summaryrefslogtreecommitdiffstats
path: root/rootdir/init.rc
Commit message (Collapse)AuthorAgeFilesLines
* am ba023b06: Merge "Move creation of /data/misc/wifi and /data/misc/dhcp to ↵Nick Kralevich2014-02-041-1/+5
|\ | | | | | | | | | | | | main init.rc file." * commit 'ba023b063d25b73923f2df536b6258967f756ff6': Move creation of /data/misc/wifi and /data/misc/dhcp to main init.rc file.
| * Move creation of /data/misc/wifi and /data/misc/dhcp to main init.rc file.Stephen Smalley2014-01-291-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed in the various device-specific init*.rc files but seems generic. Move it to the main init.rc file. Drop the separate chown for /data/misc/dhcp as this is handled by mkdir built-in if the directory already exists. Add a restorecon_recursive /data/misc/wifi/sockets. Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | am 16384312: am 0620e3dd: Merge "adbd: switch to su domain when running as root"Nick Kralevich2014-01-241-1/+1
|\ \ | | | | | | | | | | | | * commit '16384312244b8dccd53478a7bdeeb9a492821807': adbd: switch to su domain when running as root
| * \ am 0620e3dd: Merge "adbd: switch to su domain when running as root"Nick Kralevich2014-01-241-1/+1
| |\ \ | | |/ | | | | | | | | | * commit '0620e3ddb85582f66612d046d1295dc20bf1a4f5': adbd: switch to su domain when running as root
| | * adbd: switch to su domain when running as rootNick Kralevich2014-01-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When adbd runs as root, it should transition into the su domain. This is needed to run the adbd and shell domains in enforcing on userdebug / eng devices without breaking developer workflows. Introduce a new device_banner command line option. Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
* | | am c93904b4: am e847f429: Merge "restorecon /data/misc/media."Nick Kralevich2014-01-151-0/+1
|\ \ \ | |/ / | | | | | | | | | * commit 'c93904b445830cd17fd9dd6d4fe236987577a478': restorecon /data/misc/media.
| * | am e847f429: Merge "restorecon /data/misc/media."Nick Kralevich2014-01-151-0/+1
| |\ \ | | |/ | | | | | | | | | * commit 'e847f429f43ae56aaa406697ca603c8469e2100b': restorecon /data/misc/media.
| | * restorecon /data/misc/media.Stephen Smalley2014-01-151-0/+1
| | | | | | | | | | | | | | | | | | | | | Otherwise it will be mislabeled on upgrades with existing userdata. Change-Id: Ibde88d5d692ead45b480bb34cfe0831baeffbf94 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | | am 72f269f3: am 8830b53b: Merge "Label existing /data/mediadrm files."Nick Kralevich2014-01-081-0/+1
|\ \ \ | |/ / | | | | | | | | | * commit '72f269f3050b3e5b2fd6be7d0a6a485114cc6ee7': Label existing /data/mediadrm files.
| * | am 8830b53b: Merge "Label existing /data/mediadrm files."Nick Kralevich2014-01-081-0/+1
| |\ \ | | |/ | | | | | | | | | * commit '8830b53b76c05416c021df3eb0cea1dd541bc3ac': Label existing /data/mediadrm files.
| | * Label existing /data/mediadrm files.rpcraig2014-01-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use restorecon_recursive to label devices where the directory and subfiles have already been built and labeled. Change-Id: I0dfe1e542fb153ad20adf7b2b1f1c087b4956a12 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
* | | init.rc: start lmkdTodd Poynor2014-01-041-0/+9
|/ / | | | | | | Change-Id: Ibebab31e1f41a210821834a1d65f196b39bb6601
* | am 5b8abdf6: Merge "Apply strict SELinux checking of PROT_EXEC on ↵Nick Kralevich2014-01-021-0/+3
|\ \ | |/ | | | | | | | | | | mmap/mprotect calls." * commit '5b8abdf6278a4142736d918d1371d10c54c91db3': Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
| * Merge "Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls."Nick Kralevich2014-01-021-0/+3
| |\
| | * Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.Stephen Smalley2013-12-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If checkreqprot == 1, SELinux only checks the protection flags passed by the application, even if the kernel internally adds PROT_EXEC for READ_IMPLIES_EXEC personality flags. Switch to checkreqprot == 0 to check the final protection flags applied by the kernel. Change-Id: Ic39242bbbd104fc9a1bcf2cd2ded7ce1aeadfac4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | | am 2dcc2759: Merge "Run the console service shell in the shell domain."Colin Cross2013-12-271-0/+1
|\ \ \ | |/ / | | | | | | | | | * commit '2dcc275936aefbb5badf3b4822d492260077144d': Run the console service shell in the shell domain.
