summaryrefslogtreecommitdiffstats
path: root/init
Commit message (Collapse)AuthorAgeFilesLines
* write_file: introduce O_NOFOLLOW, use sane maskNick Kralevich2013-09-171-1/+1
| | | | | | | | Don't follow symlinks when writing to a file. Don't create world-writable files. Bug: 10802869 Change-Id: Ifb55600d574307a535df878acb3347e02028cd30
* property_service: better validate property namesNick Kralevich2013-09-161-4/+37
| | | | | | | | Don't allow unexpected characters in property names. Don't allow double dots in property names. Bug: 10733330 Change-Id: I8d69740d697efb791f2f201f90989576e13bac81
* Seed Linux RNG from Hardware RNG at boot during init.Alex Klyubin2013-08-191-0/+85
| | | | | | | | | | | | | | | The Linux RNG may have little entropy during boot. As more and more devices have a Hardware RNG, we mix in 512 bytes from Hardware RNG (if present) into Linux RNG early during boot (after wait_for_coldboot_done and before property_service_init actions in init). To avoid having to trust the output of Hardware RNG, we do not mix it into the Linux RNG's primary pool or increase the Linux RNG's entropy estimates. Bug: 10362513 Change-Id: I80617f21710400747f5e7533e518d90ea74e2f11
* Merge "Add basic verity support to fs_mgr."Geremy Condra2013-08-071-1/+3
|\
| * Add basic verity support to fs_mgr.Geremy Condra2013-08-061-1/+3
| | | | | | | | | | | | | | | | | | | | | | This change adds a "verify" fs_mgr flag specifying that the device in question should be verified. Devices marked with this flag are expected to have a footer immediately after their data containing all the information needed to set up a verity instance. Change-Id: I10101f2c3240228ee0932e3767fe35e673d2e720
* | am 8c4b1539: am f9873987: am 5954ecb8: Merge "Allow more characters in ↵Colin Cross2013-07-222-3/+18
|\ \ | |/ |/| | | | | | | | | partition name links" * commit '8c4b153911e399f00fdf0ed4e39782d0d49396d6': Allow more characters in partition name links
| * am 5954ecb8: Merge "Allow more characters in partition name links"Colin Cross2013-07-222-3/+18
| |\ | | | | | | | | | | | | * commit '5954ecb87b8c77425d8cc766c0cc798957a07a7d': Allow more characters in partition name links
| | * Allow more characters in partition name linksJohan Redestig2013-07-182-3/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have several partitions with underscores in their names which would not be properly linked in: /dev/block/platform/msm_sdcc.1/by-name/ With this change more characters (_-.) are allowed in partition name links. Also, any other character is replaced with '_' so the resulting link names have the same length as the partition name. Change-Id: I746566c03db98b10326c755692362d2c10e528ae
| * | am b1a9f8cf: resolved conflicts for merge of b6c60285 to stage-aosp-masterColin Cross2013-06-241-28/+5
| |\ \ | | | | | | | | | | | | | | | | | | | | * commit 'b1a9f8cf4b15a861ab998a4c5f0c69068f22c62a': init: move initial property area allocation into bionic property_service: make /dev/__properties__ readable
| | * \ resolved conflicts for merge of b6c60285 to stage-aosp-masterColin Cross2013-06-241-28/+5
| | |\ \ | | | |/ | | | | | | | | Change-Id: I5afba55b668065499fa28369cf217d4f5eafab4a
| | | * Merge changes Ieb94caab,I762da21eColin Cross2013-06-251-30/+5
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | * changes: init: move initial property area allocation into bionic property_service: make /dev/__properties__ readable
| | | | * init: move initial property area allocation into bionicGreg Hackmann2013-06-191-28/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bionic's __system_property_add() now expands the property area as needed by mapping in more pages. Rather than duplicate the mapping code, move it inside bionic and have bionic's __system_property_area_init() set up the first page. Signed-off-by: Greg Hackmann <ghackmann@google.com> (cherry picked from commit f14eef0c3c456bfe39f7e9d57c8f7ae4ec775972) Change-Id: Ieb94caab1527c71f2155efe3795490b0ea215a29
