Merge "Revert "Track removal of the inputflinger binary.""
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index be80cce..4c4c95b 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -275,59 +275,61 @@
"usage: fastboot [ <option> ] <command>\n"
"\n"
"commands:\n"
- " update <filename> reflash device from update.zip\n"
- " flashall flash boot, system, vendor and if found,\n"
- " recovery\n"
- " flash <partition> [ <filename> ] write a file to a flash partition\n"
- " flashing lock locks the device. Prevents flashing"
- " partitions\n"
- " flashing unlock unlocks the device. Allows user to"
- " flash any partition except the ones"
- " that are related to bootloader\n"
- " flashing lock_critical Prevents flashing bootloader related"
- " partitions\n"
- " flashing unlock_critical Enables flashing bootloader related"
- " partitions\n"
- " flashing get_unlock_ability Queries bootloader to see if the"
- " device is unlocked\n"
- " erase <partition> erase a flash partition\n"
- " format[:[<fs type>][:[<size>]] <partition> format a flash partition.\n"
- " Can override the fs type and/or\n"
- " size the bootloader reports.\n"
- " getvar <variable> display a bootloader variable\n"
- " boot <kernel> [ <ramdisk> ] download and boot kernel\n"
- " flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it\n"
- " devices list all connected devices\n"
- " continue continue with autoboot\n"
- " reboot [bootloader] reboot device, optionally into bootloader\n"
- " reboot-bootloader reboot device into bootloader\n"
- " help show this help message\n"
+ " update <filename> Reflash device from update.zip.\n"
+ " flashall Flash boot, system, vendor, and --\n"
+ " if found -- recovery.\n"
+ " flash <partition> [ <filename> ] Write a file to a flash partition.\n"
+ " flashing lock Locks the device. Prevents flashing.\n"
+ " flashing unlock Unlocks the device. Allows flashing\n"
+ " any partition except\n"
+ " bootloader-related partitions.\n"
+ " flashing lock_critical Prevents flashing bootloader-related\n"
+ " partitions.\n"
+ " flashing unlock_critical Enables flashing bootloader-related\n"
+ " partitions.\n"
+ " flashing get_unlock_ability Queries bootloader to see if the\n"
+ " device is unlocked.\n"
+ " erase <partition> Erase a flash partition.\n"
+ " format[:[<fs type>][:[<size>]] <partition>\n"
+ " Format a flash partition. Can\n"
+ " override the fs type and/or size\n"
+ " the bootloader reports.\n"
+ " getvar <variable> Display a bootloader variable.\n"
+ " boot <kernel> [ <ramdisk> [ <second> ] ] Download and boot kernel.\n"
+ " flash:raw boot <kernel> [ <ramdisk> [ <second> ] ]\n"
+ " Create bootimage and flash it.\n"
+ " devices [-l] List all connected devices [with\n"
+ " device paths].\n"
+ " continue Continue with autoboot.\n"
+ " reboot [bootloader] Reboot device [into bootloader].\n"
+ " reboot-bootloader Reboot device into bootloader.\n"
+ " help Show this help message.\n"
"\n"
"options:\n"
- " -w erase userdata and cache (and format\n"
- " if supported by partition type)\n"
- " -u do not first erase partition before\n"
- " formatting\n"
- " -s <specific device> specify device serial number\n"
