Merge "goldfish: add ril" into pi-dev
diff --git a/arm32-vendor.mk b/arm32-vendor.mk
new file mode 100644
index 0000000..3209c4a
--- /dev/null
+++ b/arm32-vendor.mk
@@ -0,0 +1,12 @@
+
+PRODUCT_PROPERTY_OVERRIDES += \
+ vendor.rild.libpath=/vendor/lib/libreference-ril.so
+
+# Note: the following lines need to stay at the beginning so that it can
+# take priority and override the rules it inherit from other mk files
+# see copy file rules in core/Makefile
+PRODUCT_COPY_FILES += \
+ development/sys-img/advancedFeatures.ini.arm:advancedFeatures.ini \
+ prebuilts/qemu-kernel/arm64/3.18/kernel-qemu2:kernel-ranchu-64 \
+ device/generic/goldfish/fstab.ranchu.arm:$(TARGET_COPY_OUT_VENDOR)/etc/fstab.ranchu
+
diff --git a/arm64-vendor.mk b/arm64-vendor.mk
new file mode 100644
index 0000000..7696a8e
--- /dev/null
+++ b/arm64-vendor.mk
@@ -0,0 +1,12 @@
+
+PRODUCT_PROPERTY_OVERRIDES += \
+ vendor.rild.libpath=/vendor/lib64/libreference-ril.so
+
+# Note: the following lines need to stay at the beginning so that it can
+# take priority and override the rules it inherit from other mk files
+# see copy file rules in core/Makefile
+PRODUCT_COPY_FILES += \
+ development/sys-img/advancedFeatures.ini.arm:advancedFeatures.ini \
+ prebuilts/qemu-kernel/arm64/3.18/kernel-qemu2:kernel-ranchu \
+ device/generic/goldfish/fstab.ranchu.arm:$(TARGET_COPY_OUT_VENDOR)/etc/fstab.ranchu
+
diff --git a/init.ranchu.rc b/init.ranchu.rc
index 2193c58..9c23a81 100644
--- a/init.ranchu.rc
+++ b/init.ranchu.rc
@@ -56,9 +56,9 @@
group root
disabled
-service emu_hostapd /vendor/bin/execns router /vendor/bin/hw/hostapd /vendor/etc/simulated_hostapd.conf
+service emu_hostapd /vendor/bin/execns -u wifi -g wifi router /vendor/bin/hostapd_nohidl /vendor/etc/simulated_hostapd.conf
user root
- group root wifi
+ group root wifi net_raw net_admin
disabled
service dhcpserver /vendor/bin/execns router /vendor/bin/dhcpserver --range 192.168.232.2,192.168.239.254 --gateway 192.168.232.1 --netmask 255.255.248.0 --exclude-interface eth0
diff --git a/manifest.xml b/manifest.xml
index f534912..7e723c4 100644
--- a/manifest.xml
+++ b/manifest.xml
@@ -192,6 +192,15 @@
</interface>
</hal>
<hal format="hidl">
+ <name>android.hardware.wifi.hostapd</name>
+ <transport>hwbinder</transport>
+ <version>1.0</version>
+ <interface>
+ <name>IHostapd</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <hal format="hidl">
<name>android.hardware.wifi.supplicant</name>
<transport>hwbinder</transport>
<version>1.0</version>
diff --git a/vendor.mk b/vendor.mk
new file mode 100644
index 0000000..411b51e
--- /dev/null
+++ b/vendor.mk
@@ -0,0 +1,148 @@
+#
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# This file is to configure vendor/data partitions of emulator-related products
+#
+
+# Device modules
+PRODUCT_PACKAGES += \
+ gralloc.goldfish \
+ gralloc.goldfish.default \
+ gralloc.ranchu \
+ libGLESv1_CM_emulation \
+ lib_renderControl_enc \
+ libEGL_emulation \
+ libGLESv2_enc \
+ libOpenglSystemCommon \
+ libGLESv2_emulation \
+ libGLESv1_enc \
+ libEGL_swiftshader \
+ libGLESv1_CM_swiftshader \
+ libGLESv2_swiftshader \
+ qemu-props \
+ camera.goldfish \
+ camera.goldfish.jpeg \
+ camera.ranchu \
+ camera.ranchu.jpeg \
+ gatekeeper.ranchu \
+ lights.goldfish \
+ gps.goldfish \
+ gps.ranchu \