| | | | * property_service: make /dev/__properties__ readableNick Kralevich2013-06-191-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, system properties are passed via the environment variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed from parent to child. This is insecure for setuid executables, as the environment variable can be changed by the caller. Make the /dev/__properties__ file accessible, so an app can get properties directly from the file, rather than relying on environment variables. Preserve the environment variable for compatibility with pre-existing apps. Bug: 8045561 (cherry picked from commit 7ece0a862cf97e85bbe69458a32a2bd165456874) Change-Id: I762da21ef4075f288745efed0ec7d16c2b71303c
* | | | | init: call restorecon on /sysNick Kralevich2013-07-153-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Not all files on /sys are not getting labeled properly. Fix them. Change-Id: I9dcff76354e7f50d41f1b6e702836cfbbc149278
* | | | | Add swapon_all to init's builtin commandsKen Sumrall2013-07-093-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For enabling swap devices found in the fstab file Change-Id: Iec4fd4d208df3d7a161a90d95f8606e8b516334a
* | | | | init: allow disabling selinux via a kernel command lineNick Kralevich2013-06-281-3/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create a new "androidboot.selinux" option, to control how userspace handles SELinux. This kernel command line can have three options: * disabled * permissive * enforcing "disabled" completely disables userspace support for SELinux. No policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux ever mounted. "permissive" loads the SELinux policy, but puts SELinux into permissive mode. SELinux policy violations are logged, but not rejected. "enforcing", the default, loads the SELinux policy, and places SELinux into enforcing mode. Policy violations are rejected. This change addresses post review comments for change b710ed21dec88c0dde8209264df054c842561589 . Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
* | | | | Merge "init: move SELinux into enforcing mode."Nick Kralevich2013-06-251-21/+20
|\ \ \ \ \
| * | | | | init: move SELinux into enforcing mode.Nick Kralevich2013-06-251-21/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When init starts up, immediately put SELinux into enforcing mode. This is currently a no-op. We currently have everything in the unconfined domain, so this should not break anything. (if it does, I'll roll it back immediately) If the kernel doesn't have SELinux support compiled in, then don't try loading a policy and continue without SELinux protections. Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
* | | | | | am 372d668a: am 39021a48: am 83ada447: Merge changes Ib54f39fd,I7e36edd8Colin Cross2013-06-254-15/+38
|\ \ \ \ \ \ | |/ / / / / |/| / / / / | |/ / / / | | | | | | | | | | * commit '372d668a279934ff3b2ec2f07a76fe2f351789d5': init: Retain traditional restart behavior for critical and oneshot services. init: Safely restart services to avoid race conditions.
| * | | | am 39021a48: am 83ada447: Merge changes Ib54f39fd,I7e36edd8Colin Cross2013-06-244-15/+38
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | * commit '39021a48a0e0687c654423acd5a4c99a1d79440d': init: Retain traditional restart behavior for critical and oneshot services. init: Safely restart services to avoid race conditions.
| | * | | am 83ada447: Merge changes Ib54f39fd,I7e36edd8Colin Cross2013-06-244-15/+38
| | |\ \ \ | | | |/ / | | | | | | | | | | | | | | | | | | | | * commit '83ada447aed69dfcd0a88e952eced8db1e4d6584': init: Retain traditional restart behavior for critical and oneshot services. init: Safely restart services to avoid race conditions.
| | | * | Merge changes Ib54f39fd,I7e36edd8Colin Cross2013-06-244-15/+38
| | | |\ \ | | | | |/ | | | |/| | | | | | | | | | | | | | | | * changes: init: Retain traditional restart behavior for critical and oneshot services. init: Safely restart services to avoid race conditions.
| | | | * init: Retain traditional restart behavior for critical and oneshot services.Mike Kasick2012-03-224-11/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds an SVC_RESTART state that's used for an explicit "restart" of a running service. This retains the traditional restart behavior for critical and oneshot services (previously altered by 7e36edd8), whereby these services are "simply restarted" instead of counting as a crash (for a critical serivce) or going into the disabled state (for a oneshot service).
