summaryrefslogtreecommitdiffstats
path: root/rootdir
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'android-6.0.0_r26' into cm-13.0Ricardo Cerqueira2015-11-057-14/+264
|\ | | | | | | | | | | Android 6.0.0 release 26 Change-Id: I93d1e3767cbacab2b18cff360065c91b9eaf1d96
| * add system-background cpusetTim Murray2015-09-181-0/+14
| | | | | | | | | | | | | | | | | | add a new cpuset for system services that should not run on larger cores bug 24144797 Change-Id: I21a54f0d6b46b3b8bd8c4564b8685c88cfc4a57d
| * init: usb: Add configfs commands for USB gadgetBadhri Jagan Sridharan2015-09-081-16/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | Adds init support for: accessory audio_source midi adb rndis Bug=23633457 Change-Id: I12e68e25969adafcf3170769f91ae939d08b7dbc
| * init.usb.rc: fix USB typec property namesVincent Palatin2015-09-031-4/+4
| | | | | | | | | | | | | | | | Fix typos in the usb typec properties (sys.usb.typec.*), so the data_role and the power_role can be written properly in the sysfs. Bug: 23790832 Change-Id: I90f591ab37825a07e0610ef1fec0e831eb19515d
| * Add zygote to the foreground cpuset.Tim Murray2015-09-024-2/+6
| | | | | | | | | | | | | | | | | | This ensures that newly forked zygote processes will end up in the corret cpuset. bug 23751126 Change-Id: I987a2828cf2504963f1317d17f0b51d26cf22a70
| * init: usb: Add init scripts for configfs commandsBadhri Jagan Sridharan2015-09-012-0/+58
| | | | | | | | | | | | | | | | | | | | | | This CL adds a new init script init.usb.configfs.rc to add generic configfs commands. Setting sys.usb.configfs in init.usb.{hardware}.rc enables executing commands in this script Bug=23633457 Change-Id: Iaae844a7957d6c9bf510648aaff86d56aa0c6243
| * init.usb.rc: Add new system property for configfsBadhri Jagan Sridharan2015-09-011-8/+11
| | | | | | | | | | | | | | | | | | | | | | This CL helps to execute a different set of commands for the usb configs specified in init.usb.rc. Aimed at using configfs based commands over android composition driver. Bug=23633457 Change-Id: Ifa5f804e1cff93d15ad57d0ed553300bc5868936
| * Add foreground/boost cpuset.Tim Murray2015-08-251-0/+6
| | | | | | | | | | | | | | | | | | | | This is used for app launches (and maybe other high priority tasks in the future). It's to be set to whatever cores should be used for short term high-priority tasks. bug 21915482 Change-Id: Id0ab0499146c09e860b97f4cb8095834cb12dd50
| * Use init to write usb typec propsTim Kilbourn2015-08-171-0/+31
| | | | | | | | | | | | | | The sysfs nodes are owned by root, so use init to write role changes. Bug: 21615151 Change-Id: I39ad03a23af0be9ac859d4fb79a46edc27e30f4e
| * am b9f438ff: Protect runtime storage mount points.Jeff Sharkey2015-08-061-8/+9
| |\ | | | | | | | | | | | | * commit 'b9f438ff841f87c8ffbca85b13a533718a18e15f': Protect runtime storage mount points.
| * \ am 26f0f657: Merge "init.rc: add healthd to system group to allow write to ↵Jeffrey Vander Stoep2015-07-281-0/+1
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | /dev/cpuset" into mnc-dev * commit '26f0f657ec027430bde7d2237890ba59b3fd174a': init.rc: add healthd to system group to allow write to /dev/cpuset
| * \ \ am 3f62a020: logd: allow logd to write to /dev/cpuset filesJeff Vander Stoep2015-07-251-3/+4
| |\ \ \ | | | | | | | | | | | | | | | | | | | | * commit '3f62a020c48d5d812fb2898759b93a59dc24d310': logd: allow logd to write to /dev/cpuset files
| * | | | Disable scaling of the cfs tunables.Riley Andrews2015-07-211-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cfs tunables auto-scale with the number of active cpus by default. Given that the tunable settings are in device-independent code and it's not known how many cores are currently active when the init.rc file runs, the cfs tunables can vary pretty significantly across devices depending on the state at boot. Disable scaling of the the tunables so that we can get more consistent behavior of cfs across devices. If we want to do per-device tuning of these values, we can override what's written here in device specific files. Bug: 22634118 Change-Id: Id19b24ef819fef762521e75af55e6d4378cfc949
| * | | | Merge "Set up user directory crypto in init." into mnc-dr-devPaul Crowley2015-07-131-0/+2
| |\ \ \ \
| | * | | | Set up user directory crypto in init.Paul Crowley2015-06-231-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (cherry-picked from commit b94032b79c3cded501e2d5f7c328cf8c0c3911c4) Bug: 19704432 Change-Id: Ife4928ffbee39c8ae69e6ba66d9ce5ef5a0beb76
| * | | | | Change init sequence to support file level encryptionPaul Lawrence2015-07-071-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063
