Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Don't allow the accidental triggering of sysrq functionality
from the keyboard. The only expected use of sysrq functionality
is via /proc/sysrq-trigger
Please see https://www.kernel.org/doc/Documentation/sysrq.txt for
additional information on /proc/sys/kernel/sysrq
Bug: 13435961
Change-Id: I60dc92a4b2b4706e8fa34a6cead9abd449f7375f
Ensure that /data/misc/update_engine exists since it will be referenced
by selinux policy.
Bug: 23186405
Change-Id: I96e4ff341086da6474ef7f7c934f1f35bffc1439
Move uncrypt from /init.rc to /system/etc/init/uncrypt.rc using the
LOCAL_INIT_RC mechanism
Bug 23186545
Change-Id: Ibd838dd1d250c0e6536e44b69f11fb5ed42ba10b
init.trace.rc will be renamed to atrace.rc and use the LOCAL_INIT_RC
mechanism to be included on /system appropriately.
Bug 23186545
Change-Id: I55c37d3ff98c9ac10e6c1a713fadc7eb37346195
This CL adds a new init script init.usb.configfs.rc
to add generic configfs commands. Setting
sys.usb.configfs in init.usb.{hardware}.rc
enables executing commands in this script
Bug=23633457
Change-Id: Iaae844a7957d6c9bf510648aaff86d56aa0c6243
This is used for app launches (and maybe other high priority tasks
in the future). It's to be set to whatever cores should be used
for short term high-priority tasks.
bug 21915482
Change-Id: Id0ab0499146c09e860b97f4cb8095834cb12dd50
Services definitions for core services are now bundled with the source
for the service itself in the form of <service name>.rc. These
individual .rc files are now located in /system/init/... and are
parsed when the system partition is mounted.
Bug: 23186545
Change-Id: Ia1b73af8d005633aa4252d603892064d7804163d
We have a bunch of magic that mounts the correct view of storage
access based on the runtime permissions of an app, but we forgot to
protect the real underlying data sources; oops.
This series of changes just bumps the directory heirarchy one level
to give us /mnt/runtime which we can mask off as 0700 to prevent
people from jumping to the exposed internals.
Also add CTS tests to verify that we're protecting access to
internal mount points like this.
Bug: 22964288
Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
This CL adds a trigger and a service so that Systrace can be used
for tracing events during boot.
persist.debug.atrace.boottrace property is used for switching on
and off tracing during boot. /data/misc/boottrace/categories
file is used for specifying the categories to be traced.
These property and file are rewritten by Systrace when the newly
added option --boot is specified.
Here is an example of tracing events of am and wm catetories
during boot.
$ external/chromium-trace/systrace am wm --boot
This command will cause the device to reboot. Once the device has
booted up, the trace report is created by hitting Ctrl+C.
As written in readme.txt, this mechanism relies on persistent
property, so tracing events that are emitted before that are not
recorded. This is enough for tracing events after zygote is
launched though.
This only works on userdebug or eng build for security reason.
BUG: 21739901
Change-Id: I03f2963d77a678f47eab5e3e29fc7e91bc9ca3a4
Ensure that /data/anr always exists. This allows us to eliminate
some code in system_server and dumpstate. In addition, this change
solves a common problem where people would create the directory
manually but fail to set the SELinux label, which would cause
subsequent failures when they used the directory for ANRs.
Bug: 22385254
Change-Id: I29eb3deb21a0504aed07570fee3c2f87e41f53a0
Required by logd on devices with USE_CPUSETS defined.
Make /dev/cpuset/background, /dev/cpuset/foreground and
/dev/cpuset/task writeable by system gid. Add logd to system
group for writing to cpuset files and to root group to avoid
regressions. When dropping privs, also drop supplementary groups.
Bug: 22699101
Change-Id: Icc01769b18b5e1f1649623da8325a8bfabc3a3f0
The cfs tunables auto-scale with the number of active cpus by default. Given
that the tunable settings are in device-independent code and it's not
known how many cores are currently active when the init.rc file runs,
the cfs tunables can vary pretty significantly across devices depending
on the state at boot. Disable scaling of the the tunables so that we
can get more consistent behavior of cfs across devices. If we want to
do per-device tuning of these values, we can override what's written
here in device specific files.
Bug: 22634118
Change-Id: Id19b24ef819fef762521e75af55e6d4378cfc949
Nick Kralevich