summaryrefslogtreecommitdiffstats
path: root/rootdir
Commit message (Collapse)AuthorAgeFilesLines
* rootdir: init.rc: update max TCP window sizes for mobile networksNarayan Reddy2014-04-181-7/+7
| | | | | | | | | | | | | | | | | GRPS: RTT=600ms, max tput=80kbps (class 12 GMSK 4+1) EDGE: RTT=300ms, max tput=236kbps (class 12 8PSK) UMTS: RTT=200ms, max tput=384kbps (R99) HSDPA: RTT=75ms, max tput=14Mbps (cat 10) HSUPA: RTT=50ms, max tput=14Mbps HSPA: RTT=50ms, max tput=14Mbps HSPA+: RTT=50ms, max tput=42Mbps (cat 20) LTE: RTT=20ms, max tput=100Mbps (class 3) bug 67569 Change-Id: I9d62359bbd11dc68e3649a7ea2295d0d4e25e3f2 Signed-off-by: Narayan Reddy <narayanr@nvidia.com> Signed-off-by: Steve Lin <stlin@nvidia.com>
* Merge "Add a config for dual mode zygote."Narayan Kamath2014-04-111-0/+12
|\
| * Add a config for dual mode zygote.Narayan Kamath2014-04-101-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Note that init.zygote64.rc, which supports a "pure" 64 bit zygote is around only for testing. The life cycles of both zygotes are controlled by init, and the assumption here is that they will be available always. We start the system_server in 32 bit mode. Note that the distinction between "primary" and "secondary" simply defines the order in which ABI support is queried, there's no real requirement that the primary zygote supports the primary ABI of the device. bug: 13647418 Change-Id: Id0be001ea6f934c3c2022d89a63aae9fae66cc38
* | Enable world-readable selinuxfs policy binary.dcashman2014-04-071-0/+3
|/ | | | Change-Id: I1eefb457cea1164a8aa9eeb7683b3d99ee56ca99
* Merge "Move zygote init config to its own file."Narayan Kamath2014-04-013-8/+17
|\
| * Move zygote init config to its own file.Narayan Kamath2014-03-313-8/+17
| | | | | | | | | | | | | | | | | | This allows us to choose different configs depending on whether or not the target is 64 capable, and what its preferred default is. bug: 13647418 Change-Id: Ie1ce4245a3add7544c87d27c635ee390f4062523
* | Merge "rootdir: reduce permissions on /dev/rtc0"Greg Hackmann2014-03-311-1/+1
|\ \ | |/ |/|
| * rootdir: reduce permissions on /dev/rtc0Greg Hackmann2014-03-271-1/+1
| | | | | | | | | | | | | | | | Remove world-readable, reduce group permissions to readable by system daemons Change-Id: I6c7d7d78b8d8281960659bb8490a01cf7fde28b4 Signed-off-by: Greg Hackmann <ghackmann@google.com>
* | logd: core requirementMark Salyzyn2014-03-211-6/+7
|/ | | | | | - has no dependency on /data, switch from main to core Change-Id: I4bfe3e67d4cbd31e943c609f5626e533857a27a9
* set /proc/sys/net/unix/max_dgram_qlen to large valueMark Salyzyn2014-03-031-0/+1
| | | | | | | | - init: set /proc/sys/net/unix/max_dgram_qlen to 300 - libsysutils: Add listen backlog argument to startListener - logd: set listen backlog to 300 Change-Id: Id6d37d6c937ba2d221e76258d89c9516619caeec
* Merge "Apply restorecon_recursive to all of /data."Nick Kralevich2014-02-261-8/+3
|\
| * Apply restorecon_recursive to all of /data.Stephen Smalley2014-02-061-8/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the following prior changes: I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1 I698b1b2c3f00f31fbb2015edf23d33b51aa5bba1 I8dd915d9bb80067339621b905ea2b4ea0fa8d71e it should now be safe (will correctly label all files) and reasonably performant (will skip processing unless file_contexts has changed since the last call) to call restorecon_recursive /data from init.rc. The call is placed after the setprop selinux.policy_reload 1 so that we use any policy update under /data/security if present. Change-Id: Ib8d9751a47c8e0238cf499fcec61898937945d9d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | logd: initial checkin.Mark Salyzyn2014-02-261-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create a new userspace log daemon for handling logging messages. Original-Change-Id: I75267df16359684490121e6c31cca48614d79856 Signed-off-by: Nick Kralevich <nnk@google.com> * Merge conflicts * rename new syslog daemon to logd to prevent confusion with bionic syslog * replace racy getGroups call with KISS call to client->getGid() * Timestamps are filed at logging source * insert entries into list in timestamp order * Added LogTimeEntry tail filtration handling * Added region locking around LogWriter list * separate threads for each writer * /dev/socket/logd* permissions Signed-off-by: Mark Salyzyn <salyzyn@google.com> (cherry picked from commit 3e76e0a49760c4970b7cda6153e51026af98e4f3) Author: Nick Kralevich <nnk@google.com> Change-Id: Ice88b1412d8f9daa7f9119b2b5aaf684a5e28098
