Adding a new location for policy files under
/data, the new location is /data/security. The
new location is used before attempting to use
any other location.
This requires a new directory to be created by
the init script and an update to the location of
the property_contexts file for property service.
Change-Id: I955a722ac3e51fa6c1b97201b8bdef3f601cf09d
Adding a new location for policy files under
/data, the new location is /data/security. The
new location is used before attempting to use
any other location.
This requires a new directory to be created by
the init script and an update to the location of
the property_contexts file for property service.
Change-Id: I955a722ac3e51fa6c1b97201b8bdef3f601cf09d
Allow userspace programs to create IPPROTO_ICMP sockets.
This socket type allows an unprivileged program to safely
send ICMP_ECHO messages and receive the corresponding
ICMP_ECHOREPLY messages, without relying on raw sockets or
setuid programs.
Please see http://lwn.net/Articles/443051/ for details.
In particular, this allows us to use a version of ping
which doesn't have any capabilities
(https://android-review.googlesource.com/52072).
In addition, this allows us to safely implement an IPv4 ICMP
based version of InetAddress.isReachable()
(https://code.google.com/p/android/issues/detail?id=20106)
Change-Id: I876718151efa8219c4f34f573e35e21256fe2316
This will help get rid of android_aid.h in the kernel.
The group of the proc entries will be used in place of the default
values picked up by the xt_qtaguid netfilter module
(AID_NET_BW_STATS, AID_NET_BW_ACCT).
This change has no effect until the matching kernel changes are submitted.
Change-Id: I3c177e7b5caf9c59300eba6bd4a976634b333674
This is necessary for some HWC hals to be able to communicate with
secure side to grant protected access to hardware owned by the
hwc. This is necessary on some architectures to grant access to
secure buffers to overlay/csc hardware
Change-Id: I4e4becba5b4a80310ce8932edea5d0d046fa9b00
Signed-off-by: Dima Zavin <dima@android.com>
When vold mounts things in /mnt/secure/staging, it expects to MS_MOVE
those mountpoints when vetting is finished. However, the kernel
doesn't allow MS_MOVE when the source is shared to child namespaces.
To work around this, create a tmpfs at /mnt/secure and mark it as
private (not shared). Verified that vold can now successfully move
from the staging area.
Bug: 7094858
Change-Id: I5e05b1005c63efa277935c9bbd18cbf3ffdd47a3
Define /storage as top-level concept, so that we enforce permissions
uniformly. Moves external storage paths from headers to per-device
environment variables. Added missing mount flags, and we no longer
have adb-specific external storage.
Bug: 6925012
Change-Id: Ic7ca953be2f552d3f0ec9e69f89fef751daa1b29
Also remove mount() from adb, since it can come online long before
data partition is ready. Set EXTERNAL_STORAGE environment variable
to point to owner for backwards compatibility.
Bug: 7005701
Change-Id: I63444f6636624eb7ad89f053daa289663424639e
Remount rootfs as recursively shared, so that mount changes are
propagated into child namespaces. Mount external storage for access
from adb.
Clean multi-user dependencies for use in Dalvik. Also define
external storage paths.
Bug: 6925012
Change-Id: I375de581a63f4f36667894c56a34a9dd45361e8f
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
chown /proc/last_kmsg to user system group log during init, and
chmod it to readable only by user and group.
Bug: 6925227
Change-Id: I645b6a2d4fecc01a2bd4b7fa7ed6aae3ef638cb9
Set the security context for the init process.
Restore the security contexts of /cache and /data in case they were reset.
Specify the security context for services launched from the rootfs since
we cannot label their executables.
If on the emulator, set a policy boolean and restore the context of
/sys/qemu_trace to allow accesses not normally permitted on a device.
Change-Id: I166ffc267e8e0543732e7118eb0fd4b031efac3b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>