When ueventd creates a device node, it may also create one or more
symlinks to the device node. These symlinks may be the only stable
name for the device, e.g. if the partition is dynamically assigned.
A corresponding change with the same Change-Id to external/libselinux
introduces selabel_lookup_best_match() to support looking up the "best match"
for a device node based on its real path (key) and any links to it
(aliases). This change updates ueventd to use this new interface
to find the best match for the device node when creating it.
Change-Id: Id6c2597eee2b6723a5089dcf7c450f8d0a4128f4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
I haven't seen this warning in any AOSP code, but some of our code is
using this header differently than the rest of the build system, and
hits this warning-turned-error:
error: "__USE_MINGW_ANSI_STDIO" is not defined [-Werror=undef]
Change-Id: I3c5a91f107af8bf6078e06f2ce326c5466349b79
Make sure /data/dalvik-cache/profiles gets the correct
permissions and SELinux context, and ownership is properly
assigned to the system UID.
Change-Id: Ic1b44009faa30d704855e97631006c4b990a4ad3
Given that all current & future android ABIs are
little endian, we can get rid of the explicit conversions
from memory regions to little endian data members.
Also cleans up a few C style casts that snuck in during
several -Werror efforts and fixes temporary file generation
on target.
bug: 15448202
Change-Id: I4fcbb3c1124cb82c82139d328344e54fc7895353
It doesn't make any sense for the C library to contain private stuff
that's only used by toolbox. Rather than move that stuff out of bionic
and into here, let's just use the same MD5 implementation the rest of
the system's using.
Change-Id: Ia1c73164124094b532af3453b90c4bd1ebfdaa24
Currently, /system/xbin/su is world executable. Prior to SELinux
enforcement, anyone (including third party apps) could run su.
The su code itself checks to see if the calling UID is root or shell.
Rather than relying on enforcement within the su binary, modify the
binary so it has group=shell, and remove world-execute permission.
This helps avoid some annoying SELinux denial messages as third party
apps call su on userdebug/eng builds.
Change-Id: I61c9231bb7e201d14ee3a5b6fe81b3fa7b12599f
If an adb shell connection comes in while taking a screenshot,
an open pipe file descriptor will be leaked to the shell process.
This causes SELinux denials of the form:
avc: denied { read } for path="pipe:[21838]" dev="pipefs" ino=21838 scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=fifo_file permissive=0
avc: denied { write } for path="pipe:[21838]" dev="pipefs" ino=21838 scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=fifo_file permissive=0
Set O_CLOEXEC on the pipe connections, to avoid leaking them
across an exec boundary.
Bug: 15437785
Change-Id: Id2304b316bd7082d8baac246dce1f0e0e26e9197
Port libcutils memset16/32 assembly SSE2 optimizations to x86_64
architecture. Ensures the same performance on 64-bit arch.
Change-Id: I874a71a884c0d28a152933ddff9cb886c9a6e99e
Signed-off-by: Henrik Smiding <henrik.smiding@intel.com>
xuefeng cai