* | Start debuggerd64 for 64-bit processesDan Willemsen2014-02-161-0/+3
|/ | | | Change-Id: I2fc33d9eb2726b043d2f13bfab0c605dbb6083c7
* Move creation of /data/misc/wifi and /data/misc/dhcp to main init.rc file.Stephen Smalley2014-01-291-1/+5
| | | | | | | | | | | | | | mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed in the various device-specific init*.rc files but seems generic. Move it to the main init.rc file. Drop the separate chown for /data/misc/dhcp as this is handled by mkdir built-in if the directory already exists. Add a restorecon_recursive /data/misc/wifi/sockets. Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* adbd: switch to su domain when running as rootNick Kralevich2014-01-221-1/+1
| | | | | | | | | | | When adbd runs as root, it should transition into the su domain. This is needed to run the adbd and shell domains in enforcing on userdebug / eng devices without breaking developer workflows. Introduce a new device_banner command line option. Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
* restorecon /data/misc/media.Stephen Smalley2014-01-151-0/+1
| | | | | | | Otherwise it will be mislabeled on upgrades with existing userdata. Change-Id: Ibde88d5d692ead45b480bb34cfe0831baeffbf94 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* Don't set LD_LIBRARY_PATH globally.Elliott Hughes2014-01-131-1/+0
| | | | | | | | | | On a 64-bit system, 64-bit processes will want one path, 32-bit processes another. The dynamic linker already provides the correct defaults for native code, and we've coupled the VM and dynamic linker so that LD_LIBRARY_PATH will be set correctly in any VM during startup if it's not being manually overridden. Change-Id: Icbffc0d451dbc242cdfb9267413d8bcac434e108
* Merge "Fix tracing on user builds"Colin Cross2014-01-091-0/+2
|\
| * Fix tracing on user buildsCarton He2013-12-051-0/+2
| | | | | | | | | | | | | | | | Need the set correct permission for print-tgid option or tracing of sched can't work on user build. Change-Id: Ia88aabe58128b911afd78f01c27f7da884ed03f0 Signed-off-by: Carton He <carton.he@marvell.com>
* | Label existing /data/mediadrm files.rpcraig2014-01-071-0/+1
| | | | | | | | | | | | | | | | | | Use restorecon_recursive to label devices where the directory and subfiles have already been built and labeled. Change-Id: I0dfe1e542fb153ad20adf7b2b1f1c087b4956a12 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
* | Merge "Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls."Nick Kralevich2014-01-021-0/+3
|\ \
| * | Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.Stephen Smalley2013-12-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If checkreqprot == 1, SELinux only checks the protection flags passed by the application, even if the kernel internally adds PROT_EXEC for READ_IMPLIES_EXEC personality flags. Switch to checkreqprot == 0 to check the final protection flags applied by the kernel. Change-Id: Ic39242bbbd104fc9a1bcf2cd2ded7ce1aeadfac4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | | Run the console service shell in the shell domain.Stephen Smalley2013-12-231-0/+1
|/ / | | | | | | | | | | | | | | This allows it to be permissive in userdebug/eng builds but confined/enforcing in user builds. Change-Id: Ie322eaa0acdbefea2de4e71ae386778c929d042b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | rootdir: add permissions for /dev/rtc0Greg Hackmann2013-12-171-0/+1
| | | | | | | | | | Change-Id: If9d853bdae2399b1e7434f45df375ba1fd6dbe9c Signed-off-by: Greg Hackmann <ghackmann@google.com>
* | Relabel /data/misc/zoneinfoNick Kralevich2013-12-131-0/+1
| | | | | | | | | | | | | | The files in zoneinfo changed from system_data_file to zoneinfo_data_file. Fixup pre-existing files. Change-Id: Idddbd6c2ecf66cd16b057a9ff288cd586a109949
* | Do not change ownership on /sys/fs/selinux/enforce.Stephen Smalley2013-12-091-3/+0
| | | | | | | | | | | | | | There is no longer any reason to permit system UID to set enforcing mode. Change-Id: Ie28beed1ca2b215c71f2847e2390cee1af1713c3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | Merge commit '252d9030cd4b2e3e6cf13fa33f328eccedb5e26c' into HEADThe Android Open Source Project2013-12-051-3/+0
|\ \ | |/ |/|
| * am a9e453f1: Merge "vold no longer does MS_MOVE; remove tmpfs." into klp-devJeff Sharkey2013-10-171-3/+0
| |\ | | | | | | | | | | | | * commit 'a9e453f1b552699f69dca19599c7624a581089bd': vold no longer does MS_MOVE; remove tmpfs.
