Commit graph

124 commits

Author SHA1 Message Date
Nick Kralevich
066cde92d2 am 223e0798: Merge "Enable building init with -Wall -Werror."
* commit '223e07983718e1515f2a54542b9b0163a8f508ed':
  Enable building init with -Wall -Werror.
2014-02-19 19:13:39 +00:00
Stephen Smalley
eb3f421e02 Enable building init with -Wall -Werror.
Eliminates various warnings from SELinux-related code.

Bug: 12587913
Change-Id: I28921f0ebd934324436609540d95ccef58552b64
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-19 09:15:09 -05:00
Nick Kralevich
acd96b1118 am 12db3eb6: Merge "Move restorecon and restorecon_recursive code to libselinux."
* commit '12db3eb6db3b80011043e404530012612a1d0fbf':
  Move restorecon and restorecon_recursive code to libselinux.
2014-01-28 21:02:57 +00:00
Stephen Smalley
dbd37f2e1d Move restorecon and restorecon_recursive code to libselinux.
This requires telling libselinux to use the sehandle already
obtained by init rather than re-acquiring it internally.  init
retains ownership of the sehandle because it performs the
initial load, uses the sehandle for other purposes (e.g. labeling
of directories created via mkdir and labeling of socket files),
and handles the policy reload property trigger.

Change-Id: I4a380caab7f8481c33eb64fcdb16b6cabe918ebd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-01-28 10:42:24 -05:00
Nick Kralevich
ca53f0a084 don't load property_contexts from /data
Bug: 12613118

(cherry picked from commit dc3a42bb11)

Change-Id: If630478b0e3fdda8c1c14b3f41b717085acf9914
2014-01-22 12:17:36 -08:00
Elliott Hughes
ccecf14254 system/core 64-bit cleanup.
This cleans up most of the size-related problems in system/core.
There are still a few changes needed for a clean 64-bit build,
but they look like they might require changes to things like the
fastboot protocol.

Change-Id: I1560425a289fa158e13e2e3173cc3e71976f92c0
2014-01-16 12:54:18 -08:00
Colin Cross
268cc54089 Merge "ueventd: fix a busy loop while reading uevents" 2013-12-28 20:09:53 +00:00
Stephen Smalley
af06c6745b Log a warning on services that lack SELinux domains.
Sample output on flo:
<3>[    7.270568] init: Warning!  Service irsc_util needs a SELinux domain defined; please fix!
<3>[    8.290832] init: Warning!  Service bootanim needs a SELinux domain defined; please fix!

Change-Id: If5514b188517917d58ee81c446af563b0443be45
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-09 15:40:24 -05:00
The Android Open Source Project
66ed50af68 Merge commit '536dea9d61a032e64bbe584a97463c6638ead009' into HEAD
Change-Id: I5c469a4b738629d99d721cad7ded02d6c35f56d5
2013-11-22 13:44:43 -08:00
Amir Goldstein
1d4e86c445 ueventd: fix a busy loop while reading uevents
Under certain conditions, poll() may raise the POLLERR
flag along with POLLIN, in which case the check for
(ufd.revents == POLLIN) results in an endless busy loop.

The following fix was applied to
hardware/libhardware_legacy/uevent/uevent.c
to fix a similar bug:

  commit 3aabb260ceef10377c31c9e45fb239247f5cfeba
  Author: Mathias Agopian <mathias@google.com>
  Date:   Mon Oct 1 14:53:18 2012 -0700

    fix a typo in uevent_next_eventi

    Bug: 7114973
    Change-Id: I15a4c714b59aeb1d02db00517d70b5f0e5ab22c2

Applying the same fix for two more poll loops in init
and ueventd.

Change-Id: I50693f6d3c904992ac4b8a9a14a83c7106e6b9e0
2013-11-17 14:50:00 +02:00
Marcin Chojnacki
50dc936964 init: remove obsolete rle logo
Obsolete RLE 565 logo is used nowhere,
because 565 framebuffer isn't used for years.

It's not necessary to keep this thing alive anymore.

Change-Id: Ie61e168790f791230530cd3eb1c68b1f7344c9a7
2013-10-16 17:39:16 +02:00
Nick Kralevich
ae76f6dbcf init: call restorecon on /sys
Not all files on /sys are not getting labeled properly. Fix them.

