During boot, allow a property file to import properties from another
file. Supports importing the entire file, a specific key, or any
keys matching a specific prefix. Here's some example syntax:
import /oem/oem.prop
import /oem/oem.prop foo.*
import /oem/oem.prop foo.bar
Bug: 13340779
Change-Id: I867f9a10ca09684326675d9f051f5cf2ae171617
* Modify liblog to send all messages to the new syslog user
space daemon.
Original-Change-Id: I0ce439738cd921efb2db4c1d6a289a96bdbc8bc2
Original-Change-Id: If4eb0d09409f7e9be3eb4bb7017073dc7e931ab4
Signed-off-by: Nick Kralevich <nnk@google.com>
* Add a TARGET_USES_LOGD make flag for BoardConfig.mk to manage
whether logd is enabled for use or not.
* rename syslog to logd to avert confusion with bionic syslog
* Add fake log support back in
* prefilter for logging messages from logd
* Fill in timestamps at logging source
* update abstract log reader
* switch from using suffix for id to v3 format
* log a message when creating devices that a deprecated interface
is being utilized.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
(cherry pick from commit 099e2c1f6f706a8600c1cef74cce9066fc315480)
Change-Id: I47929a5432977a1d7235267a435cec0a7d6bd440
Eliminates various warnings from SELinux-related code.
Bug: 12587913
Change-Id: I28921f0ebd934324436609540d95ccef58552b64
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
libselinux selinux_android_restorecon API is changing to the more
general interface with flags and dropping the older variants.
Also get rid of the old, no longer used selinux_android_setfilecon API
and rename selinux_android_setfilecon2 to it as it is the only API in use.
Change-Id: I1e71ec398ccdc24cac4ec76f1b858d0f680f4925
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This requires telling libselinux to use the sehandle already
obtained by init rather than re-acquiring it internally. init
retains ownership of the sehandle because it performs the
initial load, uses the sehandle for other purposes (e.g. labeling
of directories created via mkdir and labeling of socket files),
and handles the policy reload property trigger.
Change-Id: I4a380caab7f8481c33eb64fcdb16b6cabe918ebd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This cleans up most of the size-related problems in system/core.
There are still a few changes needed for a clean 64-bit build,
but they look like they might require changes to things like the
fastboot protocol.
Change-Id: I1560425a289fa158e13e2e3173cc3e71976f92c0
Currently, the restorecon_recursive("/sys") call in
init.c takes approx 2 seconds on hammerhead. This change
reduces the delay to 1.2 seconds.
1) Avoid double stat call when using nftw (time savings
of 0.3 seconds)
2) Avoid the repeated calls to is_selinux_enabled() (time
savings of 0.5 seconds)
Avoid calling lsetfilecon if the file is already properly
labeled. This doesn't speed up the restorecon on /sys,
but it should help when handling files on /data.
Bug: 11640230
Change-Id: Ie212ce4f4acade208c5676d60c1f03f50e2388a4
By default ueventd creates device nodes under /dev based on the ueventd
DEVPATH. Several subsystems have special rules which are hardcoded in
devices.c. Moving forward these special rules should go in ueventd.rc.
Special rules have the syntax:
subsystem <s>
devname (uevent_devname|uevent_devpath)
[dirname <dir>]
Devices matching SUBSYSTEM=<s> will be populated under <dir>. dirname
is optional and defaults to /dev. If dirname is provided, <dir> must
start with "/".
If devname is uevent_devname, ueventd will create the device node as
<dir>/DEVNAME. DEVNAME may include intermediate subdirectories, which
ueventd will automatically create.
If devname is uevent_devpath, ueventd will use the legacy behavior of
computing DEVPATH_BASE=basepath(DEVPATH), and creating the device node
as <dir>/DEVPATH_BASE.
The new parsing code is based on init_parser.c, with small tweaks to
handle commands which don't fall under a section header.
Change-Id: I3bd1b59d7e62dfc9d289cf6ae889e237fb5bd7c5
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Log an error before discarding problematic events, and add a missing
truncation check to the usb subsystem's unique codepath
Change-Id: I0d05aa287ffc63b46d1752d2a7409d35dc8caca7
Signed-off-by: Greg Hackmann <ghackmann@google.com>
To prevent clashing with forthcoming changes to uevent_parser.c
Change-Id: I2ee183261c7f43e0e4104a16a280c7ee73d7df96
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Under certain conditions, poll() may raise the POLLERR
flag along with POLLIN, in which case the check for
(ufd.revents == POLLIN) results in an endless busy loop.