- " or path to device port\n"
- " -l with \"devices\", lists device paths\n"
- " -p <product> specify product name\n"
- " -c <cmdline> override kernel commandline\n"
- " -i <vendor id> specify a custom USB vendor id\n"
- " -b <base_addr> specify a custom kernel base address.\n"
- " default: 0x10000000\n"
- " -n <page size> specify the nand page size.\n"
- " default: 2048\n"
- " -S <size>[K|M|G] automatically sparse files greater\n"
- " than size. 0 to disable\n"
+ " -w Erase userdata and cache (and format\n"
+ " if supported by partition type).\n"
+ " -u Do not erase partition before\n"
+ " formatting.\n"
+ " -s <specific device> Specify device serial number\n"
+ " or path to device port.\n"
+ " -p <product> Specify product name.\n"
+ " -c <cmdline> Override kernel commandline.\n"
+ " -i <vendor id> Specify a custom USB vendor id.\n"
+ " -b <base_addr> Specify a custom kernel base\n"
+ " address (default: 0x10000000).\n"
+ " -n <page size> Specify the nand page size\n"
+ " (default: 2048).\n"
+ " -S <size>[K|M|G] Automatically sparse files greater\n"
+ " than 'size'. 0 to disable.\n"
);
}
void *load_bootable_image(const char *kernel, const char *ramdisk,
- unsigned *sz, const char *cmdline)
+ const char *secondstage, unsigned *sz,
+ const char *cmdline)
{
- void *kdata = 0, *rdata = 0;
- unsigned ksize = 0, rsize = 0;
+ void *kdata = 0, *rdata = 0, *sdata = 0;
+ unsigned ksize = 0, rsize = 0, ssize = 0;
void *bdata;
unsigned bsize;
@@ -363,10 +365,18 @@
}
}
+ if (secondstage) {
+ sdata = load_file(secondstage, &ssize);
+ if(sdata == 0) {
+ fprintf(stderr,"cannot load '%s': %s\n", secondstage, strerror(errno));
+ return 0;
+ }
+ }
+
fprintf(stderr,"creating boot image...\n");
bdata = mkbootimg(kdata, ksize, kernel_offset,
rdata, rsize, ramdisk_offset,
- 0, 0, second_offset,
+ sdata, ssize, second_offset,
page_size, base_addr, tags_offset, &bsize);
if(bdata == 0) {
fprintf(stderr,"failed to create boot.img\n");
@@ -1172,6 +1182,7 @@
} else if(!strcmp(*argv, "boot")) {
char *kname = 0;
char *rname = 0;
+ char *sname = 0;
skip(1);
if (argc > 0) {
kname = argv[0];
@@ -1181,7 +1192,11 @@
rname = argv[0];
skip(1);
}
- data = load_bootable_image(kname, rname, &sz, cmdline);
+ if (argc > 0) {
+ sname = argv[0];
+ skip(1);
+ }
+ data = load_bootable_image(kname, rname, sname, &sz, cmdline);
if (data == 0) return 1;
fb_queue_download("boot.img", data, sz);
fb_queue_command("boot", "booting");
@@ -1205,14 +1220,18 @@
char *pname = argv[1];
char *kname = argv[2];
char *rname = 0;
+ char *sname = 0;
require(3);
- if(argc > 3) {
- rname = argv[3];
- skip(4);
- } else {
- skip(3);
+ skip(3);
+ if (argc > 0) {
+ rname = argv[0];
+ skip(1);
}
- data = load_bootable_image(kname, rname, &sz, cmdline);
+ if (argc > 0) {
+ sname = argv[0];
+ skip(1);
+ }
+ data = load_bootable_image(kname, rname, sname, &sz, cmdline);
if (data == 0) die("cannot load bootable image");
fb_queue_flash(pname, data, sz);
} else if(!strcmp(*argv, "flashall")) {
diff --git a/fingerprintd/FingerprintDaemonProxy.cpp b/fingerprintd/FingerprintDaemonProxy.cpp
index a8a4024..a55f30a 100644
