| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We originally included a warning to not invoke restorecon_recursive
with a path leading to a shell-writable or app-writable directory
due to concerns about the potential for mischief with symlinks during
the restorecon_recursive. However, this warning was never necessary for
calling restorecon_recursive during system initialization before an adb
shell or app can run, and we have further prohibited init from
reading/following symlinks that can be created by shell or apps in
policy, so this warning is superfluous. It also contradicts current
usage of restorecon_recursive in rootdir/init.rc, since it is called
there on /data.
Change-Id: I28a635e0b5991ced8adcef93e7a04f9d9e5634fd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
| |
|
|
|
|
| |
from init/readme.txt
Change-Id: I16e226d8f563a223ae20044fff30498883bc4ae2
|
| |
|
|
|
|
|
| |
device-added, device-removed and service-exited were described but
never implemented.
Change-Id: I6fbd05a85576d18d6741fc6dd549acc9132b0531
|
| |
|
|
|
| |
Bug: https://code.google.com/p/android/issues/detail?id=73996
Change-Id: I4f8d3927d17a4021a2436c2859aa732479c5a118
|
| |
|
|
|
|
|
|
|
|
|
| |
enable <servicename>
Turns a disabled service into an enabled one as if the service did not
specify disabled in the rc file.
It will also start the service if needed.
Bug: 14472973
Change-Id: Id0b49cc687a2bc74f6f92e066c617724cc94908d
Signed-off-by: JP Abgrall <jpa@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Functionally equivalent to the restorecon -R toolbox command.
A use case is given by:
I48eaa2b9901ac8c978192c14493ba1058a089423
Also, fix error handling and documentation for restorecon command.
Change-Id: Ia7fbcc82645baf52c6bff0490d3492f458881cbb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
| |
|
|
|
|
|
|
|
|
| |
Change setsebool syntax from name=value to name value.
This is to make it consistent with setprop and similar commands.
Update both the init built-in command and the toolbox command
for consistency.
Change-Id: I2c8e016ba26731c4a2ad4a49ae3b89362bf8f8a8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
| |
|
|
|
| |
Change-Id: I9b066e0789c93e5147c28a60baeed91c44dd9359
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The wait command was currently implemented but
undocumented and only used internally. This change
adds a second option toi (optionally) override the default
timeout of 5 seconds.
The wait command can be used to wait for a file to appear
during the boot process, for example a disk or other device,
and is a better alternative than an unconditional sleep.
Change-Id: Ia11d8419c0ea84deec0e1bf5adfca5bc76ff38b7
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
|
| |
|
|
|
| |
Change-Id: Ib264ecf9beb2685b070436d2bdec9655c7a31b47
Signed-off-by: Mike Lockwood <lockwood@android.com>
|
| | |
|
| | |
|
| |
|
