The /oem mount point is used to mount semi-trusted data, and
many Android One devices depend on it. Make sure it's guaranteed
to always be available.
(cherrypicked from commit f3b554fc61)
Bug: 20816563
Change-Id: Ib5272f025d14d4da6125d753879054b3faeae696
The /oem mount point is used to mount semi-trusted data, and
many Android One devices depend on it. Make sure it's guaranteed
to always be available.
Bug: 20816563
Change-Id: Ib5272f025d14d4da6125d753879054b3faeae696
This reverts commit 4217374611.
It turns out that the kernel passes any unrecognized arguments on to init,
and (at least) N6 and N9 have such arguments. My lazy check of argc was
thus insufficient to recognize what stage of init we were in, so we'd
skip to stage 2 and not set up SELinux. And apparently you can get a
very long way with SELinux off... We'll fix that in a later change.
Bug: 19702273
Change-Id: I43b3fb722fed35dd217cb529cbcac9a29aff4e4b
tzdatacheck is exec'd from init.rc early in boot just after /data is
mounted. It checks to make sure that the tz rule data in /data
is newer than the version in /system. If the data is older it is
deleted. This is to address problems with earlier tz rule updates
that occurred: after an OTA upgrade previous updates in /data
would override newer versions in the system partition.
Includes change to init.rc neccessary to run it at boot time. Other
changes are in external/selinux.
Bug: 19941636
Bug: https://code.google.com/p/android/issues/detail?id=35730
Change-Id: I7cc61e058424c856da88f11ff9b259f34cb39dc7
Until we have SELinux support for gating access
to individual TEE services, we will proxy TEE requests
to GateKeeper via this daemon.
Change-Id: Ifa316b75f75bff79bdae613a112c8c3c2e7189a8
The earliest point we can start logd is after /system is mounted.
Ideally on post-fs-system (does not exist), post-fs will do.
As insurance, we will also make sure logd is started if a
logd-reinit is requested. This results in logd starting at least
4 processes earlier than it does currently, with a tighter
grouping of threads which means we are taking advantage of a
lighter CPU load at the time, rather than taking cycles during
heavy activity during core startup.
Change-Id: If4f0bd3a53bb4c47500a54d741ca635d87c0c330
Fix build break caused by original change
This reverts commit 84b0bab58f.
(cherry picked from commit bbb4c85bdcc9a1bce315ed9d61a228bb1b992a1c)
Change-Id: If0ead0f2656b69f33f72c64b03a05784455a4143
Tell vold about which SELinux domains to use for different classes
of devices. Also create a directory for vold to store private
files.
Bug: 19993667
Change-Id: Ib7bc80234f2b13a89b143bf90f147140109570cd
To support external storage devices that are dynamically added and
removed at runtime, we're changing /mnt and /storage to be tmpfs that
are managed by vold.
To support primary storage being inserted/ejected at runtime in a
multi-user environment, we can no longer bind-mount each user into
place. Instead, we have a new /storage/self/primary symlink which
is resolved through /mnt/user/n/primary, and which vold updates at
runtime.
Fix small mode bugs in FUSE daemon so it can be safely mounted
visible to all users on device.
Bug: 19993667
Change-Id: I0ebf4d10aba03d73d9a6fa37d4d43766be8a173b
Also make important events in init's life NOTICE rather than INFO,
and ensure that NOTICE events actually make it to the kernel log.
Also fix the logging so that if you have a printf format string
error, the compiler now catches it.
Also give messages from init, ueventd, and watchdogd distinct tags.
(Previously they'd all call themselves "init", and dmesg doesn't
include pids, so you couldn't untangle them.)
Also include the tag in SELinux messages.
Bug: 19544788
Change-Id: Ica6daea065bfdb80155c52c0b06f346a7df208fe
Add file encryption flag to fstab.
If file encryption flag set in fstab, handle identically to block
encrypted volumes.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I28c236959f2d7d5f0dccc8ea45c325ea0cf871fc
This reverts commit b3739735b8.
Values are helpful to inspect during memory performance tuning.
b/19847626
Change-Id: I004ed37d5cc67e466c1fd1a84e47348524056e87
bootchart uses a file on the data partition to decide if it should collect
data for bootchart, but the data partition will be mounted by the mount_all
command in the "on fs" section, and it will be only added into the action
queue when command "trigger fs" is executed, but that's after the
bootchart_init action (late_init).
This change makes bootchart_init a builtin command of init,
and make it executed as the first command of "on post-fs" section
which will be triggered after the "on fs" section.
This change also refactors the bootchart code to all be in bootchart.cpp.
Change-Id: Ia74aa34ca5b785f51fcffdd383075a549b2a99d9
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
This reverts commit bda6272446.
The original fix seems to have led to boot failures in QA. Rather than
risk shipping, revert the change. Bug 18764230 reopened.