--- a/fingerprintd/FingerprintDaemonProxy.cpp
+++ b/fingerprintd/FingerprintDaemonProxy.cpp
@@ -41,7 +41,7 @@
closeHal();
}
-void FingerprintDaemonProxy::hal_notify_callback(fingerprint_msg_t msg) {
+void FingerprintDaemonProxy::hal_notify_callback(const fingerprint_msg_t *msg) {
FingerprintDaemonProxy* instance = FingerprintDaemonProxy::getInstance();
const sp<IFingerprintDaemonCallback> callback = instance->mCallback;
if (callback == NULL) {
@@ -49,52 +49,52 @@
return;
}
const int64_t device = (int64_t) instance->mDevice;
- switch (msg.type) {
+ switch (msg->type) {
case FINGERPRINT_ERROR:
- ALOGD("onError(%d)", msg.data.error);
- callback->onError(device, msg.data.error);
+ ALOGD("onError(%d)", msg->data.error);
+ callback->onError(device, msg->data.error);
break;
case FINGERPRINT_ACQUIRED:
- ALOGD("onAcquired(%d)", msg.data.acquired.acquired_info);
- callback->onAcquired(device, msg.data.acquired.acquired_info);
+ ALOGD("onAcquired(%d)", msg->data.acquired.acquired_info);
+ callback->onAcquired(device, msg->data.acquired.acquired_info);
break;
case FINGERPRINT_AUTHENTICATED:
ALOGD("onAuthenticated(fid=%d, gid=%d)",
- msg.data.authenticated.finger.fid,
- msg.data.authenticated.finger.gid);
- if (msg.data.authenticated.finger.fid != 0) {
- uint8_t* hat = reinterpret_cast<uint8_t *>(&msg.data.authenticated.hat);
- instance->notifyKeystore(hat, sizeof(msg.data.authenticated.hat));
+ msg->data.authenticated.finger.fid,
+ msg->data.authenticated.finger.gid);
+ if (msg->data.authenticated.finger.fid != 0) {
+ const uint8_t* hat = reinterpret_cast<const uint8_t *>(&msg->data.authenticated.hat);
+ instance->notifyKeystore(hat, sizeof(msg->data.authenticated.hat));
}
callback->onAuthenticated(device,
- msg.data.authenticated.finger.fid,
- msg.data.authenticated.finger.gid);
+ msg->data.authenticated.finger.fid,
+ msg->data.authenticated.finger.gid);
break;
case FINGERPRINT_TEMPLATE_ENROLLING:
ALOGD("onEnrollResult(fid=%d, gid=%d, rem=%d)",
- msg.data.enroll.finger.fid,
- msg.data.enroll.finger.gid,
- msg.data.enroll.samples_remaining);
+ msg->data.enroll.finger.fid,
+ msg->data.enroll.finger.gid,
+ msg->data.enroll.samples_remaining);
callback->onEnrollResult(device,
- msg.data.enroll.finger.fid,
- msg.data.enroll.finger.gid,
- msg.data.enroll.samples_remaining);
+ msg->data.enroll.finger.fid,
+ msg->data.enroll.finger.gid,
+ msg->data.enroll.samples_remaining);
break;
case FINGERPRINT_TEMPLATE_REMOVED:
ALOGD("onRemove(fid=%d, gid=%d)",
- msg.data.removed.finger.fid,
- msg.data.removed.finger.gid);
+ msg->data.removed.finger.fid,
+ msg->data.removed.finger.gid);
callback->onRemoved(device,
- msg.data.removed.finger.fid,
- msg.data.removed.finger.gid);
+ msg->data.removed.finger.fid,
+ msg->data.removed.finger.gid);
break;
default:
- ALOGE("invalid msg: %d", msg.type);
+ ALOGE("invalid msg type: %d", msg->type);
return;
}
}
-void FingerprintDaemonProxy::notifyKeystore(uint8_t *auth_token, size_t auth_token_length) {
+void FingerprintDaemonProxy::notifyKeystore(const uint8_t *auth_token, const size_t auth_token_length) {
if (auth_token != NULL && auth_token_length > 0) {
// TODO: cache service?
