summaryrefslogtreecommitdiffstats
path: root/rootdir
Commit message (Collapse)AuthorAgeFilesLines
* init.rc: add inet permission to VPN daemons explicitly.Chia-chi Yeh2011-08-081-2/+2
| | | | | | | | Racoon still needs it after dropping root privilege, or pure IPSec VPN will fail. Mtpd works without it because net_raw implies inet. However it would be better to set all of them clearly without the assumption. Change-Id: I50762af2c25ec9cc559e528c7b14f469494fd553
* Move some common USB configuration logic to init.rcMike Lockwood2011-07-291-0/+21
| | | | | Change-Id: Ib75ccfd9c4aa8aace936370c33f33a922ca3c51f Signed-off-by: Mike Lockwood <lockwood@android.com>
* Fix issue 4604090: notification sound interrupted.Eric Laurent2011-07-251-2/+1
| | | | | | | Removed system from mediaserver groups. Not needed anymore now that AudioFlinger acquires wake locks via PowerManagerService. Change-Id: I177b968a0a30557d871188bf3991b96d9b391d3c
* am aa4a66a1: am 1e5e2d76: am af6e3266: am d0b93f43: Merge "Create world ↵Conley Owens2011-07-151-0/+5
|\ | | | | | | | | | | | | readable, system writeable /data/resource-cache." * commit 'aa4a66a16dd9b97fb876bb296366442b8745a10b': Create world readable, system writeable /data/resource-cache.
| * am 1e5e2d76: am af6e3266: am d0b93f43: Merge "Create world readable, system ↵Conley Owens2011-07-151-0/+5
| |\ | | | | | | | | | | | | | | | | | | writeable /data/resource-cache." * commit '1e5e2d7673a9ea915283f6626fa692cc169b0e67': Create world readable, system writeable /data/resource-cache.
| | * Create world readable, system writeable /data/resource-cache.Mårten Kongstad2011-05-311-0/+5
| | | | | | | | | | | | | | | | | | /data/resource-cache is used to store idmap files. Change-Id: I9b1dbc8d607333b71c05f55a4a402ae92193c36c
* | | Merge "init: update permissions for VPN."Chia-chi Yeh2011-07-101-4/+3
|\ \ \
| * | | init: update permissions for VPN.Chia-chi Yeh2011-07-081-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | VPN no longer uses system properties to keep network parameters. Besides, profiles are now stored and encrypted by keystore. Change-Id: I7575f04f350b7d8d5ba7008eb874a72180d057e8
* | | | Merge "init: clean up init.rc as now mkdir handles EEXIST."Chia-chi Yeh2011-07-081-18/+4
|\ \ \ \ | |/ / /
| * | | init: clean up init.rc as now mkdir handles EEXIST.Chia-chi Yeh2011-07-081-18/+4
| | | | | | | | | | | | | | | | Change-Id: I3fa2a618ef27197315fc128738a284ac644e86c0
* | | | Temporary workaround for issue 4604090Eric Laurent2011-07-071-1/+2
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There was a regression caused by a change in Honeycomb that removed mediaserver process from system group to improve security: This prevents the audio HAL (which runs in mediaserver process) from taking wake locks while audio is playing thus causing the pcm stream to get unexpectedly suspended. This temporary workaround is just to allow ICS dogfood in better conditions until a real fix taking into account the security issue is implemented. Change-Id: Ic19a23da4b4383559188b6f5c3a82604c3d95d74
* | | Merge "init.rc: Allow system process to configure RNDIS USB ethernet address"Mike Lockwood2011-07-061-0/+2
|\ \ \
| * | | init.rc: Allow system process to configure RNDIS USB ethernet addressMike Lockwood2011-07-061-0/+2
| | | | | | | | | | | | | | | | | | | | Change-Id: Id339d8359e592dbc1279e423d9a5adc3a775949d Signed-off-by: Mike Lockwood <lockwood@android.com>
* | | | Merge "don't restart surfaceflinger when the window manager dies"Mathias Agopian2011-07-061-1/+0
|\ \ \ \ | |/ / / |/| | |
| * | | don't restart surfaceflinger when the window manager diesMathias Agopian2011-07-011-1/+0
| | | | | | | | | | | | | | | | Change-Id: Ia3c60e6c5471e2b72d53c936de44b730c68095e0
* | | | Merge "Revert "Add keychain user""Brian Carlstrom2011-07-011-1/+1
|\ \ \ \ | |/ / / |/| | |
| * | | Revert "Add keychain user"Brian Carlstrom2011-07-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 6541ef1562ccf93e498d653598330a7fc80ad2b2. Bug:4970237 Change-Id: I23a90eb89c1d19893d2ba7065fc624c0521cb06e
