This will make it possible to start some key services before mounting
data partition
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
(cherry picked from commit abfbec342f)
This will make it possible to start some key services before mounting
data partition
(cherry picked from commit abfbec342f)
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
This will make it possible to start some key services before mounting
data partition
Bug: 30118894
Change-Id: Ia9f8cc035de6cc0df9a61605864915efa0266d7f
persist.sys.usb.config stores the usb functions which need to be enabled
when the phone boots up. When the phone is actually booted, setting this
would also activate the following action trigger on sys.usb.config
From init.usb.rc:
Used to set USB configuration at boot and to switch the configuration
when changing the default configuration
on property:persist.sys.usb.config=*
setprop sys.usb.config ${persist.sys.usb.config}
sys.usb.config is anyways set to the actual functions by UsbDeviceManager
once it is set to none. Therefore add "on boot" condition to the above
action trigger so that persist.sys.usb.config does not race with
sys.usb.config.
BUG: 30440213
Change-Id: I3333d0b8334fb627469c7faad250bf3151bb1ebf
Rndis n/w interface "usb0" registration/deregistration is broken. If a
user try to switch to other functions or disable usb tethering or unplug
the usb cable then it doesn't kill "usb0" interface.
Fix is to delete Rndis function to unregister tethering interface when
switching from tethering to other functions or disable/unplug the
tethering cable. If we don't do that then the rndis netdev interface
will never be freed or unregistered.
This also means the rndis function has to be created everytime user
enable tethering function from Settings instead of creating it at
"on boot" in init.$hardware.usb.rc like we do currently. A relevant fix,
Change-Id: Icb49020d624fb21ef2607d473948cbbf3b9cc469, for reference has
already been submitted for device/linaro/hikey
Change-Id: If1f922e02277cccdc8c0b263be63989ee102cc80
Reported-by: Winter Wang <wente.wang@nxp.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
The sched_compat_yield option was eliminated in Linux 2.6.38 by commit
ac53db596cc0 ("sched: Use a buddy to implement yield_task_fair()") and
as a result, the following error is printed to the log during boot up.
init: write_file: Unable to open '/proc/sys/kernel/sched_compat_yield':
No such file or directory"
Bug: 30034121
Change-Id: Idbdb68de0cb3ab1f67d82a4d66af880bcfdfe261
(cherry picked from commit 724dfbac70)
The sched_compat_yield option was eliminated in Linux 2.6.38 by commit
ac53db596cc0 ("sched: Use a buddy to implement yield_task_fair()") and
as a result, the following error is printed to the log during boot up.
init: write_file: Unable to open '/proc/sys/kernel/sched_compat_yield':
No such file or directory"
Bug: 30034121
Change-Id: Idbdb68de0cb3ab1f67d82a4d66af880bcfdfe261
When building without vendor/... in the tree, we won't be creating a
vendorimage, so BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE won't be defined. But
we still need to use the vendor image that will be present.
Bug: 30040825
Change-Id: I756adc615aea11da60da4d3a4568caca9fed93ab
Extend the asan.options file to read binary-specific configuration
from files out of /system. For early services, the system image
location is important as /data may not be available when they are
started.
Add a template that turns most sanitization off. At this point in
time, it is, however, impossible to get to a zero overhead state
after the fact. The template is meant to adapt a build after the
fact, and work around issues with LOCAL_SANITIZE := never.
Add a Make variable and rule copying the template to the path and
name expected by ASAN. Add SANITIZE_LITE to automatically add a
large set of options files.
Bug: 29498013
Change-Id: I8e9e6929a55cee3f3fa0acb377a886bfa7006c91
We will store OTA packages there for both A/B and non-A/B OTAs. The
directory will be accessed by GMSCore (for both), uncrypt (non-A/B),
update_engine (A/B), update_verifier (A/B) and possibly system server
(for non-A/B OTAs to clean up half-way uncrypt'd packages).
Bug: 28944800
Change-Id: I5aa8156ec5052bd15dfadd4d8c28925d464e4401
(Cherry picked from commit 2b22a66382)
This adds a system property for controlling unprivileged access to
perf_event_paranoid. It depends on adding kernel support for
perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to
completely disable unprivileged access to perf. A minimal port of this
feature is used in the vanilla Debian kernel by default.