Requires change
https://googleplex-android-review.git.corp.google.com/#/c/629764/
Bug: 19278390
Bug: 19199624
Change-Id: I8b6ab585666f2b0f585ffb2a5f61ac2e3462e06e
The upstream kernel now includes support for emulating legacy AArch32
instructions on ARMv8 devices. By default this framework emulates
deprecated instructions but not obsolete instructions.
Android requires support for the obsolete SWP and SWPB instructions on
all ARM devices, so override this default for the swp emulation hook.
Change-Id: I82b9bdb564413ec7c1a101da75a9928aebe1606b
Signed-off-by: Greg Hackmann <ghackmann@google.com>
/data/tombstones is referenced by core platform code, but is not
guaranteed to exist on all Android devices. Move the directory
creation out of device specific files and into the core
init.rc file.
Bug: https://code.google.com/p/android/issues/detail?id=93207
Change-Id: I94ae5199a6a32c4fe555ca994fc4a8345e0c9690
Delay mounting encryptable but unencrypted volumes until we can
check the ro.vold.forceencrypt flag, then optionally encrypt.
Requires matching vold change from
https://googleplex-android-review.git.corp.google.com/#/c/615309/
Bug: 18764230
Change-Id: If22008be8de6a4f3216b349f81ace49be1730314
Delay mounting encryptable but unencrypted volumes until we can
check the ro.vold.forceencrypt flag, then optionally encrypt.
Requires matching vold change from
https://googleplex-android-review.git.corp.google.com/#/c/615309/
Bug: 18764230
Change-Id: If22008be8de6a4f3216b349f81ace49be1730314
/dev/pmsg0 used to record the Android log messages, then
on reboot /sys/fs/pstore/pmsg-ramoops-0 provides a means
to pull and triage user-space activities leading
up to a panic. A companion to the pstore console logs.
Change-Id: Id92cacb8a30339ae10b8bf9e5d46bb0bd4a284c4
Ensure that /data/adb always exists. This directory is used
for writing adb debugging information when persist.adb.trace_mask
is set.
Bug: https://code.google.com/p/android/issues/detail?id=72895
(cherry picked from commit 89252ce31a)
Change-Id: I44e01bee50125f4e6e5fff6e74c53bb2022ce355
Ensure that /data/adb always exists. This directory is used
for writing adb debugging information when persist.adb.trace_mask
is set.
Bug: https://code.google.com/p/android/issues/detail?id=72895
Change-Id: I9cee2a0202417ff72a5ede7742e25877f51732dd
All kernel services will now be in the same cgroup as
foreground applications. This will now make kernel threads
not implicitly higher priority than android foreground
services.
Bug 17681097
Change-Id: I28e81c7aade50428d5395df86f00ce01c1e7af02
The systrace permissions from init.trace.rc and the "class_start core"
which launches surfaceflinger are both in an "on boot" section. However,
the init.trace.rc commands are parsed after all commands in init.rc.
This means that "class_start core" is executed before the chmod command
which allows processes to write to trace_marker. If any services
execute their first trace command before the chmod occurs, then that
service won't be able to write traces until the service is restarted.
To fix this, run all of the init.trace.rc commands in the "early-boot"
section to ensure they are completed first.
Bug: 17612265
Change-Id: Ibf544762173d5ba98272c66ef485d8eab7d70bf3
They have no dependencies on /data so can be started early.
This permits us to unmount /data while bootanimation is running,
allowing an uninterrupted first boot encryption sequence.
Bug: 17260550
Change-Id: I323fe23e8cf488d8bc136387efdd9fcea96625eb
Need to not set this property) during mount, since it can't
be changed later (ro property)
Also no reason to start class main on encryption cycle - we'll
show surfaceflinger, which is enough UI for this short cycle.
Bug: 17041092
Change-Id: Ica5339c54e45716d0fe20e23c0ab857f388d23ed
On mako only, there is a race condition such that
core + main services must be started after releasing
ueventd (by removing /dev/.booting).
bug 16304711
bug 16333352
On mako only, there is a race condition such that
core + main services must be started after releasing
ueventd (by removing /dev/.booting).
bug 16304711
bug 16333352
Move the unlink out of init.c and into init.rc, so that the file
will be removed after all the filesystems with firmware are up.
Change-Id: Ifdd5dd1e95d7e064dde5c80b70198882d949a710
Move the unlink out of init.c and into init.rc, so that the file
will be removed after all the filesystems with firmware are up.
Change-Id: I7442df2042cc2788d0301f00e3c2fba7d6e0e1c7
Make sure all files / directories within /cache are properly
labeled, not just the directory itself.
