Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Automatically set the SELinux security label on directories created
by init.rc. This avoids the need to separately call restorecon on
each such directory from the init.rc file. Also restorecon /dev
and /dev/socket after initial policy load so that they are labeled
correctly before any other dev nodes or sockets are created.
Change-Id: If6af6c4887cdead949737cebdd673957e9273ead
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
x86 emulator passes hardware name through the androidboot.hardware kernel cmd option, and
ueventd must pick up on it to locate proper ueventd.rc file for that hardware.
Change-Id: Id61c5b67fe6275a15c7aa62556e0b89eda7968f8
eMMC block device names may change based on the detection order of
the eMMC device and any other SD bus devices, such as a removable SD
card.
This patch adds support to init for:
* Symlinks to block devices. When a block device uevent is
processed, if it starts with "/devices/platform", the platform
driver name is parsed out, and symlinks to the block device are
created in /dev/block/platform/<platform driver>/
* Symlinks based on partition name and number. If the uevent for
a block device contains information on the partition name or
number, symlinks are created under
/dev/block/platform/<platform driver>/by-num/p<partition>
and
/dev/block/platform/<platform driver>/by-name/<partition name>
init.rc can then use a device path like the following to mount an
eMMC device:
/dev/block/platform/<platform>/by-name/system /system ro
Change-Id: Id11bb7cdf1e2ada7752a5bd671cbf87237b34ae2
