Commit graph

937 commits

Author SHA1 Message Date
Nick Kralevich
9bcfd64b59 init: harden socket creation against symlinks
Instead of using chown, use the symlink safe lchown.

Instead of using chmod, use the symlink safe fchmodat
with AT_SYMLINK_NOFOLLOW.

Fix a bug where the SELinux filesystem creation context may
not be restored, and some memory not freed, if bind() fails.

Check the return values from the chown/chmod calls and unlink
the files if it ever fails.

(cherrypicked from commit ab5629c197)

Bug: 27337831
Change-Id: I28c5f4dee55aa706437eb51ad403c1fbf56138de
2016-02-25 12:38:51 -08:00
Yusuke Sato
246b0fd0d9 Use ro.debuggable instead of ro.build.type
Change-Id: I4d7c8c353ff47fbeee065b2c4fdd984768d0da00
2016-02-25 10:53:55 -08:00
James Hawkins
588a2cad7f system/core: Cleanup direct calls to opendir by containing in a
std::unique_ptr.

Bug: 26643633
Change-Id: Ia3491fdbff086558da694ae949cf08e4c89d0307
2016-02-18 14:52:46 -08:00
Anestis Bechtsoudis
b702b46f68 init: fix writepid wrong pid written in file(s)
When child (pid==0) executes fork branch 'pid_str'
will always be 0 writting wrong value to file(s).
Fix by utilizing getpid() to obtain correct pid.

Tracker link provides some insight on why use cases
aren't broken.

Bug: https://code.google.com/p/android/issues/detail?id=200392

Change-Id: I29989365a8bac94502c090918fa30e5cc88eb1ea
Signed-off-by: Anestis Bechtsoudis <anestis@census-labs.com>
2016-02-05 16:49:28 +02:00
Biao Lu
dc848566a1 init: Fix load_firmware error
In function 'load_firmware', parameter 'buf' passed to 'write'
is wrong. To fix it, use android::base::WriteFully to replace.

Change-Id: I13f79bdc9be9e5eb669f6bd975535b1dce965ef0
Signed-off-by: Biao Lu <biao.lu@intel.com>
2016-02-01 10:10:28 +08:00
Tom Cherry
1fb20b8377 init: Update readme.txt to reflect recent changes to init
Best practice for services that reside on the system, vendor, and odm
partitions is to have a corresponding init .rc file in the
/{system,vendor,odm}/etc/init directory, which contains its service
entry and any related actions.

Change-Id: I26204f9a0f09ce8069f3791ccd9ee61d164a048f
2016-01-23 05:23:39 +00:00
Hung-ying Tyan
e7f9779886 Merge "Allow paths of .rc files to be specified at mount_all" 2016-01-21 04:12:23 +00:00
Hung-ying Tyan
dc738eaf15 Allow paths of .rc files to be specified at mount_all
In current implementation, the mount_all command imports all .rc files
under /{system,vendor,odm}/etc/init/ after mouting filesystems is complete.
There's a need from ODMs to import different .rc files under different boot
modes (e.g., factory mode). Without this support, they will have to fiddle
around the init implementation.

This commit makes mount_all import the .rc files/directories specified
as additional arguments. If no path is given, the original ones are applied
the same way as the current implementation.

BUG: 26549689
Change-Id: Ie67ce13dde4c440ff8bf534826bc392c882a433f
2016-01-21 09:35:43 +08:00
Nick Kralevich
5db8d6aafa logging: avoid unnecessary printfs
Don't spend CPU cycles formatting a bunch of strings if we're
just going to throw them away later. Maybe make booting faster.

Change-Id: I4d8eb99fb3fa873ca91cf776933d0ad01988abf5
2016-01-16 16:20:24 -08:00
Tom Cherry
c787cf291a Remove special case handling of "ro." properties permissions
Currently, properties that begin with "ro." are special cased to skip
over the "ro." part of the prefix before matching with entries in
property_contexts.  This is not strictly needed however and it is
causing complications with the separated prop files work from Bug
21852512, so it is now removed.

Bug 26425619

Change-Id: I3cd14fa2176f96b3931e5f6a50c4a7bcd3af3da6
2016-01-11 14:00:40 -08:00
Colin Cross
710056efb8 Merge "libinit: depend on libselinux" 2016-01-08 20:49:42 +00:00
Bertrand SIMONNET
b7e03e82b8 init: Allows shutting down cleanly.
When ro.build.shutdown_timeout is set, init will send a SIGTERM signal to
all services on reboot. The normal shutdown process will continue once
all services have exited or after the shutdown timeout
(ro.build.shutdown_timeout).