It hides the non-hardened value as an implementation detail, since while
it is currently 1, it will probably become 2 in the future.
Bug: 29054680
Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
This adds a system property for controlling unprivileged access to
perf_event_paranoid. It depends on adding kernel support for
perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to
completely disable unprivileged access to perf. A minimal port of this
feature is used in the vanilla Debian kernel by default.
It hides the non-hardened value as an implementation detail, since while
it is currently 1, it will probably become 2 in the future.
Bug: 29054680
Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
When using EAS, the foreground tasks were all getting boosted
during touchboosts. Limit it to top-app tasks.
BUG: 28378389
Change-Id: I72b7158a614bfd9b6c61024774e408ceba61fc9c
am: 66d69b902f
* commit '66d69b902f4ba15f2d2ad6b3d8214ae3355076cd':
init: usb: disable usb function switch until adbd is ready
Change-Id: Ib9022f062bece4a7fee2772df1d8f917c04f8e55
am: 7e11db1b32
* commit '7e11db1b3206cd92d52fca0b324f6a5260a68aec':
init: usb: disable usb function switch until adbd is ready
Change-Id: I12e8fab36f39a9b97e52ace30ab54b3a9fd7bf0f
am: b61ecb5213
* commit 'b61ecb5213e1c94e823f23d7f5a8a0a93db617d6':
init: usb: disable usb function switch until adbd is ready
Change-Id: I5fc733ee946b4d0accf58f56c80270f9e13d9f63
am: 31788415ed
* commit '31788415ed6d89eba11ee757f04ff32ee260a7c1':
Create symlink in the case where device has no cache partition
Change-Id: Ic5813d8f9fab4a02d6e0fab4add2fa0a8a72c008
am: c6535a343f
* commit 'c6535a343f0b0bdd0f4171f0b4c9be401beebf77':
Create symlink in the case where device has no cache partition
Change-Id: Ibcec898104e6509e70647576611ecc7d887f163d
Create symlink from /cache to /data/cache for devices
which have no cache partition.
Bug: 28747374
Change-Id: Ifb0c3250f1be345ce46fcdb78533e36c2250bb85
am: 403461f67d
* commit '403461f67d47e1156115d6e1be3925e48cb182f7':
init.rc: Remove cpu weight set on the root cgroup
Change-Id: Iabaf0f78e60a5e3ac28f88d6951d49cde8717940
am: 12397f202f
* commit '12397f202f97da7dcd40d45159696bc6be50aaf6':
init.rc: Remove cpu weight set on the root cgroup
Change-Id: I256d702368c1b4ed8688006abb5202dcc0d11f83
am: 2618d90c2f
* commit '2618d90c2fa3f952a195dfd4ecd9f92ec462bccb':
init.rc: Remove cpu weight set on the root cgroup
Change-Id: I2663c368032a3c9f851de7d1e47f68c3a25b0d52
The old way (using triggers) starts defaultcrypto twice because
queue_property_triggers_action retriggers the action.
Bug: 27452459
Change-Id: I48c844836f551673d0dbfed6c33bd8ee1e035f40
We create per-user directories under this location, so it should
only be created once by init, similar to all the other user-specific
directories.
Bug: 27896918
Change-Id: I9ec55e4fd763c0eda6c6e50483694a6377344586
"You are in a maze of twisty little symlinks, all alike."
Restore the /mnt/sdcard symlink, for compatibility with older Android
apps. This symlink was suppose to have been removed in the Gingerbread
time frame, but lives on.
Note: The /mnt/sdcard symlink was originally created in device specific
*.rc files in the device/vendor/hardware/* directory. This change moves
the creation of the symlink into the common init.rc file.
Bug: 25801877
Bug: 28108983
Change-Id: I2f9bf71bddffadb587d7376dfdfc8a546c84ec28
In the case of adb enabled, When a usb function switch happens
e.g mtp,adb -> ptp,adb, framework will set sys.usb.config from
"mtp,adb" to "none" and stop adbd first.
At this time, the property "sys.usb.ffs.ready", which is set after
the ready of the perious start adbd, is still "1".
