summaryrefslogtreecommitdiffstats
path: root/rootdir
Commit message (Collapse)AuthorAgeFilesLines
* add system-background cpusetTim Murray2015-09-181-0/+14
| | | | | | | | | add a new cpuset for system services that should not run on larger cores bug 24144797 Change-Id: I21a54f0d6b46b3b8bd8c4564b8685c88cfc4a57d
* init: usb: Add configfs commands for USB gadgetBadhri Jagan Sridharan2015-09-081-16/+134
| | | | | | | | | | | | | Adds init support for: accessory audio_source midi adb rndis Bug=23633457 Change-Id: I12e68e25969adafcf3170769f91ae939d08b7dbc
* init.usb.rc: fix USB typec property namesVincent Palatin2015-09-031-4/+4
| | | | | | | | Fix typos in the usb typec properties (sys.usb.typec.*), so the data_role and the power_role can be written properly in the sysfs. Bug: 23790832 Change-Id: I90f591ab37825a07e0610ef1fec0e831eb19515d
* Add zygote to the foreground cpuset.Tim Murray2015-09-024-2/+6
| | | | | | | | | This ensures that newly forked zygote processes will end up in the corret cpuset. bug 23751126 Change-Id: I987a2828cf2504963f1317d17f0b51d26cf22a70
* init: usb: Add init scripts for configfs commandsBadhri Jagan Sridharan2015-09-012-0/+58
| | | | | | | | | | | This CL adds a new init script init.usb.configfs.rc to add generic configfs commands. Setting sys.usb.configfs in init.usb.{hardware}.rc enables executing commands in this script Bug=23633457 Change-Id: Iaae844a7957d6c9bf510648aaff86d56aa0c6243
* init.usb.rc: Add new system property for configfsBadhri Jagan Sridharan2015-09-011-8/+11
| | | | | | | | | | | This CL helps to execute a different set of commands for the usb configs specified in init.usb.rc. Aimed at using configfs based commands over android composition driver. Bug=23633457 Change-Id: Ifa5f804e1cff93d15ad57d0ed553300bc5868936
* Add foreground/boost cpuset.Tim Murray2015-08-251-0/+6
| | | | | | | | | | This is used for app launches (and maybe other high priority tasks in the future). It's to be set to whatever cores should be used for short term high-priority tasks. bug 21915482 Change-Id: Id0ab0499146c09e860b97f4cb8095834cb12dd50
* Use init to write usb typec propsTim Kilbourn2015-08-171-0/+31
| | | | | | | The sysfs nodes are owned by root, so use init to write role changes. Bug: 21615151 Change-Id: I39ad03a23af0be9ac859d4fb79a46edc27e30f4e
* am b9f438ff: Protect runtime storage mount points.Jeff Sharkey2015-08-061-8/+9
|\ | | | | | | | | * commit 'b9f438ff841f87c8ffbca85b13a533718a18e15f': Protect runtime storage mount points.
| * Protect runtime storage mount points.Jeff Sharkey2015-08-061-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a bunch of magic that mounts the correct view of storage access based on the runtime permissions of an app, but we forgot to protect the real underlying data sources; oops. This series of changes just bumps the directory heirarchy one level to give us /mnt/runtime which we can mask off as 0700 to prevent people from jumping to the exposed internals. Also add CTS tests to verify that we're protecting access to internal mount points like this. Bug: 22964288 Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
* | am 26f0f657: Merge "init.rc: add healthd to system group to allow write to ↵Jeffrey Vander Stoep2015-07-281-0/+1
|\ \ | |/ | | | | | | | | | | /dev/cpuset" into mnc-dev * commit '26f0f657ec027430bde7d2237890ba59b3fd174a': init.rc: add healthd to system group to allow write to /dev/cpuset
| * Merge "init.rc: add healthd to system group to allow write to /dev/cpuset" ↵Jeffrey Vander Stoep2015-07-281-0/+1
| |\ | | | | | | | | | into mnc-dev
| | * init.rc: add healthd to system group to allow write to /dev/cpusetJeff Vander Stoep2015-07-281-0/+1
| | | | | | | | | | | | | | | | | | | | | Also add to root group to avoid introducting new bugs. Bug: 22699101 Change-Id: I9da31e0cc955efd711df3f4c6b17e39d74c01549
* | | am 3f62a020: logd: allow logd to write to /dev/cpuset filesJeff Vander Stoep2015-07-251-3/+4
|\ \ \ | |/ / | | | | | | | | | * commit '3f62a020c48d5d812fb2898759b93a59dc24d310': logd: allow logd to write to /dev/cpuset files