If ro.build.shutdown_timeout is not set, we assume a 0s timeout.

Bug: 26216447
Test: manual: Ask to reboot. All services exit cleanly.

Change-Id: If921f6e8d87211e500ac9fa86f3e1eabe02d18cf
2016-01-08 11:12:15 -08:00
Colin Cross
c1caf88f25 libinit: depend on libselinux
libinit uses headers from libselinux, add a LOCAL_STATIC_LIBRARIES
dependency.

Change-Id: I6b0a3183058c8593ef40e58abbf2d72bcce59e95
2015-12-21 16:14:08 -08:00
Tom Cherry
dbddb40c95 Update init documentation to reflect fs_config changes
Change-Id: I00296d90c44af369a51ecb5cbb667567328f0053
2015-12-11 13:20:38 -08:00
Sami Tolvanen
0d1214c68e Merge "Set up dm-verity in EIO mode instead of logging mode" 2015-12-10 20:12:49 +00:00
Sami Tolvanen
9e9efcadc5 init: set ro.boot.flash.locked from ro.boot.verifiedbootstate
If ro.oem_unlock_supported is specified for the device and it supports
verified boot, export lock status in ro.boot.flash.locked.

Bug: 26039090
Change-Id: Ie7844aeb458c97944c72d46ea962b9cfb0a7875d
2015-12-09 10:09:11 +00:00
Tom Cherry
1563d6546c Remove property_area_initialized
This is deadcode as property_init() will only ever be called once and
the only remaining caller of properties_initialized() is
Service::NotifyStateChange() which can only be called after properties
have been initialized.

Change-Id: Ie071af84fcdbead72d259890fc8fb8db624282e7
2015-12-07 17:53:39 -08:00
Tom Cherry
c68998441c Merge "Remove ANDROID_PROPERTY_WORKSPACE" 2015-12-08 01:29:53 +00:00
Elliott Hughes
4f71319df0 Track rename of base/ to android-base/.
Change-Id: Idf9444fece4aa89c93e15640de59a91f6e758ccf
2015-12-04 22:00:26 -08:00
Tom Cherry
265f525e21 Remove ANDROID_PROPERTY_WORKSPACE
Bug 23290008

Change-Id: I95babe735444ada10c67594ace700cae5d1ec0b3
2015-12-04 14:11:02 -08:00
Tom Cherry
6036114f93 Abort if __system_property_area_init fails
If __system_property_area_init() fails, there is a fundamental issue
with the system and we should abort from init.

Bug: 21852512
Change-Id: I05d7978ba3bcc347027a6d9443de7cdd229033d2
2015-12-02 11:29:12 -08:00
Sami Tolvanen
90f52df257 Set up dm-verity in EIO mode instead of logging mode
If the device is corrupted, set up dm-verity in EIO mode instead of
logging mode. This prevents corrupted blocks from being returned to
user space. Note that restart mode is used by default and a warning
will be displayed to the user after corruption is first detected.

Bug: 19277516
Change-Id: I38966d73eb814836bc34b4bad1192583e5010b36
2015-12-02 14:38:01 +00:00
Tom Cherry
e36a85cdcc restorecon /property_contexts
/property_contexts exists before selinux policies are loaded, so we must
restorecon before other processes can access it

Bug: 21852512
Change-Id: Ie983caac635eb928ab19eea996a5625f3673de39
2015-12-01 17:47:35 -08:00
Nick Kralevich
83ccb1c76b init: Don't ignore setsockcreatecon errors
The init language supports setting the creation context of a socket
as the 6th argument to the socket keyword. For example, in the
following service, the context associated with the netd socket
is u:r:netd:s0

service netd /system/bin/netd
    class main
    socket netd stream 0660 root system u:r:netd:s0
    socket dnsproxyd stream 0660 root inet
    socket mdns stream 0660 root system
    socket fwmarkd stream 0660 root inet

The 6 argument form of the socket statement is rarely if ever used,
since the init code supplies a sensible default.

Currently, there's no error checking on the value supplied as
the 6th argument. For example, if you have the following socket
statement:

  socket netd stream 0660 root system graphics

a socket will attempt to get created with an invalid "graphics"
context. When setsockcreatecon fails, it retains the default socket
creation context, which for init is u:r:init:s0. This results in a
socket being created which is in an unexpected context.

Check the return value from the setsockcreatecon() call. If an
invalid context is specified, return early and don't subsequently
attempt to create the socket with the default context.

