Don't allow the accidental triggering of sysrq functionality
from the keyboard. The only expected use of sysrq functionality
is via /proc/sysrq-trigger
Please see https://www.kernel.org/doc/Documentation/sysrq.txt for
additional information on /proc/sys/kernel/sysrq
Bug: 13435961
Change-Id: I60dc92a4b2b4706e8fa34a6cead9abd449f7375f
Ensure that /data/misc/update_engine exists since it will be referenced
by selinux policy.
Bug: 23186405
Change-Id: I96e4ff341086da6474ef7f7c934f1f35bffc1439
The goal is to enable SANITIZE_TARGET='address coverage', which
will be used by LLVMFuzzer.
Bug: 22850550
Change-Id: Iea756eaaedaa56aee4daf714510269efe3aaa553
Move uncrypt from /init.rc to /system/etc/init/uncrypt.rc using the
LOCAL_INIT_RC mechanism
Bug 23186545
Change-Id: Ibd838dd1d250c0e6536e44b69f11fb5ed42ba10b
init.usb.rc and adbd.rc contain similar contents and belong in the same
file.
This file also belongs on the ramdisk as adbd is on the ramdisk, not the
system partition, therefore resolving to keep init.usb.rc in its current
location and combining the contents of adbd.rc is the best approach
Change-Id: I430f8fea58694679e7b8b7be69ce87daadd616f4
init.trace.rc will be renamed to atrace.rc and use the LOCAL_INIT_RC
mechanism to be included on /system appropriately.
Bug 23186545
Change-Id: I55c37d3ff98c9ac10e6c1a713fadc7eb37346195
Services definitions for core services are now bundled with the source
for the service itself in the form of <service name>.rc. These
individual .rc files are now located in /system/init/... and are
parsed when the system partition is mounted.
Bug: 23186545
Change-Id: Ia1b73af8d005633aa4252d603892064d7804163d
Instead of setting global ASAN_OPTIONS in immutable init.environ.rc,
load them from a file that can be changed later. The file has to be
on the /system partition to both be editable and available at the
early stages of boot.
Also add allocator_may_return_null=1 as that is closer to the
non-ASan allocator behavior.
Bug: 22846541
Change-Id: Ib0f41393c528f2e7cb398470e41f50abf5f4f455
We have a bunch of magic that mounts the correct view of storage
access based on the runtime permissions of an app, but we forgot to
protect the real underlying data sources; oops.
This series of changes just bumps the directory heirarchy one level
to give us /mnt/runtime which we can mask off as 0700 to prevent
people from jumping to the exposed internals.
Also add CTS tests to verify that we're protecting access to
internal mount points like this.
Bug: 22964288
Change-Id: I32068e63a3362b37e8ebca1418f900bb8537b498
system.img may contain the root directory as well. In that case, we
need to create some symlinks init.rc would during the build.
Change-Id: I4e7726f38c0f9cd9846c761fad1446738edb52c0
This CL adds a trigger and a service so that Systrace can be used
for tracing events during boot.
persist.debug.atrace.boottrace property is used for switching on
and off tracing during boot. /data/misc/boottrace/categories
file is used for specifying the categories to be traced.
These property and file are rewritten by Systrace when the newly
added option --boot is specified.
Here is an example of tracing events of am and wm catetories
during boot.
$ external/chromium-trace/systrace am wm --boot
This command will cause the device to reboot. Once the device has
booted up, the trace report is created by hitting Ctrl+C.
As written in readme.txt, this mechanism relies on persistent
property, so tracing events that are emitted before that are not
recorded. This is enough for tracing events after zygote is
launched though.
This only works on userdebug or eng build for security reason.
BUG: 21739901
Change-Id: I03f2963d77a678f47eab5e3e29fc7e91bc9ca3a4
Ensure that /data/anr always exists. This allows us to eliminate
some code in system_server and dumpstate. In addition, this change
solves a common problem where people would create the directory
manually but fail to set the SELinux label, which would cause
subsequent failures when they used the directory for ANRs.
Bug: 22385254
Change-Id: I29eb3deb21a0504aed07570fee3c2f87e41f53a0
Required by logd on devices with USE_CPUSETS defined.
Make /dev/cpuset/background, /dev/cpuset/foreground and
/dev/cpuset/task writeable by system gid. Add logd to system
group for writing to cpuset files and to root group to avoid
regressions. When dropping privs, also drop supplementary groups.
Bug: 22699101
Change-Id: Icc01769b18b5e1f1649623da8325a8bfabc3a3f0
system.img may contain the root directory as well. In that case, we
need to create some folders init.rc would during the build.
Change-Id: I312104ff926fb08d98ac8256b76d01b0a90ea5e5
Folders in the root directory are now created during the build,
as we may be building without a ramdisk, and when we do that,
the root directory will be read-only. With those changes,
these mkdirs will never need to run.
Change-Id: I49c63e8bfc71d28e3f938ed41f81d108359fa57a
system.img may contain the root directory as well. In that case, we
need to create some folders init.rc would during the build.
Change-Id: I157ccbebf36bee9916f3f584551704ec481ae1d1
