pkg: debian: Drop anbox patches

They don't build on 6.8 anymore. Ubuntu has stopped shipping them and
enables binderfs instead, which can be used instead of the old binder
modules.
This commit is contained in:
Dorian Stoll 2024-03-17 12:16:14 +01:00
parent 727b5a2078
commit 6944979a79
No known key found for this signature in database
GPG key ID: F1DACD02C619442A
3 changed files with 7 additions and 209 deletions

View file

@ -1,132 +0,0 @@
From 408551029a78a655c5fea864b45a8e370d7d9e8c Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 7 Sep 2020 02:51:53 +0100
Subject: [PATCH 1/2] Export symbols needed by Android drivers
We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.
Export the currently un-exported symbols they depend on.
---
fs/file.c | 1 +
kernel/sched/core.c | 1 +
kernel/sched/wait.c | 1 +
kernel/task_work.c | 1 +
mm/memory.c | 1 +
mm/shmem.c | 1 +
security/security.c | 4 ++++
7 files changed, 10 insertions(+)
diff --git a/fs/file.c b/fs/file.c
index 3e4a4dfa38fca..bdded3fcdbd87 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -816,6 +816,7 @@ struct file *close_fd_get_file(unsigned int fd)
return file;
}
+EXPORT_SYMBOL_GPL(close_fd_get_file);
void do_close_on_exec(struct files_struct *files)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 802551e0009bf..2698c78062b2f 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -7253,6 +7253,7 @@ static bool is_nice_reduction(const struct task_struct *p, const int nice)
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE));
}
+EXPORT_SYMBOL_GPL(can_nice);
/*
* can_nice - check if a task can reduce its nice value
diff --git a/kernel/sched/wait.c b/kernel/sched/wait.c
index 802d98cf2de31..8eec46f066d86 100644
--- a/kernel/sched/wait.c
+++ b/kernel/sched/wait.c
@@ -252,6 +252,7 @@ void __wake_up_pollfree(struct wait_queue_head *wq_head)
/* POLLFREE must have cleared the queue. */
WARN_ON_ONCE(waitqueue_active(wq_head));
}
+EXPORT_SYMBOL_GPL(__wake_up_pollfree);
/*
* Note: we use "set_current_state()" _after_ the wait-queue add,
diff --git a/kernel/task_work.c b/kernel/task_work.c
index 95a7e1b7f1dab..972c3280337e8 100644
--- a/kernel/task_work.c
+++ b/kernel/task_work.c
@@ -73,6 +73,7 @@ int task_work_add(struct task_struct *task, struct callback_head *work,
return 0;
}
+EXPORT_SYMBOL_GPL(task_work_add);
/**
* task_work_cancel_match - cancel a pending work added by task_work_add()
diff --git a/mm/memory.c b/mm/memory.c
index 517221f013035..b747095cfea68 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1770,6 +1770,7 @@ void zap_page_range_single(struct vm_area_struct *vma, unsigned long address,
tlb_finish_mmu(&tlb);
hugetlb_zap_end(vma, details);
}
+EXPORT_SYMBOL_GPL(zap_page_range_single);
/**
* zap_vma_ptes - remove ptes mapping the vma
diff --git a/mm/shmem.c b/mm/shmem.c
index 69595d3418829..e155894de651c 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -4871,6 +4871,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
return 0;
}
+EXPORT_SYMBOL_GPL(shmem_zero_setup);
/**
* shmem_read_folio_gfp - read into page cache, using specified page allocation flags.
diff --git a/security/security.c b/security/security.c
index 23b129d482a7c..eeb7162a02674 100644
--- a/security/security.c
+++ b/security/security.c
@@ -799,6 +799,7 @@ int security_binder_set_context_mgr(const struct cred *mgr)
{
return call_int_hook(binder_set_context_mgr, 0, mgr);
}
+EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
/**
* security_binder_transaction() - Check if a binder transaction is allowed
@@ -814,6 +815,7 @@ int security_binder_transaction(const struct cred *from,
{
return call_int_hook(binder_transaction, 0, from, to);
}
+EXPORT_SYMBOL_GPL(security_binder_transaction);
/**
* security_binder_transfer_binder() - Check if a binder transfer is allowed
@@ -829,6 +831,7 @@ int security_binder_transfer_binder(const struct cred *from,
{
return call_int_hook(binder_transfer_binder, 0, from, to);
}
+EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
/**
* security_binder_transfer_file() - Check if a binder file xfer is allowed
@@ -845,6 +848,7 @@ int security_binder_transfer_file(const struct cred *from,
{
return call_int_hook(binder_transfer_file, 0, from, to, file);
}
+EXPORT_SYMBOL_GPL(security_binder_transfer_file);
/**
* security_ptrace_access_check() - Check if tracing is allowed
--
2.42.1

