summaryrefslogtreecommitdiffstats
path: root/init/init.c
Commit message (Collapse)AuthorAgeFilesLines
* Only allow disabling SELinux on userdebug / eng buildsNick Kralevich2014-06-021-0/+4
| | | | | | | | Only parse and honor the kernel command line on userdebug or eng builds. On user builds, assume that selinux is always enabled and enforcing. Change-Id: I71c66e4365bdf2f226800634126a38b716d96599
* Merge "SELinux changes to check policy versions during a reload."Nick Kralevich2014-05-311-8/+5
|\
| * SELinux changes to check policy versions during a reload.Robert Craig2014-04-281-8/+5
| | | | | | | | | | | | | | | | | | | | | | When deciding on which property_contexts policy to load during a reload, an initial call is made to libselinux to grab the correct policy index. This policy index represents whether the /data/security or the rootfs version will be used. Change-Id: I4716039bb0f5ba1e961977a18350347a67969dca Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
* | Clean up some unnecessary system_properties cruft.Elliott Hughes2014-05-141-2/+0
| | | | | | | | | | Bug: 14970171 Change-Id: I6f54c35e265b849be914120f795c9f8e0cec34bb
* | init: add 'enable <service>' to negate "service <service>... disabled"JP Abgrall2014-05-031-2/+2
|/ | | | | | | | | | | enable <servicename> Turns a disabled service into an enabled one as if the service did not specify disabled in the rc file. It will also start the service if needed. Bug: 14472973 Change-Id: Id0b49cc687a2bc74f6f92e066c617724cc94908d Signed-off-by: JP Abgrall <jpa@google.com>
* don't load property_contexts from /dataNick Kralevich2014-03-111-1/+0
| | | | | | Bug: 12613118 Change-Id: I5a84b13d2151075d5136e3682431fbcc9307df13 (cherry picked from commit dc3a42bb11dc2aefee37f799b5a1cce87cf35aaf)
* Enable building init with -Wall -Werror.Stephen Smalley2014-02-191-2/+23
| | | | | | | | Eliminates various warnings from SELinux-related code. Bug: 12587913 Change-Id: I28921f0ebd934324436609540d95ccef58552b64 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* Move restorecon and restorecon_recursive code to libselinux.Stephen Smalley2014-01-281-0/+1
| | | | | | | | | | | | This requires telling libselinux to use the sehandle already obtained by init rather than re-acquiring it internally. init retains ownership of the sehandle because it performs the initial load, uses the sehandle for other purposes (e.g. labeling of directories created via mkdir and labeling of socket files), and handles the policy reload property trigger. Change-Id: I4a380caab7f8481c33eb64fcdb16b6cabe918ebd Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* system/core 64-bit cleanup.Elliott Hughes2014-01-161-1/+1
| | | | | | | | | This cleans up most of the size-related problems in system/core. There are still a few changes needed for a clean 64-bit build, but they look like they might require changes to things like the fastboot protocol. Change-Id: I1560425a289fa158e13e2e3173cc3e71976f92c0
* Merge "ueventd: fix a busy loop while reading uevents"Colin Cross2013-12-281-1/+1
|\
| * ueventd: fix a busy loop while reading ueventsAmir Goldstein2013-11-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Under certain conditions, poll() may raise the POLLERR flag along with POLLIN, in which case the check for (ufd.revents == POLLIN) results in an endless busy loop. The following fix was applied to hardware/libhardware_legacy/uevent/uevent.c to fix a similar bug: commit 3aabb260ceef10377c31c9e45fb239247f5cfeba Author: Mathias Agopian <mathias@google.com> Date: Mon Oct 1 14:53:18 2012 -0700 fix a typo in uevent_next_eventi Bug: 7114973 Change-Id: I15a4c714b59aeb1d02db00517d70b5f0e5ab22c2 Applying the same fix for two more poll loops in init and ueventd. Change-Id: I50693f6d3c904992ac4b8a9a14a83c7106e6b9e0
* | Log a warning on services that lack SELinux domains.Stephen Smalley2013-12-091-0/+3
| | | | | | | | | | | | | | | | | | Sample output on flo: <3>[ 7.270568] init: Warning! Service irsc_util needs a SELinux domain defined; please fix! <3>[ 8.290832] init: Warning! Service bootanim needs a SELinux domain defined; please fix! Change-Id: If5514b188517917d58ee81c446af563b0443be45 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | Merge commit '536dea9d61a032e64bbe584a97463c6638ead009' into HEADThe Android Open Source Project2013-11-221-0/+85
|\ \ | |/ |/| | | Change-Id: I5c469a4b738629d99d721cad7ded02d6c35f56d5
| * am 0cbaed42: am a8ba1f2f: Merge "Add support for socket security context ↵Colin Cross2013-08-231-4/+1
| |\ | | | | | | | | | | | | | | | | | | specification." * commit '0cbaed4211b514dd2aaa4d28f8936ba58e83c6a5': Add support for socket security context specification.
