ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7616 commits 1 branch 0 tags 217 MiB
Commit graph

424 commits

Author SHA1 Message Date
Nick Kralevich
35ef36456d am c3af60af: am c7e28899: am 16384312: am 0620e3dd: Merge "adbd: switch to su domain when running as root" 
* commit 'c3af60aff5d097c717b19721f143499891d5ca3d':
  adbd: switch to su domain when running as root
 2014-01-24 18:14:51 +00:00
Nick Kralevich
c7e28899c3 am 16384312: am 0620e3dd: Merge "adbd: switch to su domain when running as root" 
* commit '16384312244b8dccd53478a7bdeeb9a492821807':
  adbd: switch to su domain when running as root
 2014-01-24 18:09:26 +00:00
Nick Kralevich
1638431224 am 0620e3dd: Merge "adbd: switch to su domain when running as root" 
* commit '0620e3ddb85582f66612d046d1295dc20bf1a4f5':
  adbd: switch to su domain when running as root
 2014-01-24 10:06:46 -08:00
Nick Kralevich
d49aa2537c adbd: switch to su domain when running as root 
When adbd runs as root, it should transition into the
su domain. This is needed to run the adbd and shell
domains in enforcing on userdebug / eng devices without
breaking developer workflows.

Introduce a new device_banner command line option.

Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
 2014-01-22 14:20:17 -08:00
Doug Zongker
d0f2c265d8 Merge "add the pre-recovery service" 2014-01-16 22:41:24 +00:00
Doug Zongker
7baebf1345 add the pre-recovery service 
Add a service called "pre-recovery" which is normally stopped but can
be started by the system server when we want to go into recovery.  It
will do any preparation needed (currently needed to handle update
packages that reside on an encrypted /data partition) and then set
sys.powerctl when it's ready to actually reboot.

Bug: 12188746
Change-Id: I894a4cb200395a0f6d7fe643ed4c2ac0a45d2052
 2014-01-16 08:54:59 -08:00
Nick Kralevich
32a32c9eb2 am 11190d0c: am 4552987e: am c93904b4: am e847f429: Merge "restorecon /data/misc/media." 
* commit '11190d0ccb1216307043ceecf5360f1a1a946cd1':
  restorecon /data/misc/media.
 2014-01-15 20:22:16 +00:00
Nick Kralevich
4552987e6a am c93904b4: am e847f429: Merge "restorecon /data/misc/media." 
* commit 'c93904b445830cd17fd9dd6d4fe236987577a478':
  restorecon /data/misc/media.
 2014-01-15 20:15:56 +00:00
Nick Kralevich
c93904b445 am e847f429: Merge "restorecon /data/misc/media." 
* commit 'e847f429f43ae56aaa406697ca603c8469e2100b':
  restorecon /data/misc/media.
 2014-01-15 12:13:20 -08:00
Stephen Smalley
9e9f05e5eb restorecon /data/misc/media. 
Otherwise it will be mislabeled on upgrades with existing userdata.

Change-Id: Ibde88d5d692ead45b480bb34cfe0831baeffbf94
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2014-01-15 13:19:31 -05:00
Nick Kralevich
0969ec3a55 am 218878d4: am df8d0ffd: am 72f269f3: am 8830b53b: Merge "Label existing /data/mediadrm files." 
* commit '218878d447b58b357f0dc97bfe6b77196d35a729':
  Label existing /data/mediadrm files.
 2014-01-08 23:49:18 +00:00
Nick Kralevich
df8d0ffd73 am 72f269f3: am 8830b53b: Merge "Label existing /data/mediadrm files." 
* commit '72f269f3050b3e5b2fd6be7d0a6a485114cc6ee7':
  Label existing /data/mediadrm files.
 2014-01-08 17:44:32 +00:00
Nick Kralevich
72f269f305 am 8830b53b: Merge "Label existing /data/mediadrm files." 
* commit '8830b53b76c05416c021df3eb0cea1dd541bc3ac':
  Label existing /data/mediadrm files.
 2014-01-08 09:39:20 -08:00
rpcraig
2dcbb81d89 Label existing /data/mediadrm files. 
Use restorecon_recursive to label devices
where the directory and subfiles have
already been built and labeled.