+ fingerprint.goldfish \
+ sensors.goldfish \
+ audio.primary.goldfish \
+ audio.primary.goldfish_legacy \
+ vibrator.goldfish \
+ power.goldfish \
+ power.ranchu \
+ fingerprint.ranchu \
+ sensors.ranchu \
+ android.hardware.graphics.composer@2.1-impl \
+ android.hardware.graphics.composer@2.1-service \
+ android.hardware.graphics.allocator@2.0-service \
+ android.hardware.graphics.allocator@2.0-impl \
+ android.hardware.graphics.mapper@2.0-impl \
+ hwcomposer.goldfish \
+ hwcomposer.ranchu \
+ toybox_vendor \
+ android.hardware.audio@2.0-service \
+ android.hardware.wifi@1.0-service \
+ android.hardware.biometrics.fingerprint@2.1-service \
+ sh_vendor \
+ audio.r_submix.default \
+ local_time.default \
+ SdkSetup
+
+PRODUCT_PACKAGES += \
+ android.hardware.audio@2.0-impl \
+ android.hardware.audio.effect@2.0-impl \
+ android.hardware.broadcastradio@1.1-service \
+ android.hardware.broadcastradio@1.0-impl \
+ android.hardware.soundtrigger@2.0-impl
+
+PRODUCT_PACKAGES += \
+ android.hardware.keymaster@3.0-impl \
+ android.hardware.keymaster@3.0-service
+
+PRODUCT_PACKAGES += \
+ android.hardware.keymaster@4.0-strongbox-service
+
+PRODUCT_PACKAGES += \
+ android.hardware.gnss@1.0-service \
+ android.hardware.gnss@1.0-impl
+
+PRODUCT_PACKAGES += \
+ android.hardware.sensors@1.0-impl \
+ android.hardware.sensors@1.0-service
+
+PRODUCT_PACKAGES += \
+ android.hardware.drm@1.0-service \
+ android.hardware.drm@1.0-impl
+
+PRODUCT_PACKAGES += \
+ android.hardware.power@1.0-service \
+ android.hardware.power@1.0-impl
+
+PRODUCT_PACKAGES += \
+ camera.device@1.0-impl \
+ android.hardware.camera.provider@2.4-service \
+ android.hardware.camera.provider@2.4-impl \
+
+PRODUCT_PACKAGES += \
+ android.hardware.gatekeeper@1.0-impl \
+ android.hardware.gatekeeper@1.0-service
+
+# WiFi: vendor side
+PRODUCT_PACKAGES += \
+ createns \
+ dhcpclient \
+ dhcpserver \
+ execns \
+ hostapd \
+ hostapd_nohidl \
+ ipv6proxy \
+ wpa_supplicant \
+
+PRODUCT_COPY_FILES += \
+ device/generic/goldfish/data/etc/apns-conf.xml:data/misc/apns/apns-conf.xml \
+ device/generic/goldfish/init.ranchu-core.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-core.sh \
+ device/generic/goldfish/init.ranchu-net.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-net.sh \
+ device/generic/goldfish/wifi/init.wifi.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.wifi.sh \
+ device/generic/goldfish/init.ranchu.rc:$(TARGET_COPY_OUT_VENDOR)/etc/init/hw/init.ranchu.rc \
+ device/generic/goldfish/fstab.ranchu:$(TARGET_COPY_OUT_VENDOR)/etc/fstab.ranchu \
+ device/generic/goldfish/ueventd.ranchu.rc:$(TARGET_COPY_OUT_VENDOR)/ueventd.rc \
+ device/generic/goldfish/input/goldfish_rotary.idc:$(TARGET_COPY_OUT_VENDOR)/usr/idc/goldfish_rotary.idc \
+ device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
+ device/generic/goldfish/data/etc/permissions/privapp-permissions-goldfish.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/privapp-permissions-goldfish.xml \
+ device/generic/goldfish/data/etc/config.ini:config.ini \
+ device/generic/goldfish/wifi/simulated_hostapd.conf:$(TARGET_COPY_OUT_VENDOR)/etc/simulated_hostapd.conf \
+ device/generic/goldfish/wifi/wpa_supplicant.conf:$(TARGET_COPY_OUT_VENDOR)/etc/wifi/wpa_supplicant.conf \