| * | Seed Linux RNG from Hardware RNG at boot during init.Alex Klyubin2013-08-191-0/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Linux RNG may have little entropy during boot. As more and more devices have a Hardware RNG, we mix in 512 bytes from Hardware RNG (if present) into Linux RNG early during boot (after wait_for_coldboot_done and before property_service_init actions in init). To avoid having to trust the output of Hardware RNG, we do not mix it into the Linux RNG's primary pool or increase the Linux RNG's entropy estimates. Bug: 10362513 Change-Id: I80617f21710400747f5e7533e518d90ea74e2f11
| * | init: call restorecon on /sysNick Kralevich2013-07-151-0/+1
| | | | | | | | | | | | | | | | | | Not all files on /sys are not getting labeled properly. Fix them. Change-Id: I9dcff76354e7f50d41f1b6e702836cfbbc149278
| * | init: allow disabling selinux via a kernel command lineNick Kralevich2013-06-281-3/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create a new "androidboot.selinux" option, to control how userspace handles SELinux. This kernel command line can have three options: * disabled * permissive * enforcing "disabled" completely disables userspace support for SELinux. No policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux ever mounted. "permissive" loads the SELinux policy, but puts SELinux into permissive mode. SELinux policy violations are logged, but not rejected. "enforcing", the default, loads the SELinux policy, and places SELinux into enforcing mode. Policy violations are rejected. This change addresses post review comments for change b710ed21dec88c0dde8209264df054c842561589 . Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
| * | Merge "init: move SELinux into enforcing mode."Nick Kralevich2013-06-251-21/+20
| |\ \
| | * | init: move SELinux into enforcing mode.Nick Kralevich2013-06-251-21/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When init starts up, immediately put SELinux into enforcing mode. This is currently a no-op. We currently have everything in the unconfined domain, so this should not break anything. (if it does, I'll roll it back immediately) If the kernel doesn't have SELinux support compiled in, then don't try loading a policy and continue without SELinux protections. Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
| | * | init: fix copying boot propertiesColin Cross2013-06-171-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous patch "init: verify size of property buffers passed to property_get" incorrectly modified one of the callers, resulting in ro.serialno, ro.bootmode, ro.baseband, and ro.bootloader always being set to their default values. Bug: 9469860 Change-Id: Id45bd8dd657e8d61f4cfaf7e6b2559d2bfd05181
| | * | init: switch property_get to use __system_property_getColin Cross2013-06-171-10/+12
| | | | | | | | | | | | | | | | Change-Id: I4fc0502a1a5b331087618a4d2e3d90948743d7bd
* | | | init: remove obsolete rle logoMarcin Chojnacki2013-10-161-22/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Obsolete RLE 565 logo is used nowhere, because 565 framebuffer isn't used for years. It's not necessary to keep this thing alive anymore. Change-Id: Ie61e168790f791230530cd3eb1c68b1f7344c9a7
* | | | init: call restorecon on /sysNick Kralevich2013-09-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Not all files on /sys are not getting labeled properly. Fix them. Change-Id: I9dcff76354e7f50d41f1b6e702836cfbbc149278
* | | | init: allow disabling selinux via a kernel command lineNick Kralevich2013-09-031-3/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create a new "androidboot.selinux" option, to control how userspace handles SELinux. This kernel command line can have three options: * disabled * permissive * enforcing "disabled" completely disables userspace support for SELinux. No policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux ever mounted. "permissive" loads the SELinux policy, but puts SELinux into permissive mode. SELinux policy violations are logged, but not rejected. "enforcing", the default, loads the SELinux policy, and places SELinux into enforcing mode. Policy violations are rejected. This change addresses post review comments for change b710ed21dec88c0dde8209264df054c842561589 . Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
* | | | init: move SELinux into enforcing mode.Nick Kralevich2013-09-031-21/+20
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When init starts up, immediately put SELinux into enforcing mode. This is currently a no-op. We currently have everything in the unconfined domain, so this should not break anything. (if it does, I'll roll it back immediately) If the kernel doesn't have SELinux support compiled in, then don't try loading a policy and continue without SELinux protections. Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
* | | Add support for socket security context specification.Stephen Smalley2013-08-231-4/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an optional argument to the socket option for specifying a SELinux security context for the socket. Normally the socket security context is automatically computed from the service security context or set using the seclabel option, but this facility allows dealing with two scenarios that cannot be addressed using the existing mechanisms: 1) Use of logwrapper to wrap a service. In this case, init cannot determine the service security context as it does not directly execute it and we do not want logwrapper to run in the same domain as the service. 2) Situations where a service has multiple sockets and we want to label them distinctly. Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | am 83ada447: Merge changes Ib54f39fd,I7e36edd8Colin Cross2013-06-241-9/+29
|\ \ | | | | | | | | | | | | | | | * commit '83ada447aed69dfcd0a88e952eced8db1e4d6584': init: Retain traditional restart behavior for critical and oneshot services. init: Safely restart services to avoid race conditions.
