This allows us to choose different configs depending on
whether or not the target is 64 capable, and what its preferred
default is.
bug: 13647418
Change-Id: Ie1ce4245a3add7544c87d27c635ee390f4062523
The kernel's default is between 4~20.
Prepare for javaland to modify the value at runtime.
It can be done via
setprop sys.sysctl.tcp_def_init_rwnd <value>
Bug: 12020135
Change-Id: Id34194b085206fd02e316401c0fbbb9eb52522d2
(cherry picked from commit 7c862c8b5e)
- init: set /proc/sys/net/unix/max_dgram_qlen to 300
- libsysutils: Add listen backlog argument to startListener
- logd: set listen backlog to 300
Change-Id: Id6d37d6c937ba2d221e76258d89c9516619caeec
* Create a new userspace log daemon for handling logging messages.
Original-Change-Id: I75267df16359684490121e6c31cca48614d79856
Signed-off-by: Nick Kralevich <nnk@google.com>
* Merge conflicts
* rename new syslog daemon to logd to prevent confusion with bionic syslog
* replace racy getGroups call with KISS call to client->getGid()
* Timestamps are filed at logging source
* insert entries into list in timestamp order
* Added LogTimeEntry tail filtration handling
* Added region locking around LogWriter list
* separate threads for each writer
* /dev/socket/logd* permissions
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
(cherry picked from commit 3e76e0a497)
Author: Nick Kralevich <nnk@google.com>
Change-Id: Ice88b1412d8f9daa7f9119b2b5aaf684a5e28098
With the following prior changes:
I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1
I698b1b2c3f00f31fbb2015edf23d33b51aa5bba1
I8dd915d9bb80067339621b905ea2b4ea0fa8d71e
it should now be safe (will correctly label all files)
and reasonably performant (will skip processing unless
file_contexts has changed since the last call) to call
restorecon_recursive /data from init.rc.
The call is placed after the setprop selinux.policy_reload 1 so that
we use any policy update under /data/security if present.
Change-Id: Ib8d9751a47c8e0238cf499fcec61898937945d9d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
mkdir /data/misc/wifi subdirectories and /data/misc/dhcp is performed
in the various device-specific init*.rc files but seems generic.
Move it to the main init.rc file.
Drop the separate chown for /data/misc/dhcp as this is handled by mkdir
built-in if the directory already exists.
Add a restorecon_recursive /data/misc/wifi/sockets.
Change-Id: I51b09c5e40946673a38732ea9f601b2d047d3b62
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When adbd runs as root, it should transition into the
su domain. This is needed to run the adbd and shell
domains in enforcing on userdebug / eng devices without
breaking developer workflows.
Introduce a new device_banner command line option.
Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
Otherwise it will be mislabeled on upgrades with existing userdata.
Change-Id: Ibde88d5d692ead45b480bb34cfe0831baeffbf94
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Use restorecon_recursive to label devices
where the directory and subfiles have
already been built and labeled.
Change-Id: I0dfe1e542fb153ad20adf7b2b1f1c087b4956a12
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
If checkreqprot == 1, SELinux only checks the protection flags passed
by the application, even if the kernel internally adds PROT_EXEC for
READ_IMPLIES_EXEC personality flags. Switch to checkreqprot == 0
to check the final protection flags applied by the kernel.
Change-Id: Ic39242bbbd104fc9a1bcf2cd2ded7ce1aeadfac4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This allows it to be permissive in userdebug/eng builds
but confined/enforcing in user builds.
Change-Id: Ie322eaa0acdbefea2de4e71ae386778c929d042b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The files in zoneinfo changed from system_data_file to
zoneinfo_data_file. Fixup pre-existing files.
Change-Id: Idddbd6c2ecf66cd16b057a9ff288cd586a109949
There is no longer any reason to permit system UID to set enforcing mode.
Change-Id: Ie28beed1ca2b215c71f2847e2390cee1af1713c3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
MS_MOVE was used when staging external storage devices, which no
longer occurs. In fact, having a writable tmpfs was masking a vold
bug around moving apps to SD cards.
Bug: 11175082
Change-Id: Ib2d7561c3a0b6fde94f651a496cb0c1f12f88d96
Add sdcard FUSE daemon flag to specify the GID required for a package
to have write access. Normally sdcard_rw, but it will be media_rw
for secondary external storage devices, so DefaultContainerService
can still clean up package directories after uninstall.
Create /mnt/media_rw which is where vold will mount raw secondary
external storage devices before wrapping them in a FUSE instance.
Bug: 10330128, 10330229
Change-Id: I4385c36fd9035cdf56892aaf7b36ef4b81f4418a
