Use media utility function limitProcessMemory().
Test: restrict mediametrics memory by property, ensure restart
Bug: 152084875
Change-Id: I20b51cecd67e9ac5e03ab34c1c68b1cfd0b8a964
Test: Boot device, see if setup video plays
Test: atp/tv_***_video_playback_smoke_test
Bug: 151156096
Bug: 151163101
Change-Id: I768bf36765fdc5dbd81c4c7632741f47e148147b
ensures that the @include'd policy files (code_coverage, crash_dump)
used by mainlined media processes are carried within the respective
APEX files. Parent policy files now @include the copy held within
the apex.
Bug: 147914640
Test: built/booted/examined filesystem
Change-Id: I34213fbc93ca51696b6a5a3c60bfd3ffa7ce6764
This was accidentally removed when converting MediaExtractorService
to AIDL, but is needed for large MediaBuffers
Bug: 147152626
Bug: 147835592
Test: CTS, manual test app
Change-Id: I403968efa4319f316aa2ba5c0d7db71a0781b883
Due to security constraints, platform profilers that do remote stack
unwinding need the target process' cooperation. This is implemented via
a bionic signal handler.
On debug builds, media extractor can end up being targeted by such
system-wide profiling, which can crash the process due to
seccomp/minijail (specifically, due to sendmsg that is used for sending
file descriptors over a unix socket).
Tested: synced updated binary to crosshatch-userdebug, confirmed that
sending signal 36 with si_val 1 doesn't crash mediaextractor.
Bug: 149328505
Change-Id: Idf34e08edf99a82c72146aebeb5e46e5cf5af2f3
This is intended to recover from cases when the MIDI extractor gets
stuck in an infinite (or very long) loop.
The extractor code is 3rd party and hard to harden - this gives us
at least an eventual recovery.
Change-Id: I8d2fd85f91d1d2749c5620cf8518583076d2f6d7
Bug: 127313764
Bug: 127313537
Bug: 127313223
Bug: 127312550
Bug: 127310810
Bug: 126380818
use @include to bring in the minijail policy information needed so that
we can write out code coverage information on such builds; the included
code coverage policy files is appropriate full/empty based on code
coverage flags.
Bug: 139313557
Bug: 148178774
Bug: 148177815
Test: 'kill -37' on processes in a code-coverage-enabled build
Test: 'kill -37' on processes in a NON code-coverage-enabled build
Change-Id: I9d5880343347ddc586e50f9eafb65e1ff7ba3748
(cherry picked from commit 40d50f3fea)
FileDescriptor type in AIDL was translated into const unique_fd& in C++.
Now, it is unique_fd, i.e. passed by value, to make it easier to keep it
beyond the scope of the call.
Bug: 144943748
Test: m
Change-Id: Ic6b1a4cba71c0fedb206b5ca3fb65b9944bbd69f
use @include to bring in the minijail policy information needed so that
we can write out code coverage information on such builds; the included
code coverage policy files is appropriate full/empty based on code
coverage flags.
Bug: 139313557
Test: 'kill -37' on processes in a code-coverage-enabled build
Test: 'kill -37' on processes in a NON code-coverage-enabled build
Change-Id: I9d5880343347ddc586e50f9eafb65e1ff7ba3748
This is preparation for having a subclass of DataSourceFactory which
is only used in mediaserver process with OMA (forward-lock) use case.
Test: build
Bug: 142567168
Change-Id: I2a1ab3d1ae89f657a84376d9a95d4e814b545b4f
into libdatasource, which contains:
DataSourceFactory
(Clear)FileSource
(Clear)MediaHTTP
DataURISource
HTTPBase
NuCachedSource2
This is needed to break a circular dependency in an upcoming CL.
Test: build, boot
Change-Id: I34d9937235c78f18f51b18945342a0743e209577
Merged-In: I34d9937235c78f18f51b18945342a0743e209577
into libdatasource, which contains:
DataSourceFactory
(Clear)FileSource
(Clear)MediaHTTP
DataURISource
HTTPBase
NuCachedSource2
This is needed to break a circular dependency in an upcoming CL.
Test: build, boot
Change-Id: I34d9937235c78f18f51b18945342a0743e209577
The mediaswcodec and mediaextractor use the scudo libraries as a
sanitizer. This has some downsides since it bypasses all of the normal
allocation handlers used by the rest of the system.
Switching from the plain sanitizer to a wrapper library libc_scudo.so
allows the use of the allocation handler code from
bionic/libc/bionic/malloc_common.cpp.