| * \ Merge changes Ib54f39fd,I7e36edd8Colin Cross2013-06-241-9/+29
| |\ \ | | | | | | | | | | | | | | | | | | | | * changes: init: Retain traditional restart behavior for critical and oneshot services. init: Safely restart services to avoid race conditions.
| | * | init: Retain traditional restart behavior for critical and oneshot services.Mike Kasick2012-03-221-5/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds an SVC_RESTART state that's used for an explicit "restart" of a running service. This retains the traditional restart behavior for critical and oneshot services (previously altered by 7e36edd8), whereby these services are "simply restarted" instead of counting as a crash (for a critical serivce) or going into the disabled state (for a oneshot service).
| | * | init: Safely restart services to avoid race conditions.Mike Kasick2012-03-221-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, service restarts (either an explicit "restart", or a "stop, start" pair) exhibited a race condition whereby the new (restarting) service process was often spawned before the old (stopping) process had terminated. This may have resulted in the new service process failing to acquire a limited resource (file lock, socket bind, etc.) that the old process had not yet released. Now, a stopping service remains in the SVC_RUNNING state until its exiting process has been reaped by waitpid. This prevents a "stop, start" sequence from spawning a second service process before resources held by the first are released. This enables safe service restarts by stopping the service, waiting for the old service process to terminate, and (only then) starting the new service process. In the event of "restarting" an already stopped service, the previous behavior is maintained whereby the service is simply started. This scenario could be special-cased by the restart command, however, we have observed instances where services are, unintentionally, stopped and started "too quickly," and so simultaneous processes for the same service should never be allowed. Note that this commit alters the behaviors for explicit restarts of critical and oneshot services. Previously these serivces would simply be restarted, whereas now, an explicit restart of a critical service counts as a crash (which may result in a recovery reboot) and oneshot services go into the disabled state.
* | | | resolved conflicts for merge of 95a41f6b to stage-aosp-masterColin Cross2013-06-171-10/+14
|\ \ \ \ | |/ / / | | | / | |_|/ |/| | Change-Id: Icfae29edf989fb43a7f0b8bda188a9807f76a3b9
| * | init: fix copying boot propertiesColin Cross2013-06-171-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous patch "init: verify size of property buffers passed to property_get" incorrectly modified one of the callers, resulting in ro.serialno, ro.bootmode, ro.baseband, and ro.bootloader always being set to their default values. Bug: 9469860 (cherry picked from commit 67e3663fc93c65b69b5d121db05b0833b98d97f1) Change-Id: Ia7b337e1fab6e334729f47ee1269e6c736615177
| * | init: switch property_get to use __system_property_getColin Cross2013-06-171-10/+12
| | | | | | | | | | | | | | | | | | (cherry picked from commit 2deedfe0b1ac86ebd62d19cf7da9e7dcb508ab09) Change-Id: If3fba2cc1dd5c167b0924ddfe42dbe2e6387208a
* | | am 49be2407: Revert "Add logic to fixup file contexts after a policy update."gcondra@google.com2013-05-201-6/+1
|\ \ \ | | | | | | | | | | | | | | | | * commit '49be240735a06f44e1d91aa51dd299779ad36d96': Revert "Add logic to fixup file contexts after a policy update."
| * | | Revert "Add logic to fixup file contexts after a policy update."repo sync2013-05-171-6/+1
| | | | | | | | | | | | | | | | This reverts commit ebcf93e3bf92bf46c54c8e0f2ec8936bb2db6aea.
