I97b3d86a69681330bba549491a2fb39df6cf20ef introduced a separate type
for the adb_keys file. Set the security context of the adb_keys file
accordingly by adding restorecon commands to init.rc.
Change-Id: I30e4d2a1ae223a03eadee58a883c79932fff59fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This library will be used to abstract away getting backtrace
data from how it is implemented. This is the first step to
replacing libcorkscrew with libunwind.
Bug: 8410085
Change-Id: Ie8f159e96a055d378e1ddc72d40239fba4cf52b7
The e=3 and e=65537 implementations are nearly identical, refactor
them down into one.
(cherry picked from commit 8fdbf97652)
Change-Id: I9f858204d52a0ae880170d955bf8f29fed57ee94
- adds a library to compute the SHA-256 hash
- updates the RSA verifier to take an argument specifying either SHA-1
or SHA-256
- updates DumpPublicKey to with new "key" version numbers for
specifying SHA-256
- adds new argument to adb auth code to maintain existing behavior
(cherry picked from commit 515e1639ef)
Change-Id: Ib35643b3d864742e817ac6e725499b451e45afcf
Don't queue actions for "on property=*" if the property does not exist.
This fixes these errors on boot:
init: property 'sys.powerctl' doesn't exist while
expanding '${sys.powerctl}'
init: powerctl: cannot expand '${sys.powerctl}
Change-Id: I3bd354d73a860f856be5df2c654f940445f9efd9
Originally, if TARGET_ARCH_VARIANT is x86-atom, the SSE2 enhanced
memset is used. This patch extends this to all x86 processors which
support SSE2 (i.e. ARCH_X86_HAVE_SSE2 is true).
Indentation added to the ifeq cases to make this easier to read.
Change-Id: I05f49e237a95359d3f2e3216b037e3fc1a0fbcb0
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Policy reload is handled by setting the selinux.reload_policy property
and letting the init process perform the actual loading of policy into
the kernel. Thus, there should be no need for the system UID to directly
write to /sys/fs/selinux/load.
Change-Id: I240c5bb2deaee757a2e1e396e14dea9e5d9286f5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When reading the fstab config file fails, fstab memory is not freed.
When fstab structure is no longer needed, only half of it is freed.
Free fstab memory in all cases (error or when it is no longer needed).
Change-Id: Ib0758a5aaa69505285bf64143632986a2dbbdccb
Signed-off-by: Irina Tirdea <irina.tirdea@intel.com>
Since getline is included in bionic, fs_mgr can use this version instead of
the one defined internally by fs_getline.
Replace fs_getline with getline.
Change-Id: I49b53d639bd995f051256fb7573ff6ab45d9c36d
Signed-off-by: Irina Tirdea <irina.tirdea@intel.com>
Instead of sending control requests to all devices to read their serial
numbers, read the cached strings from sysfs. This fixes two problems:
1) The control requests sometimes timed out, causing devices to show up
as "????????????????", and 2) a control request could mess up devices
which were in the middle of being flashed.
Also enumerate by walking sysfs rather than devs so that we can avoid
opening host controller devices, which can be slow. On a system with 10
EHCI controllers, fastboot devices now takes 7 msec instead of 700 msec.
Change-Id: I2ad2d58b48268d7950bd279fd6a6753dc2f79514
For when you want to modify the list whilst iterating over it.
Change-Id: I84432892890987c218e56883c35e52c9ff0240a3
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
We can't simply increase the value of BOOT_ARGS_SIZE since that
would break past binary compatibility; the offset of 'id' would
change. This can cause serious problems with incremental OTA updates.
Instead, define a supplemental field which stores command line
information beyond the first 512 bytes. A value of 1024 was chosen
to keep the total size of struct boot_img_hdr under the smallest
page size of 2048 bytes.
Even if the extra_cmdline field is used, the original cmdline
field is still always NULL-terminated to avoid issues with older
bootloaders that haven't been updated.
Change-Id: I887e6f1db351a5b71a61e3a03363cf8856123d74
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The Linux kernel supports command lines up to 2048 bytes on x86,
see COMMAND_LINE_SIZE in asm/setup.h.
If any androidboot.xxxx arguments were past the 1024 byte limit
here, they were lost.
Change-Id: I6247c511a7de04109490fffa0125801d274a5501
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
For example in system/core/libcorkscrew/arch-arm/backtrace-arm.c:
system/core/libcorkscrew/arch-arm/backtrace-arm.c:555:49: error: unused
parameter 'siginfo' [-Werror=unused-parameter]
Change-Id: Ibe13e8761a2f57324c0f0d87d9add549a20aa37a
Create a new "androidboot.selinux" option, to control how userspace
handles SELinux. This kernel command line can have three options:
* disabled
* permissive
* enforcing
"disabled" completely disables userspace support for SELinux. No
policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux
ever mounted.
"permissive" loads the SELinux policy, but puts SELinux into
permissive mode. SELinux policy violations are logged, but not rejected.
"enforcing", the default, loads the SELinux policy, and places
SELinux into enforcing mode. Policy violations are rejected.
This change addresses post review comments for change
b710ed21de .
Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
When init starts up, immediately put SELinux into enforcing mode.
This is currently a no-op. We currently have everything in the
unconfined domain, so this should not break anything.
(if it does, I'll roll it back immediately)
If the kernel doesn't have SELinux support compiled in, then
don't try loading a policy and continue without SELinux protections.
Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
Initialize local variable to avoid syscall ioctl warning.
Change-Id: Ibad5b86cd799f147c71f182d654e61318e2ac15e
Origin-Change-Id: Iedf5b128ae1743f633d2821ac3e402942ad6642b
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jian Luo <jian.luo@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 62797
On some devices there is a slight delay between the creation of "/dev/bus"
and "/dev/bus/usb". Previously, the code assumed that both are created in the
same time which caused "watch_existing_subdirs" to fail and libusbhost to stop
working until the device is rebooted. The fix will setup an inotify event on the
creation of the "bus/usb" so it will not be missed once it's created.
Change-Id: I17f06dd167e61573307425e48898e12ebc954093
Add "gps." and "persist.gps." to property_perms white list.
Change-Id: I7177170676d774c87e08d1548f5264ac27cba3ff
Orig-Change-Id: I7a94caa26be4aefd2fe4f155908e2f8f09858bee
Signed-off-by: Nicolas SUET <nicolas.suet@intel.com>
Signed-off-by: jerome Pantaloni <jeromex.pantaloni@intel.com>
Signed-off-by: Jian Luo <jian.luo@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 118091
Once userdata is available and decrypted, trigger a policy reload to pick
up any policy update files stored under /data/security.
Change-Id: Ic2b3121c3395429b108c40d1d7f5a3124a5896c5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Stephen Smalley