Obsolete RLE 565 logo is used nowhere,
because 565 framebuffer isn't used for years.
It's not necessary to keep this thing alive anymore.
Change-Id: Ie61e168790f791230530cd3eb1c68b1f7344c9a7
Functionally equivalent to the restorecon -R toolbox command.
A use case is given by:
I48eaa2b9901ac8c978192c14493ba1058a089423
Also, fix error handling and documentation for restorecon command.
Change-Id: Ia7fbcc82645baf52c6bff0490d3492f458881cbb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Don't queue actions for "on property=*" if the property does not exist.
This fixes these errors on boot:
init: property 'sys.powerctl' doesn't exist while
expanding '${sys.powerctl}'
init: powerctl: cannot expand '${sys.powerctl}
Change-Id: I3bd354d73a860f856be5df2c654f940445f9efd9
The Linux kernel supports command lines up to 2048 bytes on x86,
see COMMAND_LINE_SIZE in asm/setup.h.
If any androidboot.xxxx arguments were past the 1024 byte limit
here, they were lost.
Change-Id: I6247c511a7de04109490fffa0125801d274a5501
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Create a new "androidboot.selinux" option, to control how userspace
handles SELinux. This kernel command line can have three options:
* disabled
* permissive
* enforcing
"disabled" completely disables userspace support for SELinux. No
policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux
ever mounted.
"permissive" loads the SELinux policy, but puts SELinux into
permissive mode. SELinux policy violations are logged, but not rejected.
"enforcing", the default, loads the SELinux policy, and places
SELinux into enforcing mode. Policy violations are rejected.
This change addresses post review comments for change
b710ed21de .
Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
When init starts up, immediately put SELinux into enforcing mode.
This is currently a no-op. We currently have everything in the
unconfined domain, so this should not break anything.
(if it does, I'll roll it back immediately)
If the kernel doesn't have SELinux support compiled in, then
don't try loading a policy and continue without SELinux protections.
Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
Add "gps." and "persist.gps." to property_perms white list.
Change-Id: I7177170676d774c87e08d1548f5264ac27cba3ff
Orig-Change-Id: I7a94caa26be4aefd2fe4f155908e2f8f09858bee
Signed-off-by: Nicolas SUET <nicolas.suet@intel.com>
Signed-off-by: jerome Pantaloni <jeromex.pantaloni@intel.com>
Signed-off-by: Jian Luo <jian.luo@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 118091
Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
These properties are typically set at device provisioning time
or in the factory. They contain unit-specific data that isn't
touched by software updates or factory data reset. Only
read-only properties can be read by this mechanism.
Change-Id: Ifff9184f039072c3c0ce99f825c3075afb524514
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The Linux RNG may have little entropy during boot. As more and more
devices have a Hardware RNG, we mix in 512 bytes from Hardware RNG
(if present) into Linux RNG early during boot (after
wait_for_coldboot_done and before property_service_init actions in
init).
To avoid having to trust the output of Hardware RNG, we do not mix it
into the Linux RNG's primary pool or increase the Linux RNG's entropy
estimates.
Bug: 10362513
Change-Id: I80617f21710400747f5e7533e518d90ea74e2f11
This change adds a "verify" fs_mgr flag specifying that
the device in question should be verified.
Devices marked with this flag are expected to have a
footer immediately after their data containing all
the information needed to set up a verity instance.
Change-Id: I10101f2c3240228ee0932e3767fe35e673d2e720
Restarting ueventd upon policy reloads has reportedly created
stability problems for some users and could cause events to be lost.
Stop restarting ueventd and instead handle policy reloads within ueventd.
Also stops restarting installd upon policy reloads.
Change-Id: Ic7f310d69a7c420e48fbc974000cf4a5b9ab4a3b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
We have several partitions with underscores in their names
which would not be properly linked in:
/dev/block/platform/msm_sdcc.1/by-name/
With this change more characters (_-.) are allowed in
partition name links. Also, any other character is
replaced with '_' so the resulting link names have the
same length as the partition name.
Change-Id: I746566c03db98b10326c755692362d2c10e528ae
Create a new "androidboot.selinux" option, to control how userspace
handles SELinux. This kernel command line can have three options:
* disabled
* permissive
* enforcing
"disabled" completely disables userspace support for SELinux. No
policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux
ever mounted.
"permissive" loads the SELinux policy, but puts SELinux into
permissive mode. SELinux policy violations are logged, but not rejected.
"enforcing", the default, loads the SELinux policy, and places
SELinux into enforcing mode. Policy violations are rejected.
This change addresses post review comments for change
b710ed21de .
Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
When init starts up, immediately put SELinux into enforcing mode.
This is currently a no-op. We currently have everything in the
unconfined domain, so this should not break anything.
(if it does, I'll roll it back immediately)
If the kernel doesn't have SELinux support compiled in, then
don't try loading a policy and continue without SELinux protections.
Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
* commit 'b1a9f8cf4b15a861ab998a4c5f0c69068f22c62a':
init: move initial property area allocation into bionic
property_service: make /dev/__properties__ readable
bionic's __system_property_add() now expands the property area as needed
by mapping in more pages. Rather than duplicate the mapping code, move
it inside bionic and have bionic's __system_property_area_init() set up
the first page.
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit f14eef0c3c)
Change-Id: Ieb94caab1527c71f2155efe3795490b0ea215a29
Currently, system properties are passed via the environment
variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed
from parent to child. This is insecure for setuid executables,
as the environment variable can be changed by the caller.
Make the /dev/__properties__ file accessible, so an app can
get properties directly from the file, rather than relying on
environment variables.
Preserve the environment variable for compatibility with pre-existing
apps.
Bug: 8045561
(cherry picked from commit 7ece0a862c)
Change-Id: I762da21ef4075f288745efed0ec7d16c2b71303c
bionic's __system_property_add() now expands the property area as needed
by mapping in more pages. Rather than duplicate the mapping code, move
it inside bionic and have bionic's __system_property_area_init() set up
the first page.
Change-Id: If9917d5f775c1a82eb89be55b84635395145ca49
Signed-off-by: Greg Hackmann <ghackmann@google.com>
