3beb3ea3ac40ada1aba42d
Merged-In: I19139c765b53ede63d3beb3ea3ac40ada1aba42d
timespec::tv_sec is time_t which is 32bit wide on
32bit platforms. Multipliyng 32bit integers (tv_sec and
1000) produces another 32bit integer which overflows
in this case and turns into a negative value which
confuses the logic downstream. This change makes the
multiplication to be 64bit which prevent the overflow.
Bug: 139320584
Bug: 139538727
Test: GtsIncidentManagerTestCases
Change-Id: Ie956074961c7c1f08e2519920f7ce69d5c9e12d3
Signed-off-by: Roman Kiryanov <rkir@google.com>
(cherry picked from commit e9db937f4008f097f4ee9dc341a3afc219a96fd9)
Protobuf 3.9.1 redefines google::protobuf::int64 from long long
to int64_t, which is sometimes long and sometimes long long. Use
PRIi64 to print it. Also temporarily cast to int64_t to decouple
this change from the change that updates protobuf.
Bug: 117607748
Test: m checkbuild
Change-Id: I482b957d2262e5001140ed1153c7de2b17facae2
This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.
This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.
This will introduce at most two more linked files at the same time.
Bug: 130543265
Tested: manually on crosshatch-userdebug
Merged-In: Iaaa312d2d9da73ca329807211227a8c7a049102c
Change-Id: Iaaa312d2d9da73ca329807211227a8c7a049102c
(cherry picked from commit 09a847902fa428f97841c3689b9f11243cc60460)
- The buffer size increased, and the CTS test that checked that
was triggering.
- Privacy filtering wasn't working for the stack trace sections
- The incident command was not handling the default arguments correctly
- The throttler was throttling streaming reports, which made the
test flaky.
Bug: 126253679
Test: atest CtsIncidentHostTestCases
Change-Id: I342cd7d0421ea8c22b7796fc99e779f21855af73
+ Sections which require encryption will be encryted on disk.
+ When the sections are requested by clients (e.g., permission controller, report assignee),
incidentd will decrypte the data.
+ For efficiency, encryption is done ONLY for sections that require encryption.
+ Use Keystore API for key management.
Bug: 131084614
Test: incidentd_test
Change-Id: I84d6b86807ba5bbde1051e847b2df6e79e6b5be5
+ Remove the spawned thread inside the ReportFile for filter_and_write_report
because it leads to accessing freed memory
Instead, let the caller of ReportFile::startFileteringData create the thread.
ReportFile class shouldn't care about whether it's writing to a pipe for IPC
or regular file.
+ Add uri building in incidentd
+ Add metadata and headers to incident reports
Test: existing passed tests in incidentd_test still pass.
Manually tested with statsd
Change-Id: I5fef900d31f5d181275814f1e1c8c98443f201a7
Previously, the decision to include or not include them was
done at runtime. This changes them to be behind a compile
time flag. It's just safer, because the code just isn't there
instead of being dependent on a system property.
Test: bit GtsIncidentManagerTestCases:*
Bug: 123543706
Change-Id: If4e611914a7b0acd399ae27e55af8f718aee3ec8
