summaryrefslogtreecommitdiffstats
path: root/rootdir
Commit message (Collapse)AuthorAgeFilesLines
* Restrict zygote to system user.Nick Kralevich2012-01-271-1/+1
| | | | | | | | CVE-2011-3918: Address denial of service attack against Android's zygote process. This change enforces that only UID=system can directly connect to zygote to spawn processes. Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
* am 3e9c9ac5: am 032afc1d: Merge "Close a security hole - do not give world ↵James Dong2012-01-111-2/+3
|\ | | | | | | | | | | | | readable/writable access to /data/drm" into ics-mr1 * commit '3e9c9ac5ee7a36653b90cb86eb6445496b536c16': Close a security hole - do not give world readable/writable access to /data/drm
| * am 032afc1d: Merge "Close a security hole - do not give world ↵James Dong2012-01-111-2/+3
| |\ | | | | | | | | | | | | | | | | | | readable/writable access to /data/drm" into ics-mr1 * commit '032afc1d52289f486538c9ed53f17b9889ea94df': Close a security hole - do not give world readable/writable access to /data/drm
| | * Close a security hole - do not give world readable/writable access to /data/drmJames Dong2012-01-061-2/+3
| | | | | | | | | | | | | | | | | | o related-to-bug: 5834297 Change-Id: I8e459610b4f69999be37364c2359b2bac82d4a2a
| * | rootdir: convert all usages of $prop to ${prop}Dima Zavin2012-01-111-8/+8
| | | | | | | | | | | | | | | Change-Id: Ic2472606e869d23c0f499a192cd7bb21ca3cf5b5 Signed-off-by: Dima Zavin <dima@android.com>
| * | init: import the hardware specific init file in init.rcDima Zavin2012-01-111-0/+2
| |/ | | | | | | | | | | | | | | This removes the hardcoding of the file import in init and instead allows the init.rc file to fully control what is loaded. Change-Id: I933e5bbab57f1e8705a370d660f92c6508da94d2 Signed-off-by: Dima Zavin <dima@android.com>
* | rootdir: convert all usages of $prop to ${prop}Dima Zavin2012-01-101-8/+8
| | | | | | | | | | Change-Id: Ic2472606e869d23c0f499a192cd7bb21ca3cf5b5 Signed-off-by: Dima Zavin <dima@android.com>
* | init: import the hardware specific init file in init.rcDima Zavin2012-01-051-0/+2
| | | | | | | | | | | | | | | | This removes the hardcoding of the file import in init and instead allows the init.rc file to fully control what is loaded. Change-Id: I933e5bbab57f1e8705a370d660f92c6508da94d2 Signed-off-by: Dima Zavin <dima@android.com>
* | set mmap_min_addr to 32768Nick Kralevich2011-12-061-0/+1
| | | | | | | | | | Bug: 5712789 Change-Id: I586a99cd63d8fba06bc2562b1cfce531ee4f554c
* | Set /proc/sys/kernel/dmesg_restrict to 1Nick Kralevich2011-11-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Set dmesg_restrict to 1 to help limit inadvertent information leaks from the kernel to non-privileged programs. Root and programs with CAP_SYSLOG will continue to have access to dmesg output. See "dmesg_restrict" in Documentation/sysctl/kernel.txt from the Linux kernel source code. Bug: 5585365 Change-Id: Iffcf060ea4bd446ab9acf62b8b61d315d4ec4633
* | Merge "Set kptr_restrict to 2."Nick Kralevich2011-11-081-0/+1
|\ \ | |/ |/|
| * Set kptr_restrict to 2.Nick Kralevich2011-11-021-0/+1
| | | | | | | | | | | | | | | | To make writing kernel exploits harder, set /proc/sys/kernel/kptr_restrict to "2". This prohibits users from accessing kernel symbols via /proc/kallsyms Bug: 5555668 Change-Id: Ib31cb6fcb4d212a0b570ce9e73ae31f721ed801b
* | am 4a253908: rootdir: init.rc: write default oom_adj before starting ueventdDima Zavin2011-11-071-3/+3
|\ \ | | | | | | | | | | | | * commit '4a2539085062a715b0d345eb50ea48738423c909': rootdir: init.rc: write default oom_adj before starting ueventd
| * | rootdir: init.rc: write default oom_adj before starting ueventdDima Zavin2011-11-041-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Otherwise, ueventd's oom_adj value would have been 0 and it could easily get killed early during low memory events Change-Id: I1adbd18c37215b26ae77e70f7b8dbd1e143fc2d4 Signed-off-by: Dima Zavin <dima@android.com>
* | | restart surfaceflinger and drmserver when servicemanager diesMathias Agopian2011-10-311-0/+2
| |/ |/| | | | | | | | | Bug: 5450389 Change-Id: Ib4e73836721e25e2a88185167b030ea75e0d74e3
* | am aa75df74: [maguro] : add setprop net.tcp.buffersize.hspasinikang2011-10-171-0/+1
|\ \ | |/ | | | | | | * commit 'aa75df74db5beffd25821ed6c360c36197d7bac1': [maguro] : add setprop net.tcp.buffersize.hspa
| * [maguro] : add setprop net.tcp.buffersize.hspasinikang2011-10-171-0/+1
| | | | | | | | | | | | | | | | -window size optimized for hspa -Patchset2 : space removed Change-Id: Ia4d1043d1a93c929721a4d7cca60ce9ff8bbf67a Signed-off-by: sinikang <sinikang@samsung.com>
* | enable heap randomization.Nick Kralevich2011-10-111-0/+1
|/ | | | | | Bug: 5250555 Change-Id: I7acb0645402611875c481aec33ece85fced7a336