Change-Id: I9dcff76354e7f50d41f1b6e702836cfbbc149278
2013-09-03 15:55:58 -07:00
Nick Kralevich
935bd3e315 init: allow disabling selinux via a kernel command line
Create a new "androidboot.selinux" option, to control how userspace
handles SELinux. This kernel command line can have three options:

* disabled
* permissive
* enforcing

"disabled" completely disables userspace support for SELinux. No
policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux
ever mounted.

"permissive" loads the SELinux policy, but puts SELinux into
permissive mode. SELinux policy violations are logged, but not rejected.

"enforcing", the default, loads the SELinux policy, and places
SELinux into enforcing mode. Policy violations are rejected.

This change addresses post review comments for change
b710ed21de .

Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
2013-09-03 15:55:00 -07:00
Nick Kralevich
56fa0ac6b6 init: move SELinux into enforcing mode.
When init starts up, immediately put SELinux into enforcing mode.

This is currently a no-op. We currently have everything in the
unconfined domain, so this should not break anything.
(if it does, I'll roll it back immediately)

If the kernel doesn't have SELinux support compiled in, then
don't try loading a policy and continue without SELinux protections.

Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
2013-09-03 15:54:15 -07:00
Colin Cross
b69f863455 am 0cbaed42: am a8ba1f2f: Merge "Add support for socket security context specification."
* commit '0cbaed4211b514dd2aaa4d28f8936ba58e83c6a5':
  Add support for socket security context specification.
2013-08-23 18:40:12 -07:00
Stephen Smalley
8348d279c7 Add support for socket security context specification.
Add an optional argument to the socket option for specifying
a SELinux security context for the socket.  Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.

2) Situations where a service has multiple sockets and we want to
label them distinctly.

Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-08-23 08:35:43 -04:00
Alex Klyubin
0d872d8bb4 Seed Linux RNG from Hardware RNG at boot during init.
The Linux RNG may have little entropy during boot. As more and more
devices have a Hardware RNG, we mix in 512 bytes from Hardware RNG
(if present) into Linux RNG early during boot (after
wait_for_coldboot_done and before property_service_init actions in
init).

To avoid having to trust the output of Hardware RNG, we do not mix it
into the Linux RNG's primary pool or increase the Linux RNG's entropy
estimates.

Bug: 10362513
Change-Id: I80617f21710400747f5e7533e518d90ea74e2f11
2013-08-19 16:58:28 -07:00
Nick Kralevich
f29c533c49 init: call restorecon on /sys
Not all files on /sys are not getting labeled properly. Fix them.

Change-Id: I9dcff76354e7f50d41f1b6e702836cfbbc149278
2013-07-15 13:10:02 -07:00
Nick Kralevich
4838aa1b7b init: allow disabling selinux via a kernel command line
Create a new "androidboot.selinux" option, to control how userspace
handles SELinux. This kernel command line can have three options:

* disabled
* permissive
* enforcing

"disabled" completely disables userspace support for SELinux. No
policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux
ever mounted.

"permissive" loads the SELinux policy, but puts SELinux into
permissive mode. SELinux policy violations are logged, but not rejected.

"enforcing", the default, loads the SELinux policy, and places
SELinux into enforcing mode. Policy violations are rejected.

This change addresses post review comments for change
b710ed21de .

Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
2013-06-28 12:05:07 -07:00
Nick Kralevich
cbc76fcadb Merge "init: move SELinux into enforcing mode." 2013-06-25 21:08:56 +00:00
Nick Kralevich
b710ed21de init: move SELinux into enforcing mode.
When init starts up, immediately put SELinux into enforcing mode.

This is currently a no-op. We currently have everything in the
unconfined domain, so this should not break anything.
(if it does, I'll roll it back immediately)

If the kernel doesn't have SELinux support compiled in, then
don't try loading a policy and continue without SELinux protections.

Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
2013-06-25 11:23:29 -07:00
Colin Cross
39021a48a0 am 83ada447: Merge changes Ib54f39fd,I7e36edd8
* commit '83ada447aed69dfcd0a88e952eced8db1e4d6584':
  init: Retain traditional restart behavior for critical and oneshot services.
  init: Safely restart services to avoid race conditions.
2013-06-24 15:24:57 -07:00
Colin Cross
83ada447ae Merge changes Ib54f39fd,I7e36edd8
* changes:
  init: Retain traditional restart behavior for critical and oneshot services.
  init: Safely restart services to avoid race conditions.
2013-06-24 22:23:32 +00:00
Colin Cross
99c1a4168b resolved conflicts for merge of 95a41f6b to stage-aosp-master
Change-Id: Icfae29edf989fb43a7f0b8bda188a9807f76a3b9
2013-06-17 18:19:28 -07:00
Colin Cross
5e484e9c43 init: fix copying boot properties
The previous patch "init: verify size of property buffers passed
to property_get" incorrectly modified one of the callers,
resulting in ro.serialno, ro.bootmode, ro.baseband, and
ro.bootloader always being set to their default values.

Bug: 9469860

(cherry picked from commit 67e3663fc9)

Change-Id: Ia7b337e1fab6e334729f47ee1269e6c736615177
2013-06-17 16:58:14 -07:00
Colin Cross
1a6f4c3bf2 init: switch property_get to use __system_property_get
(cherry picked from commit 2deedfe0b1)

Change-Id: If3fba2cc1dd5c167b0924ddfe42dbe2e6387208a
2013-06-17 16:57:32 -07:00
Colin Cross
67e3663fc9 init: fix copying boot properties
The previous patch "init: verify size of property buffers passed
to property_get" incorrectly modified one of the callers,
resulting in ro.serialno, ro.bootmode, ro.baseband, and
ro.bootloader always being set to their default values.

Bug: 9469860
Change-Id: Id45bd8dd657e8d61f4cfaf7e6b2559d2bfd05181
2013-06-17 16:20:08 -07:00
Colin Cross
2deedfe0b1 init: switch property_get to use __system_property_get
Change-Id: I4fc0502a1a5b331087618a4d2e3d90948743d7bd
2013-06-17 12:44:35 -07:00
gcondra@google.com
8f6adcfcc5 am 49be2407: Revert "Add logic to fixup file contexts after a policy update."
* commit '49be240735a06f44e1d91aa51dd299779ad36d96':
  Revert "Add logic to fixup file contexts after a policy update."
2013-05-20 15:52:28 -07:00
gcondra@google.com
f5410f2bde am 3d32cd93: Revert "Remove /system from the dirs to relabel."
* commit '3d32cd938746215e5fa9b1a3c3b78903e043ae73':
  Revert "Remove /system from the dirs to relabel."
2013-05-20 15:52:27 -07:00
gcondra@google.com
b9866649e2 am 52351300: Revert "Add a version check for SELinux policy on device."
* commit '52351300d156826bf22c493828571f45a1cea16a':
  Revert "Add a version check for SELinux policy on device."
2013-05-20 15:52:26 -07:00
repo sync
49be240735 Revert "Add logic to fixup file contexts after a policy update."
This reverts commit ebcf93e3bf.
2013-05-17 12:48:34 -07:00
repo sync
3d32cd9387 Revert "Remove /system from the dirs to relabel."
This reverts commit 3d4d07b2fa.
2013-05-17 12:46:31 -07:00
repo sync
52351300d1 Revert "Add a version check for SELinux policy on device."
This reverts commit 921be8b656.
2013-05-17 12:46:00 -07:00
gcondra@google.com
5a98566d58 am 921be8b6: Add a version check for SELinux policy on device.
* commit '921be8b6568df0057c4eacbac2e1022b71e09620':
  Add a version check for SELinux policy on device.
2013-05-14 23:43:56 -07:00
repo sync
921be8b656 Add a version check for SELinux policy on device.
This helps to ensure that when a new system image is installed,
old userdata policy isn't applied over the top of it.

