/system/bin/ping no longer requires CAP_NET_RAW, as we're now
using IPPROTO_ICMP. Please see the following for more details:
* http://lwn.net/Articles/443051/
* https://android-review.googlesource.com/52090
* https://android-review.googlesource.com/52072
We can now make ping a normal, unprivileged program.
/system/bin/run-as only requires CAP_SETUID and CAP_SETGID.
Explicitly set the capabilities of this file, and remove
the setuid bit.
This is equivalent to running the following commands:
* chmod 750 /system/bin/run-as
* chown root:shell /system/bin/run-as
* setcap cap_setgid,cap_setuid+ep /system/bin/run-as
Change-Id: I65df858b45e6de4e2190ac9d6d592c06ea9d28cf
For now, remove linux/capability.h . We're haven't started using
capabilities yet, and this file doesn't exist on mac builds.
Change-Id: Id6ec7fdb408bcdfdd538dac65187194c8ee226ff
Modify android_filesystem_config.h and add a capabilities
field. This field can be used to add filesystem capabilities
to a particular file.
Change-Id: If8953a322457ea7275aa6df75660b714e6dc678a
clatd(464xlat) runs as its own UID after it drops root privs
Change-Id: I2392f8127dcd90d16b0f20ff31bcc5aa096db464
Signed-off-by: Daniel Drown <dan-android@drown.org>
It's safe to change the permissions on files in the root partitions;
incremental OTA now knows how to handle this case.
This reverts commit 08c370cc50.
Change-Id: I503bf8ebd037fa9715494c6539e5430eee47acfe
Instead of specifying in init what to mount, and having various hacks in init
itself to deal with encryption, use a filesystem manager library to do the
work, that can also be invoked by vold when mounting an encrypted volume.
Keep all the magic filesystem info an a device specific fstab file.
Change-Id: Ib988f1e4fb0638ba1d5fd98407fa6d8cf862aaca
The access control changes allow us to just use Nfc.apk with
the regular platform certificate, instead of the custom signed
NfcGoogle.apk. So we can compeltely get rid of vendor/google/apps/NfcGoogle
and just build it out of packages/apps/Nfc now.
The package name is also reverted from com.android.nfc3 to com.android.nfc
The NFC uid needs to get bumped (25 to 27) to allow the cert change.
Bug: 5608249
Change-Id: I5e178b469e5210cd231ba5f4ea57aa666b3d8893
This can be launched from an 'on charger' section in init, which
is processed if androidboot.mode=charger is supplied on kernel
command line.
This is a standalone binary that has a simple "user interface"
and allows the standard production kernel to run while charging.
This removes the burden from the bootloader to get low-power mode
working.
Currently, the device will "power-on" (i.e. reboot) into normal
mode if the power key is pressed for X seconds, and will also
power down the device if the usb/ac cable is removed for Y seconds.
Change-Id: I780594b99211cb09de7f8519a69c5962eb91348a
Signed-off-by: Dima Zavin <dima@android.com>
Introduces new "net_bw_stats" group which will protect reading
detailed bandwidth statistics. Also introduce "net_bw_acct" group
which will enable specific applications to request that their network
traffic be counted against other UIDs.
Change-Id: Ic0ec04e0d2bb9573f3c2a094ebd6d6a8cae0aae6
Since the "usb" group and ACCESS_USB permission will be used by regular apps
to access USB devices in host mode, we need a separate permission for the
device side MTP driver.
Change-Id: Ibb546b8726d61e041fc7c273f71929624ad1575b
Signed-off-by: Mike Lockwood <lockwood@android.com>
- look in /vendor/firmware/... in addition to /system/etc/firmware/... for firmware loading
- add /vendor/bin to path before /system/bin
- add /vendor/lib to ldpath before /system/lib
- configure appropriate permissions for /system/vendor/bin
- symlink /vendor -> /system/vendor
Change-Id: I0c06ca1e38a44f0c7024cee6cea8907aa93a4532
Merge commit '095a6a6ecb8039067c077db381bd02abc2496422'
* commit '095a6a6ecb8039067c077db381bd02abc2496422':
get rid of compile time warning: "warning: ‘android_ids’ defined but not used"
Merge commit '739cd9d2d4718913889a15d95c840506a2af04d1' into gingerbread-plus-aosp
* commit '739cd9d2d4718913889a15d95c840506a2af04d1':
get rid of compile time warning: "warning: ‘android_ids’ defined but not used"
Nick Kralevich