Modify init to set the umask to 077 when forking processes.
This helps protect against inadvertant information disclosure
in init's child processes.
ueventd: Keep umask at 000. uevent needs to be able to
create device nodes with exactly the permissions it
indicates.
Testing:
1) Do an "ls -lR /data /dev" on the device before and after
the umask change and diff the output. Verified by hand
that the permission change wouldn't cause any problems.
2) Verify that package installation works, and the permissions
are as expected, when installing a program from market and
"adb install".
Bug: 3272072
Change-Id: Ie4f7f06c0ee9da8d9b6fce25d71d8991a9bce406
Normally, calling open on a tty will set that tty as the process
group controlling tty if none already exists. However, if the tty
is /dev/console, the kernel will never automatically set it as the
controlling tty. Call the TIOCSCTTY manually on the fd, which will
always attempt to set it as the controlling tty.
Fixes ctrl-c on the console shell when androidboot.console is not
passed on the kernel command line and the default /dev/console is
used.
Change-Id: I449cc41b47e93ac38ad6987413bb54131e1ec0cd
Add SE Android support for init and ueventd.
init:
- Load policy at boot.
- Set the security context for service daemons and their sockets.
- New built-in commands: setcon, setenforce, restorecon, setsebool.
- New option for services: seclabel.
ueventd:
- Set the security context for device directories and nodes.
Change-Id: I98ed752cde503c94d99dfa5b5a47e3c33db16aac
Also, clean up how we initialize the ro.xx properties and process
the kernel command line.
Change-Id: Iedda6c90e31340a189171a44b2767480403354f7
Signed-off-by: Dima Zavin <dima@android.com>
This removes the hardcoding of the file import in init and instead
allows the init.rc file to fully control what is loaded.
Change-Id: I933e5bbab57f1e8705a370d660f92c6508da94d2
Signed-off-by: Dima Zavin <dima@android.com>
The property service is still started later, but the property area
and the initial boot properties are initialized before the init.rc
file is processed. This allows init.rc files to have access to boot
properties during parsing.
Change-Id: Iae9ed1093c821831a864b39ae6bc697e62b94757
Signed-off-by: Dima Zavin <dima@android.com>
The class_reset command used to reset services that had been set to
"disabled" in the init.rc file to a non-disabled state. Now, if the
service was originally set to "disabled", have the reset command set
it back to disabled. Otherwise, set it to the "reset" state as it
currently does.
Change-Id: I0c10582e46a8e443d4748d9d893ae762b19b653a
x86 emulator passes hardware name through the androidboot.hardware kernel cmd option, and
ueventd must pick up on it to locate proper ueventd.rc file for that hardware.
Change-Id: Id61c5b67fe6275a15c7aa62556e0b89eda7968f8
Introduces a 'charger' section that is processed when androidboot.mode
supplied on the kernel commandline is "charger".
In this mode, sections such as fs, post-fs, etc are skipped. Only the
'early-init' and 'init' sections of the init rc files are processed before
processing the 'charger' section.
Change-Id: If9eb6334de18f04cbcf2aab784578e2993615242
Signed-off-by: Dima Zavin <dima@android.com>
There was a build error in init.c if you enabled bootchart, this
should probably be shipped upstream if not fixed already.
Change-Id: Iea3451c3e15d5cac00c5420d99bfce9a950aaaac
In some situations a driver could try to request firmware before
/system is mounted. Previously we'd fail the request. Now we
will retry the read-from-filesystem every 100ms until we find the
firmware or we've finished the "fs" and "post-fs" stages of init.
Change-Id: Ie32402f7d41c818bf20f3297286ed5f99705b72c
These are the changes to init and init.rc necessary to
support booting with and encrypted /data filesystem.
A corresponding change to init.<device>.rc goes along
with this change.
Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
This keyword will cause init to wait a few seconds before exec'ing
the target binary. Maybe only useful for hacks and debugging.
Change-Id: I85caa0bcbc0be7e48bd21eb9e31e039c0740c8d5
Under some circumstances, setuid() and family can fail,
returning a non-zero value. (see "man setuid" for details).
If this happens, we want to ensure that init doesn't spawn a
process which has root privileges when it's not suppose to.
Change-Id: Idd03f2c8f82a7eaf6e696b5bcfe308e51ea58b52
This enhances robustness by allowing the Telephony Framework to restart
ril-daemon if it notices some catastrophic failure.
Added setprop ctl.restart.
Added ril-daemon to setprop control_perms and allow users/groups
with the AID_RADIO ID to control it.
Change-Id: I195abdd754a731ce0b77e8f71ab47fde8c3e7977
Merge commit '78ea2374c5c87d7bb58747b1a6173c598f386600'
* commit '78ea2374c5c87d7bb58747b1a6173c598f386600':
init: Add support for SOCK_SEQPACKET socket type
When the init process ran out of actions to execute, cur_action was
NULL and action_queue_empty() was true, but cur_command was still
set. This patch clears cur_command when a new action is retreived,
and only depends on cur_action and action_queue_empty() to determine
the poll timeout.
Change-Id: Iaa95063c8c267a5b1ada9f20363b99c433e61ac4
Devices with non-MTD storage need to override the filesystem mounting
commands in init.rc. Moving them to a new "fs" init level allows a
custom init.<device>.rc to handle the mounting.
Change-Id: If0e655139b9734650fb798b6eb0a90e2241fc29b
The rationale being that we do not want this enabled by default, but
tying it to adb being enabled allows convenient bugreport collection
for savvy users and developers using production devices.
Change-Id: I71535b33f0774faf1975c98d106080f2ff12e349
Signed-off-by: Mike Lockwood <lockwood@android.com>
For example,
service recovery /sbin/recovery
onrestart start loadkeys
onrestart class_start con
onrestart stop recovery
Previously, if you had a service like the above, the "onrestart stop
recovery" clause would not have any effect, because the restart flag
would be re-set after the stop command had executed.
This is similar to a service with the "oneshot" keyword, with the critical
difference being that it executes the other onrestart commands when the
service dies.
