| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
- Update mediaserver to have qcom_diag group permissions
instead of diag group permissions, as /dev/diag node is
updated to qcom_diag group.
Change-Id: I33637ed68fc2f23999d07ee89682dbaa8c4383ce
|
|
|
|
|
|
| |
Add qcom diag permission to rild
Change-Id: I6a898868f7beaeee17e2183529344eddcf08be28
|
|
|
|
|
|
|
| |
This change adds the definition of qcom_diag and
also modify the /dev/diag node group to qcom_diag.
Change-Id: I07bd099c76f3fd2685f3a6698e37314a0a2c8f44
|
|
|
|
|
|
|
|
| |
Diag permissions are needed in mediaserver
to enable the QACT tool which allows users
to calibrate audio.
Change-Id: I3cb8fe807426b9f68669f34d214b7f6d089acb30
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a bunch of magic that mounts the correct view of storage
access based on the runtime permissions of an app, but we forgot to
protect the real underlying data sources; oops.
This series of changes just bumps the directory heirarchy one level
to give us /mnt/runtime which we can mask off as 0700 to prevent
people from jumping to the exposed internals.
Also add CTS tests to verify that we're protecting access to
internal mount points like this.
Bug: 22964288
Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
|
|\
| |
| |
| | |
into mnc-dev
|
| |
| |
| |
| |
| |
| |
| | |
Also add to root group to avoid introducting new bugs.
Bug: 22699101
Change-Id: I9da31e0cc955efd711df3f4c6b17e39d74c01549
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Required by logd on devices with USE_CPUSETS defined.
Make /dev/cpuset/background, /dev/cpuset/foreground and
/dev/cpuset/task writeable by system gid. Add logd to system
group for writing to cpuset files and to root group to avoid
regressions. When dropping privs, also drop supplementary groups.
Bug: 22699101
Change-Id: Icc01769b18b5e1f1649623da8325a8bfabc3a3f0
|
|\
| |
| |
| | |
mnc-dev
|
| |
| |
| |
| |
| |
| | |
This reverts commit d815178b7512cb44d8b5f234e3f823b5a3e44dea.
Change-Id: I7e3f55d3092fcd04ea9f62f1971c9d42570f096c
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
gatekeeperd depends on having /data to determine whether
to call setup routines for qcom HALs.
Bug: 22298552
Change-Id: I6c552016dc863bbb04bd5a949a2317a720c8263f
|
|/
|
|
|
|
|
|
|
|
|
| |
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.
Split property loaded into system and data, and load in right order.
Bug: 22233063
Change-Id: I8a6c40d44e17de386417a443c9dfc3b4e7fe59a5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we're treating storage as a runtime permission, we need to
grant read/write access without killing the app. This is really
tricky, since we had been using GIDs for access control, and they're
set in stone once Zygote drops privileges.
The only thing left that can change dynamically is the filesystem
itself, so let's do that. This means changing the FUSE daemon to
present itself as three different views:
/mnt/runtime_default/foo - view for apps with no access
/mnt/runtime_read/foo - view for apps with read access
/mnt/runtime_write/foo - view for apps with write access
There is still a single location for all the backing files, and
filesystem permissions are derived the same way for each view, but
the file modes are masked off differently for each mountpoint.
During Zygote fork, it wires up the appropriate storage access into
an isolated mount namespace based on the current app permissions. When
the app is granted permissions dynamically at runtime, the system
asks vold to jump into the existing mount namespace and bind mount
the newly granted access model into place.
Bug: 21858077
Change-Id: I5a016f0958a92fd390c02b5ae159f8008bd4f4b7
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the file access permissions and group ownership of
"/data/misc/bluedroid/bt_config.conf" so the file can be reused when
switching users on the device.
For that purpose, we need to do the following:
1. Set the set-group-ID (bit 02000) flag for directory "/data/misc/bluedroid"
so the files created in that directory will have group-id of
"net_bt_stack" .
2. Change the file's permissions of file "/data/misc/bluedroid/bt_config.conf"
to Read/Write by User and Group.
Bug: 21493919
Change-Id: Ie00ab4695198ef2aa299b484ef9d4f17bd41b98a
|
|
|
|
|
|
| |
bug 21782794
Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to prevent this bug from happening, we must allow vold cryptfs
commands to complete while a long running mount is underway.
While waiting for vold to be changed to a binder interface, we will simply
create two listeners, one for cryptfs and one for everything else.
Bug: 19197175
Change-Id: Ie3d9567819ced7757b0a8f391547f27db944153c
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
An automatic domain transition is already defined by SELinux
policy. Avoid having redundant information on the exec line.
This commit depends on commit 17fff893c04971b519d25d52b07f51111353cba5
which made the SELinux process label optional.
(cherrypicked from commit 221fca7ddd2ba1778ec89013c96434a9d36b529e)
Change-Id: I89464f2bd218c7d6e8db08aa6bed2b62ec6dad2a
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(cherry pick from commit 100658c303919d8f69c76f6f25eac376795712f0)
- logpersistd is defined as a thread or process in the context of the
logd domain. Here we define logpersistd as logcat -f in logd domain
and call it logcatd to represent its service mechanics.
- Use logcatd to manage content in /data/misc/logd/ directory.
- Only turn on for persist.logd.logpersistd = logcatd.
- Add logpersist.start, logpersist.stop and logpersist.cat debug
class executables, thus only in the eng and userdebug builds.
ToDo: Wish to add Developer Options menu to turn this feature on or
off, complicated by the fact that user builds have no tools with
access rights to /data/misc/logd.
