Currently, the fixup code in fixup_sys_perms() scans through all
entries in uevent*.rc. If it finds a match, then it performs a fixup.
If there's no match in that file, no fixup is performed.
SELinux file labels are independently stored in /file_contexts,
with no relationship to the files in /ueventd.rc. Even when no
entries exist in ueventd.rc, we still want to fixup the SELinux
file label in /sys when a uevent message occurs.
Change-Id: I0ccb5395ec0be9282095b844a5022e8c0d8903ac
The sysfs nodes can change from devices to devices for
a particular class of peripheral. Some of them even change
after suspend/resume, e.g. rfkill for USB bluetooth adapters.
This patch adds to the way how ueventd rules with wildcard are
handled. In addition to matching the prefix with a trailing
wildcard, now rules can have wildcard anywhere in the rule.
The wildcard matching is implemented using fnmatch(), where
its matching is simliar to shell pathname expansion. It suits
this particular usage model well. To avoid abuse, the number of
slashes has to match between path name and the rule.
For example, instead of creating a rule to match:
/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0/bluetooth/hci0/rfkill*
, this would suffice:
/sys/devices/pci0000:00/0000:00:1d.0/*/*/*/*/bluetooth/hci0/rfkill*
The prefix matching behavior is retained, such that those
rules do not have to pay for processing penalty with fnmatch().
Change-Id: I3ae6a39c838f6d12801cb71958e481b016f731f5
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
When ueventd creates a device node, it may also create one or more
symlinks to the device node. These symlinks may be the only stable
name for the device, e.g. if the partition is dynamically assigned.
A corresponding change with the same Change-Id to external/libselinux
introduces selabel_lookup_best_match() to support looking up the "best match"
for a device node based on its real path (key) and any links to it
(aliases). This change updates ueventd to use this new interface
to find the best match for the device node when creating it.
Change-Id: Id6c2597eee2b6723a5089dcf7c450f8d0a4128f4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
To ensure that well-crafted removable media can't spoof the
internal partitions, for platform devices the controller id
is inside the generated path.
We now do the same for PCI devices. The generated path has
two levels; the PCI domain/bus, and then the peripheral ID.
This lets us get by-name symlinks for PCI media, such as the
SATA controllers on PC-like hardware. The symlinks will be
created under /dev/block/pci/. For example:
/dev/block/pci/pci0000:00/0000:00:1f.2/by-name/
Change-Id: Icee3e86bef5569c2bbd94c26bc00d49028345e3b
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
cpufreq
The owner and permissions for the sysfs file
/sys/devices/system/cpu*/cpufreq/scaling_max/min_freq is changed.
This would allow the PowerHAL to change the max/min cpufreq even after
the associated CPU's are hotplugged out and back in.
Change-Id: Ibe0b4aaf3db555ed48e89a7fcd0c5fd3a18cf233
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
* Modify liblog to send all messages to the new syslog user
space daemon.
Original-Change-Id: I0ce439738cd921efb2db4c1d6a289a96bdbc8bc2
Original-Change-Id: If4eb0d09409f7e9be3eb4bb7017073dc7e931ab4
Signed-off-by: Nick Kralevich <nnk@google.com>
* Add a TARGET_USES_LOGD make flag for BoardConfig.mk to manage
whether logd is enabled for use or not.
* rename syslog to logd to avert confusion with bionic syslog
* Add fake log support back in
* prefilter for logging messages from logd
* Fill in timestamps at logging source
* update abstract log reader
* switch from using suffix for id to v3 format
* log a message when creating devices that a deprecated interface
is being utilized.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
(cherry pick from commit 099e2c1f6f706a8600c1cef74cce9066fc315480)
Change-Id: I47929a5432977a1d7235267a435cec0a7d6bd440
By default ueventd creates device nodes under /dev based on the ueventd
DEVPATH. Several subsystems have special rules which are hardcoded in
devices.c. Moving forward these special rules should go in ueventd.rc.
Special rules have the syntax:
subsystem <s>
devname (uevent_devname|uevent_devpath)
[dirname <dir>]
Devices matching SUBSYSTEM=<s> will be populated under <dir>. dirname
is optional and defaults to /dev. If dirname is provided, <dir> must
start with "/".
If devname is uevent_devname, ueventd will create the device node as
<dir>/DEVNAME. DEVNAME may include intermediate subdirectories, which
ueventd will automatically create.