| | * vold no longer does MS_MOVE; remove tmpfs.Jeff Sharkey2013-10-171-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | MS_MOVE was used when staging external storage devices, which no longer occurs. In fact, having a writable tmpfs was masking a vold bug around moving apps to SD cards. Bug: 11175082 Change-Id: Ib2d7561c3a0b6fde94f651a496cb0c1f12f88d96
* | | rootdir: add ueventd.rc rule for adf subsystemGreg Hackmann2013-11-261-0/+3
| | | | | | | | | | | | | | | Change-Id: I727d91355229692c11e0e309c0fcac051269eba3 Signed-off-by: Greg Hackmann <ghackmann@google.com>
* | | Merge commit '536dea9d61a032e64bbe584a97463c6638ead009' into HEADThe Android Open Source Project2013-11-223-62/+82
|\ \ \ | |/ / | | | | | | Change-Id: I5c469a4b738629d99d721cad7ded02d6c35f56d5
| * | am e93a0517: Set GID required to write, media_rw mount point.Jeff Sharkey2013-10-081-0/+1
| |\ \ | | |/ | | | | | | | | | * commit 'e93a0517f4c88310066ac39c6b268ebfcceef44e': Set GID required to write, media_rw mount point.
| | * Set GID required to write, media_rw mount point.Jeff Sharkey2013-10-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add sdcard FUSE daemon flag to specify the GID required for a package to have write access. Normally sdcard_rw, but it will be media_rw for secondary external storage devices, so DefaultContainerService can still clean up package directories after uninstall. Create /mnt/media_rw which is where vold will mount raw secondary external storage devices before wrapping them in a FUSE instance. Bug: 10330128, 10330229 Change-Id: I4385c36fd9035cdf56892aaf7b36ef4b81f4418a
| * | am 410f8c30: am 79b277ab: Merge "Set security context of /adb_keys and ↵Colin Cross2013-10-031-0/+7
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | /data/misc/adb/adb_keys." * commit '410f8c305b416484f17f068c37b785605a2f69eb': Set security context of /adb_keys and /data/misc/adb/adb_keys.
| * \ \ am b1dd1765: am b42fc74f: Merge "Expose /dev/hw_random to group "system"."Alex Klyubin2013-10-031-0/+2
| |\ \ \ | | | | | | | | | | | | | | | | | | | | * commit 'b1dd176520896efacbabd1df65d8bb56e1bfeb71': Expose /dev/hw_random to group "system".
| * \ \ \ am 230252d5: am 61afb07b: Merge "Trigger a policy reload from post-fs-data."Colin Cross2013-10-011-0/+3
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | * commit '230252d5cd70f5be4c24046c7a409e9498ac97f5': Trigger a policy reload from post-fs-data.