Change-Id: I0dfe1e542fb153ad20adf7b2b1f1c087b4956a12
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
 2014-01-07 22:28:04 -05:00
Todd Poynor
950909c301 init.rc: start lmkd 
Change-Id: Ibebab31e1f41a210821834a1d65f196b39bb6601
 2014-01-04 00:29:10 +00:00
Nick Kralevich
cb1f0147d7 am 88d040a3: am 3df76c0c: am 6bec36ec: am 5b8abdf6: Merge "Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls." 
* commit '88d040a32feac727a7e11658198c32d9cc563d8e':
  Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
 2014-01-02 21:08:36 +00:00
Nick Kralevich
6bec36ecc9 am 5b8abdf6: Merge "Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls." 
* commit '5b8abdf6278a4142736d918d1371d10c54c91db3':
  Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
 2014-01-02 13:03:03 -08:00
Nick Kralevich
5b8abdf627 Merge "Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls." 2014-01-02 20:58:35 +00:00
Colin Cross
3dd470552c am 469035b8: am fed48bb6: am 6604f2d1: am 2dcc2759: Merge "Run the console service shell in the shell domain." 
* commit '469035b83546a847a1f12c1feca50a1c7e5e1062':
  Run the console service shell in the shell domain.
 2013-12-27 20:28:52 +00:00
Colin Cross
6604f2d1ef am 2dcc2759: Merge "Run the console service shell in the shell domain." 
* commit '2dcc275936aefbb5badf3b4822d492260077144d':
  Run the console service shell in the shell domain.
 2013-12-27 12:21:24 -08:00
Stephen Smalley
5e1461dc90 Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. 
If checkreqprot == 1, SELinux only checks the protection flags passed
by the application, even if the kernel internally adds PROT_EXEC for
READ_IMPLIES_EXEC personality flags.  Switch to checkreqprot == 0
to check the final protection flags applied by the kernel.

Change-Id: Ic39242bbbd104fc9a1bcf2cd2ded7ce1aeadfac4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-12-23 16:29:25 -05:00
Stephen Smalley
610653fe93 Run the console service shell in the shell domain. 
This allows it to be permissive in userdebug/eng builds
but confined/enforcing in user builds.

Change-Id: Ie322eaa0acdbefea2de4e71ae386778c929d042b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-12-23 14:11:44 -05:00
Nick Kralevich
f7f823e46b am 8b0d10c8: am a24e9a86: am 02ad8700: am e4335483: Merge "Relabel /data/misc/zoneinfo" 
* commit '8b0d10c870efbe8254f407e02c406c05bedfa0b5':
  Relabel /data/misc/zoneinfo
 2013-12-16 17:12:22 +00:00
Nick Kralevich
02ad8700dd am e4335483: Merge "Relabel /data/misc/zoneinfo" 
* commit 'e4335483e78292800e27c7bf0a67d23bee47dc84':
  Relabel /data/misc/zoneinfo
 2013-12-16 09:04:04 -08:00
Nick Kralevich
354e9edbd7 Relabel /data/misc/zoneinfo 
The files in zoneinfo changed from system_data_file to
zoneinfo_data_file. Fixup pre-existing files.

Change-Id: Idddbd6c2ecf66cd16b057a9ff288cd586a109949
 2013-12-13 16:03:48 -08:00
Nick Kralevich
6b3867fc6b am 7d1f3a3d: am bdf53e2a: Merge "Do not change ownership on /sys/fs/selinux/enforce." 
* commit '7d1f3a3daa721892b3247e847f72f1e948a0a68f':
  Do not change ownership on /sys/fs/selinux/enforce.
 2013-12-09 18:42:14 +00:00
Nick Kralevich
7d1f3a3daa am bdf53e2a: Merge "Do not change ownership on /sys/fs/selinux/enforce." 
* commit 'bdf53e2a59654d2b1e8469616f1b0175b275219d':
  Do not change ownership on /sys/fs/selinux/enforce.
 2013-12-09 10:35:41 -08:00
Stephen Smalley
17bec835d5 Do not change ownership on /sys/fs/selinux/enforce. 
There is no longer any reason to permit system UID to set enforcing mode.

