Automatically set the SELinux security label on directories created
by init.rc. This avoids the need to separately call restorecon on
each such directory from the init.rc file. Also restorecon /dev
and /dev/socket after initial policy load so that they are labeled
correctly before any other dev nodes or sockets are created.
Change-Id: If6af6c4887cdead949737cebdd673957e9273ead
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Add SE Android support for init and ueventd.
init:
- Load policy at boot.
- Set the security context for service daemons and their sockets.
- New built-in commands: setcon, setenforce, restorecon, setsebool.
- New option for services: seclabel.
ueventd:
- Set the security context for device directories and nodes.
Change-Id: I98ed752cde503c94d99dfa5b5a47e3c33db16aac
The mmc block devices on panda boards use a platform device called
omap/omap_hsmmc.0. The number of path entries in the uevent after
the platform device is unknown, and the number of path entries in
the platform device is unknown, so the only way to determine how
many entries make up the platform device is to compare against
a list of platform devices.
Add a list of platform devices that have been registered, and
iterate through it to determine the platform device portion of
a block device uevent.
Change-Id: I1480bc6429172ca6997d548787be3863ce062472
In some situations a driver could try to request firmware before
/system is mounted. Previously we'd fail the request. Now we
will retry the read-from-filesystem every 100ms until we find the
firmware or we've finished the "fs" and "post-fs" stages of init.
Change-Id: Ie32402f7d41c818bf20f3297286ed5f99705b72c
If firmware is not found, write -1 /sys/$DEVPATH/loading to cancel the
firmware load. Otherwise the driver has to wait for the 60s timeout.
Change-Id: Id2787cda9b2be45b9adea41f6f161cd54cda212e
Signed-off-by: Benoit Goby <benoit@android.com>
This should be much nicer than peppering init.rc with chown/chmod
directives.
Also, remove some dead code and obsolete comments.
Change-Id: I10895f10a9cf2f1226c8d12976cd3db3743da9ec
- look in /vendor/firmware/... in addition to /system/etc/firmware/... for firmware loading
- add /vendor/bin to path before /system/bin
- add /vendor/lib to ldpath before /system/lib
- configure appropriate permissions for /system/vendor/bin
- symlink /vendor -> /system/vendor
Change-Id: I0c06ca1e38a44f0c7024cee6cea8907aa93a4532
Merge commit '49b8124a1759cb8b27e0c21a1a5a54b8a81bdb19'
* commit '49b8124a1759cb8b27e0c21a1a5a54b8a81bdb19':
Use makedev helper for device major and minor numbers
Major and minor numbers can be greater than 255. Major numbers
are 12 bits, and minor numbers are 20 bits. Supporting major
and minor numbers > 255 allows the use of the extended block
device for extra mmc partitions.
Change-Id: I4c42bfe0781069e8e4cb13ebe26e860cdc03f866
Since we now support USB host mode, devices might get a different device
file depending if other devices are connected on the host port. This
patch creates symlinks to USB character devices that depend on the port
devices are connected to, but not on the order they have been probed.
(e.g. /dev/usb/tty2-1:1.0 -> /dev/ttyUSB0)
Change-Id: I285bcc2d59446fbff8a7abbe39c21781f3bb4bd3
init now creates files in /dev/bus/usb/ for user access to USB devices.
Files are chmod 660 with group AID_USB.
Signed-off-by: Mike Lockwood <lockwood@android.com>
eMMC block device names may change based on the detection order of
the eMMC device and any other SD bus devices, such as a removable SD
card.
This patch adds support to init for:
* Symlinks to block devices. When a block device uevent is
processed, if it starts with "/devices/platform", the platform
driver name is parsed out, and symlinks to the block device are
created in /dev/block/platform/<platform driver>/
* Symlinks based on partition name and number. If the uevent for
a block device contains information on the partition name or
number, symlinks are created under
/dev/block/platform/<platform driver>/by-num/p<partition>
and
/dev/block/platform/<platform driver>/by-name/<partition name>
init.rc can then use a device path like the following to mount an
eMMC device:
/dev/block/platform/<platform>/by-name/system /system ro
Change-Id: Id11bb7cdf1e2ada7752a5bd671cbf87237b34ae2
Merge commit '1404c27bff1499dae9b640870ce2251d78cdc5ef' into eclair-plus-aosp
* commit '1404c27bff1499dae9b640870ce2251d78cdc5ef':
system/core/init: set proper permissions for tpa2018d1 (CDMA)
Drop init's egid to AID_INPUT while creating the device node, so that it is
created with the correct gid. This eliminates the
possibility of system_server opening the device node before its permissions
are set correctly.
Using setegid() allows us to swap back to AID_ROOT immediately after mknod().
Bug: 2375632
Merge commit '7789f4cc4b712f15e0e5306a874ad6f47dc8c5c0' into eclair-mr2-plus-aosp
* commit '7789f4cc4b712f15e0e5306a874ad6f47dc8c5c0':
init: devices: Remove pmem_gpu regions as they are not needed since we have an mmu
Merge commit '065694b32e481a50e57a793d61181494fbf6ef04' into eclair-plus-aosp
* commit '065694b32e481a50e57a793d61181494fbf6ef04':
init: devices: Remove pmem_gpu regions as they are not needed since we have an mmu