netd is supposed to be restarted when the zygote is restarted (see the
"onrestart" section for "service zygote" in init.zygote*.rc). But this
only works if you send a restart command (say via "ctl.restart").
"stop && start" != "restart". It seems ingrained in developers to do
"stop && start", so we don't have much hope of convincing everyone to
switch to "adb shell restart", even if we did add such a toolbox command.
Bug: 15855807
Change-Id: I387fe86600f4a2862abc3a05a2ef9a1e7374e21d
This follows the recommendations of the SD-card association.
Change-Id: Ie89a5972d086b3df9d92e631c394a521f807b016
Signed-off-by: Daniel Rosenberg <drosen@google.com>
It doesn't make any sense for the C library to contain private stuff
that's only used by toolbox. Rather than move that stuff out of bionic
and into here, let's just use the same MD5 implementation the rest of
the system's using.
Change-Id: Ia1c73164124094b532af3453b90c4bd1ebfdaa24
Allow us to easily identify the 32/64 bitness of the process. Yes, I
know this is not technically an ABI, but it seemed close enough!
Change-Id: Ia03a17fd74d61e7619911cb26b3dd7d82b62930c
- Deal with some signedness issues
- Deal with some size issues
- Deal with NULL pointer issues
- Deal with some -Wunused issues
Change-Id: I1479dd90d690084491bae3475f2c547833519a57
Would've been nice if we could use the sys property
observer to start and stop all services in a service
class but service classes do not appear to be fully
supported.
Change-Id: Iaf17a2dbcf913c4c646bc1e8e13adee9f952c45e
Patch for https://code.google.com/p/android/issues/detail?id=68268
A length check for the argv[2] was added in order to prevent buffer
overflow. Also replace strcpy with strlcpy.
Signed-off-by: nks <nks@sixserv.org>
Change-Id: If65b83e9b658315c672e684f64e3ae00e69fac31
uid_from_user doesn't need to cope with numeric ids in the BSD code
like it did with the old Android code; the caller now handles those.
Also explain what SUPPORT_DOT is for.
Change-Id: I185c9f02b7039795069aa30545563b8a6ef54cd5
This depends on change I137588013ed1750315702c0dbe088ce3e4a29e83.
Change-Id: I5a4fef9affd6cddf98d72dc9d54899be25741779
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
libselinux selinux_android_restorecon API is changing to the more
general interface with flags and dropping the older variants.
Also get rid of the old, no longer used selinux_android_setfilecon API
and rename selinux_android_setfilecon2 to it as it is the only API in use.
Change-Id: I1e71ec398ccdc24cac4ec76f1b858d0f680f4925
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Extend the libselinux restorecon implementation to allow reuse
by the toolbox restorecon command. This simply requires adding
support for the nochange (-n) and verbose (-v) options to the
libselinux functions and rewriting the toolbox restorecon command
to use the libselinux functions. Also add a force (-F) option to
support forcing a restorecon_recursive even if the restorecon_last
attribute matches the current file_contexts hash so that we can
continue to force a restorecon via the toolbox command for testing
or when we know something else has changed (e.g. for when we support
relabeling /data/data and package information has changed).
Change-Id: I92bb3259790a7195ba56a5e9555c3b6c76ceb862
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This cleans up most of the size-related problems in system/core.
There are still a few changes needed for a clean 64-bit build,
but they look like they might require changes to things like the
fastboot protocol.
Change-Id: I1560425a289fa158e13e2e3173cc3e71976f92c0
Use ssize_t for handling the result of a readlink call.
Fix the following compiler warning:
system/core/toolbox/ls.c: In function 'listfile_maclabel':
system/core/toolbox/ls.c:238:68: warning: unused parameter 'flags' [-Wunused-parameter]
static int listfile_maclabel(const char *path, struct stat *s, int flags)
Change-Id: Idd65f3349fb9dfb6f7a374c81f72d3169af33505
Increase the size of the user/group buffer from 16 bytes
to 32 bytes. Some OEMs are creating usernames longer than
15 bytes, causing problems.
Use bounds checking functions when handling user/group
data, to avoid overflowing buffers.