So , when framework goes on setting the sys.usb.config to "ptp,adb",
init.usb.configfs.rc will trigger actions to bind() f_fs without
waiting for adbd is actually ready.
This will produce some error messages:
------------
configfs-gadget ci_hdrc.0: failed to start g1: -19
init: write_file: Unable to write to '/config/usb_gadget/g1/UDC': No such device
------------
this error msg is caused by configFS start binding f_fs before adbd is ready.
Add setting the "sys.usb.ffs.ready" to "0" will help clear this error msg,
as the bind process in kernel gadget driver will wait for the set of
this property, which is the sign of adbd is ready.
Signed-off-by: Winter Wang <wente.wang@nxp.com>
It was dropped in the migration to the public.libraries format
NDK is the same on standard Android and Wear.
Bug: 27742249
Change-Id: I1eafbb649c0ccc5b9a93471fa387624d838bd3d0
am: 0583bc6
* commit '0583bc610b56dfba646d16e5ee88131b6b918cdd':
Move list of public libraries to a config file
Revert "libnativeloader: Make webviewchromium so file optional"
am: c8bc211
* commit 'c8bc211e6658cf56c5ac8ff5217a1d9a3a64143b':
Move list of public libraries to a config file
Revert "libnativeloader: Make webviewchromium so file optional"
This list contains libraries that should directly or indirectly
be accessible to apps for the platform. Note that this list is
not device specific but rather device class specific.
For now we have 2 separate lists; one for Android Phones and Tablets,
and another one for Android Wear devices.
Bug: http://b/27546414
Bug: http://b/22548808
Change-Id: I83de5e3cf67392d0e9af66f70123898bd5997146
(cherry picked from commit 4b0e963872)
This list contains libraries that should directly or indirectly
be accessible to apps for the platform. Note that this list is
not device specific but rather device class specific.
For now we have 2 separate lists; one for Android Phones and Tablets,
and another one for Android Wear devices.
Bug: http://b/27546414
Bug: http://b/22548808
Change-Id: I83de5e3cf67392d0e9af66f70123898bd5997146
Remove references to SELinux policy files in /data/security
from libselinux/android.c. In the process all code that is
apparently related to handling an alternate policy and/or
reloading the policy has been removed.
Bug: 26544104
Change-Id: I47bf76ac3c26c5d71f92a21ffac2b17ba14262ea
Enable debugfs on non "user" builds.
BUG=27520850
Change-Id: I2bcc72b686d0477b553c0605adfd4c023e72cbfb
Signed-off-by: Mihai Serban <mihai.serban@intel.com>
The new top level directory /postinstall is used by the A/B updater to
mount the new partition and run a post-install program before rebooting
into that new system.
init.rc was extended to label this new directory since the initrd has
no extended attributes.
Bug: 27177071
TEST=`ls -laZ /` shows the /postinstall directory on edison-eng
(cherry picked from commit bb968fb04d)
Change-Id: Iff993135c7ce3a1a0f6450892ef7382da408fd5e
The new top level directory /postinstall is used by the A/B updater to
mount the new partition and run a post-install program before rebooting
into that new system.
init.rc was extended to label this new directory since the initrd has
no extended attributes.
Bug: 27177071
TEST=`ls -laZ /` shows the /postinstall directory on edison-eng
Change-Id: I6cdee7eb1d61ac7d447528962a4fad1a7bbf138d
cameraserver from nyc uses cameraserver as its username.
thus this change is needed for AVD (android virtual device)'s
camera HAL which is attached to cameraserver to work as that
HAL writes some files to /data/misc/media. the backward compatibility
issue should be handled as separate changes. this approach is
preferred for finer-grained security isolation.
Change-Id: If028667d62df8fcac634ff1001759c39703b00dd
Current profiles (the ones which have not been used for
compilation) are stored in /data/misc/profiles/cur/0/pkgname/.
Reference profiles (the merged of all user profiles, used for
compilation) are stored in /data/misc/profiles/ref/pkgname/.
Add a method to get the shared app gid from an uid or appid.