* Merge "Add log group to rild to improve log collection on modem issue"Wink Saville2011-10-101-1/+1
|\
| * Add log group to rild to improve log collection on modem issueKazuhiro Ondo2011-09-301-1/+1
| | | | | | | | | | | | | | | | | | Add log group to ril-daemon service. rild is the best place to know the issue on the modem in many time. It would be helpful if rild alone can capture the snapshot of logcat buffers at the moment of problem. Change-Id: Ie0dcda126fb748a00e650427de35541672359287
* | Merge "Add drmrpc group to mediaserver and drmserver so they can make the ↵Jeffrey Tinker2011-10-071-2/+2
|\ \ | |/ |/| | | drm rpc calls"
| * Add drmrpc group to mediaserver and drmserver so they can make the drm rpc callsJeffrey Tinker2011-10-061-2/+2
| | | | | | | | | | | | Bug 4598045 Implementing secure video path on TI OMAP4 chip for ICS Change-Id: Iacfe3e79f067172085b96bb4cd4484101aa5be1e
* | emulator: Move qemu-props to core serviceDavid 'Digit' Turner2011-09-162-4/+12
|/ | | | | | | | | | | | | | | | | | | | | | | | | | The qemu-props program is launched at boot to read a series of system property assignments from the emulator and apply them. This is necessary to deal with the dynamic nature of the emulated platform (e.g. the screen density which depends on the skin and cannot be hard-coded in the platform image). This patch ensures that qemu-props is started before any other service that may read one of these properties (e.g. surface flinger). This is done by encapsulating the program into a 'core' service. Core services are all stared before regular ones. Before the patch, qemu-props was started manually inside a script that is called from a late emulator-specific boot service (goldfish-setup). The problem was that sometimes qemu-props was run too late. This resulted in random flakiness, especially when running on a low-end host machine. Fix for bug 2161189 (and probably a few others) Change-Id: I2933a25dcb5fecbb1fc238f157264e621b8f295b
* init.rc: allow all users to open the qtaguid misc devJP Abgrall2011-09-111-0/+4
| | | | | | | | The netfilter xt_qtaguid module uses a misc dev so that processes that use the module can be tracked. Every process that does socket tagging must open that dev. Change-Id: I6af3e0f0180637b14455dd9607724523f142c402
* Increase the window sizes on wifi and lte.Robert Greenwalt2011-09-071-1/+2
| | | | | | | Set to 524288,1048576,2097152, 262144,524288,1048576. bug:5226360 Change-Id: Id9d4257c51a355d78246b4ca59ab462fbe5b72be
* init: add charge mode handlingDima Zavin2011-09-021-0/+3
| | | | | | | | | | | | Introduces a 'charger' section that is processed when androidboot.mode supplied on the kernel commandline is "charger". In this mode, sections such as fs, post-fs, etc are skipped. Only the 'early-init' and 'init' sections of the init rc files are processed before processing the 'charger' section. Change-Id: If9eb6334de18f04cbcf2aab784578e2993615242 Signed-off-by: Dima Zavin <dima@android.com>
* init: allow mediaserver to tag socket (group net_bw_acct)JP Abgrall2011-08-181-1/+1
| | | | | | | | | The mediaserver needs to do communication on behalf of other apps (browser, ...). It needs to be able to tag sockets. The kernel will check for net_bw_acct group membership. Change-Id: I7fb063fdb7d9435d7f979df6622ff17f34049cbc
* Merge "Activity Manager now takes care of setting OOM values."Dianne Hackborn2011-08-082-64/+8
|\
| * Activity Manager now takes care of setting OOM values.Dianne Hackborn2011-08-072-64/+8
| | | | | | | | | | | | | | All init needs to do is make these files writeable so that the activity manager can set them. Change-Id: Ieea43208fadc01504d813be379aecbafcadf0d34
* | init.rc: add inet permission to VPN daemons explicitly.Chia-chi Yeh2011-08-081-2/+2
|/ | | | | | | | Racoon still needs it after dropping root privilege, or pure IPSec VPN will fail. Mtpd works without it because net_raw implies inet. However it would be better to set all of them clearly without the assumption. Change-Id: I50762af2c25ec9cc559e528c7b14f469494fd553
* Move some common USB configuration logic to init.rcMike Lockwood2011-07-291-0/+21
| | | | | Change-Id: Ib75ccfd9c4aa8aace936370c33f33a922ca3c51f Signed-off-by: Mike Lockwood <lockwood@android.com>
* Fix issue 4604090: notification sound interrupted.Eric Laurent2011-07-251-2/+1
| | | | | | | Removed system from mediaserver groups. Not needed anymore now that AudioFlinger acquires wake locks via PowerManagerService. Change-Id: I177b968a0a30557d871188bf3991b96d9b391d3c
* am aa4a66a1: am 1e5e2d76: am af6e3266: am d0b93f43: Merge "Create world ↵Conley Owens2011-07-151-0/+5
|\ | | | | | | | | | | | | readable, system writeable /data/resource-cache." * commit 'aa4a66a16dd9b97fb876bb296366442b8745a10b': Create world readable, system writeable /data/resource-cache.