| | | | * init: Safely restart services to avoid race conditions.Mike Kasick2012-03-221-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, service restarts (either an explicit "restart", or a "stop, start" pair) exhibited a race condition whereby the new (restarting) service process was often spawned before the old (stopping) process had terminated. This may have resulted in the new service process failing to acquire a limited resource (file lock, socket bind, etc.) that the old process had not yet released. Now, a stopping service remains in the SVC_RUNNING state until its exiting process has been reaped by waitpid. This prevents a "stop, start" sequence from spawning a second service process before resources held by the first are released. This enables safe service restarts by stopping the service, waiting for the old service process to terminate, and (only then) starting the new service process. In the event of "restarting" an already stopped service, the previous behavior is maintained whereby the service is simply started. This scenario could be special-cased by the restart command, however, we have observed instances where services are, unintentionally, stopped and started "too quickly," and so simultaneous processes for the same service should never be allowed. Note that this commit alters the behaviors for explicit restarts of critical and oneshot services. Previously these serivces would simply be restarted, whereas now, an explicit restart of a critical service counts as a crash (which may result in a recovery reboot) and oneshot services go into the disabled state.
| * | | | am 99c1a416: resolved conflicts for merge of 95a41f6b to stage-aosp-masterColin Cross2013-06-175-88/+58
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '99c1a4168ba792437f298d31cd4631ff01661476': init: fix copying boot properties toolbox: hide property implementation from watchprops init: verify size of property buffers passed to property_get init: move the system property writer implementation init: switch property_get to use __system_property_get
| | * | | resolved conflicts for merge of 95a41f6b to stage-aosp-masterColin Cross2013-06-175-88/+58
| | |\ \ \ | | | |/ / | | | | | | | | | | Change-Id: Icfae29edf989fb43a7f0b8bda188a9807f76a3b9
| | | * | init: fix copying boot propertiesColin Cross2013-06-171-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous patch "init: verify size of property buffers passed to property_get" incorrectly modified one of the callers, resulting in ro.serialno, ro.bootmode, ro.baseband, and ro.bootloader always being set to their default values. Bug: 9469860 (cherry picked from commit 67e3663fc93c65b69b5d121db05b0833b98d97f1) Change-Id: Ia7b337e1fab6e334729f47ee1269e6c736615177
| | | * | init: verify size of property buffers passed to property_getColin Cross2013-06-172-2/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Verify that the buffer passed as the value parameter to property_get is always big enough. (cherry picked from commit 88ac54a4e8d2a63e4fd9c465e115795ace316776) Change-Id: Iacc2b42bfe4069e0bfcbb1c48474f30126a93139
| | | * | init: move the system property writer implementationColin Cross2013-06-171-51/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move the system property writer implementation into bionic to keep it next to the reader implementation and allow for better testing. (cherry picked from commit 9f5af635010a7ba92edf1fca543f7271cc9d75c8) Change-Id: Idf6100d1d0170751acd5163a22597912bff480f0
| | | * | init: switch property_get to use __system_property_getColin Cross2013-06-175-39/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (cherry picked from commit 2deedfe0b1ac86ebd62d19cf7da9e7dcb508ab09) Change-Id: If3fba2cc1dd5c167b0924ddfe42dbe2e6387208a
| | | * | init: prevent action being added to the action_queue twiceColin Cross2013-06-101-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Property triggers may cause an action to be queued twice, resulting in a loop in the action queue. Keep actions that are not on the queue in the list_empty state (act->qlist->next == act->qlist), and only add them to the list if they are in that state. Bug: 8335133 Change-Id: I3a3ec18176cf19cbaa3a45220a03c7560eacfe79
* | | | | init: move initial property area allocation into bionicGreg Hackmann2013-06-181-28/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bionic's __system_property_add() now expands the property area as needed by mapping in more pages. Rather than duplicate the mapping code, move it inside bionic and have bionic's __system_property_area_init() set up the first page. Change-Id: If9917d5f775c1a82eb89be55b84635395145ca49 Signed-off-by: Greg Hackmann <ghackmann@google.com>