Change-Id: I4a5824b819b0c37662ba4f33573af0d0e071b444
1) Implement documented but unimplemented read-only option.
2) Allow standard input to be used as the <device> by passing
"-". On some devices, opening the device has side effects.
Allowing standard input can prevent this by using a sequence
of something like:
# Open the device on file descriptor 3
exec 3<> /dev/something
ioctl -d - 0 0 <&3
ioctl -d - 1 0 <&3
dd if=myfile >&3
# Close file descriptor 3
exec 3>&-
Change-Id: If17ac3cffa7ccb159051550724b4ce7d8efa5feb
Signed-off-by: Scott Anderson <saa@android.com>
Move the liblog headers to log/ instead of cutils/ to complete
the separation of libcutils and liblog. cutils/log.h still
exists and includes log/log.h in order to support the many existing
modules that use cutils/log.h.
Change-Id: I2758c9f4aedcb809ca7ba8383d0f55041dd44345
When running with the -f option, do not stop recursion or proccessing
command line args if an error occurs. Continue trying to remove all
the items specified on the command line. However, still return an
error status if some files could not be removed.
Change-Id: I83d66babe833da8a68aad68248647ba0601c5d32
Add swap utilities (mkswap, swapon, swapoff) to the toolbox
Change-Id: If5ed6981670a1cdda6b528b587dbc1be7ccdf832
Signed-off-by: Rom Lemarchand <romlem@google.com>
Internally, replace the watchlist array with a hashmap since the array
assumes properties are enumerated in a consistent order and foreach()
probably won't. (find_nth() never guaranteed this either but it usually
worked in practice.)
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit 389e358017)
Change-Id: I1db3137b130474f4bb205f01f0bdcf37cf974764
Internally, replace the watchlist array with a hashmap since the array
assumes properties are enumerated in a consistent order and foreach()
probably won't. (find_nth() never guaranteed this either but it usually
worked in practice.)
Change-Id: I83843facdd671edd09652edf472e88ec3d1edd3b
Signed-off-by: Greg Hackmann <ghackmann@google.com>
The third argument of strncat() tells how much data to append from
src, not the total size of the buffer.
Change uses of strncat() to strlcat(), which has the buffer overflow
protection behavior intended by the original author.
This fixes the following compiler warning:
In function 'strncat',
inlined from 'print_type' at system/core/toolbox/lsof.c:76:12:
bionic/libc/include/string.h:142:5: warning: call to __builtin___strncat_chk might overflow destination buffer [enabled by default]
Change-Id: Id69edc641de3cb87d1867a409cd57b04b12f90a7
Fix bug https://code.google.com/p/android/issues/detail?id=54192
which incorrectly calculated the length of a string.
Fix compiler warning:
system/core/toolbox/mount.c:59:2: warning: initializer-string for array of chars is too long [enabled by default]
system/core/toolbox/mount.c:59:2: warning: (near initialization for 'options[16].str') [enabled by default]
Change-Id: If8663f8311c6348a730fcf731d402b57fee10cb5
When a filesystem is mounted read-only, make the underlying
block device read-only too. This helps prevent an attacker
who is able to change permissions on the files in /dev
(for example, symlink attack) from modifying the block device.
In particular, this change would have stopped the LG Thrill / Optimus
3D rooting exploit
(http://vulnfactory.org/blog/2012/02/26/rooting-the-lg-thrill-optimus-3d/)
as that exploit modified the raw block device corresponding to /system.
This change also makes UID=0 less powerful. Block devices cannot
be made writable again without CAP_SYS_ADMIN, so an escalation
to UID=0 by itself doesn't give full root access.
adb/mount: Prior to mounting something read-write, remove the
read-only restrictions on the underlying block device. This avoids
messing up developer workflows.
Change-Id: I135098a8fe06f327336f045aab0d48ed9de33807
The offset variable in lseek is 32 bit and get easily overflow
when accessing with large offset in dd command.
Use lseek64 to resolve it.
Change-Id: Ib75d9dcb587004a6851365ab5bb8584ce1010b57
Set the CAP_SYS_BOOT filesystem capability on the new reboot
command and keep CAP_SYS_BOOT in adb bounding set so that the
shell user can run it.