sp < IServiceManager > sm = defaultServiceManager();
@@ -151,10 +151,7 @@
int32_t FingerprintDaemonProxy::remove(int32_t fingerId, int32_t groupId) {
ALOG(LOG_VERBOSE, LOG_TAG, "remove(fid=%d, gid=%d)\n", fingerId, groupId);
- fingerprint_finger_id_t finger;
- finger.fid = fingerId;
- finger.gid = groupId;
- return mDevice->remove(mDevice, finger);
+ return mDevice->remove(mDevice, groupId, fingerId);
}
uint64_t FingerprintDaemonProxy::getAuthenticatorId() {
diff --git a/fingerprintd/FingerprintDaemonProxy.h b/fingerprintd/FingerprintDaemonProxy.h
index 95c926b..50d30ef 100644
--- a/fingerprintd/FingerprintDaemonProxy.h
+++ b/fingerprintd/FingerprintDaemonProxy.h
@@ -48,8 +48,8 @@
FingerprintDaemonProxy();
virtual ~FingerprintDaemonProxy();
void binderDied(const wp<IBinder>& who);
- void notifyKeystore(uint8_t *auth_token, size_t auth_token_length);
- static void hal_notify_callback(fingerprint_msg_t msg);
+ void notifyKeystore(const uint8_t *auth_token, const size_t auth_token_length);
+ static void hal_notify_callback(const fingerprint_msg_t *msg);
static FingerprintDaemonProxy* sInstance;
fingerprint_module_t const* mModule;
diff --git a/fingerprintd/IFingerprintDaemon.h b/fingerprintd/IFingerprintDaemon.h
index fe3f64b..08cb008 100644
--- a/fingerprintd/IFingerprintDaemon.h
+++ b/fingerprintd/IFingerprintDaemon.h
@@ -65,7 +65,7 @@
// DECLARE_META_INTERFACE - C++ client interface not needed
static const android::String16 descriptor;
- static void hal_notify_callback(fingerprint_msg_t msg);
+ static void hal_notify_callback(const fingerprint_msg_t *msg);
};
// ----------------------------------------------------------------------------
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c
index 15d44ef..1a812b2 100644
--- a/fs_mgr/fs_mgr.c
+++ b/fs_mgr/fs_mgr.c
@@ -98,7 +98,7 @@
int status;
int ret;
long tmpmnt_flags = MS_NOATIME | MS_NOEXEC | MS_NOSUID;
- char *tmpmnt_opts = "nomblk_io_submit,errors=remount-ro";
+ char tmpmnt_opts[64] = "errors=remount-ro";
char *e2fsck_argv[] = {
E2FSCK_BIN,
"-y",
@@ -121,6 +121,10 @@
* fix the filesystem.
*/
errno = 0;
+ if (!strcmp(fs_type, "ext4")) {
+ // This option is only valid with ext4
+ strlcat(tmpmnt_opts, ",nomblk_io_submit", sizeof(tmpmnt_opts));
+ }
ret = mount(blk_device, target, fs_type, tmpmnt_flags, tmpmnt_opts);
INFO("%s(): mount(%s,%s,%s)=%d: %s\n",
__func__, blk_device, target, fs_type, ret, strerror(errno));
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index 81c7c9a..0a945a3 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -767,8 +767,24 @@
static int load_verity_state(struct fstab_rec *fstab, int *mode)
{
- off64_t offset = 0;
+ char propbuf[PROPERTY_VALUE_MAX];
int match = 0;
+ off64_t offset = 0;
+
+ /* use the kernel parameter if set */
+ property_get("ro.boot.veritymode", propbuf, "");
+
+ if (*propbuf != '\0') {
+ if (!strcmp(propbuf, "enforcing")) {
+ *mode = VERITY_MODE_DEFAULT;
+ return 0;
+ } else if (!strcmp(propbuf, "logging")) {
+ *mode = VERITY_MODE_LOGGING;
+ return 0;
+ } else {
+ INFO("Unknown value %s for veritymode; ignoring", propbuf);
+ }
+ }
if (get_verity_state_offset(fstab, &offset) < 0) {
/* fall back to stateless behavior */
@@ -855,6 +871,13 @@
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
struct fstab *fstab = NULL;
+ /* check if we need to store the state */
+ property_get("ro.boot.veritymode", propbuf, "");
+
+ if (*propbuf != '\0') {
+ return 0; /* state is kept by the bootloader */
+ }
+
fd = TEMP_FAILURE_RETRY(open("/dev/device-mapper", O_RDWR | O_CLOEXEC));
if (fd == -1) {
diff --git a/include/cutils/sched_policy.h b/include/cutils/sched_policy.h
index ba84ce3..6a8d570 100644
--- a/include/cutils/sched_policy.h
+++ b/include/cutils/sched_policy.h
@@ -34,6 +34,8 @@
SP_SYSTEM_DEFAULT = SP_FOREGROUND,
} SchedPolicy;
+extern int set_cpuset_policy(int tid, SchedPolicy policy);
+
/* Assign thread tid to the cgroup associated with the specified policy.