* | | | | | init.rc: drop world writable on cgroups to pass ctsScott Mertz2015-10-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I14f391d86055cd5f5158f17354132a35055b6ca3
* | | | | | init: Make restorecon_recursive work for /data/Christopher R. Palmer2015-10-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the following commit: commit f2b7ee765516c84a9995e3acdc8fbcd7dc1b33cc Author: Stephen Smalley <sds@tycho.nsa.gov> Date: Thu Feb 6 13:52:52 2014 -0500 Apply restorecon_recursive to all of /data. they removed all the adhoc restorecon_recursive of subdirectories of /data/ and replaced it with: # Set SELinux security contexts on upgrade or policy update. restorecon_recursive /data Unfortunately, that is a no-op because restorecon doesn't recurse through /data/ unless you add a FORCE flag. Since the expectation seems to be that the recursive restorecon in init will actually work, update the built-in to add the force flag and a flag to allow /data/data to also be recursed through. [RC: Removed the DATADATA flag. It throws a ton of errors, and it's supposed to be handled by seapp_contexts, not file_contexts. The actual root paths, however, now get their individual restorecon calls so that installd can deal with them] Change-Id: I435c505188e924b27ef2e6a2e0ee0a6951e43f0e
* | | | | | init.rc: Import CM's init rcRicardo Cerqueira2015-10-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Ia0d2ba653ceeaf0139c20b49e034f39aed33cb03
* | | | | | init: update recovery when enabled in settingsBrint E. Kriebel2015-10-181-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the recovery image only if the option is enabled under Developer options This reverts commit 231e0a9e6a1da6fa4a188840f68af649669e417f. Change-Id: I928f7ee8bb3eaf5581bb8225661d253ecca0c4ef Change CM recovery install script filename [2/2] This is part 2/2 to maintain backwards compatibility with CWM's verify_root_and_recovery() function. CWM checks if install-recovery.sh exists and has an executable flag set, then offers to disable the script for the user. CM now controls this with the persist.sys.recovery_update property which is configurable via settings, so we don't need to double-check this. This changes the name of the recovery install script to install-cm-recovery.sh. Change-Id: I275dd358b46c626dfcb8fe02c583a308d5a89c56 init: Move install-recovery.sh back to the standard location L moved the location of install-recovery.sh from /system/etc/ to /system/bin. Since CWM recovery isn't looking for this location anyway, let's return the file to this standard location. This allows all other code in L to function properly. Maintain the change to the init to allow flash_recovery to be disabled in settings. Change-Id: I8a85db8addeb75a2fd60d809c5ed4edc619ef7ed
* | | | | | audio: update mediasever to have qcom_diag group permissionsDhananjay Kumar2015-10-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Update mediaserver to have qcom_diag group permissions instead of diag group permissions, as /dev/diag node is updated to qcom_diag group. Change-Id: I33637ed68fc2f23999d07ee89682dbaa8c4383ce
* | | | | | RIL: Add qcom_diag permission to rildSooraj Sasindran2015-10-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add qcom diag permission to rild Change-Id: I6a898868f7beaeee17e2183529344eddcf08be28
* | | | | | diag: Add new qcom_diag group to access /dev/diagSreelakshmi Gownipalli2015-10-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds the definition of qcom_diag and also modify the /dev/diag node group to qcom_diag. Change-Id: I07bd099c76f3fd2685f3a6698e37314a0a2c8f44
* | | | | | init.rc: Add qcom_diag permissions to mediaserverYamit Mehta2015-10-061-1/+1
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Diag permissions are needed in mediaserver to enable the QACT tool which allows users to calibrate audio. Change-Id: I3cb8fe807426b9f68669f34d214b7f6d089acb30
* | | | | Protect runtime storage mount points.Jeff Sharkey2015-08-061-8/+9
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a bunch of magic that mounts the correct view of storage access based on the runtime permissions of an app, but we forgot to protect the real underlying data sources; oops. This series of changes just bumps the directory heirarchy one level to give us /mnt/runtime which we can mask off as 0700 to prevent people from jumping to the exposed internals. Also add CTS tests to verify that we're protecting access to internal mount points like this. Bug: 22964288 Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