Bug: 25851205
Change-Id: Ic66cd6f7efe3897fb247b587ddeac5d35e1602b7
2015-11-23 17:09:49 -08:00
Nick Kralevich
2d8f1d4c47 Merge "Enable hidepid=2 on /proc" 2015-11-09 20:05:22 +00:00
Nick Kralevich
c39ba5ae32 Enable hidepid=2 on /proc
Add the following mount options to the /proc filesystem:

  hidepid=2,gid=3009

This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).

Please see
  https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.

hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.

Add AID_READPROC to processes which need to access /proc entries for
other UIDs.

Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
2015-11-09 09:08:46 -08:00
Rom Lemarchand
1dcf325844 init: skip "name" DT entry
DTs have a standard "name" entry which is not to be
turned into an android property, so skip it.

Change-Id: I79f6638b4123358c8d80510c1666cf5d4561160e
2015-11-08 17:51:50 -08:00
Daniel Cashman
27ff12443d Merge "init/adb: correct static lib dependencies for libselinux"
am: 38aee48fc6

* commit '38aee48fc695c25e15435e4ef235c8bc2e0afde9':
  init/adb: correct static lib dependencies for libselinux
2015-10-22 23:12:22 +00:00
Daniel Cashman
38aee48fc6 Merge "init/adb: correct static lib dependencies for libselinux" 2015-10-22 23:03:51 +00:00
William Roberts
bd2d961cc2 init/adb: correct static lib dependencies for libselinux
Now that libselinux uses libpackagelistparser, in order
for libpackagelistparser to be properly statically linked
liblog must come after libselinux for all the liblog
references to be defined in libpackagelistparser which
is included in libselinux. This patch corrects that order.

Change-Id: I7aee10c9395310919779ed2463aab6b2f8b380cc
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2015-10-22 15:21:26 -07:00
Dan Willemsen
eea68c6f98 Merge "Remove __DATE__/__TIME__ from init and debuggerd"
am: 512b0e60b4

* commit '512b0e60b4fb33ec5535c1784a99a27539787790':
  Remove __DATE__/__TIME__ from init and debuggerd
2015-10-22 22:00:20 +00:00
Dan Willemsen
30622bbb20 Remove __DATE__/__TIME__ from init and debuggerd
Keeping these means that every build has different init and debuggerd
binaries, even if the source was the same. So OTAs that don't touch
these sources would still need to update the binaries.

Both of these messages are only informational, so can be safely removed.
Bootchart already encodes build-specific information from the system
properties.

Bug: 24204119
Change-Id: I7ebd65a20a3e031e7528c9f741616e20b3cd7446
2015-10-22 13:12:18 -07:00
Sami Tolvanen
234aedfaf1 am b8cc70a9: Merge "Error correction: Use libfec in fs_mgr"
* commit 'b8cc70a94bcbf7b920465d92da6889f0db6d6fa5':
  Error correction: Use libfec in fs_mgr
2015-10-16 05:53:55 +00:00
Sami Tolvanen
99e3a927e8 Error correction: Use libfec in fs_mgr
Use libfec to read and parse verity metadata to protect against data
corruption.

Bug: 21893453
Change-Id: I3a3543e0d999316707302b3be8735a7133d22946
2015-10-14 22:12:04 +01:00
Sami Tolvanen
415f1bdcbf am 4bd3148e: Merge "Revert "Error correction: Use libfec in fs_mgr""
* commit '4bd3148e0f509efb75256a01959c9c1af9ffa845':
  Revert "Error correction: Use libfec in fs_mgr"
2015-10-14 19:52:24 +00:00
Sami Tolvanen
0923453462 Revert "Error correction: Use libfec in fs_mgr"
This reverts commit 3de3a0f351.

Change-Id: I1f121cbc4431b8d8ff146eab29832a8dda1eb8ba
2015-10-14 19:46:16 +00:00
Sami Tolvanen
81ef65827c am a2cfddd3: Merge "Error correction: Use libfec in fs_mgr"
* commit 'a2cfddd37e950ed75d72e6a968d7be974aac405f':
  Error correction: Use libfec in fs_mgr
2015-10-14 16:40:33 +00:00
Sami Tolvanen
3de3a0f351 Error correction: Use libfec in fs_mgr
Use libfec to read and parse verity metadata to protect against data
corruption.

