| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Bug: http://b/128523258
Test: manual
Change-Id: I4430a8d309c0e9b5315aaae3e7d223c05b7ea3e5
|
| |
|
|
|
|
|
|
|
| |
This is to read profile guide compiled oat files of debuggable apps, which is
needed by simpleperf for profiling.
Bug: none
Test: run run-as manually.
Change-Id: I8ec8897b882be650f02124413c7d20ed8b1b444b
|
| |
|
|
|
|
|
|
|
|
| |
It notifies libselinux that the setcontext request is from run-as.
And libselinux will set current process to runas_app domain, which
can execute app data files.
Bug: 118737210
Test: run CtsSimpleperfTestCases.
Change-Id: Ib94087f910786dd5d2a2b2e3b1bf76dfa7131ced
|
| |
|
|
|
|
| |
Bug: none
Test: none.
Change-Id: I8fc2f9a534675347bae5af0ce12b0bf3d7c32d55
|
| |
|
|
|
|
|
| |
bug: 118501138
bug: 80126373
Test: cts-tradefed run cts-dev -a arm64-v8a -m CtsJvmtiRunTest1908HostTestCases
Change-Id: Iee25afbffc6990b46f508bfe8a9953bd2a35d118
|
| |
|
|
|
|
|
|
| |
This change removes the old Makefile and adds a new blueprint file
Bug: None
Test: m
Change-Id: I2157efc51320f64db53e61cfa669268cfca52ec3
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change adds the ro.boot.disable_runas system property, that when
set, disables the run-as command. This is done to reduce the surface
area of programs that have file based capabilities in Chrome OS, and
what they can do when running in non-developer mode.
Bug: 31630024
Test: run-as still works in aosp_sailfish
Test: run-as still works in Android in Chrome OS (in developer mode)
Change-Id: Iaf1d6f9ceb65081b7a9e17b9b91d8855e4080133
|
| |
|
|
|
|
|
|
|
| |
This broke TCP debugging because processes don't inherit the AID_INET
group.
Bug: 67058466
Test: adb shell run-as com.example.native_activity groups prints "inet".
Change-Id: Ieb461dccda8611057bb2d16334e584eb5e57c8b1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support upcoming disk usage calculation optimizations, this change
creates a new GID for each app that will be used to mark its cached
data. We're allocating these unique GIDs so that we can use
quotactl() to track cached data on a per-app basis.
This change also tightens up the implementation of both the cache
and shared GID calculation to ensure that they stay inside the valid
ranges, and includes tests to verify.
Test: builds, boots, tests pass
Bug: 27948817
Change-Id: Ie4377e5aae267f2da39a165888139228995987cb
|
| |
|
|
|
|
|
|
|
|
| |
Arguably, we don't need a ScopedMinijail for a program that only execs,
but I'd rather keep the code consistent and have all uses of Minijail
be good examples.
Bug: 30156807
Change-Id: I08a968835e0f3e2afcd5e7736626edbed658cde2
|
| |
|
|
|
|
|
| |
We already have to have a Java and a native implementation; we don't
need _two_ native implementations.
Change-Id: I0201205ce5079ef9c747abc37b0c8122cf8fb136
|
| |
|
|
|
|
|
|
|
| |
$USER and $LOGNAME along with $HOME were just plain wrong (leading to a
misleading interactive prompt), and it probably makes sense to reset the
variables that su would reset.
Bug: https://code.google.com/p/android/issues/detail?id=187438
Change-Id: I0404511453d371f36801f0212a8d72d93f0bc8ac
|
| |
|
|
|
|
|
|
| |
1. Calculate AID for spawned process as (100000 * $user) + uid_from_packages.list
2. Use /data/user/$user/$packageDir as a root of a new process if $user != 0.
Change-Id: I761dfb481114bd51e5a950307fcaf403e96eef10
(cherry picked from commit da31778f3b422d9583f334273eb8d9f6aabd5d34)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
package.c gets string.h inherited from
private/android_filesystem_config.h it should
not rely on this in the future. The intent is
to move fs_config function into libcutils and
thus deprecate any need for string.h in this
include file.
Bug: 19908228
Change-Id: I5db6d0a88c5b1eb9f582284e9bdd220c096ea69a
|
| |
|
|
|
|
|
|
|
|
| |
- do not assume that caller has granted effective bits in capabilities
- only elevate capabilities when needed
- suppress capabilities before exec when called as shell,shell,shell
- some Android coding standard cleanup
Bug: 19908228
Change-Id: Ibe3d1c1a0fdcb54c41d7a72395e50ad749df98ce
|
| |
|
|
|
| |
- pointer to integer comparison.
