diff options
Diffstat (limited to 'init')
| -rw-r--r-- | init/builtins.c | 8 | ||||
| -rw-r--r-- | init/devices.c | 19 | ||||
| -rw-r--r-- | init/devices.h | 3 | ||||
| -rw-r--r-- | init/init.c | 18 | ||||
| -rw-r--r-- | init/init_parser.c | 1 | ||||
| -rw-r--r-- | init/keywords.h | 2 | ||||
| -rw-r--r-- | init/log.h | 2 | ||||
| -rw-r--r-- | init/property_service.c | 118 | ||||
| -rw-r--r-- | init/property_service.h | 1 | ||||
| -rw-r--r-- | init/ueventd.c | 14 |
10 files changed, 57 insertions, 129 deletions
diff --git a/init/builtins.c b/init/builtins.c index d9f7bbe..0c32b2a 100644 --- a/init/builtins.c +++ b/init/builtins.c @@ -877,6 +877,14 @@ int do_load_persist_props(int nargs, char **args) { return -1; } +int do_load_all_props(int nargs, char **args) { + if (nargs == 1) { + load_all_props(); + return 0; + } + return -1; +} + int do_wait(int nargs, char **args) { if (nargs == 2) { diff --git a/init/devices.c b/init/devices.c index 3119e8e..ea9a4b2 100644 --- a/init/devices.c +++ b/init/devices.c @@ -15,6 +15,7 @@ */ #include <errno.h> +#include <fnmatch.h> #include <stddef.h> #include <stdio.h> #include <stdlib.h> @@ -77,6 +78,7 @@ struct perms_ { unsigned int uid; unsigned int gid; unsigned short prefix; + unsigned short wildcard; }; struct perm_node { @@ -97,7 +99,8 @@ static list_declare(platform_names); int add_dev_perms(const char *name, const char *attr, mode_t perm, unsigned int uid, unsigned int gid, - unsigned short prefix) { + unsigned short prefix, + unsigned short wildcard) { struct perm_node *node = calloc(1, sizeof(*node)); if (!node) return -ENOMEM; @@ -116,6 +119,7 @@ int add_dev_perms(const char *name, const char *attr, node->dp.uid = uid; node->dp.gid = gid; node->dp.prefix = prefix; + node->dp.wildcard = wildcard; if (attr) list_add_tail(&sys_perms, &node->plist); @@ -140,6 +144,9 @@ void fixup_sys_perms(const char *upath) if (dp->prefix) { if (strncmp(upath, dp->name + 4, strlen(dp->name + 4))) continue; + } else if (dp->wildcard) { + if (fnmatch(dp->name + 4, upath, FNM_PATHNAME) != 0) + continue; } else { if (strcmp(upath, dp->name + 4)) continue; @@ -180,6 +187,9 @@ static mode_t get_device_perm(const char *path, unsigned *uid, unsigned *gid) if (dp->prefix) { if (strncmp(path, dp->name, strlen(dp->name))) continue; + } else if (dp->wildcard) { + if (fnmatch(dp->name, path, FNM_PATHNAME) != 0) + continue; } else { if (strcmp(path, dp->name)) continue; @@ -196,7 +206,8 @@ static mode_t get_device_perm(const char *path, unsigned *uid, unsigned *gid) static void make_device(const char *path, const char *upath UNUSED, - int block, int major, int minor) + int block, int major, int minor, + const char **links) { unsigned uid; unsigned gid; @@ -207,7 +218,7 @@ static void make_device(const char *path, mode = get_device_perm(path, &uid, &gid) | (block ? S_IFBLK : S_IFCHR); if (sehandle) { - selabel_lookup(sehandle, &secontext, path, mode); + selabel_lookup_best_match(sehandle, &secontext, path, links, mode); setfscreatecon(secontext); } @@ -523,7 +534,7 @@ static void handle_device(const char *action, const char *devpath, int i; if(!strcmp(action, "add")) { - make_device(devpath, path, block, major, minor); + make_device(devpath, path, block, major, minor, (const char **)links); if (links) { for (i = 0; links[i]; i++) make_link(devpath, links[i]); diff --git a/init/devices.h b/init/devices.h index a84fa58..5d0fe88 100644 --- a/init/devices.h +++ b/init/devices.h @@ -23,6 +23,7 @@ extern void handle_device_fd(); extern void device_init(void); extern int add_dev_perms(const char *name, const char *attr, mode_t perm, unsigned int uid, - unsigned int gid, unsigned short prefix); + unsigned int gid, unsigned short prefix, + unsigned short wildcard); int get_device_fd(); #endif /* _INIT_DEVICES_H */ diff --git a/init/init.c b/init/init.c index c79929b..f001071 100644 --- a/init/init.c +++ b/init/init.c @@ -938,7 +938,7 @@ static int audit_callback(void *data, security_class_t cls __attribute__((unused return 0; } -static int log_callback(int type, const char *fmt, ...) +int log_callback(int type, const char *fmt, ...) { int level; va_list ap; @@ -1051,8 +1051,7 @@ int main(int argc, char **argv) is_charger = !strcmp(bootmode, "charger"); INFO("property init\n"); - if (!is_charger) - property_load_boot_defaults(); + property_load_boot_defaults(); INFO("reading config file\n"); init_parse_config_file("/init.rc"); @@ -1067,28 +1066,19 @@ int main(int argc, char **argv) /* execute all the boot actions to get us started */ action_for_each_trigger("init", action_add_queue_tail); - /* skip mounting filesystems in charger mode */ - if (!is_charger) { - action_for_each_trigger("early-fs", action_add_queue_tail); - action_for_each_trigger("fs", action_add_queue_tail); - action_for_each_trigger("post-fs", action_add_queue_tail); - action_for_each_trigger("post-fs-data", action_add_queue_tail); - } - /* Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random * wasn't ready immediately after wait_for_coldboot_done */ queue_builtin_action(mix_hwrng_into_linux_rng_action, "mix_hwrng_into_linux_rng"); - queue_builtin_action(property_service_init_action, "property_service_init"); queue_builtin_action(signal_init_action, "signal_init"); queue_builtin_action(check_startup_action, "check_startup"); + /* Don't mount filesystems or start core system services if in charger mode. */ if (is_charger) { action_for_each_trigger("charger", action_add_queue_tail); } else { - action_for_each_trigger("early-boot", action_add_queue_tail); - action_for_each_trigger("boot", action_add_queue_tail); + action_for_each_trigger("late-init", action_add_queue_tail); } /* run all property triggers based on current state of the properties */ diff --git a/init/init_parser.c b/init/init_parser.c index 7800082..289e759 100644 --- a/init/init_parser.c +++ b/init/init_parser.c @@ -120,6 +120,7 @@ static int lookup_keyword(const char *s) case 'l': if (!strcmp(s, "oglevel")) return K_loglevel; if (!strcmp(s, "oad_persist_props")) return K_load_persist_props; + if (!strcmp(s, "oad_all_props")) return K_load_all_props; break; case 'm': if (!strcmp(s, "kdir")) return K_mkdir; diff --git a/init/keywords.h b/init/keywords.h index 6625330..2d97e5b 100644 --- a/init/keywords.h +++ b/init/keywords.h @@ -39,6 +39,7 @@ int do_chown(int nargs, char **args); int do_chmod(int nargs, char **args); int do_loglevel(int nargs, char **args); int do_load_persist_props(int nargs, char **args); +int do_load_all_props(int nargs, char **args); int do_wait(int nargs, char **args); #define __MAKE_KEYWORD_ENUM__ #define KEYWORD(symbol, flags, nargs, func) K_##symbol, @@ -101,6 +102,7 @@ enum { KEYWORD(chmod, COMMAND, 2, do_chmod) KEYWORD(loglevel, COMMAND, 1, do_loglevel) KEYWORD(load_persist_props, COMMAND, 0, do_load_persist_props) + KEYWORD(load_all_props, COMMAND, 0, do_load_all_props) KEYWORD(ioprio, OPTION, 0, 0) #ifdef __MAKE_KEYWORD_ENUM__ KEYWORD_COUNT, @@ -23,4 +23,6 @@ #define NOTICE(x...) KLOG_NOTICE("init", x) #define INFO(x...) KLOG_INFO("init", x) +extern int log_callback(int type, const char *fmt, ...); + #endif diff --git a/init/property_service.c b/init/property_service.c index fb3bc8d..d112699 100644 --- a/init/property_service.c +++ b/init/property_service.c @@ -55,64 +55,6 @@ static int property_area_inited = 0; static int property_set_fd = -1; -/* White list of permissions for setting property services. */ -struct { - const char *prefix; - unsigned int uid; - unsigned int gid; -} property_perms[] = { - { "net.rmnet0.", AID_RADIO, 0 }, - { "net.gprs.", AID_RADIO, 0 }, - { "net.ppp", AID_RADIO, 0 }, - { "net.qmi", AID_RADIO, 0 }, - { "net.lte", AID_RADIO, 0 }, - { "net.cdma", AID_RADIO, 0 }, - { "ril.", AID_RADIO, 0 }, - { "gsm.", AID_RADIO, 0 }, - { "persist.radio", AID_RADIO, 0 }, - { "net.dns", AID_RADIO, 0 }, - { "sys.usb.config", AID_RADIO, 0 }, - { "net.", AID_SYSTEM, 0 }, - { "dev.", AID_SYSTEM, 0 }, - { "runtime.", AID_SYSTEM, 0 }, - { "hw.", AID_SYSTEM, 0 }, - { "sys.", AID_SYSTEM, 0 }, - { "sys.powerctl", AID_SHELL, 0 }, - { "service.", AID_SYSTEM, 0 }, - { "wlan.", AID_SYSTEM, 0 }, - { "gps.", AID_GPS, 0 }, - { "bluetooth.", AID_BLUETOOTH, 0 }, - { "dhcp.", AID_SYSTEM, 0 }, - { "dhcp.", AID_DHCP, 0 }, - { "debug.", AID_SYSTEM, 0 }, - { "debug.", AID_SHELL, 0 }, - { "log.", AID_SHELL, 0 }, - { "service.adb.root", AID_SHELL, 0 }, - { "service.adb.tcp.port", AID_SHELL, 0 }, - { "persist.logd.size",AID_SYSTEM, 0 }, - { "persist.sys.", AID_SYSTEM, 0 }, - { "persist.service.", AID_SYSTEM, 0 }, - { "persist.security.", AID_SYSTEM, 0 }, - { "persist.gps.", AID_GPS, 0 }, - { "persist.service.bdroid.", AID_BLUETOOTH, 0 }, - { "selinux." , AID_SYSTEM, 0 }, - { NULL, 0, 0 } -}; - -/* - * White list of UID that are allowed to start/stop services. - * Currently there are no user apps that require. - */ -struct { - const char *service; - unsigned int uid; - unsigned int gid; -} control_perms[] = { - { "dumpstate",AID_SHELL, AID_LOG }, - { "ril-daemon",AID_RADIO, AID_RADIO }, - {NULL, 0, 0 } -}; - typedef struct { size_t size; int fd; @@ -194,34 +136,10 @@ static int check_control_mac_perms(const char *name, char *sctx) } /* - * Checks permissions for starting/stoping system services. - * AID_SYSTEM and AID_ROOT are always allowed. - * - * Returns 1 if uid allowed, 0 otherwise. - */ -static int check_control_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx) { - - int i; - if (uid == AID_SYSTEM || uid == AID_ROOT) - return check_control_mac_perms(name, sctx); - - /* Search the ACL */ - for (i = 0; control_perms[i].service; i++) { - if (strcmp(control_perms[i].service, name) == 0) { - if ((uid && control_perms[i].uid == uid) || - (gid && control_perms[i].gid == gid)) { - return check_control_mac_perms(name, sctx); - } - } - } - return 0; -} - -/* * Checks permissions for setting system properties. * Returns 1 if uid allowed, 0 otherwise. */ -static int check_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx) +static int check_perms(const char *name, char *sctx) { int i; unsigned int app_id; @@ -229,26 +147,7 @@ static int check_perms(const char *name, unsigned int uid, unsigned int gid, cha if(!strncmp(name, "ro.", 3)) name +=3; - if (uid == 0) - return check_mac_perms(name, sctx); - - app_id = multiuser_get_app_id(uid); - if (app_id == AID_BLUETOOTH) { - uid = app_id; - } - - for (i = 0; property_perms[i].prefix; i++) { - if (strncmp(property_perms[i].prefix, name, - strlen(property_perms[i].prefix)) == 0) { - if ((uid && property_perms[i].uid == uid) || - (gid && property_perms[i].gid == gid)) { - - return check_mac_perms(name, sctx); - } - } - } - - return 0; + return check_mac_perms(name, sctx); } int __property_get(const char *name, char *value) @@ -406,14 +305,14 @@ void handle_property_set_fd() // Keep the old close-socket-early behavior when handling // ctl.