Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
We have several partitions with underscores in their names
which would not be properly linked in:
/dev/block/platform/msm_sdcc.1/by-name/
With this change more characters (_-.) are allowed in
partition name links. Also, any other character is
replaced with '_' so the resulting link names have the
same length as the partition name.
Change-Id: I746566c03db98b10326c755692362d2c10e528ae
* commit 'b1a9f8cf4b15a861ab998a4c5f0c69068f22c62a':
init: move initial property area allocation into bionic
property_service: make /dev/__properties__ readable
bionic's __system_property_add() now expands the property area as needed
by mapping in more pages. Rather than duplicate the mapping code, move
it inside bionic and have bionic's __system_property_area_init() set up
the first page.
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit f14eef0c3c)
Change-Id: Ieb94caab1527c71f2155efe3795490b0ea215a29
Currently, system properties are passed via the environment
variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed
from parent to child. This is insecure for setuid executables,
as the environment variable can be changed by the caller.
Make the /dev/__properties__ file accessible, so an app can
get properties directly from the file, rather than relying on
environment variables.
Preserve the environment variable for compatibility with pre-existing
apps.
Bug: 8045561
(cherry picked from commit 7ece0a862c)
Change-Id: I762da21ef4075f288745efed0ec7d16c2b71303c
Internally, replace the watchlist array with a hashmap since the array
assumes properties are enumerated in a consistent order and foreach()
probably won't. (find_nth() never guaranteed this either but it usually
worked in practice.)
Signed-off-by: Greg Hackmann <ghackmann@google.com>
(cherry picked from commit 389e358017)
Change-Id: I1db3137b130474f4bb205f01f0bdcf37cf974764
* changes:
init: fix copying boot properties
toolbox: hide property implementation from watchprops
init: verify size of property buffers passed to property_get
init: move the system property writer implementation
init: switch property_get to use __system_property_get
The previous patch "init: verify size of property buffers passed
to property_get" incorrectly modified one of the callers,
resulting in ro.serialno, ro.bootmode, ro.baseband, and
ro.bootloader always being set to their default values.
Bug: 9469860
(cherry picked from commit 67e3663fc9)
Change-Id: Ia7b337e1fab6e334729f47ee1269e6c736615177
Verify that the buffer passed as the value parameter to property_get
is always big enough.
(cherry picked from commit 88ac54a4e8)
Change-Id: Iacc2b42bfe4069e0bfcbb1c48474f30126a93139
Move the system property writer implementation into bionic to keep
it next to the reader implementation and allow for better testing.
(cherry picked from commit 9f5af63501)
Change-Id: Idf6100d1d0170751acd5163a22597912bff480f0