Bug: 19608716
Change-Id: I57ad757f121c473d04f9fabe9d4820a0eca06f31
|
|/
|
|
|
|
|
|
|
| |
(cherry pick from commit 89357d23a1d3166f0402734086da77805ca13617)
debugfs is mounted on boot
Bug: 21566233
Change-Id: I2ba106fbb1e8164ff3d8b2d5b16a16d7926c2732
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(chery-picked from commit 806d10be2336f32cdca16c2540cbf3d548f2fec7)
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.
Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.
This is one of four changes to enable this functionality:
https://android-review.googlesource.com/#/c/148586/
https://android-review.googlesource.com/#/c/148604/
https://android-review.googlesource.com/#/c/148606/
https://android-review.googlesource.com/#/c/148607/
Bug: 18151196
Change-Id: I6a8a18f43ae837e330e2785bd26c2c306ae1816b
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
/system/bin/uncrypt needs to be triggered to prepare the OTA package
before rebooting into the recovery. Separate pre-recovery (uncrypt)
into two services: uncrypt that does the uncryption work and
pre-recovery that actually reboots the device into recovery.
Also create /cache/recovery on post-fs in case it doesn't exist.
Bug: 20012567
Bug: 20949086
Change-Id: If67fe1e9ee6279593d2788452febcd3f0fe714c2
|
|/
|
|
|
|
| |
Bug: http://b/19483574
Change-Id: I88649b50b95cbddb7d0671a5499232cbef156c48
(cherry picked from commit e8efd0d6bf41527d67a402ed3a945a8c5f75f10d)
|
|
|
|
|
| |
Bug: 20112245
Change-Id: I513c6ed5b65d5bd4edef6cb12d7fc20eb9cad4f1
|
|
|
|
|
|
|
|
| |
BUG: 19483574
(cherry picked from commit 30c401fa92f5a32a9a41024d9d1daddd1bc37ea5)
Change-Id: Ibf96db9f7e5db625b395db20b73572acc240b1f9
|
|
|
|
|
|
|
|
|
|
|
| |
The /oem mount point is used to mount semi-trusted data, and
many Android One devices depend on it. Make sure it's guaranteed
to always be available.
(cherrypicked from commit f3b554fc614fffaa5fc62ef1b4147131a8fa373c)
Bug: 20816563
Change-Id: Ib5272f025d14d4da6125d753879054b3faeae696
|
|
|
|
|
| |
Change-Id: Ifaabe32dda6db249efc62c5db3760e32295eb1a9
(cherry picked from commit d6544d2a405df4c6e1fb517b1038a3640ae5f095)
|
|
|
|
|
|
| |
This reverts commit 15ae6c2e7ce02db583ca5a6be5ca30499d56de87.
Change-Id: I281a65209a5118a6c73ddec65ed40d149c23bf0b
|
|\ |
|
| |
| |
| |
| |
| |
| | |
This reverts commit 18b1da2033440cf362ea5c71ca687d359671096f.
Change-Id: I86cde061a36a9a9e43c8a5df2df1e853ed32b7a0
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
re-exec itself for its SELinux domain transition."""
* commit 'a8088f380932d873a39fafdd816f96328f7caa9c':
Revert "Revert "Make init re-exec itself for its SELinux domain transition.""
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 4217374611ada50f33aee544f015f6f9dfbf7ced.
It turns out that the kernel passes any unrecognized arguments on to init,
and (at least) N6 and N9 have such arguments. My lazy check of argc was
thus insufficient to recognize what stage of init we were in, so we'd
skip to stage 2 and not set up SELinux. And apparently you can get a
very long way with SELinux off... We'll fix that in a later change.
Bug: 19702273
Change-Id: I43b3fb722fed35dd217cb529cbcac9a29aff4e4b
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
itself for its SELinux domain transition.""
* commit 'b706a8acff9c62da7b4045374b93a8739671a8a0':
Revert "Make init re-exec itself for its SELinux domain transition."
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
shamu isn't booting.
This reverts commit adf0d1bbfa4bc560c2106f14afa8258a11c48bf6.
Change-Id: I89d568838cebbe14cc4a8ae3843f0f1ac54987af
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* commit '77260323e2e99a996351a98a44ef56db5f1e2767':
Remove long-obsolete file.
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I728cc13b4a7ac93f9c923d2fc9bda2bb65ffe99d
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
its SELinux domain transition."
* commit '77434ab362b3234accf16499aaf2a5340d568553':
Make init re-exec itself for its SELinux domain transition.
|
| |\ \ \
| | |/ / |
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I38adabe5789d671e3f7d21936071a758ec8cea8a
|
|\ \ \ \
| |/ / /
| | | /
| |_|/
|/| |
| | |
| | | |
parse error"
* commit '44f1356e42a64fefb194b5c74b62402f4ec2881e':
rootfs: init.rc start logd parse error
|
| |\ \
| | |/
| |/| |
|
| | |
| | |
| | |
| | |
| | | |
init: /init.rc: 490: invalid option 'start'
Change-Id: Ica985e45d4652dab0ebd434803344f14cc73d834
|
| |/
| |
| |
| | |
Change-Id: I7631401ac21b60a22f6fd4052814186bf3bc2b05
|
| |
| |
| |
| |
| | |
Bug: 20416721
Change-Id: I1be1c742f47f0e673eef6a8d391246f47c35c336
|
| |
| |
| |
| |
| | |
Bug: 20416721
Change-Id: Id60eb6ab77589ab50800532de0d2877adef1d5b7
|
|\ \ |
|
| | |
| | |
| | |
| | | |
Change-Id: Id11632a6b4b9cab6f08f97026dd65fdf49a46491
|