Change-Id: I4a12c357ff5eaf2fc08c19c9efe7e2d7cb0dbe2e
|
| |
|
|
|
|
| |
- remove an abandoned code fragment
Change-Id: I32d4ad820772685c680d200dc00ef11d102c76bd
|
| |\
| |
| |
| |
| | |
* commit 'aed27f8018e4365aa52a5dd8e89c4db2df0273c5':
Fix run-as which was broken in Android 4.3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In Android 4.3 the run-as binary no longer has the SUID/SGID bits
set. Instead, it requires to be installed with setuid and setgid
file-based capabilities. As a result of the above two changes, the
binary no longer executes as root when invoked by the "shell" user
but can still change its UID/GID to that of the target package.
Unfortunately, run-as attempts to chdir into the target package's
data directory before changing its effective UID/GID. As a result,
when run-as is invoked by the "shell" user, the chdir operation
fails.
The fix is for run-as to chdir after changing the effective UID/GID
to those of the target package.
Bug: 10154652
(cherry picked from commit f2904a7b63c2005ab588a9ba2fb309e73200ec81)
Change-Id: I0f6cb9efd49f5c2c491f7aa1d614d700a5ec2304
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The group ownership of the package database
/data/system/packages.list read by run-as was changed in
977a9f3b1a05e6168e8245a1e2061225b68b2b41 from "system" to
"package_info". run-as currently changes its effective group to
"system" and is thus unable to read the database.
This CL fixes the issue by making run-as change its effective group
to "package_info" for reading the package database.
Bug: 10411916
Change-Id: Id23059bfb5b43264824917873a31c287f057ce4e
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The legacy internal layout places users at the top-level of the
filesystem, so handle with new PERM_LEGACY_PRE_ROOT when requested.
Mirror single OBB directory between all users without requiring fancy
bind mounts by letting a nodes graft in another part of the
underlying tree.
Move to everything having "sdcard_r" GID by default, and verify that
calling apps hold "sdcard_rw" when performing mutations. Determines
app group membership from new packages.list column.
Flag to optionally enable sdcard_pics/sdcard_av permissions
splitting. Flag to supply a default GID for all files. Ignore
attempts to access security sensitive files. Fix run-as to check for
new "package_info" GID.
Change-Id: Id5f3680779109141c65fb8fa1daf56597f49ea0d
|
| |\
| |
| |
| |
| |
| |
| | |
pass to libselinux."
* commit 'f19e045c58dafbdc46e848ec5a5c935f472dea34':
run-as: Get seinfo from packages.list and pass to libselinux.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Change allows the proper seinfo value to be passed
to libselinux to switch to the proper app security
context before running the shell.
Change-Id: I9d7ea47c920b1bc09a19008345ed7fd0aa426e87
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
|
| |\|
| |
| |
| |
| | |
* commit 'af4ececc7bd10aec1240acfbfe7756ab8ee16883':
run-as: set the SELinux security context.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Before invoking the specified command or a shell, set the
SELinux security context.
Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
run-as: don't require CAP_DAC_OVERRIDE.
Prevent an adb spawned application from acquiring capabilities
other than
* CAP_NET_RAW
* CAP_SETUID
* CAP_SETGID
The only privileged programs accessible on user builds are
* /system/bin/ping
* /system/bin/run-as
and the capabilities above are sufficient to cover those
two programs.
If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.
Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a
|
| |
|
|
| |
Change-Id: I16d6eab5e674c860be915fde2da7877994bed314
|
| |
|
|
|
| |
Bug: 5904033
Change-Id: Ie815f09a2bf51ad583ded82f652d162a7f70b87e
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch uses mmap() to read /data/system/packages.list
This avoids depending on the size of a fixed static buffer
which may happen to be too short for systems with a lot of
packages installed.
Also avoids calling malloc() which we don't want to trust here
since run-as is a setuid program.
Change-Id: I1d640a08b5d73af2fc80546b01c8d970c7f6b514
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch increases the size of the internal buffer used by run-as
to store the content of /data/system/packages.list from 8KB to 64KB.
It has been reported that, on some systems, 8KB was too small. This
resulted in a truncated file being loaded, and the inability to debug
native applications properly (either because the application was not
found in the list, or because the tool reported a 'corrupted
installation' due to BAD_FORMAT issues when parsing the truncated
file).
See http://code.google.com/p/android/issues/detail?id=16391
Change-Id: I0c35a61b163c4abc6f1a2681adc0ef0d76493171
|
|
|
Typical usage is 'run-as <package-name> <command>' to run <command>
in the data directory, and the user id, of <package-name> if, and only
if <package-name> is the name of an installed and debuggable application.
This relies on the /data/system/packages.list file generated by the
PackageManager service.
BEWARE: This is intended to be available on production devices !
|