* If the thread is a thread group leader, that is it's gettid() == getpid(),
* then the other threads in the same thread group are _not_ affected.
diff --git a/init/Android.mk b/init/Android.mk
index f154cc3..6ef8dff 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -18,8 +18,6 @@
-Wno-unused-parameter \
-Werror \
-init_clang := true
-
# --
include $(CLEAR_VARS)
@@ -32,7 +30,7 @@
LOCAL_STATIC_LIBRARIES := libbase
LOCAL_MODULE := libinit
-LOCAL_CLANG := $(init_clang)
+LOCAL_CLANG := true
include $(BUILD_STATIC_LIBRARY)
include $(CLEAR_VARS)
@@ -81,7 +79,7 @@
ln -sf ../init $(TARGET_ROOT_OUT)/sbin/ueventd; \
ln -sf ../init $(TARGET_ROOT_OUT)/sbin/watchdogd
-LOCAL_CLANG := $(init_clang)
+LOCAL_CLANG := true
include $(BUILD_EXECUTABLE)
@@ -98,5 +96,5 @@
libbase \
LOCAL_STATIC_LIBRARIES := libinit
-LOCAL_CLANG := $(init_clang)
+LOCAL_CLANG := true
include $(BUILD_NATIVE_TEST)
diff --git a/libcutils/Android.mk b/libcutils/Android.mk
index d5a9050..79344e6 100644
--- a/libcutils/Android.mk
+++ b/libcutils/Android.mk
@@ -122,6 +122,9 @@
LOCAL_C_INCLUDES := $(libcutils_c_includes)
LOCAL_STATIC_LIBRARIES := liblog
+ifneq ($(ENABLE_CPUSETS),)
+LOCAL_CFLAGS += -DUSE_CPUSETS
+endif
LOCAL_CFLAGS += -Werror -std=gnu90
include $(BUILD_STATIC_LIBRARY)
@@ -131,6 +134,9 @@
# liblog symbols present in libcutils.
LOCAL_WHOLE_STATIC_LIBRARIES := libcutils liblog
LOCAL_SHARED_LIBRARIES := liblog
+ifneq ($(ENABLE_CPUSETS),)
+LOCAL_CFLAGS += -DUSE_CPUSETS
+endif
LOCAL_CFLAGS += -Werror
LOCAL_C_INCLUDES := $(libcutils_c_includes)
include $(BUILD_SHARED_LIBRARY)
diff --git a/libcutils/sched_policy.c b/libcutils/sched_policy.c
index dfc8777..a7ff85e 100644
--- a/libcutils/sched_policy.c
+++ b/libcutils/sched_policy.c
@@ -1,16 +1,16 @@
/*
** Copyright 2007, The Android Open Source Project
**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
+** Licensed under the Apache License, Version 2.0 (the "License");
+** you may not use this file except in compliance with the License.
+** You may obtain a copy of the License at
**
-** http://www.apache.org/licenses/LICENSE-2.0
+** http://www.apache.org/licenses/LICENSE-2.0
**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
+** Unless required by applicable law or agreed to in writing, software
+** distributed under the License is distributed on an "AS IS" BASIS,
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+** See the License for the specific language governing permissions and
** limitations under the License.
*/
@@ -59,27 +59,16 @@
static int bg_cgroup_fd = -1;
static int fg_cgroup_fd = -1;
+// File descriptors open to /dev/cpuset/../tasks, setup by initialize, or -1 on error
+static int bg_cpuset_fd = -1;
+static int fg_cpuset_fd = -1;
+
/* Add tid to the scheduling group defined by the policy */
-static int add_tid_to_cgroup(int tid, SchedPolicy policy)
+static int add_tid_to_cgroup(int tid, int fd)
{
- int fd;
-
- switch (policy) {
- case SP_BACKGROUND:
- fd = bg_cgroup_fd;
- break;
- case SP_FOREGROUND:
- case SP_AUDIO_APP:
- case SP_AUDIO_SYS:
- fd = fg_cgroup_fd;
- break;
- default:
- fd = -1;
- break;
- }
-
if (fd < 0) {
- SLOGE("add_tid_to_cgroup failed; policy=%d\n", policy);
+ SLOGE("add_tid_to_cgroup failed; fd=%d\n", fd);
+ errno = EINVAL;