Change-Id: I1dd6143445ee2a952254f0452ab6e544318431dd
Change setsebool syntax from name=value to name value.
This is to make it consistent with setprop and similar commands.
Update both the init built-in command and the toolbox command
for consistency.
Change-Id: I2c8e016ba26731c4a2ad4a49ae3b89362bf8f8a8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Comparison of signed and unsigned integers. Use parenthesis around a
group of bitwise OR operations.
Change-Id: Ia404380593ce2c2a291133c07c0fc7a016a3ad3f
'df' command used to display filesystem usage statistics as integer
values, in most cases rounding the actual value down. Because of
that 'df' tended to display faulty size values.
This fix to 'df' utility calculates the fractional part of the size,
then it rounds it when needed to the nearest one-digit integer value
and displays after decimal dot.
Change-Id: I9bc52635d45d3e55ce61b3b1c6b80d1267516e75
Define /storage as top-level concept, so that we enforce permissions
uniformly. Moves external storage paths from headers to per-device
environment variables. Added missing mount flags, and we no longer
have adb-specific external storage.
Bug: 6925012
Change-Id: Ic7ca953be2f552d3f0ec9e69f89fef751daa1b29
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The code is from NetBSD, with the -n and -h options removed to make
porting easy. Also, removed support for the BLOCKSIZE environment
variable for the same reason.
Change-Id: Ib927ff3527e02802785fdd7f75bab1f05222918e
When creating a new file using open(..., O_CREAT), it is an error
to fail to specify a creation mode. If a mode is not specified, a
random stack provided value is used as the "mode".
This will become a runtime error in a future version of Android.
Change-Id: I00609f37d2ea68e21b6404d542830386be354202
Replace "-" with "_" in module name. This would keep
rmmod compatible with module-init-tools version of rmmod
Change-Id: I4470d9a98bc2f299acd94859fca4403aee279d2b
Signed-off-by: Vishal Bhoj <vishal.bhoj@linaro.org>
this prevent compatibility errors in scripts (file "-f" not found)
The force flag will not return an error if the file doesnt exist.
Signed-off-by: Tanguy Pruvot <tanguy.pruvot@gmail.com>
Change-Id: I3267963284ee247629da5ab299e900c6e4a4ac68
mksh provides a kill primitive with signal names, but also offer it in
our toolbox binary. This will allow anyone to use "kill -HUP <pid>" or
"kill -l" to look at the name to number signal mapping.
Change-Id: Id683721f4ad3f2b518b4dc54a6073510290cbe04
Some versions of windows cannot handle FAT32 filesystems with less
than 65527 clusters, so make sure we don't create such beasts.
Change-Id: Id00fb02c4f8476f7dcc0ef137bd9e4975d740591
This will make it easier to add additional policies (cgroups) if needed.
Also added comments to the sched_policy APIs.
Change-Id: I33ce1cc4deae10983241f7391294b7a512d2c47c
Add -Z option to ls and ps for displaying security contexts.
Modify id to display security context.
Add new SELinux commands: chcon, getenforce, getsebool, load_policy, restorecon, runcon, setenforce, setsebool.
Change-Id: Ia20941be4a6cd706fe392fed6e38a37d880ec5f1
When the chown program fails it prints out an error message
and is describing itself as chmod. This has been corrected.
Change-Id: I2c489975f09343bdf66acbf7df6e7183c2daff78
Signed-off-by: christian bejram <christian.bejram@stericsson.com>
hd would error out on files that were not a multiple of its read
buffer size (4096). For example:
Read error on init.rc, offset 17040 len 4096, No such file or directory
The fix is to stop reading on EOF instead of treating it as an
error.
Signed-off-by: Scott Anderson <saa@google.com>
(cherry picked from commit a9fac4155f)
Change-Id: Ib2af725fc39e96c2f81559f61979d451604d4817
This command outputs the MD5 for specified files. The output is
in the same form as the md5sum command on Linux.
Change-Id: Ie0e6faf678469ac886bba8b46d98c0e54976a1ed
Signed-off-by: Scott Anderson <saa@google.com>
Adds a field to the non-long version of ls that tells what type of file
it is (i.e., regular, directory, link, fifo, etc).