* properties. close(s); - if (check_control_perms(msg.value, cr.uid, cr.gid, source_ctx)) { + if (check_control_mac_perms(msg.value, source_ctx)) { handle_control_message((char*) msg.name + 4, (char*) msg.value); } else { ERROR("sys_prop: Unable to %s service ctl [%s] uid:%d gid:%d pid:%d\n", msg.name + 4, msg.value, cr.uid, cr.gid, cr.pid); } } else { - if (check_perms(msg.name, cr.uid, cr.gid, source_ctx)) { + if (check_perms(msg.name, source_ctx)) { property_set((char*) msg.name, (char*) msg.value); } else { ERROR("sys_prop: permission denied uid:%d name:%s\n", @@ -621,10 +520,8 @@ void load_persist_props(void) load_persistent_properties(); } -void start_property_service(void) +void load_all_props(void) { - int fd; - load_properties_from_file(PROP_PATH_SYSTEM_BUILD, NULL); load_properties_from_file(PROP_PATH_SYSTEM_DEFAULT, NULL); load_properties_from_file(PROP_PATH_FACTORY, "ro.*"); @@ -633,6 +530,11 @@ void start_property_service(void) /* Read persistent properties after all default values have been loaded. */ load_persistent_properties(); +} + +void start_property_service(void) +{ + int fd; fd = create_socket(PROP_SERVICE_NAME, SOCK_STREAM, 0666, 0, 0, NULL); if(fd < 0) return; diff --git a/init/property_service.h b/init/property_service.h index 46cbd8f..730495e 100644 --- a/init/property_service.h +++ b/init/property_service.h @@ -24,6 +24,7 @@ extern void handle_property_set_fd(void); extern void property_init(void); extern void property_load_boot_defaults(void); extern void load_persist_props(void); +extern void load_all_props(void); extern void start_property_service(void); void get_property_workspace(int *fd, int *sz); extern int __property_get(const char *name, char *value); diff --git a/init/ueventd.c b/init/ueventd.c index 662196d..833e4fd 100644 --- a/init/ueventd.c +++ b/init/ueventd.c @@ -21,6 +21,7 @@ #include <stdio.h> #include <ctype.h> #include <signal.h> +#include <selinux/selinux.h> #include <private/android_filesystem_config.h> @@ -76,6 +77,10 @@ int ueventd_main(int argc, char **argv) } #endif + union selinux_callback cb; + cb.func_log = log_callback; + selinux_set_callback(SELINUX_CB_LOG, cb); + INFO("starting ueventd\n"); /* Respect hardware passed in through the kernel cmd line. Here we will look @@ -122,6 +127,7 @@ void set_device_permission(int nargs, char **args) uid_t uid; gid_t gid; int prefix = 0; + int wildcard = 0; char *endptr; int ret; char *tmp = 0; @@ -154,9 +160,13 @@ void set_device_permission(int nargs, char **args) name = tmp; } else { int len = strlen(name); - if (name[len - 1] == '*') { + char *wildcard_chr = strchr(name, '*'); + if ((name[len - 1] == '*') && + (wildcard_chr == (name + len - 1))) { prefix = 1; name[len - 1] = '\0'; + } else if (wildcard_chr) { + wildcard = 1; } } @@ -183,6 +193,6 @@ void set_device_permission(int nargs, char **args) } gid = ret; - add_dev_perms(name, attr, perm, uid, gid, prefix); + add_dev_perms(name, attr, perm, uid, gid, prefix, wildcard); free(tmp); } |