Age | Commit message (Collapse) | Author |
|
Vendor processes do not have access to /dev/binder. Calling
defaultServiceManager() without RW permission will crash the process
with error message "Binder driver could not be opened. Terminating."
Normally, VNDK version of libcutils.so would not have the codepath of
ashmemd. However, on non-VNDK this codepath is exercised.
We check if the current process has permissions to /dev/binder before
calling defaultServiceManager() to avoid crashing. The calling code in
libcutils.so handles inability to connect ashmemd correctly. It will
fall back to opening /dev/ashmem directly. Vendor code should already
have permissions for that.
This SELinux denial shows which permissions need to be checked for:
avc: denied { read write } for name="binder" dev="tmpfs" ino=5570
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:binder_device:s0
tclass=chr_file permissive=0
Note that the problem only manifests on non-VNDK devices.
Bug: 129073672
Test: ashmemd_test
Test: VtsHalSensorsV1_0TargetTest
--gtest_filter=SensorsHidlTest.AccelerometerAshmemDirectReportOperationNormal
Test: atest CtsOsTestCases:android.os.cts.SeccompTest#testIsolatedServicePolicy
Change-Id: I23bef7986298811ce2bd84c3fdc9c9e22837c368
Merged-In: I23bef7986298811ce2bd84c3fdc9c9e22837c368
(cherry picked from commit febe203d835f89eede3979e44bb80b2cda523047)
|
|
defaultServiceManager()'"" am: eb512b6888 am: 93bbcd8c46
am: 2e3f50fd67
Change-Id: Ie67fd8d129434c5c42e1e9179d36195766ed886b
|
|
defaultServiceManager()'"" am: eb512b6888
am: 93bbcd8c46
Change-Id: I1004bd5943fe096955b42dd6e961fb78ebcb5252
|
|
defaultServiceManager()'""
am: eb512b6888
Change-Id: I4741b279595f0881921428982cc5b745bc140cc8
|
|
defaultServiceManager()'""
|
|
defaultServiceManager()'"
This reverts commit a526f3d41640506ebd457c2ed91b923d6f187d0b.
Reason for revert: b/129483782 Isolated apps don't have seccomp permissions to access() syscall. CTS seccomp test is broken.
Change-Id: I90ddf2016c8d2e433d2c8a4f8dd5e8563104533e
|
|
defaultServiceManager()'" am: 4f42ac7989 am: d16c37d5a0
am: 3f5816670e
Change-Id: Ie8d2a72af579b43437a56e2371ce7fee41a95251
|
|
defaultServiceManager()'" am: 4f42ac7989
am: d16c37d5a0
Change-Id: I624ed23839a297b652701079aab7e6c091eefb4d
|
|
am: 4f42ac7989
Change-Id: I4b1e7225c794feb31b2e7759a49667c80d9b3b30
|
|
|
|
am: 844b0b7e39
Change-Id: I51d36fa24ca70135403659a407cfb9fd64f02bbd
|
|
am: 6e165439ae
Change-Id: Ia9a84759221dbb11108424ec18bd483faeb87e3b
|
|
am: dc0fc79c74
Change-Id: I0eefc4f70f0c1ff6fb61baaf378af13b370e25d8
|
|
|
|
2fd4b8732c am: f59d13c2bb
am: c7707d1fce
Change-Id: I6f576246c88bebb5810e3a706b03c602cf739a84
|
|
2fd4b8732c
am: f59d13c2bb
Change-Id: I523788f91b185a3de835477198d99c1a74b0a6b4
|
|
am: 2fd4b8732c
Change-Id: I9d810e0260ed300dd1a497850adf5096f57421eb
|
|
Vendor processes do not have access to /dev/binder. Calling
defaultServiceManager() without RW permission will crash the process
with error message "Binder driver could not be opened. Terminating."
Normally, VNDK version of libcutils.so would not have the codepath of
ashmemd. However, on non-VNDK this codepath is exercised.
We check if the current process has permissions to /dev/binder before
calling defaultServiceManager() to avoid crashing. The calling code in
libcutils.so handles inability to connect ashmemd correctly. It will
fall back to opening /dev/ashmem directly. Vendor code should already
have permissions for that.