return -1;
}
@@ -100,8 +89,9 @@
*/
if (errno == ESRCH)
return 0;
- SLOGW("add_tid_to_cgroup failed to write '%s' (%s); policy=%d\n",
- ptr, strerror(errno), policy);
+ SLOGW("add_tid_to_cgroup failed to write '%s' (%s); fd=%d\n",
+ ptr, strerror(errno), fd);
+ errno = EINVAL;
return -1;
}
@@ -127,6 +117,17 @@
} else {
__sys_supports_schedgroups = 0;
}
+
+#ifdef USE_CPUSETS
+ if (!access("/dev/cpuset/tasks", F_OK)) {
+
+ filename = "/dev/cpuset/foreground/tasks";
+ fg_cpuset_fd = open(filename, O_WRONLY | O_CLOEXEC);
+ filename = "/dev/cpuset/background/tasks";
+ bg_cpuset_fd = open(filename, O_WRONLY | O_CLOEXEC);
+ }
+#endif
+
}
/*
@@ -236,6 +237,45 @@
return 0;
}
+int set_cpuset_policy(int tid, SchedPolicy policy)
+{
+ // in the absence of cpusets, use the old sched policy
+#ifndef USE_CPUSETS
+ return set_sched_policy(tid, policy);
+#else
+ if (tid == 0) {
+ tid = gettid();
+ }
+ policy = _policy(policy);
+ pthread_once(&the_once, __initialize);
+
+ int fd;
+ switch (policy) {
+ case SP_BACKGROUND:
+ fd = bg_cpuset_fd;
+ break;
+ case SP_FOREGROUND:
+ case SP_AUDIO_APP:
+ case SP_AUDIO_SYS:
+ fd = fg_cpuset_fd;
+ break;
+ default:
+ fd = -1;
+ break;
+ }
+
+ if (add_tid_to_cgroup(tid, fd) != 0) {
+ if (errno != ESRCH && errno != ENOENT)
+ return -errno;
+ }
+
+ // we do both setting of cpuset and setting of cgroup
+ // ensures that backgrounded apps are actually deprioritized
+ // including on core 0
+ return set_sched_policy(tid, policy);
+#endif
+}
+
int set_sched_policy(int tid, SchedPolicy policy)
{
if (tid == 0) {
@@ -286,7 +326,23 @@
#endif
if (__sys_supports_schedgroups) {
- if (add_tid_to_cgroup(tid, policy)) {
+ int fd;
+ switch (policy) {
+ case SP_BACKGROUND:
+ fd = bg_cgroup_fd;
+ break;
+ case SP_FOREGROUND:
+ case SP_AUDIO_APP:
+ case SP_AUDIO_SYS:
+ fd = fg_cgroup_fd;
+ break;
+ default:
+ fd = -1;
+ break;
+ }
+
+
+ if (add_tid_to_cgroup(tid, fd) != 0) {
if (errno != ESRCH && errno != ENOENT)
return -errno;
}
@@ -296,7 +352,7 @@
param.sched_priority = 0;
sched_setscheduler(tid,
(policy == SP_BACKGROUND) ?
- SCHED_BATCH : SCHED_NORMAL,
+ SCHED_BATCH : SCHED_NORMAL,
¶m);
}
@@ -337,4 +393,3 @@
else
return "error";
}
-
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 8ec7c9a..0b7e192 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -125,6 +125,28 @@
write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
+ # sets up initial cpusets for ActivityManager
+ mkdir /dev/cpuset
+ mount cpuset none /dev/cpuset
+ mkdir /dev/cpuset/foreground
+ mkdir /dev/cpuset/background
+ # this ensures that the cpusets are present and usable, but the device's
+ # init.rc must actually set the correct cpus
+ write /dev/cpuset/foreground/cpus 0
+ write /dev/cpuset/background/cpus 0
+ write /dev/cpuset/foreground/mems 0
+ write /dev/cpuset/background/mems 0
+ chown system system /dev/cpuset
+ chown system system /dev/cpuset/foreground
+ chown system system /dev/cpuset/background
+ chown system system /dev/cpuset/tasks
+ chown system system /dev/cpuset/foreground/tasks
+ chown system system /dev/cpuset/background/tasks
+ chmod 0644 /dev/cpuset/foreground/tasks
+ chmod 0644 /dev/cpuset/background/tasks
+ chmod 0644 /dev/cpuset/tasks
+
+
# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.