* | | | am 3d32cd93: Revert "Remove /system from the dirs to relabel."gcondra@google.com2013-05-201-0/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit '3d32cd938746215e5fa9b1a3c3b78903e043ae73': Revert "Remove /system from the dirs to relabel."
| * | | Revert "Remove /system from the dirs to relabel."repo sync2013-05-171-0/+1
| | | | | | | | | | | | | | | | This reverts commit 3d4d07b2fa3b2447646d3c87a0b401e993ad8363.
* | | | am 52351300: Revert "Add a version check for SELinux policy on device."gcondra@google.com2013-05-201-59/+0
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit '52351300d156826bf22c493828571f45a1cea16a': Revert "Add a version check for SELinux policy on device."
| * | | Revert "Add a version check for SELinux policy on device."repo sync2013-05-171-59/+0
| | | | | | | | | | | | | | | | This reverts commit 921be8b6568df0057c4eacbac2e1022b71e09620.
* | | | am 921be8b6: Add a version check for SELinux policy on device.gcondra@google.com2013-05-141-0/+59
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit '921be8b6568df0057c4eacbac2e1022b71e09620': Add a version check for SELinux policy on device.
| * | | Add a version check for SELinux policy on device.repo sync2013-05-141-0/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This helps to ensure that when a new system image is installed, old userdata policy isn't applied over the top of it. Bug: 8841348 Change-Id: I135af32250aa62979763e775842ce0af3c8b6f9f
* | | | am 683aa89b: Merge "Remove /system from the dirs to relabel." into jb-mr2-devgcondra@google.com2013-05-071-1/+0
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit '683aa89bfdf2439d1c5d9a4dc240d6a673678a98': Remove /system from the dirs to relabel.
| * | | Remove /system from the dirs to relabel.repo sync2013-05-071-1/+0
| | | | | | | | | | | | | | | | | | | | Bug: 8841348 Change-Id: Ia1545288e8a8184feffaaa6158faad62f95cbcce
* | | | am ebcf93e3: Add logic to fixup file contexts after a policy update.Geremy Condra2013-04-151-1/+6
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit 'ebcf93e3bf92bf46c54c8e0f2ec8936bb2db6aea': Add logic to fixup file contexts after a policy update.
| * | | Add logic to fixup file contexts after a policy update.Geremy Condra2013-04-151-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 8116902 (cherry picked from commit 47677a506febfe386d186f8f854d967f165a342f) Change-Id: I2a50f68a53aee2c94d03d3e5ced1ea36337fde33
* | | | am 1615c09a: Merge "init: Fix potential null pointer issue"Colin Cross2013-04-051-9/+9
|\ \ \ \ | |/ / / |/| / / | |/ / | | | * commit '1615c09ac1065104f56ddc444f5467aff76c0daa': init: Fix potential null pointer issue
| * | init: Fix potential null pointer issueHong-Mei Li2013-04-011-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | With the old strdup() mechanism, it may return NULL if insufficient memory was available. So we check the return value or do not use strdup to avoid null pointer issue. Change-Id: Id684948d6cb6c2f06327f29a2ba692f9542fce80 Signed-off-by: Hong-Mei Li <a21834@motorola.com>
* | | Apply the correct SELinux label for the properties workspace.Geremy Condra2013-04-031-0/+1
|/ / | | | | | | Change-Id: Ibb9c8044caa9d39ee6ec9fe06d54bb9dc4b56ff3
* | Drop /data/system as a policy file locationWilliam Roberts2013-03-261-1/+0
| | | | | | | | | | | | | | /data/system is no longer used as a policy file location. Use /data/security instead. Change-Id: Ie77be9e25c67c8a2157c7b6c468f3215a49ead52
* | Create a new location for /data policy filesWilliam Roberts2013-03-201-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Adding a new location for policy files under /data, the new location is /data/security. The new location is used before attempting to use any other location. This requires a new directory to be created by the init script and an update to the location of the property_contexts file for property service. Change-Id: I955a722ac3e51fa6c1b97201b8bdef3f601cf09d
generated by cgit v1.1 at 2024-12-26 03:15:06 +0000