MS_MOVE was used when staging external storage devices, which no
longer occurs. In fact, having a writable tmpfs was masking a vold
bug around moving apps to SD cards.
Bug: 11175082
Change-Id: Ib2d7561c3a0b6fde94f651a496cb0c1f12f88d96
Add sdcard FUSE daemon flag to specify the GID required for a package
to have write access. Normally sdcard_rw, but it will be media_rw
for secondary external storage devices, so DefaultContainerService
can still clean up package directories after uninstall.
Create /mnt/media_rw which is where vold will mount raw secondary
external storage devices before wrapping them in a FUSE instance.
Bug: 10330128, 10330229
Change-Id: I4385c36fd9035cdf56892aaf7b36ef4b81f4418a
I97b3d86a69681330bba549491a2fb39df6cf20ef introduced a separate type
for the adb_keys file. Set the security context of the adb_keys file
accordingly by adding restorecon commands to init.rc.
Change-Id: I30e4d2a1ae223a03eadee58a883c79932fff59fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Use kernel oom_score_adj interface to make init and children unkillable.
Stop using older, deprecated oom_adj interface.
Use OOM_SCORE_ADJ_MIN to make the processes unkillable (previously the processes
were set to a very low score, but not unkillable).
Change-Id: I680965009585c2a5a580859fb946f2d0caa95d9c
The log_target parameter of android_fork_execvp_ext() is now a
bit field, and multiple targets can be set to log to multiple
places at the same time.
The new target LOG_FILE will log to a file specified by the new
parameter file_path.
Set LOG_FILE and log to a file in /dev (the only writable filesystem
avilable when e2fsck runs) when invoking e2fsck in fs_mgr.
Bug: 10021342
Change-Id: I63baf644cc8c3afccc8345df27a74203b44d0400
Before this change, FUSE lookup() would have the side effect of
creating the directory on behalf of apps. This resulted in most
directories being created just by Settings trying to measure disk
space. Instead, we're switching to have vold do directory creation
when an app doesn't have enough permissions.
Create fs_mkdirs() utility to create all parent directories in a
path as needed. Allow traversal (+x) into /storage directories.
Fix FUSE derived permissions to be case insensitive. Mark well-known
directories as .nomedia when created.
Bug: 10577808, 10330221
Change-Id: I53114f2e63ffbe6de4ba6a72d94a232523231cad
Policy reload is handled by setting the selinux.reload_policy property
and letting the init process perform the actual loading of policy into
the kernel. Thus, there should be no need for the system UID to directly
write to /sys/fs/selinux/load.
Change-Id: I240c5bb2deaee757a2e1e396e14dea9e5d9286f5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
It's a security best practice to carry entropy across reboots.
(see "man 4 random"). Currently, entropy saving and mixing occur
in the system_server, via the EntropyMixer code. Unfortunately, the
EntropyMixer code runs fairly late in the boot process, which means
early boot doesn't have high quality entropy. This has caused security
problems in the past.
Load entropy data as soon as we can in the early boot process, so that
we can get /dev/random / /dev/urandom into a "random" state earlier.
Bug: 9983133
Change-Id: Id4a6f39e9060f30fe7497bd8f8085a9bec851e80
Changing mem cgroups permissions to only be accessible by root and system.
Bug: 10210529
Bug: 10210900
Change-Id: Ib4fff6f49b33013b3629d40ae98a5e2464571b2d
Once userdata is available and decrypted, trigger a policy reload to pick
up any policy update files stored under /data/security.
Change-Id: Ic2b3121c3395429b108c40d1d7f5a3124a5896c5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Restarting ueventd upon policy reloads has reportedly created
stability problems for some users and could cause events to be lost.
Stop restarting ueventd and instead handle policy reloads within ueventd.
Also stops restarting installd upon policy reloads.
Change-Id: Ic7f310d69a7c420e48fbc974000cf4a5b9ab4a3b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ActivityManager can't directly write to extra_free_kbytes because
/proc/sys rejects all chown and chmod syscalls. Proxy the writes
through init by using the sys.sysctl.extra_free_kbytes property.
Bug: 10024467
Change-Id: I441e00478421254355fcafb252bc878166483d4c
- BOOTCLASSPATH now is derived from PRODUCT_BOOT_JARS, which is a product
configuration variable set up by the core build system.
- Moved files from the legacy ALL_PREBUILT to PRODUCT_COPY_FILES in
build/target/product/embedded.mk.
Bug: 9990214
Change-Id: I98bac36c1ca8c779dda572a0a5e0a22b7e4c4a7a
Jeff Sharkey