Bug: 21893453
Change-Id: Ieee6a1441e2f68148ba635235216e36c69b13db1
2015-10-13 15:53:25 +01:00
Nick Kralevich
545b7c9e39 am 2fb90dc8: Merge changes from topic \'userspace-audit\'
* commit '2fb90dc8b2b590e674c5e433e8bf3d3f08a887c8':
  debuggerd: audit pid, uid and gid on SE Linux denial
  property_service: log pid,uid and gid of setprop client
2015-10-10 20:11:08 +00:00
Nick Kralevich
2fb90dc8b2 Merge changes from topic 'userspace-audit'
* changes:
  debuggerd: audit pid, uid and gid on SE Linux denial
  property_service: log pid,uid and gid of setprop client
2015-10-10 20:07:24 +00:00
Elliott Hughes
17ac480df2 am 55793400: Merge "init shouldn\'t call DumpState by default."
* commit '55793400f20e5160eaab6c85e5df621f48373ec2':
  init shouldn't call DumpState by default.
2015-10-09 21:30:35 +00:00
Elliott Hughes
1946d3bca8 init shouldn't call DumpState by default.
The cost of generating and throwing away a bunch of stuff that no one
normally sees is high enough to be worth avoiding.

Here's AOSP ToT on N9...

 init: (Parsing /system/etc/init/atrace.rc took 0.0112s.)
 init: (Parsing /system/etc/init/bootanim.rc took 0.0094s.)
 init: (Parsing /system/etc/init/crash_reporter.rc took 0.0103s.)
 init: (Parsing /system/etc/init/debuggerd.rc took 0.0090s.)
 init: (Parsing /system/etc/init/debuggerd64.rc took 0.0085s.)
 init: (Parsing /system/etc/init/drmserver.rc took 0.0078s.)
 init: (Parsing /system/etc/init/dumpstate.rc took 0.0073s.)
 init: (Parsing /system/etc/init/gatekeeperd.rc took 0.0063s.)
 init: (Parsing /system/etc/init/installd.rc took 0.0067s.)
 init: (Parsing /system/etc/init/keystore.rc took 0.0060s.)
 init: (Parsing /system/etc/init/lmkd.rc took 0.0060s.)
 init: (Parsing /system/etc/init/logcatd.rc took 0.0059s.)
 init: (Parsing /system/etc/init/logd.rc took 0.0068s.)
 init: (Parsing /system/etc/init/mdnsd.rc took 0.0057s.)
 init: (Parsing /system/etc/init/mediaserver.rc took 0.0064s.)
 init: (Parsing /system/etc/init/metrics_daemon.rc took 0.0063s.)
 init: (Parsing /system/etc/init/mtpd.rc took 0.0055s.)
 init: (Parsing /system/etc/init/netd.rc took 0.0066s.)
 init: (Parsing /system/etc/init/perfprofd.rc took 0.0057s.)
 init: (Parsing /system/etc/init/racoon.rc took 0.0054s.)
 init: (Parsing /system/etc/init/rild.rc took 0.0061s.)
 init: (Parsing /system/etc/init/servicemanager.rc took 0.0063s.)
 init: (Parsing /system/etc/init/surfaceflinger.rc took 0.0061s.)
 init: (Parsing /system/etc/init/uncrypt.rc took 0.0068s.)
 init: (Parsing /system/etc/init/vdc.rc took 0.0065s.)
 init: (Parsing /system/etc/init/vold.rc took 0.0063s.)

0.0112+0.0094+0.0103+0.0090+0.0085+0.0078+0.0073+0.0063+0.0067+0.0060+
0.0060+0.0059+0.0068+0.0057+0.0064+0.0063+0.0055+0.0066+0.0057+0.0054+
0.0061+0.0063+0.0061+0.0068+0.0065+0.0063 = 0.1809

And here it is again with the logging disabled:

 init: (Parsing /system/etc/init/atrace.rc took 0.0021s.)
 init: (Parsing /system/etc/init/bootanim.rc took 0.0006s.)
 init: (Parsing /system/etc/init/crash_reporter.rc took 0.0007s.)
 init: (Parsing /system/etc/init/debuggerd.rc took 0.0004s.)
 init: (Parsing /system/etc/init/debuggerd64.rc took 0.0005s.)
 init: (Parsing /system/etc/init/drmserver.rc took 0.0005s.)
 init: (Parsing /system/etc/init/dumpstate.rc took 0.0005s.)
 init: (Parsing /system/etc/init/gatekeeperd.rc took 0.0005s.)
 init: (Parsing /system/etc/init/installd.rc took 0.0005s.)
 init: (Parsing /system/etc/init/keystore.rc took 0.0013s.)
 init: (Parsing /system/etc/init/lmkd.rc took 0.0006s.)
 init: (Parsing /system/etc/init/logcatd.rc took 0.0013s.)
 init: (Parsing /system/etc/init/logd.rc took 0.0007s.)
 init: (Parsing /system/etc/init/mdnsd.rc took 0.0005s.)
 init: (Parsing /system/etc/init/mediaserver.rc took 0.0009s.)
 init: (Parsing /system/etc/init/metrics_daemon.rc took 0.0008s.)
 init: (Parsing /system/etc/init/mtpd.rc took 0.0011s.)
 init: (Parsing /system/etc/init/netd.rc took 0.0005s.)
 init: (Parsing /system/etc/init/perfprofd.rc took 0.0005s.)
 init: (Parsing /system/etc/init/racoon.rc took 0.0005s.)
 init: (Parsing /system/etc/init/rild.rc took 0.0005s.)
 init: (Parsing /system/etc/init/servicemanager.rc took 0.0005s.)
 init: (Parsing /system/etc/init/surfaceflinger.rc took 0.0005s.)
 init: (Parsing /system/etc/init/uncrypt.rc took 0.0005s.)
 init: (Parsing /system/etc/init/vdc.rc took 0.0005s.)
 init: (Parsing /system/etc/init/vold.rc took 0.0006s.)