Addresses the following denial:
type=1400 audit(0.0:26): avc: denied { getattr } for comm="Thread-85" path="/cache/lost+found" dev="mmcblk0p27" ino=11 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir
Change-Id: I5937b30043efeb696ffaa77258b7294d20d1494e
This may require changes to other code, such as fastbootd, which relies on this
service. sshd is not currently, used, however, so this change will force any
such code to be changed.
Bug: 11594902
Change-Id: I07e52008290dab5825be2ad062cbe730fa7dff71
Moving the vendor symlink down was causing issues with some devices.
Moved it back up, and adjusted mount to remove symlinks if necessary.
Change-Id: I77126d77cfbef32250012bea3960c99b55db4cbb
Signed-off-by: Daniel Rosenberg <drosen@google.com>
+ Add a new property, sys.init_log_level, which can be set after init
bootstrap. This will control the level at which init does prints to klog.
Change-Id: Ia15b2110157b5e6b713785ece9b0fb94889be6c8
Modified fastboot to flash vendor.img as well. Moved symlink
for /vendor to occur after mounting partitions. Changed mount
to also create the mount point.
Change-Id: I78e1ba24e6bb8b4af96a67ee0569af579439e682
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Add the ability to boot up directly from charger mode, instead of forcing
charger mode to initiate a full restart to launch 'full' android. This
should shave a few seconds off of boot time on supported devices (just
manta for now).
Change-Id: Ieec4494d929e92806e039f834d78b9002afd15c4
Make sure /data/dalvik-cache/profiles gets the correct
permissions and SELinux context, and ownership is properly
assigned to the system UID.
Change-Id: Ic1b44009faa30d704855e97631006c4b990a4ad3
dmesg_restrict is too coarse of a control. In Android's case,
we want to allow the shell user to see dmesg output, but disallow
others from seeing it.
Rather than rely on dmesg_restrict, use SELinux to control access
to dmesg instead. See corresponding change in external/sepolicy .
Bug: 10020939
Change-Id: I9d4bbbd41cb02b707cdfee79f826a39c1ec2f177
Define a UID to be used by the process responsible for creating shared
RELRO files for the WebView native library, and create a directory owned
by that UID to use to store the files.
Bug: 13005501
Change-Id: I5bbb1e1035405e5534b2681f554fe16f74e3da1a
To remove the need to modify the bionic dynamic linker, add the
signal chaining library as a preload in the environment. This
will be picked up by the dynamic linker and will override
sigaction and sigprocmask to allow for signal chaining.
Change-Id: I6e2d0628b009bd01e0ed9aed0b311871b9c8363a
cpufreq
The owner and permissions for the sysfs file
/sys/devices/system/cpu*/cpufreq/scaling_max/min_freq is changed.
This would allow the PowerHAL to change the max/min cpufreq even after
the associated CPU's are hotplugged out and back in.
Change-Id: Ibe0b4aaf3db555ed48e89a7fcd0c5fd3a18cf233
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Volantis SurfaceFlinger holds open a file on data partition.
SurfaceFlinger is not running when we trigger_default_encryption
but if we start it before starting defaultcrypto it locks open
data, so we can't unmount it.
It will start anyway when main starts, so not starting it here
is safe - it will just cause a 1-2 second delay in the graphics
appearing.
Change-Id: Idd546a578e62a24f999367b1407b37ad0f00f3a2
Note that init.zygote64.rc, which supports a "pure"
64 bit zygote is around only for testing.
The life cycles of both zygotes are controlled by init,
and the assumption here is that they will be available
always. We start the system_server in 32 bit mode.
Note that the distinction between "primary" and "secondary"
simply defines the order in which ABI support is queried,
there's no real requirement that the primary zygote supports
the primary ABI of the device.
bug: 13647418
Change-Id: Id0be001ea6f934c3c2022d89a63aae9fae66cc38
This allows us to choose different configs depending on
whether or not the target is 64 capable, and what its preferred
default is.
bug: 13647418
Change-Id: Ie1ce4245a3add7544c87d27c635ee390f4062523
Remove world-readable, reduce group permissions to readable by system
daemons
Change-Id: I6c7d7d78b8d8281960659bb8490a01cf7fde28b4
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Modify fs_mgr to unmount encryptable drives after test mounting them and
then trigger an auto-encrypt via the init script
Needs matching vold changes from
https://googleplex-android-review.googlesource.com/#/c/414200/
Feature is limited to list of serial numbers with this change
Bug: 11985952
Change-Id: I84f85a258b6a7e9809467c9149249302e203c41b
The kernel's default is between 4~20.
Prepare for javaland to modify the value at runtime.
It can be done via
setprop sys.sysctl.tcp_def_init_rwnd <value>
Bug: 12020135
Change-Id: Id34194b085206fd02e316401c0fbbb9eb52522d2
(cherry picked from commit 7c862c8b5e)
- init: set /proc/sys/net/unix/max_dgram_qlen to 300
- libsysutils: Add listen backlog argument to startListener
- logd: set listen backlog to 300
Change-Id: Id6d37d6c937ba2d221e76258d89c9516619caeec
mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed
in the various device-specific init*.rc files but seems generic.