* | | | Merge "init.rc: add healthd to system group to allow write to /dev/cpuset" ↵Jeffrey Vander Stoep2015-07-281-0/+1
|\ \ \ \ | |_|_|/ |/| | | | | | | into mnc-dev
| * | | init.rc: add healthd to system group to allow write to /dev/cpusetJeff Vander Stoep2015-07-281-0/+1
| |/ / | | | | | | | | | | | | | | | | | | Also add to root group to avoid introducting new bugs. Bug: 22699101 Change-Id: I9da31e0cc955efd711df3f4c6b17e39d74c01549
* | | logd: allow logd to write to /dev/cpuset filesJeff Vander Stoep2015-07-241-3/+4
|/ / | | | | | | | | | | | | | | | | | | | | | | Required by logd on devices with USE_CPUSETS defined. Make /dev/cpuset/background, /dev/cpuset/foreground and /dev/cpuset/task writeable by system gid. Add logd to system group for writing to cpuset files and to root group to avoid regressions. When dropping privs, also drop supplementary groups. Bug: 22699101 Change-Id: Icc01769b18b5e1f1649623da8325a8bfabc3a3f0
* | Merge "Revert "Change init sequence to support file level encryption"" into ↵Paul Lawrence2015-07-071-8/+4
|\ \ | | | | | | | | | mnc-dev
| * | Revert "Change init sequence to support file level encryption"Paul Lawrence2015-07-071-8/+4
| | | | | | | | | | | | | | | | | | This reverts commit d815178b7512cb44d8b5f234e3f823b5a3e44dea. Change-Id: I7e3f55d3092fcd04ea9f62f1971c9d42570f096c
* | | Merge "[init] start gatekeeperd after device decryption" into mnc-devAndres Morales2015-07-061-1/+1
|\ \ \ | |/ / |/| |
| * | [init] start gatekeeperd after device decryptionAndres Morales2015-07-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | gatekeeperd depends on having /data to determine whether to call setup routines for qcom HALs. Bug: 22298552 Change-Id: I6c552016dc863bbb04bd5a949a2317a720c8263f
* | | Change init sequence to support file level encryptionPaul Lawrence2015-07-061-4/+8
|/ / | | | | | | | | | | | | | | | | | | | | File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063 Change-Id: I8a6c40d44e17de386417a443c9dfc3b4e7fe59a5
* | Let's reinvent storage, yet again!Jeff Sharkey2015-06-251-7/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that we're treating storage as a runtime permission, we need to grant read/write access without killing the app. This is really tricky, since we had been using GIDs for access control, and they're set in stone once Zygote drops privileges. The only thing left that can change dynamically is the filesystem itself, so let's do that. This means changing the FUSE daemon to present itself as three different views: /mnt/runtime_default/foo - view for apps with no access /mnt/runtime_read/foo - view for apps with read access /mnt/runtime_write/foo - view for apps with write access There is still a single location for all the backing files, and filesystem permissions are derived the same way for each view, but the file modes are masked off differently for each mountpoint. During Zygote fork, it wires up the appropriate storage access into an isolated mount namespace based on the current app permissions. When the app is granted permissions dynamically at runtime, the system asks vold to jump into the existing mount namespace and bind mount the newly granted access model into place. Bug: 21858077 Change-Id: I5a016f0958a92fd390c02b5ae159f8008bd4f4b7
* | Fix the file permissions of /data/misc/bluedroid/bt_config.confPavlin Radoslavov2015-06-221-1/+4
|/ | | | | | | | | | | | | | | | | Fix the file access permissions and group ownership of "/data/misc/bluedroid/bt_config.conf" so the file can be reused when switching users on the device. For that purpose, we need to do the following: 1. Set the set-group-ID (bit 02000) flag for directory "/data/misc/bluedroid" so the files created in that directory will have group-id of "net_bt_stack" . 2. Change the file's permissions of file "/data/misc/bluedroid/bt_config.conf" to Read/Write by User and Group. Bug: 21493919 Change-Id: Ie00ab4695198ef2aa299b484ef9d4f17bd41b98a
* add cpuset support to libcutilsTim Murray2015-06-111-0/+22
| | | | | | bug 21782794 Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
* Merge "Move crypt commands to a different listener in vold" into mnc-devPaul Lawrence2015-06-041-0/+1
|\
| * Move crypt commands to a different listener in voldPaul Lawrence2015-06-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | In order to prevent this bug from happening, we must allow vold cryptfs commands to complete while a long running mount is underway. While waiting for vold to be changed to a binder interface, we will simply create two listeners, one for cryptfs and one for everything else. Bug: 19197175 Change-Id: Ie3d9567819ced7757b0a8f391547f27db944153c