| * am 1e5e2d76: am af6e3266: am d0b93f43: Merge "Create world readable, system ↵Conley Owens2011-07-151-0/+5
| |\ | | | | | | | | | | | | | | | | | | writeable /data/resource-cache." * commit '1e5e2d7673a9ea915283f6626fa692cc169b0e67': Create world readable, system writeable /data/resource-cache.
| | * Create world readable, system writeable /data/resource-cache.Mårten Kongstad2011-05-311-0/+5
| | | | | | | | | | | | | | | | | | /data/resource-cache is used to store idmap files. Change-Id: I9b1dbc8d607333b71c05f55a4a402ae92193c36c
* | | Merge "init: update permissions for VPN."Chia-chi Yeh2011-07-101-4/+3
|\ \ \
| * | | init: update permissions for VPN.Chia-chi Yeh2011-07-081-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | VPN no longer uses system properties to keep network parameters. Besides, profiles are now stored and encrypted by keystore. Change-Id: I7575f04f350b7d8d5ba7008eb874a72180d057e8
* | | | Merge "init: clean up init.rc as now mkdir handles EEXIST."Chia-chi Yeh2011-07-081-18/+4
|\ \ \ \ | |/ / /
| * | | init: clean up init.rc as now mkdir handles EEXIST.Chia-chi Yeh2011-07-081-18/+4
| | | | | | | | | | | | | | | | Change-Id: I3fa2a618ef27197315fc128738a284ac644e86c0
* | | | Temporary workaround for issue 4604090Eric Laurent2011-07-071-1/+2
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was a regression caused by a change in Honeycomb that removed mediaserver process from system group to improve security: This prevents the audio HAL (which runs in mediaserver process) from taking wake locks while audio is playing thus causing the pcm stream to get unexpectedly suspended. This temporary workaround is just to allow ICS dogfood in better conditions until a real fix taking into account the security issue is implemented. Change-Id: Ic19a23da4b4383559188b6f5c3a82604c3d95d74
* | | Merge "init.rc: Allow system process to configure RNDIS USB ethernet address"Mike Lockwood2011-07-061-0/+2
|\ \ \
| * | | init.rc: Allow system process to configure RNDIS USB ethernet addressMike Lockwood2011-07-061-0/+2
| | | | | | | | | | | | | | | | | | | | Change-Id: Id339d8359e592dbc1279e423d9a5adc3a775949d Signed-off-by: Mike Lockwood <lockwood@android.com>
* | | | Merge "don't restart surfaceflinger when the window manager dies"Mathias Agopian2011-07-061-1/+0
|\ \ \ \ | |/ / / |/| | |
| * | | don't restart surfaceflinger when the window manager diesMathias Agopian2011-07-011-1/+0
| | | | | | | | | | | | | | | | Change-Id: Ia3c60e6c5471e2b72d53c936de44b730c68095e0
* | | | Merge "Revert "Add keychain user""Brian Carlstrom2011-07-011-1/+1
|\ \ \ \ | |/ / / |/| | |
| * | | Revert "Add keychain user"Brian Carlstrom2011-07-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 6541ef1562ccf93e498d653598330a7fc80ad2b2. Bug:4970237 Change-Id: I23a90eb89c1d19893d2ba7065fc624c0521cb06e
* | | | Add mobile filter framework library into the bootclasspath.Eino-Ville Talvala2011-07-011-1/+1
|/ / / | | | | | | | | | Change-Id: Ia9ae45de5d58ba5e98821fd04add96c6062c1a18
* | | am 6a18a077: am 04cf629b: Move RILD to class mainvidya rao2011-06-271-1/+1
|\ \ \ | |/ / | | | | | | | | | * commit '6a18a07774123c409cefd9a92f1c4c6504f4edfd': Move RILD to class main
| * | am 04cf629b: Move RILD to class mainvidya rao2011-06-241-1/+1
| |\ \ | | | | | | | | | | | | | | | | * commit '04cf629be5e99a3a920aecc0b059444bd07e9d84': Move RILD to class main
| | * | Move RILD to class mainvidya rao2011-06-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | -- This is needed so the modems (LTE & CDMA) are powered on and running before unlocking encrypted devices Change-Id: I842f5286499fd76abc554ded550fb837d12b324e
generated by cgit v1.1 at 2024-12-23 19:48:21 +0000