+ device/generic/goldfish/wifi/WifiConfigStore.xml:data/misc/wifi/WifiConfigStore.xml \
+ frameworks/native/data/etc/android.hardware.wifi.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.wifi.xml \
+ device/generic/goldfish/data/etc/handheld_core_hardware.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/handheld_core_hardware.xml \
+ device/generic/goldfish/camera/media_profiles.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_profiles_V1_0.xml \
+ frameworks/av/media/libstagefright/data/media_codecs_google_audio.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_audio.xml \
+ frameworks/av/media/libstagefright/data/media_codecs_google_telephony.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_telephony.xml \
+ device/generic/goldfish/camera/media_codecs_google_video.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_video.xml \
+ device/generic/goldfish/camera/media_codecs.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs.xml \
+ device/generic/goldfish/camera/media_codecs_performance.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_performance.xml \
+ frameworks/native/data/etc/android.hardware.touchscreen.multitouch.jazzhand.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.touchscreen.multitouch.jazzhand.xml \
+ frameworks/native/data/etc/android.hardware.camera.autofocus.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.autofocus.xml \
+ frameworks/native/data/etc/android.hardware.camera.full.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.camera.full.xml \
+ frameworks/native/data/etc/android.hardware.fingerprint.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.fingerprint.xml \
+ frameworks/native/data/etc/android.software.autofill.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.software.autofill.xml \
+ frameworks/av/media/libeffects/data/audio_effects.conf:$(TARGET_COPY_OUT_VENDOR)/etc/audio_effects.conf \
+ device/generic/goldfish/audio_policy.conf:$(TARGET_COPY_OUT_VENDOR)/etc/audio_policy.conf
diff --git a/wifi/execns/execns.cpp b/wifi/execns/execns.cpp
index e5506da..770d249 100644
--- a/wifi/execns/execns.cpp
+++ b/wifi/execns/execns.cpp
@@ -19,6 +19,8 @@
#include <errno.h>
#include <fcntl.h>
+#include <grp.h>
+#include <pwd.h>
#include <sched.h>
#include <stdio.h>
#include <string.h>
@@ -77,7 +79,7 @@
};
static void printUsage(const char* program) {
- LOGE("%s <namespace> <program> [options...]", program);
+ LOGE("%s [-u user] [-g group] <namespace> <program> [options...]", program);
}
static bool isNumericString(const char* str) {
@@ -147,6 +149,34 @@
return true;
}
+static bool changeUser(const char* user) {
+ struct passwd* pwd = ::getpwnam(user);
+ if (pwd == nullptr) {
+ LOGE("Could not find user '%s'", user);
+ return false;
+ }
+
+ if (::setuid(pwd->pw_uid) != 0) {
+ LOGE("Cannot switch to user '%s': %s", user, strerror(errno));
+ return false;
+ }
+ return true;
+}
+
+static bool changeGroup(const char* group) {
+ struct group* grp = ::getgrnam(group);
+ if (grp == nullptr) {
+ LOGE("Could not find group '%s'", group);
+ return false;
+ }
+
+ if (::setgid(grp->gr_gid) != 0) {
+ LOGE("Cannot switch to group '%s': %s", group, strerror(errno));
+ return false;
+ }
+ return true;
+}
+
// Append a formatted string to the end of |buffer|. The total size in |buffer|