Bug: 26719109
Bug: 26563023
Change-Id: I89601d7dbeb3041df882c141a9127dac200a645e
libprocessgroup checks whether it can use memory
cgroups for keeping track of forked processes by
seeing whether /dev/memcg/apps is writable. However,
on systems with memory cgroups disabled, SELinux
(correctly) no longer classifies this directory as a cgroup,
and starts denying zygote access. To fix this,
first check whether /dev/memcg/apps/tasks exists to
see if the cgroup is mounted; only then check whether
we can write to the directory.
Bug: 27046965
Change-Id: I6e44cd62d8c396e20ceb162c50606b3e86f2cb3e
The Shell app that stores bugreports now lives under DE storage for
all devices, both FBE and non-FBE.
Bug: 26668510
Change-Id: Iead1dcb98181a5caccf4d0c1e86de62abc6dc990
This ensures that all users on device follow a consistent path for
setup and validation of encryption policy.
Also add remaining user-specific directories and fix linking order.
Bug: 25796509
Change-Id: I8c2e42a78569817f7f5ea03f54b743a6661fdb9c
Allows ActivityManager to use the top-app cpuset to grant the currently
focused app exclusive access to a CPU core.
Change-Id: I45bca5170477e413dec6e5889338399d0859706c
It turns out we were using the CPU accounting
cgroups for keeping track of processes that were
forked by an app without the framework's knowledge,
so we could kill all of them reliably (see b/15313911
for context).
Since we want to use memory cgroups for other purposes,
we might as well use memory cgroups for tracking forked
PIDs if they're enabled. This also gets us automatic cleanup
of empty mem cgroups.
Also, removed old mem cgroup mount point that is no
longer used, as well as cgroup release agent code that
we're not using.
Change-Id: I69d5cc31c162ffa49ef6945755f41381e306cc8b
The Linux kernel implicitly expects /dev/fd to symlink to /proc/self/fd.
This change fixes the exec/execveat.c kernel selftest.
Change-Id: Ia08d50023336fdbfc098527299c326d9d59039a9
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Mix the contents of /proc/cmdline and /default.prop
into /dev/urandom. /proc/cmdline often contains
androidboot.serialno, a device-specific unique
identifier. Similarly, /default.prop contains the
build fingerprint and timestamp, which vary between
device families.
Change-Id: I8803b38c7089b2a1217b99a7c1808b29a3b138cf
SurfaceFlinger needs some of its threads in the system-background cpuset
and some of its threads (the binder pool) outside of the
system-background cpuset in order to improve UI perf/power
consumption. Remove surfaceflinger from the system-background cpuset in
init.rc and allow a thread to place itself in the system-background
cpuset given enough permissions.
bug 25745866
Change-Id: I85f7e41c5439e6ad7cc2d355e51f5dfb3a0c7088
Changes to the way FBE works to support lifecycles mean that these
commands aren't needed any more.
Bug: 22358539
Change-Id: Id73339e0aa8070dd688f35b5d59de75236961395
Core system directories should be created here in init.rc instead
of making installd do the creation.
Bug: 26466827
Change-Id: I313a332e74699641872c41fce5a7ca35bfce8f82
Creation of /data/misc/vold was first introduced by commit 25775e8. It
then got reverted, probably inadvertently, by:
commit 2e24bcfdce
Author: Paul Lawrence <paullawrence@google.com>
Date: Fri May 22 18:31:55 2015 +0000
Revert "Set up crypto for user directories in init."
This folder is required by vold. In its absence, if one tries to format
an SD card as internal storage, an error will occur, with the following
message printed to logcat:
01-08 06:31:48.389 1002 1069 E vold : Failed to persist key
Restoring /data/misc/vold fixes this bug.
This fix has been verified on the emulator, which currently does not
allow its virtual SD card to be adopted, but another CL will be uploaded
to enable that.
Change-Id: Ibb87ee821630a038a6f9b7b6a9da50fe03ca690d
Signed-off-by: Yu Ning <yu.ning@intel.com>
* Added new kernel GID named "wakelock" (AID_WAKELOCK = 3010)
* Changed the group access for /sys/power/wake_lock and
/sys/power/wake_unlock from "system" to "wakelock"
* Added "wakelock" to the list of groups for the healthd process/service
Bug: 25864142
Change-Id: Ieabee9964cccec3107971a361a43aa9805164aa9
* Added new kernel GID named "wakelock" (AID_WAKELOCK = 3010)
* Changed the group access for /sys/power/wake_lock and
/sys/power/wake_unlock from "system" to "wakelock"
* Added "wakelock" to the list of groups for the healthd process/service
Bug: 25864142
Change-Id: Ieabee9964cccec3107971a361a43aa9805164aa9
If /sys/kernel/debug is present, make sure it has all the appropriate
SELinux labels.