* | | | Add mobile filter framework library into the bootclasspath.Eino-Ville Talvala2011-07-011-1/+1
|/ / / | | | | | | | | | Change-Id: Ia9ae45de5d58ba5e98821fd04add96c6062c1a18
* | | am 6a18a077: am 04cf629b: Move RILD to class mainvidya rao2011-06-271-1/+1
|\ \ \ | |/ / | | | | | | | | | * commit '6a18a07774123c409cefd9a92f1c4c6504f4edfd': Move RILD to class main
| * | am 04cf629b: Move RILD to class mainvidya rao2011-06-241-1/+1
| |\ \ | | | | | | | | | | | | | | | | * commit '04cf629be5e99a3a920aecc0b059444bd07e9d84': Move RILD to class main
| | * | Move RILD to class mainvidya rao2011-06-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | -- This is needed so the modems (LTE & CDMA) are powered on and running before unlocking encrypted devices Change-Id: I842f5286499fd76abc554ded550fb837d12b324e
* | | | Reimplement the "adb root" command to more closely match its previous behaviorMike Lockwood2011-06-221-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The adb gadget driver used to reset the USB bus when the adbd daemon exited, and the host side adb relied on this behavior to force it to reconnect with the new adbd instance after init relaunches it. The new gadget drivers no longer automatically reset the USB bus when adbd is restarted which caused adb to hang since it was no longer forced to reconnect with the device. We attempted to work around this on the host side adb, but that work around has not been reliable. This change adds a property trigger on the service.adb.root system property which will reset the USB bus and restart the adbd daemon when adbd sets the property to 1. This should be much closer to the previous behavior and will hopefully fix some problems with automated testing. Change-Id: I177c37400009a3d83f21a5f9431f94fd1cc19b9b Signed-off-by: Mike Lockwood <lockwood@android.com>
* | | | init.rc: Changes for new USB gadget driversMike Lockwood2011-06-171-7/+26
| | | | | | | | | | | | | | | | | | | | Change-Id: I68fcf167c9fc71bb5f44793648a35d3181fd36d7 Signed-off-by: Mike Lockwood <lockwood@android.com>
* | | | Tracking merge of dalvik-dev to masterjeffhao2011-05-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reordered bootclasspath to allow verification of all framework methods. git cherry-pick --no-commit ec164a0170955fe63106c2576a65bc4ffb1df425 Address CVE-2011-1090. git cherry-pick --no-commit 3365288d3c00072689cd9d733e055561cadc87b5 Change-Id: I6a89bc600ced06a0cb84ae1670cb7a6ea39de9c8
* | | | Merge "Make CertInstaller installed CA certs trusted by applications via ↵Brian Carlstrom2011-05-171-0/+1
|\ \ \ \ | | | | | | | | | | | | | | | default TrustManager (6 of 6)"
| * | | | Make CertInstaller installed CA certs trusted by applications via default ↵Brian Carlstrom2011-05-161-0/+1
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TrustManager (6 of 6) frameworks/base Adding IKeyChainService APIs for CertInstaller and Settings use keystore/java/android/security/IKeyChainService.aidl libcore Improve exceptions to include more information luni/src/main/java/javax/security/auth/x500/X500Principal.java Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods. Added support for adding user CAs in a separate directory for system. Added support for removing system CAs by placing a copy in a sytem directory luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash to make sure the implementing algorithms doe not change since TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to 1.0.0) luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Extensive test of new TrustedCertificateStore behavior luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java TestKeyStore improvements - Refactored TestKeyStore to provide simpler createCA method (and internal createCertificate) - Cleaned up to remove use of BouncyCastle specific X509Principal in the TestKeyStore API when the public X500Principal would do. - Cleaned up TestKeyStore support methods to not throw Exception to remove need for static blocks for catch clauses in tests. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Added private PKIXParameters contructor for use by IndexedPKIXParameters to avoid wart of having to lookup and pass a TrustAnchor to satisfy the super-class sanity check. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java luni/src/main/java/java/security/cert/PKIXParameters.java packages/apps/CertInstaller Change CertInstaller to call IKeyChainService.installCertificate for CA certs to pass them to the KeyChainServiceTest which will make them available to all apps through the TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask. src/com/android/certinstaller/CertInstaller.java Added installCaCertsToKeyChain and hasCaCerts accessor for use by CertInstaller. Use hasUserCertificate() internally. Cleanup coding style. src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Added MANAGE_ACCOUNTS so that IKeyChainService.reset implementation can remove KeyChain accounts. AndroidManifest.xml Implement new IKeyChainService methods: - Added IKeyChainService.installCaCertificate to install certs provided by CertInstaller using the TrustedCertificateStore. - Added IKeyChainService.reset to allow Settings to remove the KeyChain accounts so that any app granted access to keystore credentials are revoked when the keystore is reset. src/com/android/keychain/KeyChainService.java packages/apps/Settings Changed com.android.credentials.RESET credential reset action to also call IKeyChainService.reset to remove any installed user CAs and remove KeyChain accounts to have AccountManager revoke credential granted to private keys removed during the RESET. src/com/android/settings/CredentialStorage.java Added toast text value for failure case res/values/strings.xml system/core Have init create world readable /data/misc/keychain to allow apps to access user added CA certificates installed by the CertInstaller. rootdir/init.rc Change-Id: I768ca8e8e990ff333ce0f7069a0935173498c5ed
* | | | Update the device permission of /dev/tun.Chia-chi Yeh2011-05-121-1/+1
|/ / / | | | | | | | | | Change-Id: Ie8ad60047fc7160997100bd28a0abb439406806a
* | | resolved conflicts for merge of b013bfc1 to honeycomb-plus-aospDavid 'Digit' Turner2011-04-291-0/+1
|\ \ \ | |/ / |/| / | |/ Change-Id: I159dd58c403bc38f9637163d8cd5e6270e4f201c
| * am 52a64057: Merge "ueventd.rc: Move /dev/qemu_trace to ueventd.goldfish.rc"David 'Digit' Turner2011-04-282-1/+2
| |\ | | | | | | | | | | | | * commit '52a64057b60b0ad242e95fdc285ec60e0191d5b5': ueventd.rc: Move /dev/qemu_trace to ueventd.goldfish.rc
| | * ueventd.rc: Move /dev/qemu_trace to ueventd.goldfish.rcDavid 'Digit' Turner2011-04-262-1/+2
| | | | | | | | | | | | | | | | | | + Add /dev/qemu_pipe line for QEMU pipes. Change-Id: If3c5c675bfc1585a1d6ffcd1042aaedbc2e94763
* | | Make drmserver's primary group be system, so setgid is not required in ↵Jeffrey Tinker2011-03-171-1/+1
| | | | | | | | | | | | | | | | | | ueventd.stingray.rc Change-Id: Ie8a287620d22b5c1bdc459fb288b7403589ab474
* | | Bug 4089635 mediaserver fewer supplementary groupsGlenn Kasten2011-03-141-1/+1
| | | | | | | | | | | | Change-Id: I90111567564397ca08e87dcfcbdf23337bf79ae6
* | | Bug 4086255 drmserver process needs system groupGlenn Kasten2011-03-111-1/+1
| | | | | | | | | | | | Change-Id: If9a325b9e716abe00f3ad6f20b012861308abd2d
* | | Merge "Load the persistent properties after decrypting the /data partition" ↵Ken Sumrall2011-03-101-0/+3
|\ \ \ | | | | | | | | | | | | into honeycomb-mr1
| * | | Load the persistent properties after decrypting the /data partitionKen Sumrall2011-03-101-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix for bug 3415286. The persistent properties are normally read early in the boot process after /data is mounted. However, for an encrypted system, at that point /data is a tmpfs ramdisk. This change adds a new command to init (load_persist_props) to read the persistent properties, and adds an action to init.rc to load the persistent properties. This action is triggered by setting a property in vold, but that's in a different CL. Change-Id: I74b3057974ee6029c29d956b76fef5566700d471
