handle_rename() would end up acquiring the lock twice. Change to
always derive has_rw inside earlier locks (instead of acquiring a
second time), and pass the value into check_caller_access_to_name().
Bug: 10547597
Change-Id: If5744d6d226a4785676c19d0f7fdf1c05060ed76
On some devices there is a slight delay between the creation of "/dev/bus"
and "/dev/bus/usb". Previously, the code assumed that both are created in the
same time which caused "watch_existing_subdirs" to fail and libusbhost to stop
working until the device is rebooted. The fix will setup an inotify event on the
creation of the "bus/usb" so it will not be missed once it's created.
Change-Id: I17f06dd167e61573307425e48898e12ebc954093
Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
In Android 4.3 the run-as binary no longer has the SUID/SGID bits
set. Instead, it requires to be installed with setuid and setgid
file-based capabilities. As a result of the above two changes, the
binary no longer executes as root when invoked by the "shell" user
but can still change its UID/GID to that of the target package.
Unfortunately, run-as attempts to chdir into the target package's
data directory before changing its effective UID/GID. As a result,
when run-as is invoked by the "shell" user, the chdir operation
fails.
The fix is for run-as to chdir after changing the effective UID/GID
to those of the target package.
Bug: 10154652
(cherry picked from commit f2904a7b63)
Change-Id: I0f6cb9efd49f5c2c491f7aa1d614d700a5ec2304
On some devices there is a slight delay between the creation of "/dev/bus"
and "/dev/bus/usb". Previously, the code assumed that both are created in the
same time which caused "watch_existing_subdirs" to fail and libusbhost to stop
working until the device is rebooted. The fix will setup an inotify event on the
creation of the "bus/usb" so it will not be missed once it's created.
Change-Id: I17f06dd167e61573307425e48898e12ebc954093
The group ownership of the package database
/data/system/packages.list read by run-as was changed in
977a9f3b1a from "system" to
"package_info". run-as currently changes its effective group to
"system" and is thus unable to read the database.
This CL fixes the issue by making run-as change its effective group
to "package_info" for reading the package database.
Bug: 10411916
Change-Id: Id23059bfb5b43264824917873a31c287f057ce4e
These properties are typically set at device provisioning time
or in the factory. They contain unit-specific data that isn't
touched by software updates or factory data reset. Only
read-only properties can be read by this mechanism.
Change-Id: Ifff9184f039072c3c0ce99f825c3075afb524514
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The Linux RNG may have little entropy during boot. As more and more
devices have a Hardware RNG, we mix in 512 bytes from Hardware RNG
(if present) into Linux RNG early during boot (after
wait_for_coldboot_done and before property_service_init actions in
init).
To avoid having to trust the output of Hardware RNG, we do not mix it
into the Linux RNG's primary pool or increase the Linux RNG's entropy
estimates.
Bug: 10362513
Change-Id: I80617f21710400747f5e7533e518d90ea74e2f11
Jeff Sharkey