The following fix was applied to
hardware/libhardware_legacy/uevent/uevent.c
to fix a similar bug:
commit 3aabb260ceef10377c31c9e45fb239247f5cfeba
Author: Mathias Agopian <mathias@google.com>
Date: Mon Oct 1 14:53:18 2012 -0700
fix a typo in uevent_next_eventi
Bug: 7114973
Change-Id: I15a4c714b59aeb1d02db00517d70b5f0e5ab22c2
Applying the same fix for two more poll loops in init
and ueventd.
Change-Id: I50693f6d3c904992ac4b8a9a14a83c7106e6b9e0
Obsolete RLE 565 logo is used nowhere,
because 565 framebuffer isn't used for years.
It's not necessary to keep this thing alive anymore.
Change-Id: Ie61e168790f791230530cd3eb1c68b1f7344c9a7
Functionally equivalent to the restorecon -R toolbox command.
A use case is given by:
I48eaa2b9901ac8c978192c14493ba1058a089423
Also, fix error handling and documentation for restorecon command.
Change-Id: Ia7fbcc82645baf52c6bff0490d3492f458881cbb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Don't queue actions for "on property=*" if the property does not exist.
This fixes these errors on boot:
init: property 'sys.powerctl' doesn't exist while
expanding '${sys.powerctl}'
init: powerctl: cannot expand '${sys.powerctl}
Change-Id: I3bd354d73a860f856be5df2c654f940445f9efd9
The Linux kernel supports command lines up to 2048 bytes on x86,
see COMMAND_LINE_SIZE in asm/setup.h.
If any androidboot.xxxx arguments were past the 1024 byte limit
here, they were lost.
Change-Id: I6247c511a7de04109490fffa0125801d274a5501
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Create a new "androidboot.selinux" option, to control how userspace
handles SELinux. This kernel command line can have three options:
* disabled
* permissive
* enforcing
"disabled" completely disables userspace support for SELinux. No
policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux
ever mounted.
"permissive" loads the SELinux policy, but puts SELinux into
permissive mode. SELinux policy violations are logged, but not rejected.
"enforcing", the default, loads the SELinux policy, and places
SELinux into enforcing mode. Policy violations are rejected.
This change addresses post review comments for change
b710ed21de .
Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
When init starts up, immediately put SELinux into enforcing mode.
This is currently a no-op. We currently have everything in the
unconfined domain, so this should not break anything.
(if it does, I'll roll it back immediately)
If the kernel doesn't have SELinux support compiled in, then
don't try loading a policy and continue without SELinux protections.
Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
Add "gps." and "persist.gps." to property_perms white list.
Change-Id: I7177170676d774c87e08d1548f5264ac27cba3ff
Orig-Change-Id: I7a94caa26be4aefd2fe4f155908e2f8f09858bee
Signed-off-by: Nicolas SUET <nicolas.suet@intel.com>
Signed-off-by: jerome Pantaloni <jeromex.pantaloni@intel.com>
Signed-off-by: Jian Luo <jian.luo@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 118091
Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
These properties are typically set at device provisioning time
or in the factory. They contain unit-specific data that isn't
touched by software updates or factory data reset. Only
read-only properties can be read by this mechanism.
Change-Id: Ifff9184f039072c3c0ce99f825c3075afb524514
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The Linux RNG may have little entropy during boot. As more and more
devices have a Hardware RNG, we mix in 512 bytes from Hardware RNG
(if present) into Linux RNG early during boot (after
wait_for_coldboot_done and before property_service_init actions in
init).
To avoid having to trust the output of Hardware RNG, we do not mix it
into the Linux RNG's primary pool or increase the Linux RNG's entropy
estimates.
Bug: 10362513
Change-Id: I80617f21710400747f5e7533e518d90ea74e2f11
This change adds a "verify" fs_mgr flag specifying that
the device in question should be verified.
Devices marked with this flag are expected to have a
footer immediately after their data containing all
the information needed to set up a verity instance.
Change-Id: I10101f2c3240228ee0932e3767fe35e673d2e720