* | | | | init: fix copying boot propertiesColin Cross2013-06-171-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous patch "init: verify size of property buffers passed to property_get" incorrectly modified one of the callers, resulting in ro.serialno, ro.bootmode, ro.baseband, and ro.bootloader always being set to their default values. Bug: 9469860 Change-Id: Id45bd8dd657e8d61f4cfaf7e6b2559d2bfd05181
* | | | | init: verify size of property buffers passed to property_getColin Cross2013-06-172-2/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Verify that the buffer passed as the value parameter to property_get is always big enough. Change-Id: Ie5b6fcd94bb908215cfd55d0c9b07f717ddb70b1
* | | | | init: move the system property writer implementationColin Cross2013-06-171-51/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move the system property writer implementation into bionic to keep it next to the reader implementation and allow for better testing. Change-Id: I9026e604109e30546b2849b60cab2e7e5ff00ba5
* | | | | init: switch property_get to use __system_property_getColin Cross2013-06-175-37/+32
| | | | | | | | | | | | | | | | | | | | Change-Id: I4fc0502a1a5b331087618a4d2e3d90948743d7bd
* | | | | am 05a52055: am 76c58893: Free file handle for /firmware/image after useAjay Dudani2013-06-141-0/+1
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | * commit '05a52055661701c20f71124161798fdea8ea2982': Free file handle for /firmware/image after use
| * | | | am 76c58893: Free file handle for /firmware/image after useAjay Dudani2013-06-141-0/+1
| |\ \ \ \ | | |/ / / | |/| | | | | | | | | | | | | * commit '76c5889325c2ada5dda07fd9af20a4a485978538': Free file handle for /firmware/image after use
| | * | | Free file handle for /firmware/image after useAjay Dudani2013-06-131-0/+1
| | | | | | | | | | | | | | | | | | | | Change-Id: Id59e25486b45dffc87a89a961970a6e8128a5237
* | | | | am 5cb9a02b: am 7e723498: Merge "Add permission for bluetooth app in ↵Matthew Xie2013-05-221-0/+8
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | non-primary users" into jb-mr2-dev * commit '5cb9a02b0322c18b48eb9ce261502c3b830c113c': Add permission for bluetooth app in non-primary users
| * | | | am 7e723498: Merge "Add permission for bluetooth app in non-primary users" ↵Matthew Xie2013-05-221-0/+8
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | into jb-mr2-dev * commit '7e72349865db83d62f98eec8bca4b170712fe0e0': Add permission for bluetooth app in non-primary users
| | * | | Merge "Add permission for bluetooth app in non-primary users" into jb-mr2-devMatthew Xie2013-05-221-0/+8
| | |\ \ \
| | | * | | Add permission for bluetooth app in non-primary usersMatthew Xie2013-05-221-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bug 8954114 Change-Id: Id6a42f5a5beefa22c3cc8eecfb39a2222017a3b4
* | | | | | am 8f6adcfc: am 49be2407: Revert "Add logic to fixup file contexts after a ↵gcondra@google.com2013-05-201-6/+1
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | policy update." * commit '8f6adcfcc55414cc07c18fe47d7c4314da148544': Revert "Add logic to fixup file contexts after a policy update."
| * | | | | am 49be2407: Revert "Add logic to fixup file contexts after a policy update."gcondra@google.com2013-05-201-6/+1
| |\ \ \ \ \ | | |/ / / / | | | | | | | | | | | | | | | | | | * commit '49be240735a06f44e1d91aa51dd299779ad36d96': Revert "Add logic to fixup file contexts after a policy update."
| | * | | | Revert "Add logic to fixup file contexts after a policy update."repo sync2013-05-171-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit ebcf93e3bf92bf46c54c8e0f2ec8936bb2db6aea.
* | | | | | am 253e91b4: am 477e35d6: Revert "Add persistent property for SELinux ↵gcondra@google.com2013-05-201-1/+0
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enforcment status." * commit '253e91b4ffb631b188fdac0c1624786103471f05': Revert "Add persistent property for SELinux enforcment status."
| * | | | | am 477e35d6: Revert "Add persistent property for SELinux enforcment status."gcondra@google.com2013-05-201-1/+0
| |\ \ \ \ \ | | |/ / / / | | | | | | | | | | | | | | | | | | * commit '477e35d6d56c7fe9b2305becdf3ed4f590ddfbd6': Revert "Add persistent property for SELinux enforcment status."
| | * | | | Revert "Add persistent property for SELinux enforcment status."repo sync2013-05-171-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | This reverts commit b89bdfde422eff751b3f939f10ab57e22af83eaa.
* | | | | | am 43329bc1: am 8a387870: Revert "Reload policy after setting up the data ↵gcondra@google.com2013-05-204-9/+3
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | partition." * commit '43329bc1c99c0f5f3670a8aaab39e54df34819a1': Revert "Reload policy after setting up the data partition."
generated by cgit v1.1 at 2025-01-09 06:59:04 +0000