| * | Run the console service shell in the shell domain.Stephen Smalley2013-12-231-0/+1
| |/ | | | | | | | | | | | | | | This allows it to be permissive in userdebug/eng builds but confined/enforcing in user builds. Change-Id: Ie322eaa0acdbefea2de4e71ae386778c929d042b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | am e4335483: Merge "Relabel /data/misc/zoneinfo"Nick Kralevich2013-12-161-0/+1
|\ \ | |/ | | | | | | * commit 'e4335483e78292800e27c7bf0a67d23bee47dc84': Relabel /data/misc/zoneinfo
| * Relabel /data/misc/zoneinfoNick Kralevich2013-12-131-0/+1
| | | | | | | | | | | | | | The files in zoneinfo changed from system_data_file to zoneinfo_data_file. Fixup pre-existing files. Change-Id: Idddbd6c2ecf66cd16b057a9ff288cd586a109949
* | am bdf53e2a: Merge "Do not change ownership on /sys/fs/selinux/enforce."Nick Kralevich2013-12-091-3/+0
|\ \ | |/ | | | | | | * commit 'bdf53e2a59654d2b1e8469616f1b0175b275219d': Do not change ownership on /sys/fs/selinux/enforce.
| * Do not change ownership on /sys/fs/selinux/enforce.Stephen Smalley2013-12-091-3/+0
| | | | | | | | | | | | | | There is no longer any reason to permit system UID to set enforcing mode. Change-Id: Ie28beed1ca2b215c71f2847e2390cee1af1713c3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
| * Merge commit '252d9030cd4b2e3e6cf13fa33f328eccedb5e26c' into HEADThe Android Open Source Project2013-12-051-3/+0
| |\
| * \ Merge commit '536dea9d61a032e64bbe584a97463c6638ead009' into HEADThe Android Open Source Project2013-11-221-16/+41
| |\ \ | | | | | | | | | | | | Change-Id: I5c469a4b738629d99d721cad7ded02d6c35f56d5
* | \ \ am 479efb54: init.rc: mount pstore fs, set console-ramoops permissionsTodd Poynor2013-11-221-0/+5
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | * commit '479efb540a198a9b7cd278387b0d45009a05bb2b': init.rc: mount pstore fs, set console-ramoops permissions
| * | | | init.rc: mount pstore fs, set console-ramoops permissionsTodd Poynor2013-11-211-0/+5
| | | | | | | | | | | | | | | | | | | | Change-Id: I44cb00f9123c6044a03de926b6a616da753bb549
* | | | | am 4a4616f6: am 048bb92f: Merge "split setptop ethernet tcp buffer from wifi"Elliott Hughes2013-11-211-11/+12
|\ \ \ \ \ | | |/ / / | |/| | / | |_|_|/ |/| | | * commit '4a4616f6450f191faf168a10b6e2ffaba14803bd': split setptop ethernet tcp buffer from wifi
| * | | am 048bb92f: Merge "split setptop ethernet tcp buffer from wifi"Elliott Hughes2013-11-201-11/+12
| |\ \ \ | | | | | | | | | | | | | | | | | | | | * commit '048bb92f3f33196d96a51b446c73805e208a5333': split setptop ethernet tcp buffer from wifi
| | * | | split setptop ethernet tcp buffer from wifiJianzheng Zhou2013-11-151-11/+12
| | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I0582ec75fddb904ca14b9cbddf593ddbd4195c41 Signed-off-by: Jianzheng Zhou <jianzheng.zhou@freescale.com>
* | | | | am a9e453f1: Merge "vold no longer does MS_MOVE; remove tmpfs." into klp-devJeff Sharkey2013-10-171-3/+0
|\ \ \ \ \ | | |_|/ / | |/| | / | |_|_|/ |/| | | * commit 'a9e453f1b552699f69dca19599c7624a581089bd': vold no longer does MS_MOVE; remove tmpfs.
