Instead of using chown, use the symlink safe lchown.
Instead of using chmod, use the symlink safe fchmodat
with AT_SYMLINK_NOFOLLOW.
Fix a bug where the SELinux filesystem creation context may
not be restored, and some memory not freed, if bind() fails.
Check the return values from the chown/chmod calls and unlink
the files if it ever fails.
Bug: 27337831
Change-Id: I3343786f5a4eefda7bbb8317f2eca16bd21003c0
When child (pid==0) executes fork branch 'pid_str'
will always be 0 writting wrong value to file(s).
Fix by utilizing getpid() to obtain correct pid.
Tracker link provides some insight on why use cases
aren't broken.
Bug: https://code.google.com/p/android/issues/detail?id=200392
Change-Id: I29989365a8bac94502c090918fa30e5cc88eb1ea
Signed-off-by: Anestis Bechtsoudis <anestis@census-labs.com>
This ensures that all users on device follow a consistent path for
setup and validation of encryption policy.
Also add remaining user-specific directories and fix linking order.
Bug: 25796509
Change-Id: I8c2e42a78569817f7f5ea03f54b743a6661fdb9c
In function 'load_firmware', parameter 'buf' passed to 'write'
is wrong. To fix it, use android::base::WriteFully to replace.
Change-Id: I13f79bdc9be9e5eb669f6bd975535b1dce965ef0
Signed-off-by: Biao Lu <biao.lu@intel.com>
Best practice for services that reside on the system, vendor, and odm
partitions is to have a corresponding init .rc file in the
/{system,vendor,odm}/etc/init directory, which contains its service
entry and any related actions.
Change-Id: I26204f9a0f09ce8069f3791ccd9ee61d164a048f
In current implementation, the mount_all command imports all .rc files
under /{system,vendor,odm}/etc/init/ after mouting filesystems is complete.
There's a need from ODMs to import different .rc files under different boot
modes (e.g., factory mode). Without this support, they will have to fiddle
around the init implementation.
This commit makes mount_all import the .rc files/directories specified
as additional arguments. If no path is given, the original ones are applied
the same way as the current implementation.
BUG: 26549689
Change-Id: Ie67ce13dde4c440ff8bf534826bc392c882a433f
Changes to the way FBE works to support lifecycles mean that these
commands aren't needed any more.
Bug: 22358539
Change-Id: Id73339e0aa8070dd688f35b5d59de75236961395
Don't spend CPU cycles formatting a bunch of strings if we're
just going to throw them away later. Maybe make booting faster.
Change-Id: I4d8eb99fb3fa873ca91cf776933d0ad01988abf5
Currently, properties that begin with "ro." are special cased to skip
over the "ro." part of the prefix before matching with entries in
property_contexts. This is not strictly needed however and it is
causing complications with the separated prop files work from Bug
21852512, so it is now removed.
Bug 26425619
Change-Id: I3cd14fa2176f96b3931e5f6a50c4a7bcd3af3da6
When ro.build.shutdown_timeout is set, init will send a SIGTERM signal to
all services on reboot. The normal shutdown process will continue once
all services have exited or after the shutdown timeout
(ro.build.shutdown_timeout).
If ro.build.shutdown_timeout is not set, we assume a 0s timeout.
Bug: 26216447
Test: manual: Ask to reboot. All services exit cleanly.
Change-Id: If921f6e8d87211e500ac9fa86f3e1eabe02d18cf
If ro.oem_unlock_supported is specified for the device and it supports
verified boot, export lock status in ro.boot.flash.locked.
Bug: 26039090
Change-Id: Ie7844aeb458c97944c72d46ea962b9cfb0a7875d
This is deadcode as property_init() will only ever be called once and
the only remaining caller of properties_initialized() is
Service::NotifyStateChange() which can only be called after properties
have been initialized.
Change-Id: Ie071af84fcdbead72d259890fc8fb8db624282e7
If __system_property_area_init() fails, there is a fundamental issue
with the system and we should abort from init.
Bug: 21852512
Change-Id: I05d7978ba3bcc347027a6d9443de7cdd229033d2
If the device is corrupted, set up dm-verity in EIO mode instead of
logging mode. This prevents corrupted blocks from being returned to
user space. Note that restart mode is used by default and a warning
will be displayed to the user after corruption is first detected.
Bug: 19277516
Change-Id: I38966d73eb814836bc34b4bad1192583e5010b36
/property_contexts exists before selinux policies are loaded, so we must
restorecon before other processes can access it
Bug: 21852512
Change-Id: Ie983caac635eb928ab19eea996a5625f3673de39
The init language supports setting the creation context of a socket
as the 6th argument to the socket keyword. For example, in the
following service, the context associated with the netd socket
is u:r:netd:s0
service netd /system/bin/netd
class main
socket netd stream 0660 root system u:r:netd:s0
socket dnsproxyd stream 0660 root inet
socket mdns stream 0660 root system
socket fwmarkd stream 0660 root inet
The 6 argument form of the socket statement is rarely if ever used,
since the init code supplies a sensible default.
Currently, there's no error checking on the value supplied as
the 6th argument. For example, if you have the following socket
statement:
socket netd stream 0660 root system graphics
a socket will attempt to get created with an invalid "graphics"
context. When setsockcreatecon fails, it retains the default socket
creation context, which for init is u:r:init:s0. This results in a
socket being created which is in an unexpected context.
Check the return value from the setsockcreatecon() call. If an
invalid context is specified, return early and don't subsequently
attempt to create the socket with the default context.
Bug: 25851205
Change-Id: Ic66cd6f7efe3897fb247b587ddeac5d35e1602b7
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Now that libselinux uses libpackagelistparser, in order
for libpackagelistparser to be properly statically linked
liblog must come after libselinux for all the liblog
references to be defined in libpackagelistparser which
is included in libselinux. This patch corrects that order.
Change-Id: I7aee10c9395310919779ed2463aab6b2f8b380cc
Signed-off-by: William Roberts <william.c.roberts@intel.com>
