summaryrefslogtreecommitdiffstats
path: root/init/property_service.c
Commit message (Collapse)AuthorAgeFilesLines
* am 9dd40e97: am d171b656: Merge "[GNSS] Add AID_GPS to property user white list"Colin Cross2013-09-031-0/+2
|\ | | | | | | | | * commit '9dd40e9756de23a25aaa9909c8d4055105621a76': [GNSS] Add AID_GPS to property user white list
| * Merge "[GNSS] Add AID_GPS to property user white list"Colin Cross2013-09-041-0/+2
| |\
| | * [GNSS] Add AID_GPS to property user white listNicolas SUET2013-08-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add "gps." and "persist.gps." to property_perms white list. Change-Id: I7177170676d774c87e08d1548f5264ac27cba3ff Orig-Change-Id: I7a94caa26be4aefd2fe4f155908e2f8f09858bee Signed-off-by: Nicolas SUET <nicolas.suet@intel.com> Signed-off-by: jerome Pantaloni <jeromex.pantaloni@intel.com> Signed-off-by: Jian Luo <jian.luo@intel.com> Signed-off-by: Bruce Beare <bruce.j.beare@intel.com> Signed-off-by: Jack Ren <jack.ren@intel.com> Author-tracking-BZ: 118091
* | | am 28e52c81: am b35f68a6: Merge "init: load factory properties"Dima Zavin2013-08-281-7/+14
|\ \ \ | |/ / | | | | | | | | | * commit '28e52c816d06d78fa823be2d310d9f4c25012c8f': init: load factory properties
| * | Merge "init: load factory properties"Dima Zavin2013-08-281-7/+14
| |\ \ | | |/ | |/|
| | * init: load factory propertiesAndrew Boie2013-08-201-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These properties are typically set at device provisioning time or in the factory. They contain unit-specific data that isn't touched by software updates or factory data reset. Only read-only properties can be read by this mechanism. Change-Id: Ifff9184f039072c3c0ce99f825c3075afb524514 Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
* | | am 0cbaed42: am a8ba1f2f: Merge "Add support for socket security context ↵Colin Cross2013-08-231-1/+1
|\ \ \ | |/ / | | | | | | | | | | | | | | | specification." * commit '0cbaed4211b514dd2aaa4d28f8936ba58e83c6a5': Add support for socket security context specification.
| * | Add support for socket security context specification.Stephen Smalley2013-08-231-1/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an optional argument to the socket option for specifying a SELinux security context for the socket. Normally the socket security context is automatically computed from the service security context or set using the seclabel option, but this facility allows dealing with two scenarios that cannot be addressed using the existing mechanisms: 1) Use of logwrapper to wrap a service. In this case, init cannot determine the service security context as it does not directly execute it and we do not want logwrapper to run in the same domain as the service. 2) Situations where a service has multiple sockets and we want to label them distinctly. Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
| * resolved conflicts for merge of b6c60285 to stage-aosp-masterColin Cross2013-06-241-28/+5
| |\ | | | | | | | | | Change-Id: I5afba55b668065499fa28369cf217d4f5eafab4a
| | * init: move initial property area allocation into bionicGreg Hackmann2013-06-191-28/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bionic's __system_property_add() now expands the property area as needed by mapping in more pages. Rather than duplicate the mapping code, move it inside bionic and have bionic's __system_property_area_init() set up the first page. Signed-off-by: Greg Hackmann <ghackmann@google.com> (cherry picked from commit f14eef0c3c456bfe39f7e9d57c8f7ae4ec775972) Change-Id: Ieb94caab1527c71f2155efe3795490b0ea215a29
| | * property_service: make /dev/__properties__ readableNick Kralevich2013-06-191-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, system properties are passed via the environment variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed from parent to child. This is insecure for setuid executables, as the environment variable can be changed by the caller. Make the /dev/__properties__ file accessible, so an app can get properties directly from the file, rather than relying on environment variables. Preserve the environment variable for compatibility with pre-existing apps. Bug: 8045561 (cherry picked from commit 7ece0a862cf97e85bbe69458a32a2bd165456874) Change-Id: I762da21ef4075f288745efed0ec7d16c2b71303c
