Commit graph

12 commits

Author SHA1 Message Date
Steven Moreland
0eff1d2890 Explicit init .rc user.
Set the user explicitly.

Bug: 276813155
Test: boot
Change-Id: I54c14c47a3435d72e00280cf663f23ffbb9659ee
2023-04-10 20:54:26 +00:00
David Saff
dca3714425 Revert "vold: explicitly specify capabilities"
This reverts commit a4c5f57f63.

Reason for revert: Appears to be a culprit at https://android-build.googleplex.com/builds/tests/view?invocationId=I73600010121524618&testResultId=TR49128446350696862

Change-Id: Ia575a77e22547f93f4de8f5409649abbdf5e5883
2023-01-05 21:10:37 +00:00
Nikita Ioffe
a4c5f57f63 vold: explicitly specify capabilities
If a service doesn't specify any capabilities in it's definition in the
.rc file, then it will inherit all the capabilities from the init.
Although whether a process can use capabilities is actually controlled
by selinux (so inheriting all the init capabilities is not actually a
security vulnerability), it's better for defense-in-depth and just
bookkeeping to explicitly specify the capabilities that vold needs.

The list of capabilities that vold is allowed to use was obtained via:
```
$ adb pull /sys/fs/selinux/policy /tmp/selinux.policy
$ sesearch --allow -s vold -c capability,capability2 /tmp/selinux.policy
allow vold vold:capability { chown dac_override dac_read_search fowner fsetid kill mknod net_admin sys_admin sys_chroot sys_nice sys_ptrace };
allow vold vold:capability2 block_suspend
```

In addition, since vold execs the /system/bin/sdcard, which transitions
into sdcardd domain, we also need to add capabilities that are required
by /system/bin/sdcard:

```
sesearch --allow -s sdcardd -c capability,capability2 /tmp/selinux.policy
allow sdcardd sdcardd:capability { dac_override dac_read_search setgid setuid sys_admin sys_resource };
```

vold can also transform into the following domains which don't seem to
need any capabilities: blkid, blkid_untrusted, fsck, fsck_untrusted

vold can also transform into sgdisk domain, which only needs
CAP_SYS_ADMIN:

```
sesearch --allow -s sgdisk -c capability,capability2 /tmp/selinux.policy
allow sgdisk sgdisk:capability sys_admin
```

Bug: 249796710
Test: device boots
Test: prebumit
Change-Id: Ic2a35fd62d6ed8c7b305c23607e6c24b197cf6bc
2022-12-29 18:34:33 +00:00
Keith Mok
c73dbac02d vold: Reboot if vold failure
Vold stores some status in memory.
If vold crashed and restarted, those status are not
restored. Reboot device if vold on failure.

Bug: 202048432
Test: manually kill vold
Change-Id: Ic56acd9cc906b0166adf805023e34bbd6b3648a5
2021-10-06 18:47:37 +00:00
Suren Baghdasaryan
d7d3010c45 Replace writepid with task_profiles command for cgroup migration
writepid command usage to join a cgroup has been deprecated in favor
of a more flexible approach using task_profiles. This way cgroup path
is not hardcoded and cgroup changes can be easily made. Replace
writepid with task_profiles command to migrate between cgroups.

Bug: 191283136
Test: build and boot
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I9e89fc0f3dc1b4e970cf3a5982ed7f177d2c392c
2021-06-23 18:40:55 +00:00
Jaegeuk Kim
c0eea5736e vold: Grant root group
When using make_f2fs to format a filesystem with quota enabled, make_f2fs
will write quota record with group id equtal to make_f2fs's execution
group id.
Vold shall run as root group so that make_f2fs forked by vold will enherit
vold's root group. Make_f2fs can then write quota record with group id for
root group and therefore kernel quota driver can find quota record for
root group.

Bug: 111775499
Change-Id: I0c1fef760597d1695586d24365200b25e2cf07e6
Signed-off-by: Light Hsieh <light.hsieh@mediatek.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2018-08-08 17:08:02 -07:00
Jeff Sharkey
570b2864ee Grant "disk_reserved" GID to critical services.
This GID extends the ability to use reserved disk space, giving the
system a chance to be usable enough for the user to free up disk
space used by apps.

Test: builds, boots
Bug: 62024591
Change-Id: I8bc47911a71e1f399616caae83678e2914781c7e
2018-01-07 19:30:19 -07:00
Jeff Sharkey
cbe69fc060 Destroy vold socket interface completely.
Long live Binder.

Test: yes
Bug: 13758960
Change-Id: If6be379b5a873f1b0c66dd1522b87413ad10fc46
2017-09-18 16:00:14 -06:00
Keun-young Park
41156c5035 add vold to "shutdown critical"
bug: 37626581
Test: reboot and check last kmsg
Change-Id: I2c186c20a4afc342eaae420175013c80219a5ee5
2017-07-05 13:58:35 -07:00
Martijn Coenen
624ec66b26 Move vold (and sdcard childs) to foreground cpuset.
Bug: 24949295
Change-Id: I7118a374db90ede517a92f72763d624b9a234ea7
2016-04-15 14:30:40 +02:00
Tom Cherry
6cb234dc57 update bundled rc files to their contents from rootdir/init.rc
Bug 23186545

Change-Id: I634b682b7a4cef9e1b817561b4458e1442443c63
2015-08-21 12:39:39 -07:00
Tom Cherry
a285984ae4 bundle init.rc contents with its service
Bug: 23186545
Change-Id: I82d8b6dc54ebe32ceb1ed997aaab3701ee7b6c4a
2015-08-19 17:36:11 -07:00