* | | | Run surfaceflinger in its own process. [DO NOT MERGE]Mathias Agopian2011-03-101-0/+10
|/ / / | | | | | | | | | | | | | | | | | | | | | This is to allow OpenGL ES rendering from the system process, and help with debugging. Bug: 4086003 Change-Id: I732e95f4fcaa358f430cc195d8e63a69263bffdc
* | | am 663268ca: am fe111c83: am e6b638be: Merge "x86: Add vold.fstab to mount ↵David Turner2011-03-021-0/+4
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | the SD card" * commit '663268caac636e32b19173743594899e52df0830': x86: Add vold.fstab to mount the SD card
| * \ \ am fe111c83: am e6b638be: Merge "x86: Add vold.fstab to mount the SD card"David Turner2011-03-021-0/+4
| |\ \ \ | | |/ / | | | | | | | | | | | | * commit 'fe111c83708dd3c8746b3a05d4b2f53c7a9f4477': x86: Add vold.fstab to mount the SD card
| | * | am e6b638be: Merge "x86: Add vold.fstab to mount the SD card"David Turner2011-03-021-0/+4
| | |\ \ | | | |/ | | | | | | | | | | | | * commit 'e6b638be199a5f16f3eaff69710d92ea248d60a3': x86: Add vold.fstab to mount the SD card
| | | * x86: Add vold.fstab to mount the SD cardJun Nakajima2011-02-131-0/+4
| | | | | | | | | | | | | | | | | | | | Change-Id: Ie1f70a22dd4e27e8ea956d5e627877d1e2379b95 Signed-off-by: Jun Nakajima <jun.nakajima@intel.com>
| | * | am 126d4bc1: Give system server permission to enable and disable USB ↵Mike Lockwood2011-02-281-1/+1
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | functions DO NOT MERGE * commit '126d4bc18c93f06016998cf6d014c6055c2d3a40': Give system server permission to enable and disable USB functions DO NOT MERGE
| | | * | Give system server permission to enable and disable USB functions DO NOT MERGEMike Lockwood2011-02-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: Ie43b6679838436ac004d0b5fa59d3d98cb5b0c76 Signed-off-by: Mike Lockwood <lockwood@android.com>
| | * | | am 642075b6: Set USB group for /dev/usb_accessory DO NOT MERGEMike Lockwood2011-02-281-0/+1
| | |\ \ \ | | | |/ / | | | | / | | | |/ | | |/| * commit '642075b6f74faeca53d9449ec9b74d7c66fe7cdd': Set USB group for /dev/usb_accessory DO NOT MERGE
| | | * Set USB group for /dev/usb_accessory DO NOT MERGEMike Lockwood2011-02-271-0/+1
| | | | | | | | | | | | | | | | | | | | Change-Id: I41264272ff6ce245cb2b8989ddee4a82059444a0 Signed-off-by: Mike Lockwood <lockwood@android.com>
| | * | Let SocketClient users write binary data to clients.Brad Fitzpatrick2011-01-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a dependency for the DNS proxy CLs. This CL also adds a new socket for the netd process to inherit which is owned by the inet group. (so only apps with the INTERNET permission can use the DNS proxy...) Change-Id: I8a51924e0ed56c6066f77e6f1b02d39bdadac51e
* | | | Merge "Fix for bug 3379244, non-eMMC devices don't start all services."Ken Sumrall2011-02-221-6/+0
|\ \ \ \
| * | | | Fix for bug 3379244, non-eMMC devices don't start all services.Ken Sumrall2011-02-171-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix for non-eMMC based devices to properly start the "on nonencrypted" action. Change-Id: I5d2966db352b02f1a1724fb105e1cefc46037e42
* | | | | ueventd.rc: Give system process permission to enable and disable USB functionsMike Lockwood2011-02-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I4af1f3fed857df2be96a640f65cd612577c957c7 Signed-off-by: Mike Lockwood <lockwood@android.com>
* | | | | Set USB group for /dev/usb_accessoryMike Lockwood2011-02-081-0/+1
|/ / / / | | | | | | | | | | | | | | | | Change-Id: I17db8d9bb1bf6336979e9b7bce62306d0d7a79d2 Signed-off-by: Mike Lockwood <lockwood@android.com>
* | | | Merge "Reorder BOOTCLASSPATH to match change 7eff81df2a"Ying Wang2011-02-081-1/+1
|\ \ \ \
generated by cgit v1.1 at 2024-12-26 03:46:08 +0000