| * | | vold no longer does MS_MOVE; remove tmpfs.Jeff Sharkey2013-10-171-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MS_MOVE was used when staging external storage devices, which no longer occurs. In fact, having a writable tmpfs was masking a vold bug around moving apps to SD cards. Bug: 11175082 Change-Id: Ib2d7561c3a0b6fde94f651a496cb0c1f12f88d96
* | | | am e93a0517: Set GID required to write, media_rw mount point.Jeff Sharkey2013-10-081-0/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit 'e93a0517f4c88310066ac39c6b268ebfcceef44e': Set GID required to write, media_rw mount point.
| * | | Set GID required to write, media_rw mount point.Jeff Sharkey2013-10-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add sdcard FUSE daemon flag to specify the GID required for a package to have write access. Normally sdcard_rw, but it will be media_rw for secondary external storage devices, so DefaultContainerService can still clean up package directories after uninstall. Create /mnt/media_rw which is where vold will mount raw secondary external storage devices before wrapping them in a FUSE instance. Bug: 10330128, 10330229 Change-Id: I4385c36fd9035cdf56892aaf7b36ef4b81f4418a
* | | | am 410f8c30: am 79b277ab: Merge "Set security context of /adb_keys and ↵Colin Cross2013-10-031-0/+7
|\ \ \ \ | | |/ / | |/| | | | | | | | | | | | | | | | | | /data/misc/adb/adb_keys." * commit '410f8c305b416484f17f068c37b785605a2f69eb': Set security context of /adb_keys and /data/misc/adb/adb_keys.
| * | | am 79b277ab: Merge "Set security context of /adb_keys and ↵Colin Cross2013-10-031-0/+7
| |\ \ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | /data/misc/adb/adb_keys." * commit '79b277ab73711313690d03a9fb2e9cb3f9242b39': Set security context of /adb_keys and /data/misc/adb/adb_keys.
| | * | Set security context of /adb_keys and /data/misc/adb/adb_keys.Stephen Smalley2013-10-011-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I97b3d86a69681330bba549491a2fb39df6cf20ef introduced a separate type for the adb_keys file. Set the security context of the adb_keys file accordingly by adding restorecon commands to init.rc. Change-Id: I30e4d2a1ae223a03eadee58a883c79932fff59fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | | | am 230252d5: am 61afb07b: Merge "Trigger a policy reload from post-fs-data."Colin Cross2013-10-011-0/+3
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit '230252d5cd70f5be4c24046c7a409e9498ac97f5': Trigger a policy reload from post-fs-data.
| * | | am 61afb07b: Merge "Trigger a policy reload from post-fs-data."Colin Cross2013-10-011-0/+3
| |\ \ \ | | |/ / | | | | | | | | | | | | * commit '61afb07b9b14233f76a969840f74ce1ced22bf58': Trigger a policy reload from post-fs-data.
