gatekeeperd depends on having /data to determine whether
to call setup routines for qcom HALs.
Bug: 22298552
Change-Id: I6c552016dc863bbb04bd5a949a2317a720c8263f
File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.
Split property loaded into system and data, and load in right order.
Bug: 22233063
Change-Id: I8a6c40d44e17de386417a443c9dfc3b4e7fe59a5
Now that we're treating storage as a runtime permission, we need to
grant read/write access without killing the app. This is really
tricky, since we had been using GIDs for access control, and they're
set in stone once Zygote drops privileges.
The only thing left that can change dynamically is the filesystem
itself, so let's do that. This means changing the FUSE daemon to
present itself as three different views:
/mnt/runtime_default/foo - view for apps with no access
/mnt/runtime_read/foo - view for apps with read access
/mnt/runtime_write/foo - view for apps with write access
There is still a single location for all the backing files, and
filesystem permissions are derived the same way for each view, but
the file modes are masked off differently for each mountpoint.
During Zygote fork, it wires up the appropriate storage access into
an isolated mount namespace based on the current app permissions. When
the app is granted permissions dynamically at runtime, the system
asks vold to jump into the existing mount namespace and bind mount
the newly granted access model into place.
Bug: 21858077
Change-Id: I5a016f0958a92fd390c02b5ae159f8008bd4f4b7
Fix the file access permissions and group ownership of
"/data/misc/bluedroid/bt_config.conf" so the file can be reused when
switching users on the device.
For that purpose, we need to do the following:
1. Set the set-group-ID (bit 02000) flag for directory "/data/misc/bluedroid"
so the files created in that directory will have group-id of
"net_bt_stack" .
2. Change the file's permissions of file "/data/misc/bluedroid/bt_config.conf"
to Read/Write by User and Group.
Bug: 21493919
Change-Id: Ie00ab4695198ef2aa299b484ef9d4f17bd41b98a
allow_user_segv_handler=1 is required to run ART under ASan
detect_odr_violation=0 and alloc_dealloc_mismatch=0 suppress some of
the existing bug reports during boot.
Bug: 21951850, 21785137
Change-Id: I4d36967c6d8d936dacbfdf1b94b87fa94766bd3e
/system/bin/uncrypt needs to be triggered to prepare the OTA package
before rebooting into the recovery. Separate pre-recovery (uncrypt)
into two services: uncrypt that does the uncryption work and
pre-recovery that actually reboots the device into recovery.
Also create /cache/recovery on post-fs in case it doesn't exist.
Bug: 20012567
Bug: 20949086
(cherry picked from commit e48aed0f0a)
Change-Id: I9877cd6ac9412ea6a566bb1ec0807940c7a38ce5
In order to prevent this bug from happening, we must allow vold cryptfs
commands to complete while a long running mount is underway.
While waiting for vold to be changed to a binder interface, we will simply
create two listeners, one for cryptfs and one for everything else.
Bug: 19197175
Change-Id: Ie3d9567819ced7757b0a8f391547f27db944153c
An automatic domain transition is already defined by SELinux
policy. Avoid having redundant information on the exec line.
This commit depends on commit 17fff893c0
which made the SELinux process label optional.
(cherrypicked from commit 221fca7ddd)
Change-Id: I89464f2bd218c7d6e8db08aa6bed2b62ec6dad2a
An automatic domain transition is already defined by SELinux
policy. Avoid having redundant information on the exec line.
This commit depends on commit 17fff893c0
which made the SELinux process label optional.
Change-Id: I89464f2bd218c7d6e8db08aa6bed2b62ec6dad2a
* commit 'e0e565635a7c6c36a05282622c01203afbec5ca5':
init.rc: logd: Add logpersistd (nee logcatd)
init: change exec parsing to make SECLABEL optional
logcat: -f run in background
logcat: -f flag to continue
(cherry pick from commit 100658c303)
- logpersistd is defined as a thread or process in the context of the
logd domain. Here we define logpersistd as logcat -f in logd domain
and call it logcatd to represent its service mechanics.
- Use logcatd to manage content in /data/misc/logd/ directory.
- Only turn on for persist.logd.logpersistd = logcatd.
- Add logpersist.start, logpersist.stop and logpersist.cat debug
class executables, thus only in the eng and userdebug builds.
ToDo: Wish to add Developer Options menu to turn this feature on or
off, complicated by the fact that user builds have no tools with
access rights to /data/misc/logd.
Bug: 19608716
Change-Id: I57ad757f121c473d04f9fabe9d4820a0eca06f31
- logpersistd is defined as a thread or process in the context of the
logd domain. Here we define logpersistd as logcat -f in logd domain
and call it logcatd to represent its service mechanics.
- Use logcatd to manage content in /data/misc/logd/ directory.
- Only turn on for persist.logd.logpersistd = logcatd.
- Add logpersist.start, logpersist.stop and logpersist.cat debug
class executables, thus only in the eng and userdebug builds.
