Make sure /data/dalvik-cache/profiles gets the correct
permissions and SELinux context, and ownership is properly
assigned to the system UID.
Change-Id: Ic1b44009faa30d704855e97631006c4b990a4ad3
dmesg_restrict is too coarse of a control. In Android's case,
we want to allow the shell user to see dmesg output, but disallow
others from seeing it.
Rather than rely on dmesg_restrict, use SELinux to control access
to dmesg instead. See corresponding change in external/sepolicy .
Bug: 10020939
Change-Id: I9d4bbbd41cb02b707cdfee79f826a39c1ec2f177
Define a UID to be used by the process responsible for creating shared
RELRO files for the WebView native library, and create a directory owned
by that UID to use to store the files.
Bug: 13005501
Change-Id: I5bbb1e1035405e5534b2681f554fe16f74e3da1a
To remove the need to modify the bionic dynamic linker, add the
signal chaining library as a preload in the environment. This
will be picked up by the dynamic linker and will override
sigaction and sigprocmask to allow for signal chaining.
Change-Id: I6e2d0628b009bd01e0ed9aed0b311871b9c8363a
cpufreq
The owner and permissions for the sysfs file
/sys/devices/system/cpu*/cpufreq/scaling_max/min_freq is changed.
This would allow the PowerHAL to change the max/min cpufreq even after
the associated CPU's are hotplugged out and back in.
Change-Id: Ibe0b4aaf3db555ed48e89a7fcd0c5fd3a18cf233
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Volantis SurfaceFlinger holds open a file on data partition.
SurfaceFlinger is not running when we trigger_default_encryption
but if we start it before starting defaultcrypto it locks open
data, so we can't unmount it.
It will start anyway when main starts, so not starting it here
is safe - it will just cause a 1-2 second delay in the graphics
appearing.
Change-Id: Idd546a578e62a24f999367b1407b37ad0f00f3a2
Note that init.zygote64.rc, which supports a "pure"
64 bit zygote is around only for testing.
The life cycles of both zygotes are controlled by init,
and the assumption here is that they will be available
always. We start the system_server in 32 bit mode.
Note that the distinction between "primary" and "secondary"
simply defines the order in which ABI support is queried,
there's no real requirement that the primary zygote supports
the primary ABI of the device.
bug: 13647418
Change-Id: Id0be001ea6f934c3c2022d89a63aae9fae66cc38
This allows us to choose different configs depending on
whether or not the target is 64 capable, and what its preferred
default is.
bug: 13647418
Change-Id: Ie1ce4245a3add7544c87d27c635ee390f4062523
Remove world-readable, reduce group permissions to readable by system
daemons
Change-Id: I6c7d7d78b8d8281960659bb8490a01cf7fde28b4
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Modify fs_mgr to unmount encryptable drives after test mounting them and
then trigger an auto-encrypt via the init script
Needs matching vold changes from
https://googleplex-android-review.googlesource.com/#/c/414200/
Feature is limited to list of serial numbers with this change
Bug: 11985952
Change-Id: I84f85a258b6a7e9809467c9149249302e203c41b
The kernel's default is between 4~20.
Prepare for javaland to modify the value at runtime.
It can be done via
setprop sys.sysctl.tcp_def_init_rwnd <value>
Bug: 12020135
Change-Id: Id34194b085206fd02e316401c0fbbb9eb52522d2
(cherry picked from commit 7c862c8b5e)
- init: set /proc/sys/net/unix/max_dgram_qlen to 300
- libsysutils: Add listen backlog argument to startListener
- logd: set listen backlog to 300
Change-Id: Id6d37d6c937ba2d221e76258d89c9516619caeec
mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed
in the various device-specific init*.rc files but seems generic.
Move it to the main init.rc file.
Drop the separate chown for /data/misc/dhcp as this is handled by mkdir
built-in if the directory already exists.
Add a restorecon_recursive /data/misc/wifi/sockets.
Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* Create a new userspace log daemon for handling logging messages.
Original-Change-Id: I75267df16359684490121e6c31cca48614d79856
Signed-off-by: Nick Kralevich <nnk@google.com>
* Merge conflicts
* rename new syslog daemon to logd to prevent confusion with bionic syslog
* replace racy getGroups call with KISS call to client->getGid()
* Timestamps are filed at logging source
* insert entries into list in timestamp order
* Added LogTimeEntry tail filtration handling
* Added region locking around LogWriter list
* separate threads for each writer
* /dev/socket/logd* permissions
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
(cherry picked from commit 3e76e0a497)
Author: Nick Kralevich <nnk@google.com>
Change-Id: Ice88b1412d8f9daa7f9119b2b5aaf684a5e28098
The kernel's default is between 4~20.
Prepare for javaland to modify the value at runtime.