| * | logd: allow logd to write to /dev/cpuset filesJeff Vander Stoep2015-07-241-3/+4
| |/ | | | | | | | | | | | | | | | | | | | | | | Required by logd on devices with USE_CPUSETS defined. Make /dev/cpuset/background, /dev/cpuset/foreground and /dev/cpuset/task writeable by system gid. Add logd to system group for writing to cpuset files and to root group to avoid regressions. When dropping privs, also drop supplementary groups. Bug: 22699101 Change-Id: Icc01769b18b5e1f1649623da8325a8bfabc3a3f0
* | Disable scaling of the cfs tunables.Riley Andrews2015-07-211-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The cfs tunables auto-scale with the number of active cpus by default. Given that the tunable settings are in device-independent code and it's not known how many cores are currently active when the init.rc file runs, the cfs tunables can vary pretty significantly across devices depending on the state at boot. Disable scaling of the the tunables so that we can get more consistent behavior of cfs across devices. If we want to do per-device tuning of these values, we can override what's written here in device specific files. Bug: 22634118 Change-Id: Id19b24ef819fef762521e75af55e6d4378cfc949
* | Merge "Set up user directory crypto in init." into mnc-dr-devPaul Crowley2015-07-131-0/+2
|\ \
| * | Set up user directory crypto in init.Paul Crowley2015-06-231-0/+2
| | | | | | | | | | | | | | | | | | | | | (cherry-picked from commit b94032b79c3cded501e2d5f7c328cf8c0c3911c4) Bug: 19704432 Change-Id: Ife4928ffbee39c8ae69e6ba66d9ce5ef5a0beb76
* | | Change init sequence to support file level encryptionPaul Lawrence2015-07-071-4/+11
| |/ |/| | | | | | | | | | | | | | | | | File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063
* | Merge "Revert "Change init sequence to support file level encryption"" into ↵Paul Lawrence2015-07-071-8/+4
|\ \ | | | | | | | | | mnc-dev
| * | Revert "Change init sequence to support file level encryption"Paul Lawrence2015-07-071-8/+4
| | | | | | | | | | | | | | | | | | This reverts commit d815178b7512cb44d8b5f234e3f823b5a3e44dea. Change-Id: I7e3f55d3092fcd04ea9f62f1971c9d42570f096c
* | | Merge "[init] start gatekeeperd after device decryption" into mnc-devAndres Morales2015-07-061-1/+1
|\ \ \ | |/ / |/| |
| * | [init] start gatekeeperd after device decryptionAndres Morales2015-07-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | gatekeeperd depends on having /data to determine whether to call setup routines for qcom HALs. Bug: 22298552 Change-Id: I6c552016dc863bbb04bd5a949a2317a720c8263f
* | | Change init sequence to support file level encryptionPaul Lawrence2015-07-061-4/+8
|/ / | | | | | | | | | | | | | | | | | | | | File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063 Change-Id: I8a6c40d44e17de386417a443c9dfc3b4e7fe59a5
* | Let's reinvent storage, yet again!Jeff Sharkey2015-06-251-7/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that we're treating storage as a runtime permission, we need to grant read/write access without killing the app. This is really tricky, since we had been using GIDs for access control, and they're set in stone once Zygote drops privileges. The only thing left that can change dynamically is the filesystem itself, so let's do that. This means changing the FUSE daemon to present itself as three different views: /mnt/runtime_default/foo - view for apps with no access /mnt/runtime_read/foo - view for apps with read access /mnt/runtime_write/foo - view for apps with write access There is still a single location for all the backing files, and filesystem permissions are derived the same way for each view, but the file modes are masked off differently for each mountpoint. During Zygote fork, it wires up the appropriate storage access into an isolated mount namespace based on the current app permissions. When the app is granted permissions dynamically at runtime, the system asks vold to jump into the existing mount namespace and bind mount the newly granted access model into place. Bug: 21858077 Change-Id: I5a016f0958a92fd390c02b5ae159f8008bd4f4b7
* | Fix the file permissions of /data/misc/bluedroid/bt_config.confPavlin Radoslavov2015-06-221-1/+4