Move it to the main init.rc file.
Drop the separate chown for /data/misc/dhcp as this is handled by mkdir
built-in if the directory already exists.
Add a restorecon_recursive /data/misc/wifi/sockets.
Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* Create a new userspace log daemon for handling logging messages.
Original-Change-Id: I75267df16359684490121e6c31cca48614d79856
Signed-off-by: Nick Kralevich <nnk@google.com>
* Merge conflicts
* rename new syslog daemon to logd to prevent confusion with bionic syslog
* replace racy getGroups call with KISS call to client->getGid()
* Timestamps are filed at logging source
* insert entries into list in timestamp order
* Added LogTimeEntry tail filtration handling
* Added region locking around LogWriter list
* separate threads for each writer
* /dev/socket/logd* permissions
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
(cherry picked from commit 3e76e0a497)
Author: Nick Kralevich <nnk@google.com>
Change-Id: Ice88b1412d8f9daa7f9119b2b5aaf684a5e28098
The kernel's default is between 4~20.
Prepare for javaland to modify the value at runtime.
It can be done via
setprop sys.sysctl.tcp_def_init_rwnd <value>
Bug: 12020135
Change-Id: Id34194b085206fd02e316401c0fbbb9eb52522d2
* Create a new userspace log daemon for handling logging messages.
Original-Change-Id: I75267df16359684490121e6c31cca48614d79856
Signed-off-by: Nick Kralevich <nnk@google.com>
* Merge conflicts
* rename new syslog daemon to logd to prevent confusion with bionic syslog
* replace racy getGroups call with KISS call to client->getGid()
* Timestamps are filed at logging source
* insert entries into list in timestamp order
* Added LogTimeEntry tail filtration handling
* Added region locking around LogWriter list
* separate threads for each writer
* /dev/socket/logd* permissions
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Change-Id: Ice88b1412d8f9daa7f9119b2b5aaf684a5e28098
Set
* /sys/module/lowmemorykiller/parameters/adj
* /sys/module/lowmemorykiller/parameters/minfree
to 0220. This better indicates that these files are only intended
to be written to, never read.
Change-Id: I9ef054f032b3955e04128fc1a472a17c7b1fa792
If userdata is default encrypted, we should mount it at boot
to avoid bringing the framework up and then down unnecessarily.
Needs matching vold changes from
https://googleplex-android-review.googlesource.com/#/c/412649/
Bug: 8769627
Change-Id: I4b8276befd832cd788e15c36edfbf8f0e18d7e6b
With the following prior changes:
I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1
I698b1b2c3f00f31fbb2015edf23d33b51aa5bba1
I8dd915d9bb80067339621b905ea2b4ea0fa8d71e
it should now be safe (will correctly label all files)
and reasonably performant (will skip processing unless
file_contexts has changed since the last call) to call
restorecon_recursive /data from init.rc.
The call is placed after the setprop selinux.policy_reload 1 so that
we use any policy update under /data/security if present.
Change-Id: Ib8d9751a47c8e0238cf499fcec61898937945d9d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The script that writes the recovery partition after a successful
update of system needs to be made executable. This change also moves
it from /system/etc to /system/bin.
Bug: 12893978
Change-Id: I686e2392a2392515a6859a7381b735de1007b7ea
mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed
in the various device-specific init*.rc files but seems generic.
Move it to the main init.rc file.
Drop the separate chown for /data/misc/dhcp as this is handled by mkdir
built-in if the directory already exists.
Add a restorecon_recursive /data/misc/wifi/sockets.
Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When adbd runs as root, it should transition into the
su domain. This is needed to run the adbd and shell
domains in enforcing on userdebug / eng devices without
breaking developer workflows.
Introduce a new device_banner command line option.
Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
Add a service called "pre-recovery" which is normally stopped but can
be started by the system server when we want to go into recovery. It
will do any preparation needed (currently needed to handle update
packages that reside on an encrypted /data partition) and then set
sys.powerctl when it's ready to actually reboot.
Bug: 12188746
Change-Id: I894a4cb200395a0f6d7fe643ed4c2ac0a45d2052
Otherwise it will be mislabeled on upgrades with existing userdata.
Change-Id: Ibde88d5d692ead45b480bb34cfe0831baeffbf94
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
On a 64-bit system, 64-bit processes will want one path, 32-bit processes
another. The dynamic linker already provides the correct defaults for
native code, and we've coupled the VM and dynamic linker so that
LD_LIBRARY_PATH will be set correctly in any VM during startup if it's not
being manually overridden.
Change-Id: Icbffc0d451dbc242cdfb9267413d8bcac434e108
Terry Heo