// is |size|, including any existing string data. The string to append is
// specified by |fmt| and any additional arguments required by the format
@@ -220,17 +250,61 @@
*/
int main(int argc, char* argv[]) {
isTerminal = isatty(STDOUT_FILENO) != 0;
- if (argc < 3) {
+
+ // Parse parameters
+ const char* user = nullptr;
+ const char* group = nullptr;
+ int nsArg = -1;
+ int execArg = -1;
+ for (int i = 1; i < argc; ++i) {
+ if (::strcmp(argv[i], "-u") == 0) {
+ if (user || i + 1 >= argc) {
+ LOGE("Missing argument to option -u");
+ return 1;
+ }
+ user = argv[++i];
+ } else if (::strcmp(argv[i], "-g") == 0) {
+ if (group || i + 1 >= argc) {
+ LOGE("Missing argument to option -g");
+ return 1;
+ }
+ group = argv[++i];
+ } else {
+ // Break on the first non-option and treat it as the namespace name
+ nsArg = i;
+ if (i + 1 < argc) {
+ execArg = i + 1;
+ }
+ break;
+ }
+ }
+
+ if (nsArg < 0 || execArg < 0) {
+ // Missing namespace and/or exec arguments
printUsage(argv[0]);
return 1;
}
// First set the new network namespace for this process
- if (!setNetworkNamespace(argv[1])) {
+ if (!setNetworkNamespace(argv[nsArg])) {
+ return 1;
+ }
+
+ // Changing namespace is the privileged operation, so now we can drop
+ // privileges by changing user and/or group if the user requested it. Note
+ // that it's important to change group first because it must be done as a
+ // privileged user. Otherwise an attacker might be able to restore group
+ // privileges by using the group ID that is saved by setgid when running
+ // as a non-privileged user.
+ if (group && !changeGroup(group)) {
+ return 1;
+ }
+
+ if (user && !changeUser(user)) {
return 1;
}
// Now run the command with all the remaining parameters
- return execCommand(argc - 2, &argv[2]);
+ return execCommand(argc - execArg, &argv[execArg]);
}
diff --git a/x86-vendor.mk b/x86-vendor.mk
new file mode 100644
index 0000000..6b34eaf
--- /dev/null
+++ b/x86-vendor.mk
@@ -0,0 +1,13 @@
+
+PRODUCT_PROPERTY_OVERRIDES += \
+ vendor.rild.libpath=/vendor/lib/libreference-ril.so
+
+# This is a build configuration for a full-featured build of the
+# Open-Source part of the tree. It's geared toward a US-centric
+# build quite specifically for the emulator, and might not be
+# entirely appropriate to inherit from for on-device configurations.
+PRODUCT_COPY_FILES += \
+ development/sys-img/advancedFeatures.ini:advancedFeatures.ini \
+ device/generic/goldfish/data/etc/encryptionkey.img:encryptionkey.img \
+ prebuilts/qemu-kernel/x86_64/4.9/kernel-qemu2:kernel-ranchu-64
+
diff --git a/x86_64-vendor.mk b/x86_64-vendor.mk
new file mode 100644
index 0000000..f585573
--- /dev/null
+++ b/x86_64-vendor.mk
@@ -0,0 +1,13 @@
+
+PRODUCT_PROPERTY_OVERRIDES += \
+ vendor.rild.libpath=/vendor/lib64/libreference-ril.so
+
+# This is a build configuration for a full-featured build of the
+# Open-Source part of the tree. It's geared toward a US-centric
+# build quite specifically for the emulator, and might not be
+# entirely appropriate to inherit from for on-device configurations.
+PRODUCT_COPY_FILES += \
+ development/sys-img/advancedFeatures.ini:advancedFeatures.ini \
+ device/generic/goldfish/data/etc/encryptionkey.img:encryptionkey.img \
+ prebuilts/qemu-kernel/x86_64/4.9/kernel-qemu2:kernel-ranchu
+