Clang turned up some signed/unsigned comparison warnings. These warnings
have been fixed by cleaning up sdcard slightly:
- Don't use negative numbers for invalid gid/uid.
- sdcard takes a fixed number of arguments now so assert on that instead
of using a for loop.
- Also fixed usage string to reflect this fact.
Change-Id: Iee58a8e9aaedb3d40ad7dfeef63d8cd1fe1cd248
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Kevin P Schoedel <kevin.p.schoedel@intel.com>
Changed a function to actually use its parameter instead of a global
variable. All callers of the function pass the global variable as an
argument anyway so behaviour is unchanged.
Change-Id: Ib84d45c17d2213c4d441bf2f423feca14e7aa2f4
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Ariel J Bernal <ariel.j.bernal@intel.com>
-Werror is used for this project so these warnings were causing the
clang build to fail.
Change-Id: I18c447ce239645e05f59c3cf0e2b8bb17d9d3030
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Tarea A Siraj <tareq.a.siraj@intel.com>
This is a set of changes to the init property service
implementation to apply a SELinux check over who can
change what properties. Also included control hooks
for the 'ctl' keys.
Change-Id: I5a18809bf5536f6459a36b6bf0d622b9f5061aa0
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
libsuspend had only a single warning in the clang build. Fixing it to
make the build clean.
Change-Id: Iaac5f9144b6e6cb122141c6416056c1b2c9aa98e
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Kevin P Schoedel <kevin.p.schoedel@intel.com>
libnetutils had a single warning. Fixed it to make it clean.
Change-Id: I9297e556657a38dbdd7d1d0ac4bc3574801d5ac9
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Kevin P Schoedel <kevin.p.schoedel@intel.com>
These un-initialized variables were being used before initialized.
Change-Id: I80c94c5e0c2e959834b99618549377bfb3607272
Author: Tareq A. Siraj <tareq.a.siraj@intel.com>
Set the security context for the init process.
Restore the security contexts of /cache and /data in case they were reset.
Specify the security context for services launched from the rootfs since
we cannot label their executables.
If on the emulator, set a policy boolean and restore the context of
/sys/qemu_trace to allow accesses not normally permitted on a device.
Change-Id: I166ffc267e8e0543732e7118eb0fd4b031efac3b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The values need to be converted to loff_t *before* performing
the multiplication, else any sector offset past MAX_INT
bytes will overflow.
Change-Id: Ib8992f28aa4119ac7b4ad354b2448c4b0cfaf846
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Automatically set the SELinux security label on directories created
by init.rc. This avoids the need to separately call restorecon on
each such directory from the init.rc file. Also restorecon /dev
and /dev/socket after initial policy load so that they are labeled
correctly before any other dev nodes or sockets are created.
Change-Id: If6af6c4887cdead949737cebdd673957e9273ead
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Change the default sparse limit to disabled to prevent resparsing files
unless the bootloader or user specifies a sparse limit. Some
bootloaders issue an erase before every flash command, which causes
earlier parts of the downloaded image to get erased.
Change-Id: Iac6f3b05580aba8b82ed0f2f800979a49c33c691
"fastboot -w" would segfault because *argv was invalid when no
non-option arguments were specified. Check argc > 0 before
dereferencing argv.
Change-Id: I822a799e6a38e4e5c0a4eca48c6343b8a08a6185
