Init currently sets the SELinux context on a mkdir but not on
other operations. This patch modifies it to do so when creating
symlinks, writing to a file, or copying a file.
Test: Built, flashed, and booted. Added fake init entries and
verified that they received the proper SELinux context.
Change-Id: I836b570fef81d74f3b6c8e7ce0274e94ca7b12d3
The content of nonplat_declaration.cil in /vendor is a versioned public
sepolicy exported from ${AOSP}/system/sepolicy/public. Renames it to
better reflect the fact.
Bug: 64240127
Test: boot sailfish normally without odm
Test: boot another device having odm
Change-Id: I654f5bbde2f2d666a2a5c7ed8561ccd93c983a6e
This change explicitly drops all inheritable capabilities (and, by
extension, ambient capabilities) when there are no explicit capabilities
being set by a service and the user is changed. This prevents Android
running in a container from accidentally granting extra capabilities to
services.
Bug: 69320306
Test: aosp_sailfish still boots
Test: sailfish:/ $ grep Cap /proc/`pidof android.hardware.audio@2.0-service`/status
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
Test: sailfish:/ $ grep Cap /proc/`pidof logd`/status
CapInh: 0000000000000000
CapPrm: 0000000440000000
CapEff: 0000000440000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
Test: Android in Chrome OS still boots
Test: localhost ~ # grep Cap /proc/`pidof android.hardware.audio@2.0-service`/status
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000000006daefdff
CapAmb: 0000000000000000
Test: localhost ~ # grep Cap /proc/`pidof logd`/status
CapInh: 0000000000000000
CapPrm: 0000000040000000
CapEff: 0000000040000000
CapBnd: 000000006daefdff
CapAmb: 0000000000000000
Change-Id: I9218f2e27ff4fb4d91d50f9a98c0fdb4e272952c
For instance, on vendor.img:
service foo /vendor/bin/nfc
...
And then on odm.img:
service foo /odm/bin/super-nfc
override
Allows a service on ODM to override a HAL on vendor.
Bug: 69050941
Test: boot, init_tests
Change-Id: I4e908fb66e89fc6e021799fe1fa6603d3072d62a
This is paving the way to allow an "override" tag
in init services. This also means that errors for
part of a service definition in its section will
be shown in addition to the fact that the service
is duplicated.
Bug: 69050941
Test: boot, init_tests
Change-Id: Ic1ea8597789f45ead1083451b3e933db1524bdc9
Allow it to fail. When there is an error for a section ending,
print the error pointing to the line where the section starts.
Bug: 69050941
Test: boot, init_tests
Change-Id: I1d8ed25f4b74cc9ac24d38b8075751c7d606aea8
The client of FirstStageMount class should check the existence of fstab
in device-tree prior to using it. So raising a FATAL error inside
FirstStageMount when failed to parsing the fstab, in order to expose
more accurate error messages.
Also fixing a comment in fs_mgr, where it might happen in either
non-A/B or A/B.
Bug: 69102431
Test: boot sailfish
Change-Id: Ifb525beaa3423b118644778bfe0f84bff9465303
If there is a restart follow a stop/reset immediately or vice versa,
clear previous flag bits.
Test: manual - trigger restart after stop immediately to check if
service get started.
Change-Id: I4503177d7cb5ed054dbcf50cd8e09728415404d4
For a oneshot service, if start happens immediately after stop,
the service could be still in stopping status and then start
won't do anything. This fix this race condition.
Test: manual - see reproduce instructions in bug.
Bug: 68020256
Change-Id: I20202fa346f1949a8bda3d90deedc8b6a6d814d3
Fixed issues related to forking services into new PID + mount
namespaces.
Remounting rootfs recursively as slave when creating a service in new
PID + mount namespaces. This prevents the service from interfering with
mount points in the parent namespace.
Unmount then mount /proc instead of mounting it with MS_REMOUNT, since
MS_REMOUNT is not sufficient to update /proc to the state appropriate
for the new PID namespace. Note that the /proc mount options specified
here are not the same as those used in the default mount namespace. I
kept them consistent with those used in the code prior to this fix.
Test: Used custom sleepd service to test init 'namespace' keyword.
Tested on angler in oreo-dev - I had to add PID namespaces to the
kernel (commit ad82c662).
Change-Id: I859104525f82fef3400d5abbad465331fc3d732f
See https://lkml.org/lkml/2005/9/10/129 for details.
Bug: 20501816
Test: code compiles and boots with no obvious problems.
Change-Id: I5a9c470156d498852cfd81fbd59ddcf267309e73
std::all_of is using std::find_if, which means, if any element the given
predicate returns false, it stops further iteration and just returns false.
std::all_of used in Reboot.cpp will cause umount not to be called on all
block devices if some block device returns false in the middle.
Bug: 68158923
Test: reboot
Change-Id: I43ba6bd0c18018c1ed5fe2b63996552bc51cc67c
This associates every service with a list of HIDL services
it provides. If these are disabled, hwservicemanager will
request for the service to startup.
Bug: 64678982
Test: manual with the light service
Change-Id: Ibf8a6f1cd38312c91c798b74574fa792f23c2df4
Children of init that use any of the SELinux wrapper functions,
including make_dir(), mkdir_recursive(), and plenty others, need to
first initialize the sehandle with SelabelInitialize().
I wish there were a better solution, but early init doesn't actually
want this handle initialized, so that is a valid use case. Ueventd
needs to initialize this before fork()'ing, so lazy initialization is
not universally acceptable either. Likely we won't have other
children that fork() then exec() init again, so this should be okay.
Bug: 62875318
Test: init unit tests
Test: sailfish creates directories with correct SELabel after wipe
Change-Id: I6de937604a060e18945427418f15b90e0b9d5c37
subcontext_test had been failing due to setexeccon() failing to
transition to vendor_init context. This is a good thing as nothing
other than init should be able to transition into this context.
I don't want to add code to skip the setexeccon() call only for the
tests, so I instead call setexeccon() with the return value of
getcon(). This works however only for root, so these tests are
skipped for non-root.
Test: init unit tests
Change-Id: I8a415599e0ec5506511202f7f5018c0e5265837d
wait_for_prop sets a flag that prevents the action queue from
continuing while otherwise allowing init's main loop to continue
executing. This cannot be done from a subcontext, so it's moved to
normal init.
All property functions need work in any case, particularly once
property_service is moved out of init.
Bug: 62875318
Test: boot sailfish and see that the previous failure related to this
is fixed
Change-Id: Ib9e0d0bdbd0ff22ab0e5c3fe6db620700af266c6
Java already restricts properties to only UTF8 valid strings, and
this change makes this restriction also apply to all native code.
Bug: 63177684
Test: new unit tests
Change-Id: I9fa0ecc0da066b0a026db3497c0f0cbf3f5c2d5a