| * \ \ \ \ am 6b1a0272: Merge "Create a separate copy of the fsck logs" into klp-devKen Sumrall2013-09-231-0/+4
| |\ \ \ \ \ | | | |_|_|/ | | |/| | | | | | | | | | | | | | | * commit '6b1a027239689a817aa5ca44a2bcbfe48ed21408': Create a separate copy of the fsck logs
| | * | | | Merge "Create a separate copy of the fsck logs" into klp-devKen Sumrall2013-09-231-0/+4
| | |\ \ \ \
| | | * | | | Create a separate copy of the fsck logsKen Sumrall2013-09-201-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The log_target parameter of android_fork_execvp_ext() is now a bit field, and multiple targets can be set to log to multiple places at the same time. The new target LOG_FILE will log to a file specified by the new parameter file_path. Set LOG_FILE and log to a file in /dev (the only writable filesystem avilable when e2fsck runs) when invoking e2fsck in fs_mgr. Bug: 10021342 Change-Id: I63baf644cc8c3afccc8345df27a74203b44d0400
| * | | | | | am 44d6342c: Remove mkdir() side effect, add .nomedia, utils.Jeff Sharkey2013-09-201-1/+1
| |\ \ \ \ \ \ | | |/ / / / / | | | | | | | | | | | | | | | | | | | | | * commit '44d6342caa0db1f613809e9ba1ea8d9af0183b74': Remove mkdir() side effect, add .nomedia, utils.
| | * | | | | Remove mkdir() side effect, add .nomedia, utils.Jeff Sharkey2013-09-201-1/+1
| | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this change, FUSE lookup() would have the side effect of creating the directory on behalf of apps. This resulted in most directories being created just by Settings trying to measure disk space. Instead, we're switching to have vold do directory creation when an app doesn't have enough permissions. Create fs_mkdirs() utility to create all parent directories in a path as needed. Allow traversal (+x) into /storage directories. Fix FUSE derived permissions to be case insensitive. Mark well-known directories as .nomedia when created. Bug: 10577808, 10330221 Change-Id: I53114f2e63ffbe6de4ba6a72d94a232523231cad
| * | | | | am 2e940286: am 0f507339: Merge "Do not change ownership of ↵Nick Kralevich2013-09-191-1/+0
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /sys/fs/selinux/load to system UID." * commit '2e9402863b40fe8bf2ddd8169c62f2419d968ff9': Do not change ownership of /sys/fs/selinux/load to system UID.
| * \ \ \ \ \ am 4f18183b: Merge "Initialize /dev/urandom earlier in boot." into klp-devNick Kralevich2013-09-181-0/+3
| |\ \ \ \ \ \ | | | |/ / / / | | |/| | | | | | | | | | | | | | | | | | * commit '4f18183bd6d3d2ed5d698c176ecc239211bdb82e': Initialize /dev/urandom earlier in boot.
| | * | | | | Initialize /dev/urandom earlier in boot.Nick Kralevich2013-09-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's a security best practice to carry entropy across reboots. (see "man 4 random"). Currently, entropy saving and mixing occur in the system_server, via the EntropyMixer code. Unfortunately, the EntropyMixer code runs fairly late in the boot process, which means early boot doesn't have high quality entropy. This has caused security problems in the past. Load entropy data as soon as we can in the early boot process, so that we can get /dev/random / /dev/urandom into a "random" state earlier. Bug: 9983133 Change-Id: Id4a6f39e9060f30fe7497bd8f8085a9bec851e80
| * | | | | | am 67b00d8b: init.rc: change mem cgroups permissionsRom Lemarchand2013-09-101-3/+3
| |\ \ \ \ \ \ | | |/ / / / / | | | | | | | | | | | | | | | | | | | | | * commit '67b00d8b2d96e8133c249bcbc0fb63c49e10e022': init.rc: change mem cgroups permissions
| | * | | | | init.rc: change mem cgroups permissionsRom Lemarchand2013-09-101-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changing mem cgroups permissions to only be accessible by root and system. Bug: 10210529 Bug: 10210900 Change-Id: Ib4fff6f49b33013b3629d40ae98a5e2464571b2d
| * | | | | | resolved conflicts for merge of a1af5cf6 to klp-dev-plus-aospColin Cross2013-08-231-4/+0
| |\ \ \ \ \ \ | | |/ / / / / | |/| | | | | | | | | | | | Change-Id: I08e9898940f7cdd466469b76760807cc5d5c67e4
| * | | | | | Remove input flinger stubs. (DO NOT MERGE)Jeff Brown2013-08-221-7/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 10446930 Change-Id: I88b926380dbe1e866c0b87ec95b3489d87c5907b
| * | | | | | healthd: normal and charger mode startupTodd Poynor2013-07-261-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Command line flag -n tells healthd not to use (or wait for) servicemanager in charger mode. Change-Id: I255f9597dff6fc904f5ed20fd02f52c0531d14f8
generated by cgit v1.1 at 2024-09-09 23:07:07 +0000