If devname is uevent_devpath, ueventd will use the legacy behavior of
computing DEVPATH_BASE=basepath(DEVPATH), and creating the device node
as <dir>/DEVPATH_BASE.
The new parsing code is based on init_parser.c, with small tweaks to
handle commands which don't fall under a section header.
Change-Id: I3bd1b59d7e62dfc9d289cf6ae889e237fb5bd7c5
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Log an error before discarding problematic events, and add a missing
truncation check to the usb subsystem's unique codepath
Change-Id: I0d05aa287ffc63b46d1752d2a7409d35dc8caca7
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Restarting ueventd upon policy reloads has reportedly created
stability problems for some users and could cause events to be lost.
Stop restarting ueventd and instead handle policy reloads within ueventd.
Also stops restarting installd upon policy reloads.
Change-Id: Ic7f310d69a7c420e48fbc974000cf4a5b9ab4a3b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
We have several partitions with underscores in their names
which would not be properly linked in:
/dev/block/platform/msm_sdcc.1/by-name/
With this change more characters (_-.) are allowed in
partition name links. Also, any other character is
replaced with '_' so the resulting link names have the
same length as the partition name.
Change-Id: I746566c03db98b10326c755692362d2c10e528ae
This change enables labeling of dynamically created sysfs nodes
with specific SELinux security contexts.
Change-Id: If8b8d66120453123c1371ce063b6f20e8b96b6ef
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When using device tree, platform devices may not have a
/devices/platform/ path prefix, but can be rooted in
/devices/.
Modify the platform device tracking code to store the device
path as well as the name. This way, when we create symlinks, we
can correctly skip the base platform device prefix and get to the
proper device node path.
Change-Id: I939ef8fbcb45c5c803cd9a054e40136a912efc72
Signed-off-by: Dima Zavin <dima@android.com>
When using device tree, platform devices may not have a
/devices/platform/ path prefix, but can be rooted in
/devices/.
Modify the platform device tracking code to store the device
path as well as the name. This way, when we create symlinks, we
can correctly skip the base platform device prefix and get to the
proper device node path.
Change-Id: I939ef8fbcb45c5c803cd9a054e40136a912efc72
Signed-off-by: Dima Zavin <dima@android.com>
As it turns out, no, 64K is not enough. A device provisioning
tool was generating many uevents as it manipulated the GPT,
causing events near the end of the process (including events
as a result of the final BLKRRPART ioctl()) to get lost.
It's not clear what the best value for this should be, but
increasing to 256K fixed the problem in this case.
Change-Id: I4883b34e96c89e8a6fa581bc9cd121bb021b5694
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Automatically set the SELinux security label on directories created
by init.rc. This avoids the need to separately call restorecon on
each such directory from the init.rc file. Also restorecon /dev
and /dev/socket after initial policy load so that they are labeled
correctly before any other dev nodes or sockets are created.
Change-Id: If6af6c4887cdead949737cebdd673957e9273ead
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Change uevents may be triggered after new files are created on a device
in /sys, run the sys permissions fixup when they occur.
Change-Id: Iec2725c9f8a032e5124190444edaf189a766b0b2
This device is required by libdrm for GPUs like IvyBridge.
Change-Id: I0ac47056a9cec2100f3e6eaa5591571fe6bbc145
Signed-off-by: Lukasz Anaczkowski <lukasz.anaczkowski@intel.com>
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add SE Android support for init and ueventd.
init:
- Load policy at boot.
- Set the security context for service daemons and their sockets.
- New built-in commands: setcon, setenforce, restorecon, setsebool.
- New option for services: seclabel.
ueventd:
- Set the security context for device directories and nodes.
Change-Id: I98ed752cde503c94d99dfa5b5a47e3c33db16aac
The mmc block devices on panda boards use a platform device called
omap/omap_hsmmc.0. The number of path entries in the uevent after
the platform device is unknown, and the number of path entries in
the platform device is unknown, so the only way to determine how
many entries make up the platform device is to compare against
a list of platform devices.
Add a list of platform devices that have been registered, and
iterate through it to determine the platform device portion of
a block device uevent.
Change-Id: I1480bc6429172ca6997d548787be3863ce062472
In some situations a driver could try to request firmware before
/system is mounted. Previously we'd fail the request. Now we
will retry the read-from-filesystem every 100ms until we find the
firmware or we've finished the "fs" and "post-fs" stages of init.
Change-Id: Ie32402f7d41c818bf20f3297286ed5f99705b72c