This is a temporary workaround, later versions of Android should
support scudo as a first class native allocator.
NOTE: The two libraries that make up the scudo override combined are
smaller than the libclang_rt.scudo-XXX.so library, so this is a space
win too.
Bug: 123689570
Test: Builds and boots. Verified that scudo is used as the allocator.
Test: Verified that the allocation limit is properly set for mediaextractor.
Test: Ran a few of the CtsMediaTestCases tests.
Change-Id: I3bdf76bfeea503b33da765e093e38818b620a481
Switch to using a dynamically-linked library function to initialize
ICU, not a statically-linked function. This means the knowledge of file
paths stays in the runtime module.
Bug: 120493361
Test: build/boot
Exempt-From-Owner-Approval: It's just a cherry-pick
Merged-In: Ibe1d5ffd50e5cce76b1b01788954dcfb4762b1c6
Change-Id: Ibe1d5ffd50e5cce76b1b01788954dcfb4762b1c6
The RLIMIT_AS limit was introduced as a security mitigation, but it
isn't exactly what the media processes want to control. It is also
problematic under sanitizers which allocate large amounts of address
space as shadow memory, and is especially problematic under shadow
call stack, which requires 16MB of address space per thread. Instead,
use the newly introduced android_mallopt(M_SET_ALLOCATION_LIMIT_BYTES)
to control the allocator's memory limit directly.
Also remove ASAN/HWASAN/CFI specific hacks; they are no longer
necessary because these tools consume address space using mmap and
not the allocator, and remove the 64-bit pointer check before calling
__scudo_set_rss_limit, since otherwise the limit would stop being
enforced in 32-bit mode with Scudo.
Bug: 118642754
Change-Id: Ie66128626976c0b04d5dafd455c375bbfdccc083
Switch to using a dynamically-linked library function to initialize
ICU, not a statically-linked function. This means the knowledge of file
paths stays in the runtime module.
Bug: 120493361
Test: build/boot
Change-Id: Ibe1d5ffd50e5cce76b1b01788954dcfb4762b1c6
Delay start of mediaserver and mediaextractor during boot until after the
Runtime APEX is mounted.
They depend on ICU / the ICU .dat file which are provided by the Runtime
APEX.
Test: flash & boot
Bug: 123275379
Bug: 113373927
Bug: 123176717
Change-Id: Idfe80054b6afe8f7449e698f59413ecefb280957
BUG: 122902673
Test:
lunch sdk_gphone_x86_64-userdebug
make -j
emulator
mediaextractor should not be killed by minijail anymore
Change-Id: I0e2547376fb6e8d6a7e9316c6013cedf6a9cdeac
Make each extractor plugin export a list of file types it supports,
so we no longer need to hardcode such a list in the framework.
Test: manual
Change-Id: I1e41a5d477ea56960ad3e4bc35f5183c03c3fe3a
Scudo is a hardened usermode allocator that aims at mitigating
heap-based vulnerabilities (heap overflow, double free, etc).
See go/scudo-allocator for more information.
This change enables the allocator for the mediaextractor service,
effectively linking in the Scudo dynamic library to the binary.
Allocation functions will be serviced by the allocator.
The 'deallocation-type-mismatch' check had to be disabled as some
third party libraries were triggering it.
In the event of a heap bug detected, the allocator will abort the
process with a 'Scudo ERROR' message in the log followed by the cause
(corrupted header, invalid state & so on) and the stack trace.
Test: CtsMediaTestCases on a marlin
Bug: 63907455
Change-Id: I9e0ea03c0d39e723a880e7fcd761fe0718bbbacd
libicuuc and libicui18n are moved into APEX, but
they have no stable ABI due to the version suffix.
Use libandroidicu which provides stable symbol.
See http://go/apex-stable-icu4c-interface for the design.
See http://aosp/801855 for libandroidicu implementation.
Bug: 117094880
Test: m checkbuild
Merged-In: Ida6aac85dfb79bf8e7a3a2540e567ee211279e09
Change-Id: Ida6aac85dfb79bf8e7a3a2540e567ee211279e09
(cherry picked from commit b6826d9e88)
libicuuc and libicui18n are moved into APEX, but
they have no stable ABI due to the version suffix.
Use libandroidicu which provides stable symbol.
See http://go/apex-stable-icu4c-interface for the design.
See http://aosp/801855 for libandroidicu implementation.
Bug: 117094880
Test: m checkbuild
Change-Id: Ida6aac85dfb79bf8e7a3a2540e567ee211279e09