View file

@ -1,71 +0,0 @@
From 2802d75f2b216a35c6a976c0064fcc0e20d82e4b Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Fri, 22 Jun 2018 17:27:00 +0100
Subject: [PATCH 2/2] android: Enable building ashmem and binder as modules
We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.
- Add a MODULE_LICENSE declaration to ashmem
- Change the Makefiles to build each driver as an object with the
"_linux" suffix (which is what Anbox expects)
- Change config symbol types to tristate
Update:
In upstream commit 721412ed3d titled "staging: remove ashmem" the ashmem
driver was removed entirely. Secondary commit message:
"The mainline replacement for ashmem is memfd, so remove the legacy
code from drivers/staging/"
Consequently, the ashmem part of this patch has been removed.
---
drivers/android/Kconfig | 2 +-
drivers/android/Makefile | 7 ++++---
drivers/android/binder_alloc.c | 2 +-
3 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig
index 07aa8ae0a058c..94a3a86f9bd4f 100644
--- a/drivers/android/Kconfig
+++ b/drivers/android/Kconfig
@@ -2,7 +2,7 @@
menu "Android"
config ANDROID_BINDER_IPC
- bool "Android Binder IPC Driver"
+ tristate "Android Binder IPC Driver"
depends on MMU
default n
help
diff --git a/drivers/android/Makefile b/drivers/android/Makefile
index c9d3d0c99c257..55411d9a9c2a1 100644
--- a/drivers/android/Makefile
+++ b/drivers/android/Makefile
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: GPL-2.0-only
ccflags-y += -I$(src) # needed for trace events
-obj-$(CONFIG_ANDROID_BINDERFS) += binderfs.o
-obj-$(CONFIG_ANDROID_BINDER_IPC) += binder.o binder_alloc.o
-obj-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
+obj-$(CONFIG_ANDROID_BINDER_IPC) += binder_linux.o
+binder_linux-y := binder.o binder_alloc.o
+binder_linux-$(CONFIG_ANDROID_BINDERFS) += binderfs.o
+binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o
diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c
index e3db8297095a2..eef695eff0025 100644
--- a/drivers/android/binder_alloc.c
+++ b/drivers/android/binder_alloc.c
@@ -38,7 +38,7 @@ enum {
};
static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR;
-module_param_named(debug_mask, binder_alloc_debug_mask,
+module_param_named(alloc_debug_mask, binder_alloc_debug_mask,
uint, 0644);
#define binder_alloc_debug(mask, x...) \
--
2.42.1

View file

@ -40,14 +40,15 @@ CONFIG_SYSTEM_TRUSTED_KEYS=""
CONFIG_SYSTEM_REVOCATION_KEYS=""
##
## Additional options from upstream (not in PPA)
## Modules required for running Android apps
##
## Ubuntu builds binder as a module by patching the Makefile. To keep it
## simple, we just put it into vmlinux. One patch less to keep track of.
##
CONFIG_ASHMEM=m
CONFIG_ANDROID=y
CONFIG_ANDROID_BINDER_IPC=m
# CONFIG_ANDROID_BINDERFS is not set
CONFIG_ANDROID_BINDER_DEVICES="binder"
CONFIG_ANDROID_BINDER_IPC=y
CONFIG_ANDROID_BINDERFS=y
CONFIG_ANDROID_BINDER_DEVICES=""
# CONFIG_ANDROID_BINDER_IPC_SELFTEST is not set
##