|/ | | | | | | | | | | | | | | | | Fix the file access permissions and group ownership of "/data/misc/bluedroid/bt_config.conf" so the file can be reused when switching users on the device. For that purpose, we need to do the following: 1. Set the set-group-ID (bit 02000) flag for directory "/data/misc/bluedroid" so the files created in that directory will have group-id of "net_bt_stack" . 2. Change the file's permissions of file "/data/misc/bluedroid/bt_config.conf" to Read/Write by User and Group. Bug: 21493919 Change-Id: Ie00ab4695198ef2aa299b484ef9d4f17bd41b98a
* add cpuset support to libcutilsTim Murray2015-06-111-0/+22
| | | | | | bug 21782794 Change-Id: I249531754fb29442dc3c7434d77dbb103f4220a7
* Merge "Move crypt commands to a different listener in vold" into mnc-devPaul Lawrence2015-06-041-0/+1
|\
| * Move crypt commands to a different listener in voldPaul Lawrence2015-06-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | In order to prevent this bug from happening, we must allow vold cryptfs commands to complete while a long running mount is underway. While waiting for vold to be changed to a binder interface, we will simply create two listeners, one for cryptfs and one for everything else. Bug: 19197175 Change-Id: Ie3d9567819ced7757b0a8f391547f27db944153c
* | tzdatacheck: don't hard code SELinux domain nameNick Kralevich2015-06-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | An automatic domain transition is already defined by SELinux policy. Avoid having redundant information on the exec line. This commit depends on commit 17fff893c04971b519d25d52b07f51111353cba5 which made the SELinux process label optional. (cherrypicked from commit 221fca7ddd2ba1778ec89013c96434a9d36b529e) Change-Id: I89464f2bd218c7d6e8db08aa6bed2b62ec6dad2a
* | init.rc: logd: Add logpersistd (nee logcatd)Mark Salyzyn2015-06-021-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (cherry pick from commit 100658c303919d8f69c76f6f25eac376795712f0) - logpersistd is defined as a thread or process in the context of the logd domain. Here we define logpersistd as logcat -f in logd domain and call it logcatd to represent its service mechanics. - Use logcatd to manage content in /data/misc/logd/ directory. - Only turn on for persist.logd.logpersistd = logcatd. - Add logpersist.start, logpersist.stop and logpersist.cat debug class executables, thus only in the eng and userdebug builds. ToDo: Wish to add Developer Options menu to turn this feature on or off, complicated by the fact that user builds have no tools with access rights to /data/misc/logd. Bug: 19608716 Change-Id: I57ad757f121c473d04f9fabe9d4820a0eca06f31
* | rootdir: init.trace.rc too earlyMark Salyzyn2015-06-021-1/+1
|/ | | | | | | | | (cherry pick from commit 89357d23a1d3166f0402734086da77805ca13617) debugfs is mounted on boot Bug: 21566233 Change-Id: I2ba106fbb1e8164ff3d8b2d5b16a16d7926c2732
* DO NOT MERGE Securely encrypt the master keyPaul Lawrence2015-05-291-3/+5
| | | | | | | | | | | | | | | | | | | | | | (chery-picked from commit 806d10be2336f32cdca16c2540cbf3d548f2fec7) Move all key management into vold Reuse vold's existing key management through the crypto footer to manage the device wide keys. Use ro.crypto.type flag to determine crypto type, which prevents any issues when running in block encrypted mode, as well as speeding up boot in block or no encryption. This is one of four changes to enable this functionality: https://android-review.googlesource.com/#/c/148586/ https://android-review.googlesource.com/#/c/148604/ https://android-review.googlesource.com/#/c/148606/ https://android-review.googlesource.com/#/c/148607/ Bug: 18151196 Change-Id: I6a8a18f43ae837e330e2785bd26c2c306ae1816b
* Merge "Change pre-recovery into two services" into mnc-devTao Bao2015-05-281-4/+9
|\
| * Change pre-recovery into two servicesTao Bao2015-05-191-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | /system/bin/uncrypt needs to be triggered to prepare the OTA package before rebooting into the recovery. Separate pre-recovery (uncrypt) into two services: uncrypt that does the uncryption work and pre-recovery that actually reboots the device into recovery. Also create /cache/recovery on post-fs in case it doesn't exist. Bug: 20012567 Bug: 20949086 Change-Id: If67fe1e9ee6279593d2788452febcd3f0fe714c2