0.0021+0.0006+0.0007+0.0004+0.0005+0.0005+0.0005+0.0005+0.0005+0.0013+
0.0006+0.0013+0.0007+0.0005+0.0009+0.0008+0.0011+0.0005+0.0005+0.0005+
0.0005+0.0005+0.0005+0.0005+0.0005+0.0006 = 0.0181

It's less than a second, but one problem is that the cost of the current
dumping is proportional to the number of init.rc files, so the more
cleanly you factor things, the more it would cost.

Change-Id: Id96f59e7d0b082d8cfdba4bdbff43a922ba4eeee
2015-10-09 14:03:14 -07:00
William Roberts
d7aea443d9 property_service: log pid,uid and gid of setprop client
When auditing setprop denials, it is often unclear of who the process is
in a multi-process domain. To help identify the invoker, log the pid, uid,
and gid of the caller.

Before:
avc:  denied  { set } for property=wifi.xxx ...

After:
avc:  denied  { set } for property=wifi.xxx pid=30691 uid=123 gid=345 ...

Change-Id: I5cdcb3d18fbd52e0987b5e1497b9f6620c6c742a
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2015-10-05 11:39:56 -07:00
Yasuhiro Matsuda
4bc228e317 am f656b683: am ada7fa06: Merge "Fix perfboot.py to work with the recent change."
* commit 'f656b683a6a09dd2ed2934de2e1d5c2044c1fbe2':
  Fix perfboot.py to work with the recent change.
2015-09-16 02:58:28 +00:00
Yasuhiro Matsuda
f656b683a6 am ada7fa06: Merge "Fix perfboot.py to work with the recent change."
* commit 'ada7fa063e4d8e2b8014a138bdf58d7729ce0ee9':
  Fix perfboot.py to work with the recent change.
2015-09-16 02:49:31 +00:00
Yasuhiro Matsuda
6ee194013a Fix perfboot.py to work with the recent change.
device.shell() was changed to return a (stdout, stderr) tuple in
the following CL.

https://android-review.googlesource.com/170420

This CL fixes perfboot.py to work with the return value.

Change-Id: I85d72fc63c1f96257fb19c3051482991a7b4049d
2015-09-15 14:00:10 +09:00
Tom Cherry
a2bdc2d91e am f23ef77f: am 4aa9dbab: Merge "init: Update readme.txt to reflect recent changes to init."
* commit 'f23ef77ffe4700221bc47c70ea1b7f1473d0d902':
  init: Update readme.txt to reflect recent changes to init.
2015-09-02 19:48:22 +00:00
Tom Cherry
f23ef77ffe am 4aa9dbab: Merge "init: Update readme.txt to reflect recent changes to init."
* commit '4aa9dbab6f78a1acae02d39b96fa572fbfc7b6ed':
  init: Update readme.txt to reflect recent changes to init.
2015-09-02 19:37:35 +00:00
Tom Cherry
3be66edc59 init: Update readme.txt to reflect recent changes to init.
Updates are as follows:

A detailed explanation of event triggers and property triggers
including how they can now be used

A new section describing .rc files, their locations, and the
intentions for each of these locations

A new section describing the import keyword and how it is not a
command but rather its own section

Removal of deprecated or incorrect text

Change-Id: If0a37375ac92a857900f3303ada4ba742360daff
2015-09-01 15:32:33 -07:00
Tom Cherry
af20a7cb12 resolved conflicts for merge of cda81d01 to mnc-dr-dev-plus-aosp
Change-Id: I747b279bc49f9f82b8f8859c49b3fc2a4e3b4977
2015-09-01 15:30:56 -07:00