This SELinux denial shows which permissions need to be checked for:
avc: denied { read write } for name="binder" dev="tmpfs" ino=5570
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:binder_device:s0
tclass=chr_file permissive=0
Note that the problem only manifests on non-VNDK devices.
Bug: 129073672
Test: ashmemd_test
Test: VtsHalSensorsV1_0TargetTest
--gtest_filter=SensorsHidlTest.AccelerometerAshmemDirectReportOperationNormal
Change-Id: If7319d09d092946d6f9bfac0d15b6ca2eae85a24
|
|
This reverts commit 41b7c708217752a4b30cc022b5917957274c47e2.
Reason for revert: boot denial on sailfish/marlin
Change-Id: I3dad32c3b07bcab0a0bfffb9a06d66f767af7391
|
|
41b7c70821 am: 5e682c2851
am: 1ab425f135
Change-Id: I6648512fd0d5074b7299f3b9148a9905c4f8c912
|
|
am: 5e682c2851
Change-Id: Iaa776c7824bd4986d5618d2d5f2208ca023a5e99
|
|
am: 41b7c70821
Change-Id: Idfe934eb2e7339b7bfbbd4fbfaacbcce670baf72
|
|
Vendor processes do not have access to /dev/binder. Calling
defaultServiceManager() without RW permission will crash the process
with error message "Binder driver could not be opened. Terminating."
Normally, VNDK version of libcutils.so would not have the codepath of
ashmemd. However, on non-VNDK this codepath is exercised.
We check if the current process has permissions to /dev/binder before
calling defaultServiceManager() to avoid crashing. The calling code in
libcutils.so handles inability to connect ashmemd correctly. It will
fall back to opening /dev/ashmem directly. Vendor code should already
have permissions for that.
This SELinux denial shows which permissions need to be checked for:
avc: denied { read write } for name="binder" dev="tmpfs" ino=5570
scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:binder_device:s0
tclass=chr_file permissive=0
Note that the problem only manifests on non-VNDK devices.
Bug: 129073672
Test: ashmemd_test
Test: VtsHalSensorsV1_0TargetTest
--gtest_filter=SensorsHidlTest.AccelerometerAshmemDirectReportOperationNormal
Change-Id: I6f4992fd701de77db7b0f9a1b0f1c7b58e547aec
|
|
Bug: n/a
Test: presubmit
Change-Id: I21a805bddf5ae356b5c2dcd4814651f6b3ad2130
|
|
am: 5b8024f3a4
Change-Id: I9cc910aad5e7d166622faf0216d84e5574f2ade2
|
|
am: 0d7dfbd354
Change-Id: I9e14052779e1a5ca04f2a612994440f114b9c484
|
|
am: 8411a3b016
Change-Id: Iaea5bca7f97f5dd6385d5d0bb6a4d9f0d75ed029
|
|
On non-VNDK device (e.g. sailfish) the code path to ashmemd is the same,
which results in vendor processes always failing to get ashmemd service.
Use checkService() to fail immediately, instead of waiting for the
service.
Fixes: 123999623
Test: boot sailfish, no sleep cycles when trying to reach ashmemd.
Change-Id: I4fce14fad28b509cd112370bc4cc2eafd45c6c75
|
|
am: 1603bce403
Change-Id: I63ce1e02ac3670b705d2b21786e525bb92100637
|
|
am: dc048f1715
Change-Id: Iad6408ae0c238acd58b4565610408544824fad40
|
|
am: df205799f3
Change-Id: I45720cf5fd010b0ff654b4cad97f8394a8049e22
|
|
Motivation: we want to replace /dev/ashmem with memfd. To do so we need
all usage of /dev/ashmem to go through libcutils. Once that happens, we
migrate libcutils to use memfd.
ashmemd is our way to enforce that apps are using the existing
ASharedMemory_create API and not bypassing it to go directly to
/dev/ashmem.
ashmemd serves opened file descriptors. The following way should be the
only way for apps to open an fd to /dev/ashmem:
app -> ASharedMemory_create -> libcutils -> ashmemd -> /dev/ashmem
Bug: 113362644
Test: ashmemd_test
Change-Id: I9068cefa950f91dba0f1b75daca23f02d933b1c8
|
|
|