| | * | Merge "Trigger a policy reload from post-fs-data."Colin Cross2013-09-301-0/+3
| | |\ \
| | | * | Trigger a policy reload from post-fs-data.Stephen Smalley2013-08-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Once userdata is available and decrypted, trigger a policy reload to pick up any policy update files stored under /data/security. Change-Id: Ic2b3121c3395429b108c40d1d7f5a3124a5896c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | | | | am 6b1a0272: Merge "Create a separate copy of the fsck logs" into klp-devKen Sumrall2013-09-231-0/+4
|\ \ \ \ \ | | |_|_|/ | |/| | | | | | | | | | | | | * commit '6b1a027239689a817aa5ca44a2bcbfe48ed21408': Create a separate copy of the fsck logs
| * | | | Merge "Create a separate copy of the fsck logs" into klp-devKen Sumrall2013-09-231-0/+4
| |\ \ \ \
| | * | | | Create a separate copy of the fsck logsKen Sumrall2013-09-201-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The log_target parameter of android_fork_execvp_ext() is now a bit field, and multiple targets can be set to log to multiple places at the same time. The new target LOG_FILE will log to a file specified by the new parameter file_path. Set LOG_FILE and log to a file in /dev (the only writable filesystem avilable when e2fsck runs) when invoking e2fsck in fs_mgr. Bug: 10021342 Change-Id: I63baf644cc8c3afccc8345df27a74203b44d0400
* | | | | | am 44d6342c: Remove mkdir() side effect, add .nomedia, utils.Jeff Sharkey2013-09-201-1/+1
|\ \ \ \ \ \ | |/ / / / / | | | | | | | | | | | | | | | | | | * commit '44d6342caa0db1f613809e9ba1ea8d9af0183b74': Remove mkdir() side effect, add .nomedia, utils.
| * | | | | Remove mkdir() side effect, add .nomedia, utils.Jeff Sharkey2013-09-201-1/+1
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this change, FUSE lookup() would have the side effect of creating the directory on behalf of apps. This resulted in most directories being created just by Settings trying to measure disk space. Instead, we're switching to have vold do directory creation when an app doesn't have enough permissions. Create fs_mkdirs() utility to create all parent directories in a path as needed. Allow traversal (+x) into /storage directories. Fix FUSE derived permissions to be case insensitive. Mark well-known directories as .nomedia when created. Bug: 10577808, 10330221 Change-Id: I53114f2e63ffbe6de4ba6a72d94a232523231cad
* | | | | am 2e940286: am 0f507339: Merge "Do not change ownership of ↵Nick Kralevich2013-09-191-1/+0
|\ \ \ \ \ | | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | /sys/fs/selinux/load to system UID." * commit '2e9402863b40fe8bf2ddd8169c62f2419d968ff9': Do not change ownership of /sys/fs/selinux/load to system UID.
| * | | | am 0f507339: Merge "Do not change ownership of /sys/fs/selinux/load to ↵Nick Kralevich2013-09-191-1/+0
| |\ \ \ \ | | | |/ / | | |/| | | | | | | | | | | | | | | | | | | | | | system UID." * commit '0f507339ec474a2f67227466efc9045630f1f1a4': Do not change ownership of /sys/fs/selinux/load to system UID.
| | * | | Do not change ownership of /sys/fs/selinux/load to system UID.Stephen Smalley2013-09-191-1/+0
| | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Policy reload is handled by setting the selinux.reload_policy property and letting the init process perform the actual loading of policy into the kernel. Thus, there should be no need for the system UID to directly write to /sys/fs/selinux/load. Change-Id: I240c5bb2deaee757a2e1e396e14dea9e5d9286f5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | | | am 4f18183b: Merge "Initialize /dev/urandom earlier in boot." into klp-devNick Kralevich2013-09-181-0/+3
|\ \ \ \ | | |_|/ | |/| | | | | | | | | | * commit '4f18183bd6d3d2ed5d698c176ecc239211bdb82e': Initialize /dev/urandom earlier in boot.
| * | | Initialize /dev/urandom earlier in boot.Nick Kralevich2013-09-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's a security best practice to carry entropy across reboots. (see "man 4 random"). Currently, entropy saving and mixing occur in the system_server, via the EntropyMixer code. Unfortunately, the EntropyMixer code runs fairly late in the boot process, which means early boot doesn't have high quality entropy. This has caused security problems in the past. Load entropy data as soon as we can in the early boot process, so that we can get /dev/random / /dev/urandom into a "random" state earlier. Bug: 9983133 Change-Id: Id4a6f39e9060f30fe7497bd8f8085a9bec851e80
* | | | am 67b00d8b: init.rc: change mem cgroups permissionsRom Lemarchand2013-09-101-3/+3
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit '67b00d8b2d96e8133c249bcbc0fb63c49e10e022': init.rc: change mem cgroups permissions
generated by cgit v1.1 at 2025-02-04 22:09:42 +0000