This is useful for scripts that don't have direct filesystem access.
Change-Id: I54a327390f6ed403acb13c824f62ba9594ba320d
This fixes bug http://b.android.com/18419, which complains about a bogus
error check in the mount command (it also was wrong in the umount command)
and also asks for the mount command to support more than one loopback
device, as mentioned in the FIXME comments in mount.c. This required some
corresponding changes to umount.c
Change-Id: Ib796c70926395e61557e487bad64984d3295d5f3
Fixed a bug printing the event value when using labels.
Stop trying to print the available codes for EV_SYN because
we cannot actually query them. EVIOCGBIT(0, size) is a special
case that returns the set of events that are supported, and
EV_SYN == 0.
Change-Id: Iea086ba24300ca0815e4814a3bc5ff60756612c2
Added -l argument to print labels for event types, codes and values.
Added -i argument to print all device info.
Added support for printing input properties.
Change-Id: I3cacb716dbc38f50217b9dfc24ba44d08f352603
I wrote this to test my fix to support utime(2) system calls in the
sdcard fuse filesystem for stingray, and decided to finish sprucing
it up and make it part of toolbox. In an effort to keep it small,
it doesn't accept dates a la touch, but just a time_t value.
Change-Id: I5dd011cd2e34d0cc605d6f40e46b96a8c949f194
Ext4 filesystems like to be unmounted before rebooting. The Android system
doesn't have a traditional Linux init setup, and shutting down the system
was not much more than calling sync(2) and reboot(2). This adds a new
function to libcutils called android_reboot(). By default, it calls sync()
and then remounts all writable filesystems as read-only and marks them clean.
There is a flag parameter in which the caller can ask for sync() not to be
called, or to not remount the filesystems as read-only. Then it will call
reboot(2) as directed by the other parameters. This change also updates
adb, init and toolbox to call the new android_reboot() function.
Fixes bugs 3350709 and 3495575.
Change-Id: I16d71ffce3134310d7a260f61ec6f4dd204124a7
getprop used to output a colon after the property name like:
[property.name]: [property.value]
Add back the colon that was missing, because
com.android.ddmlib.GetPropReceiver's regex expects it. Without
the colon, the GetPropReceiver doesn't parse the device's
properties causing CTS to not recognize the device.
Change-Id: I9bef5ab2b310c831c49c8c51cae7f129167c2dc5
This patch also factors out the dynarray_t/strlist_t code
from ls.c and moves it to dynarray.[hc].
Change-Id: Ifae2b364d7c2733aad5551ad3c78ae72f8ac31f4
The first field in /proc/uptime is bootbased time, not monotonic
time. If the kernel tracks bootbased time correctly, it counts
elapsed run time as well as sleep time, which is the same as the
elapsed time in the android alarm driver, and sleep time is
always returned as 0.
Use clock_gettime(CLOCK_MONOTONIC) instead, which will return
elapsed run time not counting sleep time on all platforms.
Change-Id: I28a22e8c93d78f62666ee8c877c7c6718a2b640a
Merge commit 'f1fd5eb8cca9f1096c4d0de5abbbd2b264fd1b9e'
* commit 'f1fd5eb8cca9f1096c4d0de5abbbd2b264fd1b9e':
netstat should include /proc/net/tcp6 and /proc/net/udp6 data
Merge commit '2f7b72f9e8d06c80957cdf384d23d3bf5bd5ce5c' into gingerbread-plus-aosp
* commit '2f7b72f9e8d06c80957cdf384d23d3bf5bd5ce5c':
netstat should include /proc/net/tcp6 and /proc/net/udp6 data
Merge commit '09dd3e57b920c8f65cb486313a4c0f35b8cb9f46' into gingerbread-plus-aosp
* commit '09dd3e57b920c8f65cb486313a4c0f35b8cb9f46':
make df more readable
Merge commit '53308d4cd5c4414402e979a6771f7ef3b35f5c2f' into gingerbread-plus-aosp
* commit '53308d4cd5c4414402e979a6771f7ef3b35f5c2f':
Correct copyright header for uptime and NOTICE