| * | resolved conflicts for merge of 95a41f6b to stage-aosp-masterColin Cross2013-06-171-65/+15
| |\ \ | | |/ | | | | | | Change-Id: Icfae29edf989fb43a7f0b8bda188a9807f76a3b9
| | * init: verify size of property buffers passed to property_getColin Cross2013-06-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Verify that the buffer passed as the value parameter to property_get is always big enough. (cherry picked from commit 88ac54a4e8d2a63e4fd9c465e115795ace316776) Change-Id: Iacc2b42bfe4069e0bfcbb1c48474f30126a93139
| | * init: move the system property writer implementationColin Cross2013-06-171-51/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | Move the system property writer implementation into bionic to keep it next to the reader implementation and allow for better testing. (cherry picked from commit 9f5af635010a7ba92edf1fca543f7271cc9d75c8) Change-Id: Idf6100d1d0170751acd5163a22597912bff480f0
| | * init: switch property_get to use __system_property_getColin Cross2013-06-171-14/+7
| | | | | | | | | | | | | | | | | | (cherry picked from commit 2deedfe0b1ac86ebd62d19cf7da9e7dcb508ab09) Change-Id: If3fba2cc1dd5c167b0924ddfe42dbe2e6387208a
* | | init: move initial property area allocation into bionicGreg Hackmann2013-06-181-28/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bionic's __system_property_add() now expands the property area as needed by mapping in more pages. Rather than duplicate the mapping code, move it inside bionic and have bionic's __system_property_area_init() set up the first page. Change-Id: If9917d5f775c1a82eb89be55b84635395145ca49 Signed-off-by: Greg Hackmann <ghackmann@google.com>
* | | init: verify size of property buffers passed to property_getColin Cross2013-06-171-1/+1
| | | | | | | | | | | | | | | | | | | | | Verify that the buffer passed as the value parameter to property_get is always big enough. Change-Id: Ie5b6fcd94bb908215cfd55d0c9b07f717ddb70b1
* | | init: move the system property writer implementationColin Cross2013-06-171-51/+8
| | | | | | | | | | | | | | | | | | | | | Move the system property writer implementation into bionic to keep it next to the reader implementation and allow for better testing. Change-Id: I9026e604109e30546b2849b60cab2e7e5ff00ba5
* | | init: switch property_get to use __system_property_getColin Cross2013-06-171-14/+7
| | | | | | | | | | | | Change-Id: I4fc0502a1a5b331087618a4d2e3d90948743d7bd
* | | am 5cb9a02b: am 7e723498: Merge "Add permission for bluetooth app in ↵Matthew Xie2013-05-221-0/+8
|\ \ \ | |/ / | | | | | | | | | | | | | | | non-primary users" into jb-mr2-dev * commit '5cb9a02b0322c18b48eb9ce261502c3b830c113c': Add permission for bluetooth app in non-primary users
| * | am 7e723498: Merge "Add permission for bluetooth app in non-primary users" ↵Matthew Xie2013-05-221-0/+8
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | into jb-mr2-dev * commit '7e72349865db83d62f98eec8bca4b170712fe0e0': Add permission for bluetooth app in non-primary users
| | * \ Merge "Add permission for bluetooth app in non-primary users" into jb-mr2-devMatthew Xie2013-05-221-0/+8
| | |\ \
| | | * | Add permission for bluetooth app in non-primary usersMatthew Xie2013-05-221-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | bug 8954114 Change-Id: Id6a42f5a5beefa22c3cc8eecfb39a2222017a3b4
* | | | | am 253e91b4: am 477e35d6: Revert "Add persistent property for SELinux ↵gcondra@google.com2013-05-201-1/+0
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | enforcment status." * commit '253e91b4ffb631b188fdac0c1624786103471f05': Revert "Add persistent property for SELinux enforcment status."
| * | | | am 477e35d6: Revert "Add persistent property for SELinux enforcment status."gcondra@google.com2013-05-201-1/+0
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | * commit '477e35d6d56c7fe9b2305becdf3ed4f590ddfbd6': Revert "Add persistent property for SELinux enforcment status."
| | * | | Revert "Add persistent property for SELinux enforcment status."repo sync2013-05-171-1/+0
| | | | | | | | | | | | | | | | | | | | This reverts commit b89bdfde422eff751b3f939f10ab57e22af83eaa.
