We already do this for init, but had failed to do it for ueventd
and could not capture any logging from libselinux calls made by
ueventd.
Truly enabling non-error logging also requires uncommenting a line
in Android.mk:
LOCAL_CFLAGS += -DLOG_UEVENTS=1
which enables other logging and sets the default log level to INFO,
or otherwise changing the klog level in the ueventd code (is not
settable by init.rc loglevel).
Change-Id: I00e6f9d6271f2a21d9078c96368816d74d6d2850
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Add the ability to boot up directly from charger mode, instead of forcing
charger mode to initiate a full restart to launch 'full' android. This
should shave a few seconds off of boot time on supported devices (just
manta for now).
Change-Id: Ieec4494d929e92806e039f834d78b9002afd15c4
The sysfs nodes can change from devices to devices for
a particular class of peripheral. Some of them even change
after suspend/resume, e.g. rfkill for USB bluetooth adapters.
This patch adds to the way how ueventd rules with wildcard are
handled. In addition to matching the prefix with a trailing
wildcard, now rules can have wildcard anywhere in the rule.
The wildcard matching is implemented using fnmatch(), where
its matching is simliar to shell pathname expansion. It suits
this particular usage model well. To avoid abuse, the number of
slashes has to match between path name and the rule.
For example, instead of creating a rule to match:
/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0/bluetooth/hci0/rfkill*
, this would suffice:
/sys/devices/pci0000:00/0000:00:1d.0/*/*/*/*/bluetooth/hci0/rfkill*
The prefix matching behavior is retained, such that those
rules do not have to pay for processing penalty with fnmatch().
Change-Id: I3ae6a39c838f6d12801cb71958e481b016f731f5
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Don't force people to make modifications to property_service.c
when handling properties. Exclusively use the SELinux rules,
which are more flexible and easily adjusted.
Change-Id: Ic0bbd01b5df2eef0040286ac59c0a01e9bd14315
When ueventd creates a device node, it may also create one or more
symlinks to the device node. These symlinks may be the only stable
name for the device, e.g. if the partition is dynamically assigned.
A corresponding change with the same Change-Id to external/libselinux
introduces selabel_lookup_best_match() to support looking up the "best match"
for a device node based on its real path (key) and any links to it
(aliases). This change updates ueventd to use this new interface
to find the best match for the device node when creating it.
Change-Id: Id6c2597eee2b6723a5089dcf7c450f8d0a4128f4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Only parse and honor the kernel command line on userdebug
or eng builds. On user builds, assume that selinux is always enabled
and enforcing.
Change-Id: I71c66e4365bdf2f226800634126a38b716d96599
To ensure that well-crafted removable media can't spoof the
internal partitions, for platform devices the controller id
is inside the generated path.
We now do the same for PCI devices. The generated path has
two levels; the PCI domain/bus, and then the peripheral ID.
This lets us get by-name symlinks for PCI media, such as the
SATA controllers on PC-like hardware. The symlinks will be
created under /dev/block/pci/. For example:
/dev/block/pci/pci0000:00/0000:00:1f.2/by-name/
Change-Id: Icee3e86bef5569c2bbd94c26bc00d49028345e3b
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
- AID_SYSTEM can set persist.logd.size
- AID_SYSTEM can issue command to /dev/socket/logd to
change the runtime global log sizes.
- Add support for ro.logd.size.* as populated by BoardConfig.mk
- Limit size to maximum ~3% of physical memory.
Bug: 14563261
Bug: 14627052
Change-Id: I606420db2e9d9d032296e71149e4a5b20cbd1137
enable <servicename>
Turns a disabled service into an enabled one as if the service did not
specify disabled in the rc file.
It will also start the service if needed.
Bug: 14472973
Change-Id: Id0b49cc687a2bc74f6f92e066c617724cc94908d
Signed-off-by: JP Abgrall <jpa@google.com>
cpufreq
The owner and permissions for the sysfs file
/sys/devices/system/cpu*/cpufreq/scaling_max/min_freq is changed.
This would allow the PowerHAL to change the max/min cpufreq even after
the associated CPU's are hotplugged out and back in.
Change-Id: Ibe0b4aaf3db555ed48e89a7fcd0c5fd3a18cf233
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
When deciding on which property_contexts policy to load
during a reload, an initial call is made to libselinux to
grab the correct policy index. This policy index represents
whether the /data/security or the rootfs version will
be used.
Change-Id: I4716039bb0f5ba1e961977a18350347a67969dca
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Some devices leave "ro.build.fingerprint" undefined at build time,
since they need to build it from the components at runtime.
Bug: 13340779
Change-Id: I033ff7600e68edffdea101fec30246135646b4b2
Modify fs_mgr to unmount encryptable drives after test mounting them and
then trigger an auto-encrypt via the init script
Needs matching vold changes from
https://googleplex-android-review.googlesource.com/#/c/414200/
Feature is limited to list of serial numbers with this change
Bug: 11985952
Change-Id: I84f85a258b6a7e9809467c9149249302e203c41b
During boot, allow a property file to import properties from another
file. Supports importing the entire file, a specific key, or any
keys matching a specific prefix. Here's some example syntax:
import /oem/oem.prop
import /oem/oem.prop foo.*
import /oem/oem.prop foo.bar
Bug: 13340779
Change-Id: I867f9a10ca09684326675d9f051f5cf2ae171617
During boot, allow a property file to import properties from another
file. Supports importing the entire file, a specific key, or any
keys matching a specific prefix. Here's some example syntax:
import /oem/oem.prop
import /oem/oem.prop foo.*
import /oem/oem.prop foo.bar
Bug: 13340779
Change-Id: I867f9a10ca09684326675d9f051f5cf2ae171617
* changes:
init: Add "partition.*.verified" properties to the property service.
fs_mgr: Set the 'partition.*.verified' property for verified partitions.
These are intended to be used by the rest of the system as weak
indicators that the corresponding partition is verified. For
instance, if the "partition.system.verified" property is set then
using `adb remount` would be unwise.
These should not be used as the basis for security decisions.
Change-Id: Ibea4c13abd54f46537e2a406774412c25918b24d
