With newer Android kernels, anyone can read from the files in
/dev/log. If you're in the logs group (have the READ_LOGS) permission,
you'll see all entries. If you're not in that group, you'll see
log messages associated with your UID.
Relax the permissions on the files in /dev/log/ to allow an application
to read it's own log messages.
Bug: 5748848
Change-Id: Ie740284e96a69567dc73d738117316f938491777
Make the drm server run as UID=drm, GID=drm. This ensures that
any files created by the drmserver app do not have GID=system.
Bug: 5834297
Change-Id: I3409ad350e9cc82bb0982cdbe470ec1f10b1ca67
Android developers should never place files in /data/local/tmp.
Files or directories in /data/local/tmp can be minipulated by the
shell user.
Android developers should never create world-writable files
or directories. This is a common source of security vulnerabilities.
Change-Id: I6d2cd620ab49d8ca3f39282f7d2ed682a9ba91c3
The keystore service needs to access hardware crypto devices to
fulfill its function on devices with hardware crypto. This role
was assigned to the (now misnamed) drmrpc group.
Change-Id: Ia32f9e96b4372f0974984451680f9a0f6157aa01
CVE-2011-3918: Address denial of service attack against Android's
zygote process. This change enforces that only UID=system can
directly connect to zygote to spawn processes.
Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
This removes the hardcoding of the file import in init and instead
allows the init.rc file to fully control what is loaded.
Change-Id: I933e5bbab57f1e8705a370d660f92c6508da94d2
Signed-off-by: Dima Zavin <dima@android.com>
This removes the hardcoding of the file import in init and instead
allows the init.rc file to fully control what is loaded.
Change-Id: I933e5bbab57f1e8705a370d660f92c6508da94d2
Signed-off-by: Dima Zavin <dima@android.com>
Set dmesg_restrict to 1 to help limit inadvertent information leaks
from the kernel to non-privileged programs. Root and programs with
CAP_SYSLOG will continue to have access to dmesg output.
See "dmesg_restrict" in Documentation/sysctl/kernel.txt from the
Linux kernel source code.
Bug: 5585365
Change-Id: Iffcf060ea4bd446ab9acf62b8b61d315d4ec4633
Otherwise, ueventd's oom_adj value would have been 0 and it could
easily get killed early during low memory events
Change-Id: I1adbd18c37215b26ae77e70f7b8dbd1e143fc2d4
Signed-off-by: Dima Zavin <dima@android.com>
To make writing kernel exploits harder, set /proc/sys/kernel/kptr_restrict
to "2". This prohibits users from accessing kernel symbols via /proc/kallsyms
Bug: 5555668
Change-Id: Ib31cb6fcb4d212a0b570ce9e73ae31f721ed801b
Add log group to ril-daemon service. rild is the best place to
know the issue on the modem in many time. It would be helpful
if rild alone can capture the snapshot of logcat buffers at
the moment of problem.
Change-Id: Ie0dcda126fb748a00e650427de35541672359287
The qemu-props program is launched at boot to read a series of
system property assignments from the emulator and apply them.
This is necessary to deal with the dynamic nature of the emulated
platform (e.g. the screen density which depends on the skin and
cannot be hard-coded in the platform image).
This patch ensures that qemu-props is started before any other
service that may read one of these properties (e.g. surface flinger).
This is done by encapsulating the program into a 'core' service.
Core services are all stared before regular ones.
Before the patch, qemu-props was started manually inside a script
that is called from a late emulator-specific boot service
(goldfish-setup).
The problem was that sometimes qemu-props was run too late.
This resulted in random flakiness, especially when running
on a low-end host machine.
Fix for bug 2161189 (and probably a few others)
Change-Id: I2933a25dcb5fecbb1fc238f157264e621b8f295b
The netfilter xt_qtaguid module uses a misc dev so that processes
that use the module can be tracked.
Every process that does socket tagging must open that dev.
Change-Id: I6af3e0f0180637b14455dd9607724523f142c402
Introduces a 'charger' section that is processed when androidboot.mode
supplied on the kernel commandline is "charger".
In this mode, sections such as fs, post-fs, etc are skipped. Only the
'early-init' and 'init' sections of the init rc files are processed before
processing the 'charger' section.
Change-Id: If9eb6334de18f04cbcf2aab784578e2993615242
Signed-off-by: Dima Zavin <dima@android.com>
The mediaserver needs to do communication on behalf of other apps
(browser, ...).
It needs to be able to tag sockets. The kernel will check for net_bw_acct
group membership.
Change-Id: I7fb063fdb7d9435d7f979df6622ff17f34049cbc
Racoon still needs it after dropping root privilege, or pure IPSec VPN
will fail. Mtpd works without it because net_raw implies inet. However
it would be better to set all of them clearly without the assumption.
Change-Id: I50762af2c25ec9cc559e528c7b14f469494fd553
Removed system from mediaserver groups. Not needed anymore
now that AudioFlinger acquires wake locks via PowerManagerService.
Change-Id: I177b968a0a30557d871188bf3991b96d9b391d3c
Nick Kralevich