* | | | | am 43329bc1: am 8a387870: Revert "Reload policy after setting up the data ↵gcondra@google.com2013-05-201-0/+3
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | partition." * commit '43329bc1c99c0f5f3670a8aaab39e54df34819a1': Revert "Reload policy after setting up the data partition."
| * | | | am 8a387870: Revert "Reload policy after setting up the data partition."gcondra@google.com2013-05-201-0/+3
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | * commit '8a3878700eb9cd8ecf495cd01f15face5c3879c8': Revert "Reload policy after setting up the data partition."
| | * | | Revert "Reload policy after setting up the data partition."repo sync2013-05-171-0/+3
| | |/ / | | | | | | | | | | | | This reverts commit fee250d27a9c03af1ba439047b976d89563b1887.
* | | | am 55d69a96: am 032be7a4: Merge "Log an error if property pool is exhausted"Colin Cross2013-04-301-1/+5
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit '55d69a9681061b97d6bdcc0b1b92a7de63d0a07b': Log an error if property pool is exhausted
| * | | am 032be7a4: Merge "Log an error if property pool is exhausted"Colin Cross2013-04-301-1/+5
| |\ \ \ | | |/ / | |/| / | | |/ | | | * commit '032be7a4c5be8c015063084d162d1f394279aa3d': Log an error if property pool is exhausted
| | * Log an error if property pool is exhaustedJohan Redestig2013-04-291-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | Failing to set properties due to an exhausted pool leads to difficult to debug problems. This change adds an error log to make the situation a bit easier to handle. Change-Id: Icc1d97a80882fb23e74428a0195f1d28dba68fa8
* | | am 63577d92: am fee250d2: Reload policy after setting up the data partition.gcondra@google.com2013-04-301-3/+0
|\ \ \ | |/ / | | | | | | | | | * commit '63577d9280e7919bfb7221030d211b833e66bb1e': Reload policy after setting up the data partition.
| * | Reload policy after setting up the data partition.repo sync2013-04-301-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This forces a policy reload + fixcon to deal with dynamically delivered policy changing labels on device nodes. It's implemented as a new keyword in init. Bug: 8702843 Change-Id: I803cf1ecf6ff8318ce25dcc5cda4f292adc9738c
* | | am 14ad7861: am 538b5d4e: Merge "Add persistent property for SELinux ↵gcondra@google.com2013-04-261-0/+1
|\ \ \ | |/ / | | | | | | | | | | | | | | | enforcment status." into jb-mr2-dev * commit '14ad786183455ad9c8298e24946d4da0f24458d7': Add persistent property for SELinux enforcment status.