Bug: 8841348
Change-Id: I135af32250aa62979763e775842ce0af3c8b6f9f
2013-05-14 21:05:03 -07:00
gcondra@google.com
ac5cf925f8 am 683aa89b: Merge "Remove /system from the dirs to relabel." into jb-mr2-dev
* commit '683aa89bfdf2439d1c5d9a4dc240d6a673678a98':
  Remove /system from the dirs to relabel.
2013-05-07 19:19:50 -07:00
repo sync
3d4d07b2fa Remove /system from the dirs to relabel.
Bug: 8841348
Change-Id: Ia1545288e8a8184feffaaa6158faad62f95cbcce
2013-05-07 19:05:08 -07:00
Geremy Condra
7e25fa1859 am ebcf93e3: Add logic to fixup file contexts after a policy update.
* commit 'ebcf93e3bf92bf46c54c8e0f2ec8936bb2db6aea':
  Add logic to fixup file contexts after a policy update.
2013-04-15 16:13:53 -07:00
Geremy Condra
ebcf93e3bf Add logic to fixup file contexts after a policy update.
Bug: 8116902

(cherry picked from commit 47677a506f)

Change-Id: I2a50f68a53aee2c94d03d3e5ced1ea36337fde33
2013-04-15 14:59:42 -07:00
Colin Cross
a5ca229a45 am 1615c09a: Merge "init: Fix potential null pointer issue"
* commit '1615c09ac1065104f56ddc444f5467aff76c0daa':
  init: Fix potential null pointer issue
2013-04-05 19:56:27 -07:00
Geremy Condra
8e15eabdc0 Apply the correct SELinux label for the properties workspace.
Change-Id: Ibb9c8044caa9d39ee6ec9fe06d54bb9dc4b56ff3
2013-04-03 11:59:56 -07:00
Hong-Mei Li
11467189bc init: Fix potential null pointer issue
With the old strdup() mechanism, it may return NULL if insufficient memory was
available. So we check the return value or do not use strdup to avoid null
pointer issue.

Change-Id: Id684948d6cb6c2f06327f29a2ba692f9542fce80
Signed-off-by: Hong-Mei Li <a21834@motorola.com>
2013-04-01 11:17:51 +08:00
William Roberts
04561b6347 Drop /data/system as a policy file location
/data/system is no longer used as a policy
file location. Use /data/security instead.

Change-Id: Ie77be9e25c67c8a2157c7b6c468f3215a49ead52
2013-03-26 23:33:18 +00:00
William Roberts
46e1bd89b4 Create a new location for /data policy files
Adding a new location for policy files under
/data, the new location is /data/security. The
new location is used before attempting to use
any other location.
This requires a new directory to be created by
the init script and an update to the location of
the property_contexts file for property service.

Change-Id: I955a722ac3e51fa6c1b97201b8bdef3f601cf09d
2013-03-20 19:34:55 -07:00
Nick Kralevich
76ba83cce2 Revert "init: Set ADDR_COMPAT_LAYOUT before spawning processes."
This logic has been moved to platform/frameworks/base commit
8a0a929422682ba3eb6a205dc6c0638e68b909de and is no longer needed
here.

This reverts commit 01b1dee0ab.
2013-03-14 15:23:30 -07:00
Stephen Smalley
30f3033042 Label sockets consistently with the seclabel value if specified.
This is necessary to ensure that the adbd socket is created in the
adbd domain rather than the init domain.

Change-Id: Id4997d7f074aeefea62b41c87b46a6609e03f527
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-16 14:35:55 -05:00
Kenny Root
2a36ae5608 am 7b88a90d: Merge "Remove HAVE_SELINUX guards"
* commit '7b88a90da2a27e347fc16c14fa577f4ae1ef07fd':
  Remove HAVE_SELINUX guards
2012-10-17 09:57:10 -07:00
Kenny Root
b5982bf7c6 Remove HAVE_SELINUX guards
Change-Id: I8272c573b3c5dc663203bafab68fad5e94d89364
2012-10-16 23:18:18 -07:00
Nick Kralevich
01b1dee0ab init: Set ADDR_COMPAT_LAYOUT before spawning processes.
Some Android programs have problems with memory which grows
from the top down.  Temporarily set ADDR_COMPAT_LAYOUT to
avoid breaking those programs.

Bug: 7188322
Change-Id: I61760500e670b4563838c63b82d4a0b6e354a86e
2012-10-05 12:02:46 -07:00