* | Move perfprofd to late_start class.Than McIntosh2015-05-281-4/+1
|/ | | | | | Bug: http://b/19483574 Change-Id: I88649b50b95cbddb7d0671a5499232cbef156c48 (cherry picked from commit e8efd0d6bf41527d67a402ed3a945a8c5f75f10d)
* rootdir: add permission for /dev/dvb*Terry Heo2015-05-071-0/+3
| | | | | Bug: 20112245 Change-Id: I513c6ed5b65d5bd4edef6cb12d7fc20eb9cad4f1
* Add /data/misc/perfprofd to store perf profile.Dehao Chen2015-05-061-0/+1
| | | | | | | | BUG: 19483574 (cherry picked from commit 30c401fa92f5a32a9a41024d9d1daddd1bc37ea5) Change-Id: Ibf96db9f7e5db625b395db20b73572acc240b1f9
* rootdir: make sure the /oem mountpoint is always availableNick Kralevich2015-05-061-1/+1
| | | | | | | | | | | The /oem mount point is used to mount semi-trusted data, and many Android One devices depend on it. Make sure it's guaranteed to always be available. (cherrypicked from commit f3b554fc614fffaa5fc62ef1b4147131a8fa373c) Bug: 20816563 Change-Id: Ib5272f025d14d4da6125d753879054b3faeae696
* Invoke perfprofd daemon (only for userdebug/eng builds).Than McIntosh2015-05-041-0/+8
| | | | | Change-Id: Ifaabe32dda6db249efc62c5db3760e32295eb1a9 (cherry picked from commit d6544d2a405df4c6e1fb517b1038a3640ae5f095)
* Revert "STOPSHIP: WifiStateMachine logging temporarily disabled"Mark Salyzyn2015-04-241-8/+0
| | | | | | This reverts commit 15ae6c2e7ce02db583ca5a6be5ca30499d56de87. Change-Id: I281a65209a5118a6c73ddec65ed40d149c23bf0b
* Merge "Revert "STOPSHIP: Additional Wifi logging temporarily disabled""Mark Salyzyn2015-04-241-2/+1
|\
| * Revert "STOPSHIP: Additional Wifi logging temporarily disabled"Mark Salyzyn2015-04-241-2/+1
| | | | | | | | | | | | This reverts commit 18b1da2033440cf362ea5c71ca687d359671096f. Change-Id: I86cde061a36a9a9e43c8a5df2df1e853ed32b7a0
* | am a8088f38: am ec389902: am 132440b0: Merge "Revert "Revert "Make init ↵Elliott Hughes2015-04-241-7/+0
|\ \ | | | | | | | | | | | | | | | | | | re-exec itself for its SELinux domain transition.""" * commit 'a8088f380932d873a39fafdd816f96328f7caa9c': Revert "Revert "Make init re-exec itself for its SELinux domain transition.""
| * | Revert "Revert "Make init re-exec itself for its SELinux domain transition.""Elliott Hughes2015-04-241-7/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 4217374611ada50f33aee544f015f6f9dfbf7ced. It turns out that the kernel passes any unrecognized arguments on to init, and (at least) N6 and N9 have such arguments. My lazy check of argc was thus insufficient to recognize what stage of init we were in, so we'd skip to stage 2 and not set up SELinux. And apparently you can get a very long way with SELinux off... We'll fix that in a later change. Bug: 19702273 Change-Id: I43b3fb722fed35dd217cb529cbcac9a29aff4e4b
* | | am b706a8ac: am 2db3cd3e: am 46fee19c: Merge "Revert "Make init re-exec ↵Nick Kralevich2015-04-241-0/+7
|\ \ \ | |/ / | | | | | | | | | | | | | | | itself for its SELinux domain transition."" * commit 'b706a8acff9c62da7b4045374b93a8739671a8a0': Revert "Make init re-exec itself for its SELinux domain transition."
| * | Merge "Revert "Make init re-exec itself for its SELinux domain transition.""Nick Kralevich2015-04-241-0/+7
| |\ \
| | * | Revert "Make init re-exec itself for its SELinux domain transition."Nick Kralevich2015-04-241-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | shamu isn't booting. This reverts commit adf0d1bbfa4bc560c2106f14afa8258a11c48bf6. Change-Id: I89d568838cebbe14cc4a8ae3843f0f1ac54987af
* | | | am 77260323: am 20dfbb0f: am fa66b4e1: Merge "Remove long-obsolete file."Elliott Hughes2015-04-241-19/+0
|\ \ \ \ | |/ / / | | | | | | | | | | | | * commit '77260323e2e99a996351a98a44ef56db5f1e2767': Remove long-obsolete file.
| * | | Remove long-obsolete file.Elliott Hughes2015-04-231-19/+0
| | | | | | | | | | | | | | | | Change-Id: I728cc13b4a7ac93f9c923d2fc9bda2bb65ffe99d
generated by cgit v1.1 at 2025-01-10 21:14:50 +0000