Compile policy from disparate sources at beginning of init and use to load
rather than relying on prebuilt policy.
Bug: 31363362
Test: Policy builds on-device and boots.
Change-Id: I681ec3f7da351d0b24d1f1e81e8a6b00c9c9d20c
Partners have expressed interest in using the 'capabilities' keyword
in init, so make the code more resilient:
-Check that ambient capabilities are supported by the kernel.
-Check that the last valid cap at runtime is not higher than what's in
kernel headers.
-Check that the user is not requesting a capability present in kernel
headers but not supported by the kernel at runtime.
-Don't attempt to drop bounding set capabilities not supported at
runtime.
This CL also fixes a small bug where < should have been used instead of
<=, and uses 'static' instead of anonymous namespaces.
Bug: 32438163
Test: Use a test service that uses capabilities.
Test: Apply in internal tree and test with angler and rild.
Change-Id: Ia271cc7eb389d1d526d61f897261e4bac4d19e5d
This is a cherry-pick of internal commit:
f611291688 which was a revert of a
revert, specifically a revert of commit:
c8f026fc9c.
The above revert was meant only for AOSP, since the kernel prebuilts
were not yet available there. The revert was reverted internally so
that internal builds, which have the appropriate kernel prebuilts,
operated properly.
The very first commit was originally done in nougat-dev and cherry-picked
to AOSP, so it was not picked up again when nougat landed in master. Add
it now.
Bug: 27681085
Test: Builds and boots.
Change-Id: If1cb6308e61aaaabca5b5bd30df78aab49e7b0d5
When init starts a service with a console, it tests for the presence of
a readable/writable console device. The test results in a leaked file
descriptor.
Use access() instead of open() to avoid leaking file descriptors.
Bug introduced in 70daa67062.
Test: compiles and device boots
Change-Id: I4efcfa0bb2cdb09f0455bc04a3a91e784bda7962
Most notably, there's no longer any need to guess an end time.
Bug: http://b/23478578
Bug: http://b/33450491
Test: rebooted with bootcharting on/off
Change-Id: Icb7d6859581da5526d77dfc5aa4d57c9bfbfd7e2
bionic was the only listener, and it was doing nothing useful when the
property changed, so we've removed that listener.
Bug: http://b/33308258
Test: DNS still works
Change-Id: I15292e8e58e6b87cdad8f73e449ccaf334dff68b
Mixing open or create, along with attribute(MAC) and permissions(DAC)
is a security and confusion issue.
Fix an issue where fcntl F_SETFD was called to clear O_NONBLOCK, when
it should have been F_SETFL. Did not present a problem because the
current user of this feature does writes and control messages only.
Test: gTest logd-unit-tests and check dmesg for logd content.
Bug: 32450474
Bug: 33242020
Change-Id: I23cb9a9be5ddb7e8e9c58c79838bc07536e766e6
This issue reproduces in the following senario.
1. ("", "") is added to queue;
2. property_triggers_enabled is set to 1;
3. user defined property is triggered, like sys.usb.config=adb;
4. ("sys.usb.config", "adb") is added to queue;
5. main loop interpret ("", "") and queue all current triggers to execution,
so ("sys.usb.config", "adb") is queued for execution for the first time.
6. main loop interpret ("sys.usb.config", "adb"), it is queued for
execution for a second time.
The second time makes ASIT fail.
Bug: http://b/28218187
Change-Id: I230e175e0dca8989f1e5bd812398da90082d0ec1
Signed-off-by: caozhiyuan <cao.zhiyuan@zte.com.cn>
Bug: 31800756
Instead of strictly timing out after 1s waiting for COLDBOOT_DONE,
we wait for a considerably longer period of time, which would also
allow slower non-production heavily instrumented debug builds to
boot up.
Upon successful wait, we measure the time taken and record the
value into a system property: ro.cold_boot.duration.
If timeout is still reached, we log an error message and abandon
boot process, rebooting into recovery mode instead.
Change-Id: Ic1df80546d8721b0e8c998ff294d5c5102de4e98
files.[h|cpp] is bound to be abused with junk, replace with
android_get_control_file.[h|cpp]. Plus some sundry cleanup.
Test: gTest libcutils-tests, logd-unit-tests, liblog-unit-tests,
logcat-unit-tests and init_tests
Bug: 32450474
Change-Id: Ibd4a7aa4624ea19a43d1f98a3c71ac37805d36b5
ExecuteCommand may change command_ vector which leads undefined behavior
This bug is found when adding logs in ExecuteCommand printing our Command class fields
Bug: 32838381
Test: on emulator
Change-Id: I96468bd2192ca80013871a3a6ac4132149363fff
Use to solve the problem of tracefs conditionally being mounted
under debugfs and needing restorecon'd without boot performance
penalty.
Also move skip-ce to a flag for consistency.
Test: Check that trace_mount has correct attributes after boot
Bug: 32849675
Change-Id: Ib6731f502b6afc393ea5ada96fa95b339f14da49
On FBE devices, the filenames inside credential-encrypted directories
are mangled until the key is installed. This means the initial
restorecon at boot needs to skip these directories until the keys
are installed.
This CL changes the implementation of the "restorecon_recursive"
built-in command to use the new SKIPCE flag to avoid labeling files
in CE directories. vold will request a restorecon when the keys
are actually installed.
(cherrypicked from commit 1635afe83d)
Bug: 30126557
Test: Cherry-picked from master
Change-Id: I320584574a4d712c493b5bbd8a79b56c0c04aa58