Labeling of /sys/kernel/debug depends on kernel support
added in commit https://android-review.googlesource.com/122130
This patch depends on an external/sepolicy change with the
same Change-Id as this patch.
Change-Id: Id1d6a9ad6d0759d6de839458890e8cb24685db6d
update_verifier verifies the updated partitions and marks the current
slot as having booted successfully. It needs to be triggered prior to
the start of the framework, otherwise it won't be able to fall back to
the old system without a data wipe.
Bug: 26039641
Change-Id: I6fd183cdd3dfcc72feff2a896368158875b28591
This service is an enhanced version of bugreport that provides a better
user interface (like displaying progress and allowing user to enter
details).
It will be typically triggered by the 'Take Bug Report' UI, which will
now offer the option for the traditional or enhanced options (services
'bugreport' and 'bugreportplus' respectively).
BUG: 26034608
Change-Id: I39ea92c3e329a801b51f60a558c73faaf890c068
This mirrors what we do for "/data/data" for user 0. Eventually we
should move to vold/installd doing the user 0 initialization.
Bug: 22358539
Change-Id: I48cd27b990e6bd6e37870c41aef0e7dc3106caa4
If / is not write-able and system.img contains system/vendor, symlink
for `/vendor/ -> /system/vendor/` that is otherwise done in init.rc
should be done at build time.
BUG=b:25512724
Change-Id: Iaa63d6440373a4fd754a933c9f1960b3787a6d98
Move foreground tasks to /sys/fs/cgroup/stune/boost/tasks (boosted
weight in EAS scheduler). Move background tasks to
/sys/fs/cgroup/stune/tasks (default weight). For services started
with init, set "foreground" services to boosted.
Change-Id: I0e489fad9510727c13e6754dabaf311c2391f395
Folders in the root directory are now created during the build,
as we may be building without a ramdisk, and when we do that,
the root directory will be read-only. With those changes,
these mkdirs will never need to run.
Change-Id: I49c63e8bfc71d28e3f938ed41f81d108359fa57a
Move foreground tasks to /sys/fs/cgroup/stune/boost/tasks (boosted
weight in EAS scheduler). Move background tasks to
/sys/fs/cgroup/stune/tasks (default weight). For services started
with init, set "foreground" services to boosted.
Change-Id: I0e489fad9510727c13e6754dabaf311c2391f395
system.img may contain the root directory as well. In that case, we
need to create some folders init.rc would during the build.
Change-Id: I312104ff926fb08d98ac8256b76d01b0a90ea5e5
system.img may contain the root directory as well. In that case, we
need to create some folders init.rc would during the build.
Change-Id: I157ccbebf36bee9916f3f584551704ec481ae1d1
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Building without ramdisk requires a way to specify board specific
directoryies and symlinks in the root directory at build time.
Change-Id: I11301e98228bc4761f3aee177a546146651b9f25
(cherry picked from commit d7549c9a65cad886f672af41f5fca6f0bd0c12fa)
3.18 has a warning in dmesg that appears when the parent cpuset's cpus
and mems are changed to something other than what the child has. Reorder
init.rc to prevent this warning from appearing.
bug 24941443
Change-Id: I49d8394063b23dce03222dcc9ddccdc32bb97ea2
Don't allow the accidental triggering of sysrq functionality
from the keyboard. The only expected use of sysrq functionality
is via /proc/sysrq-trigger
Please see https://www.kernel.org/doc/Documentation/sysrq.txt for
additional information on /proc/sys/kernel/sysrq
Bug: 13435961
Change-Id: I60dc92a4b2b4706e8fa34a6cead9abd449f7375f
Ensure that /data/misc/update_engine exists since it will be referenced
by selinux policy.
Bug: 23186405
Change-Id: I96e4ff341086da6474ef7f7c934f1f35bffc1439
Ajay Panicker