It can be done via
setprop sys.sysctl.tcp_def_init_rwnd <value>
Bug: 12020135
Change-Id: Id34194b085206fd02e316401c0fbbb9eb52522d2
* Create a new userspace log daemon for handling logging messages.
Original-Change-Id: I75267df16359684490121e6c31cca48614d79856
Signed-off-by: Nick Kralevich <nnk@google.com>
* Merge conflicts
* rename new syslog daemon to logd to prevent confusion with bionic syslog
* replace racy getGroups call with KISS call to client->getGid()
* Timestamps are filed at logging source
* insert entries into list in timestamp order
* Added LogTimeEntry tail filtration handling
* Added region locking around LogWriter list
* separate threads for each writer
* /dev/socket/logd* permissions
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Change-Id: Ice88b1412d8f9daa7f9119b2b5aaf684a5e28098
Set
* /sys/module/lowmemorykiller/parameters/adj
* /sys/module/lowmemorykiller/parameters/minfree
to 0220. This better indicates that these files are only intended
to be written to, never read.
Change-Id: I9ef054f032b3955e04128fc1a472a17c7b1fa792
If userdata is default encrypted, we should mount it at boot
to avoid bringing the framework up and then down unnecessarily.
Needs matching vold changes from
https://googleplex-android-review.googlesource.com/#/c/412649/
Bug: 8769627
Change-Id: I4b8276befd832cd788e15c36edfbf8f0e18d7e6b
With the following prior changes:
I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1
I698b1b2c3f00f31fbb2015edf23d33b51aa5bba1
I8dd915d9bb80067339621b905ea2b4ea0fa8d71e
it should now be safe (will correctly label all files)
and reasonably performant (will skip processing unless
file_contexts has changed since the last call) to call
restorecon_recursive /data from init.rc.
The call is placed after the setprop selinux.policy_reload 1 so that
we use any policy update under /data/security if present.
Change-Id: Ib8d9751a47c8e0238cf499fcec61898937945d9d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The script that writes the recovery partition after a successful
update of system needs to be made executable. This change also moves
it from /system/etc to /system/bin.
Bug: 12893978
Change-Id: I686e2392a2392515a6859a7381b735de1007b7ea
mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed
in the various device-specific init*.rc files but seems generic.
Move it to the main init.rc file.
Drop the separate chown for /data/misc/dhcp as this is handled by mkdir
built-in if the directory already exists.
Add a restorecon_recursive /data/misc/wifi/sockets.
Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When adbd runs as root, it should transition into the
su domain. This is needed to run the adbd and shell
domains in enforcing on userdebug / eng devices without
breaking developer workflows.
Introduce a new device_banner command line option.
Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
Add a service called "pre-recovery" which is normally stopped but can
be started by the system server when we want to go into recovery. It
will do any preparation needed (currently needed to handle update
packages that reside on an encrypted /data partition) and then set
sys.powerctl when it's ready to actually reboot.
Bug: 12188746
Change-Id: I894a4cb200395a0f6d7fe643ed4c2ac0a45d2052
Otherwise it will be mislabeled on upgrades with existing userdata.
Change-Id: Ibde88d5d692ead45b480bb34cfe0831baeffbf94
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
On a 64-bit system, 64-bit processes will want one path, 32-bit processes
another. The dynamic linker already provides the correct defaults for
native code, and we've coupled the VM and dynamic linker so that
LD_LIBRARY_PATH will be set correctly in any VM during startup if it's not
being manually overridden.
Change-Id: Icbffc0d451dbc242cdfb9267413d8bcac434e108
Use restorecon_recursive to label devices
where the directory and subfiles have
already been built and labeled.
Change-Id: I0dfe1e542fb153ad20adf7b2b1f1c087b4956a12
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
If checkreqprot == 1, SELinux only checks the protection flags passed
by the application, even if the kernel internally adds PROT_EXEC for
READ_IMPLIES_EXEC personality flags. Switch to checkreqprot == 0
to check the final protection flags applied by the kernel.
Change-Id: Ic39242bbbd104fc9a1bcf2cd2ded7ce1aeadfac4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This allows it to be permissive in userdebug/eng builds
but confined/enforcing in user builds.
Change-Id: Ie322eaa0acdbefea2de4e71ae386778c929d042b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The files in zoneinfo changed from system_data_file to
zoneinfo_data_file. Fixup pre-existing files.
Change-Id: Idddbd6c2ecf66cd16b057a9ff288cd586a109949
There is no longer any reason to permit system UID to set enforcing mode.
Change-Id: Ie28beed1ca2b215c71f2847e2390cee1af1713c3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Need the set correct permission for print-tgid option or tracing of
sched can't work on user build.
Change-Id: Ia88aabe58128b911afd78f01c27f7da884ed03f0
Signed-off-by: Carton He <carton.he@marvell.com>
Nick Kralevich