* | tzdatacheck: don't hard code SELinux domain nameNick Kralevich2015-06-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | An automatic domain transition is already defined by SELinux policy. Avoid having redundant information on the exec line. This commit depends on commit 17fff893c04971b519d25d52b07f51111353cba5 which made the SELinux process label optional. (cherrypicked from commit 221fca7ddd2ba1778ec89013c96434a9d36b529e) Change-Id: I89464f2bd218c7d6e8db08aa6bed2b62ec6dad2a
* | init.rc: logd: Add logpersistd (nee logcatd)Mark Salyzyn2015-06-021-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (cherry pick from commit 100658c303919d8f69c76f6f25eac376795712f0) - logpersistd is defined as a thread or process in the context of the logd domain. Here we define logpersistd as logcat -f in logd domain and call it logcatd to represent its service mechanics. - Use logcatd to manage content in /data/misc/logd/ directory. - Only turn on for persist.logd.logpersistd = logcatd. - Add logpersist.start, logpersist.stop and logpersist.cat debug class executables, thus only in the eng and userdebug builds. ToDo: Wish to add Developer Options menu to turn this feature on or off, complicated by the fact that user builds have no tools with access rights to /data/misc/logd. Bug: 19608716 Change-Id: I57ad757f121c473d04f9fabe9d4820a0eca06f31
* | rootdir: init.trace.rc too earlyMark Salyzyn2015-06-021-1/+1
|/ | | | | | | | | (cherry pick from commit 89357d23a1d3166f0402734086da77805ca13617) debugfs is mounted on boot Bug: 21566233 Change-Id: I2ba106fbb1e8164ff3d8b2d5b16a16d7926c2732
* DO NOT MERGE Securely encrypt the master keyPaul Lawrence2015-05-291-3/+5
| | | | | | | | | | | | | | | | | | | | | | (chery-picked from commit 806d10be2336f32cdca16c2540cbf3d548f2fec7) Move all key management into vold Reuse vold's existing key management through the crypto footer to manage the device wide keys. Use ro.crypto.type flag to determine crypto type, which prevents any issues when running in block encrypted mode, as well as speeding up boot in block or no encryption. This is one of four changes to enable this functionality: https://android-review.googlesource.com/#/c/148586/ https://android-review.googlesource.com/#/c/148604/ https://android-review.googlesource.com/#/c/148606/ https://android-review.googlesource.com/#/c/148607/ Bug: 18151196 Change-Id: I6a8a18f43ae837e330e2785bd26c2c306ae1816b
* Merge "Change pre-recovery into two services" into mnc-devTao Bao2015-05-281-4/+9
|\
| * Change pre-recovery into two servicesTao Bao2015-05-191-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | /system/bin/uncrypt needs to be triggered to prepare the OTA package before rebooting into the recovery. Separate pre-recovery (uncrypt) into two services: uncrypt that does the uncryption work and pre-recovery that actually reboots the device into recovery. Also create /cache/recovery on post-fs in case it doesn't exist. Bug: 20012567 Bug: 20949086 Change-Id: If67fe1e9ee6279593d2788452febcd3f0fe714c2
* | Move perfprofd to late_start class.Than McIntosh2015-05-281-4/+1
|/ | | | | | Bug: http://b/19483574 Change-Id: I88649b50b95cbddb7d0671a5499232cbef156c48 (cherry picked from commit e8efd0d6bf41527d67a402ed3a945a8c5f75f10d)
* rootdir: add permission for /dev/dvb*Terry Heo2015-05-071-0/+3
| | | | | Bug: 20112245 Change-Id: I513c6ed5b65d5bd4edef6cb12d7fc20eb9cad4f1
* Add /data/misc/perfprofd to store perf profile.Dehao Chen2015-05-061-0/+1
| | | | | | | | BUG: 19483574 (cherry picked from commit 30c401fa92f5a32a9a41024d9d1daddd1bc37ea5) Change-Id: Ibf96db9f7e5db625b395db20b73572acc240b1f9
* rootdir: make sure the /oem mountpoint is always availableNick Kralevich2015-05-061-1/+1
| | | | | | | | | | | The /oem mount point is used to mount semi-trusted data, and many Android One devices depend on it. Make sure it's guaranteed to always be available. (cherrypicked from commit f3b554fc614fffaa5fc62ef1b4147131a8fa373c) Bug: 20816563 Change-Id: Ib5272f025d14d4da6125d753879054b3faeae696
* Invoke perfprofd daemon (only for userdebug/eng builds).Than McIntosh2015-05-041-0/+8
| | | | | Change-Id: Ifaabe32dda6db249efc62c5db3760e32295eb1a9 (cherry picked from commit d6544d2a405df4c6e1fb517b1038a3640ae5f095)
* Revert "STOPSHIP: WifiStateMachine logging temporarily disabled"Mark Salyzyn2015-04-241-8/+0
| | | | | | This reverts commit 15ae6c2e7ce02db583ca5a6be5ca30499d56de87. Change-Id: I281a65209a5118a6c73ddec65ed40d149c23bf0b
generated by cgit v1.1 at 2025-02-03 12:08:07 +0000