| * | Add persistent property for SELinux enforcment status.repo sync2013-04-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Also adds triggers for going between enforcing and permissive status. Bug: 8702843 Change-Id: I841d80999b96acf6b6fd0a5408fb074952d6ae72
* | | Make init handle rebootsNick Kralevich2013-04-231-0/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move the responsibility for rebooting the system from the reboot command to init. Init is in a better position to take actions to bring the system down cleanly, including making sure filesystems are mounted read-only. The only UIDs which can perform an init triggered reboot are root, system, and shell. Modify the reboot command so that it calls into init to perform the reboot. The reboot command no longer requires CAP_SYS_BOOT. Remove the -n reboot option and code which supports it. Anyone needing to do an unclean shutdown can just do a 'echo c > /proc/sysrq-trigger'. Modify adb so that it calls into init to perform a shutdown. Bug: 8646621 Change-Id: I84c0513acb549720cb0e8c9fcbda0050f5c396f5
* | property_service: make /dev/__properties__ readableNick Kralevich2013-01-231-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, system properties are passed via the environment variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed from parent to child. This is insecure for setuid executables, as the environment variable can be changed by the caller. Make the /dev/__properties__ file accessible, so an app can get properties directly from the file, rather than relying on environment variables. Preserve the environment variable for compatibility with pre-existing apps. Bug: 8045561 Change-Id: If81e2b705eca43ddd8b491871aceff59c0e00387
* | Revert "init: make system properties more secure."Nick Kralevich2013-01-221-4/+20
| | | | | | | | | | | | This reverts commit 51e06618dbd87c4374c56d9193a5e567aa3d02ac. Bug: 8045561
* | init: make system properties more secure.Nick Kralevich2013-01-181-20/+4
|/ | | | | | | | | | | | | | | Currently, system properties are passed via the environment variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed from parent to child. This is insecure for setuid executables, as the environment variable can be changed by the caller. Modify system property handling so that we get the properties from a root owned properties file, rather than using an environment variable. Related to bug: 8029617 Change-Id: I18610128e11c4037ed6f4dec6eba20f69fa647eb
* am 8f98c4b5: Merge "Fix dirfd crash issue in property service"Nick Kralevich2012-10-231-1/+2
|\ | | | | | | | | * commit '8f98c4b5f011db8637ce1b9361e82d59b13434f4': Fix dirfd crash issue in property service
| * Fix dirfd crash issue in property serviceYi-wei Zhao2012-10-231-1/+2
| | | | | | | | | | | | | | | | | | | | | | In "init: harden property service" patch, dirfd() is invoked without checking whether opendir() return successfully. It may fail if load_persistent_properties() is invoked before userdata partition is mounted; then dirfd(NULL) will make init crash. This may happen if "is_charger" is true. Change-Id: I216fb743a3c9fa050f92fcb31b62e766346d84bb Signed-off-by: Yi-wei Zhao <gbjc64@motorola.com>
* | am 7b88a90d: Merge "Remove HAVE_SELINUX guards"Kenny Root2012-10-171-18/+0
|\ \ | |/ | | | | | | * commit '7b88a90da2a27e347fc16c14fa577f4ae1ef07fd': Remove HAVE_SELINUX guards
| * Remove HAVE_SELINUX guardsKenny Root2012-10-161-18/+0
| | | | | | | | Change-Id: I8272c573b3c5dc663203bafab68fad5e94d89364
* | am 33045b3d: am f9c05970: Merge "init: harden property service."Nick Kralevich2012-10-041-23/+43
|\ \ | |/ | | | | | | * commit '33045b3d7bd965f67e2e0b175976cf9934fb924f': init: harden property service.
| * init: harden property service.Nick Kralevich2012-10-041-23/+43
| | | | | | | | | | | | | | | | | | Don't create temporary files in a well-known location. Rather, use mkstemp(). Don't read persistent property files from insecure files. Change-Id: I81e2aca674a2a7ca54869f088737fb228d3af6d2
* | init: Don't read local properties if ro.debuggable=0Nick Kralevich2012-09-191-6/+12
| | | | | | | | | | Bug: 7195965 Change-Id: I29fdad61aa61f2c46d49db227cf7b84d9cc6f25d
* | bluetooth: bring up with bluedroid stackJeonghoon lim2012-08-151-1/+1
| | | | | | | | | | | | - change permission of "bluetooth." property to AID_BLUETOOTH Change-Id: Ifcd97f136cfc3372412fe500e4f800d1bbbd065c
* | am 11c783f1: am 9494f297: Merge "Implement SELinux/MAC checks for property ↵Kenny Root2012-08-131-11/+79
|\ \ | |/ | | | | | | | | | | service." * commit '11c783f1ead9f276e8854cb1adaebeed8517e8a1': Implement SELinux/MAC checks for property service.
| * Implement SELinux/MAC checks for property service.rpcraig2012-08-091-11/+79
| | | | | | | | | | | | | | | | | | | | This is a set of changes to the init property service implementation to apply a SELinux check over who can change what properties. Also included control hooks for the 'ctl' keys. Change-Id: I5a18809bf5536f6459a36b6bf0d622b9f5061aa0 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
generated by cgit v1.1 at 2025-01-25 13:27:41 +0000