ToDo: Wish to add Developer Options menu to turn this feature on or
off, complicated by the fact that user builds have no tools with
access rights to /data/misc/logd.
Bug: 19608716
Change-Id: I57ad757f121c473d04f9fabe9d4820a0eca06f31
/system/bin/uncrypt needs to be triggered to prepare the OTA package
before rebooting into the recovery. Separate pre-recovery (uncrypt)
into two services: uncrypt that does the uncryption work and
pre-recovery that actually reboots the device into recovery.
Also create /cache/recovery on post-fs in case it doesn't exist.
Bug: 20012567
Bug: 20949086
Change-Id: If67fe1e9ee6279593d2788452febcd3f0fe714c2
The /oem mount point is used to mount semi-trusted data, and
many Android One devices depend on it. Make sure it's guaranteed
to always be available.
(cherrypicked from commit f3b554fc61)
Bug: 20816563
Change-Id: Ib5272f025d14d4da6125d753879054b3faeae696
The /oem mount point is used to mount semi-trusted data, and
many Android One devices depend on it. Make sure it's guaranteed
to always be available.
Bug: 20816563
Change-Id: Ib5272f025d14d4da6125d753879054b3faeae696
This reverts commit 4217374611.
It turns out that the kernel passes any unrecognized arguments on to init,
and (at least) N6 and N9 have such arguments. My lazy check of argc was
thus insufficient to recognize what stage of init we were in, so we'd
skip to stage 2 and not set up SELinux. And apparently you can get a
very long way with SELinux off... We'll fix that in a later change.
Bug: 19702273
Change-Id: I43b3fb722fed35dd217cb529cbcac9a29aff4e4b
tzdatacheck is exec'd from init.rc early in boot just after /data is
mounted. It checks to make sure that the tz rule data in /data
is newer than the version in /system. If the data is older it is
deleted. This is to address problems with earlier tz rule updates
that occurred: after an OTA upgrade previous updates in /data
would override newer versions in the system partition.
Includes change to init.rc neccessary to run it at boot time. Other
changes are in external/selinux.
Bug: 19941636
Bug: https://code.google.com/p/android/issues/detail?id=35730
Change-Id: I7cc61e058424c856da88f11ff9b259f34cb39dc7
Until we have SELinux support for gating access
to individual TEE services, we will proxy TEE requests
to GateKeeper via this daemon.
Change-Id: Ifa316b75f75bff79bdae613a112c8c3c2e7189a8
The earliest point we can start logd is after /system is mounted.
Ideally on post-fs-system (does not exist), post-fs will do.
As insurance, we will also make sure logd is started if a
logd-reinit is requested. This results in logd starting at least
4 processes earlier than it does currently, with a tighter
grouping of threads which means we are taking advantage of a
lighter CPU load at the time, rather than taking cycles during
heavy activity during core startup.
Change-Id: If4f0bd3a53bb4c47500a54d741ca635d87c0c330
Fix build break caused by original change
This reverts commit 84b0bab58f.
(cherry picked from commit bbb4c85bdcc9a1bce315ed9d61a228bb1b992a1c)
Change-Id: If0ead0f2656b69f33f72c64b03a05784455a4143
Tell vold about which SELinux domains to use for different classes
of devices. Also create a directory for vold to store private
files.
Bug: 19993667
Change-Id: Ib7bc80234f2b13a89b143bf90f147140109570cd
To support external storage devices that are dynamically added and
removed at runtime, we're changing /mnt and /storage to be tmpfs that
are managed by vold.
To support primary storage being inserted/ejected at runtime in a
multi-user environment, we can no longer bind-mount each user into
place. Instead, we have a new /storage/self/primary symlink which
is resolved through /mnt/user/n/primary, and which vold updates at
runtime.
Fix small mode bugs in FUSE daemon so it can be safely mounted
visible to all users on device.
Bug: 19993667
Change-Id: I0ebf4d10aba03d73d9a6fa37d4d43766be8a173b
Also make important events in init's life NOTICE rather than INFO,
and ensure that NOTICE events actually make it to the kernel log.
Also fix the logging so that if you have a printf format string
error, the compiler now catches it.
Also give messages from init, ueventd, and watchdogd distinct tags.
(Previously they'd all call themselves "init", and dmesg doesn't
include pids, so you couldn't untangle them.)
Also include the tag in SELinux messages.
Bug: 19544788
Change-Id: Ica6daea065bfdb80155c52c0b06f346a7df208fe
Add file encryption flag to fstab.
If file encryption flag set in fstab, handle identically to block
encrypted volumes.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I28c236959f2d7d5f0dccc8ea45c325ea0cf871fc
This reverts commit b3739735b8.
Values are helpful to inspect during memory performance tuning.
b/19847626
Change-Id: I004ed37d5cc67e466c1fd1a84e47348524056e87
Paul Lawrence