Change-Id: Ie28beed1ca2b215c71f2847e2390cee1af1713c3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-12-09 10:23:16 -05:00
The Android Open Source Project
7fc7a07b23 Merge commit '252d9030cd4b2e3e6cf13fa33f328eccedb5e26c' into HEAD 2013-12-05 12:38:34 -08:00
The Android Open Source Project
66ed50af68 Merge commit '536dea9d61a032e64bbe584a97463c6638ead009' into HEAD 
Change-Id: I5c469a4b738629d99d721cad7ded02d6c35f56d5
 2013-11-22 13:44:43 -08:00
Todd Poynor
fabe8716f8 am fd1dd864: am 479efb54: init.rc: mount pstore fs, set console-ramoops permissions 
* commit 'fd1dd864a896bd6233ee8c75b84d9771148dd9b3':
  init.rc: mount pstore fs, set console-ramoops permissions
 2013-11-22 10:45:49 -08:00
Todd Poynor
fd1dd864a8 am 479efb54: init.rc: mount pstore fs, set console-ramoops permissions 
* commit '479efb540a198a9b7cd278387b0d45009a05bb2b':
  init.rc: mount pstore fs, set console-ramoops permissions
 2013-11-22 10:42:17 -08:00
Elliott Hughes
9350d80e70 am b6ee39bc: am 4a4616f6: am 048bb92f: Merge "split setptop ethernet tcp buffer from wifi" 
* commit 'b6ee39bca4b774cf2ffbad8eb12dcfc13b8814c9':
  split setptop ethernet tcp buffer from wifi
 2013-11-21 22:59:48 -08:00
Todd Poynor
479efb540a init.rc: mount pstore fs, set console-ramoops permissions 
Change-Id: I44cb00f9123c6044a03de926b6a616da753bb549
 2013-11-21 20:23:54 -08:00
Elliott Hughes
b6ee39bca4 am 4a4616f6: am 048bb92f: Merge "split setptop ethernet tcp buffer from wifi" 
* commit '4a4616f6450f191faf168a10b6e2ffaba14803bd':
  split setptop ethernet tcp buffer from wifi
 2013-11-21 17:15:09 -08:00
Elliott Hughes
4a4616f645 am 048bb92f: Merge "split setptop ethernet tcp buffer from wifi" 
* commit '048bb92f3f33196d96a51b446c73805e208a5333':
  split setptop ethernet tcp buffer from wifi
 2013-11-20 18:10:49 -08:00
Jianzheng Zhou
52ea510f8f split setptop ethernet tcp buffer from wifi 
Change-Id: I0582ec75fddb904ca14b9cbddf593ddbd4195c41
Signed-off-by: Jianzheng Zhou <jianzheng.zhou@freescale.com>
 2013-11-15 13:44:00 +08:00
Jeff Sharkey
fb7e395455 am 9b41f452: am a9e453f1: Merge "vold no longer does MS_MOVE; remove tmpfs." into klp-dev 
* commit '9b41f452013123d0a394e696f597467da73108ed':
  vold no longer does MS_MOVE; remove tmpfs.
 2013-10-17 18:50:43 -07:00
Jeff Sharkey
9b41f45201 am a9e453f1: Merge "vold no longer does MS_MOVE; remove tmpfs." into klp-dev 
* commit 'a9e453f1b552699f69dca19599c7624a581089bd':
  vold no longer does MS_MOVE; remove tmpfs.
 2013-10-17 18:48:45 -07:00
Jeff Sharkey
00c8e1a219 vold no longer does MS_MOVE; remove tmpfs. 
MS_MOVE was used when staging external storage devices, which no
longer occurs.  In fact, having a writable tmpfs was masking a vold
bug around moving apps to SD cards.

Bug: 11175082
Change-Id: Ib2d7561c3a0b6fde94f651a496cb0c1f12f88d96
 2013-10-17 16:47:20 -07:00
Jeff Sharkey
eef6fca832 am a5fdea71: am e93a0517: Set GID required to write, media_rw mount point. 
* commit 'a5fdea7189239d7edeafa528c299306cba55e6c6':
  Set GID required to write, media_rw mount point.
 2013-10-08 16:02:41 -07:00
Jeff Sharkey
a5fdea7189 am e93a0517: Set GID required to write, media_rw mount point. 
* commit 'e93a0517f4c88310066ac39c6b268ebfcceef44e':
  Set GID required to write, media_rw mount point.
 2013-10-08 14:12:38 -07:00
Jeff Sharkey
e93a0517f4 Set GID required to write, media_rw mount point. 
Add sdcard FUSE daemon flag to specify the GID required for a package
to have write access.  Normally sdcard_rw, but it will be media_rw
for secondary external storage devices, so DefaultContainerService
can still clean up package directories after uninstall.

Create /mnt/media_rw which is where vold will mount raw secondary
external storage devices before wrapping them in a FUSE instance.

Bug: 10330128, 10330229
Change-Id: I4385c36fd9035cdf56892aaf7b36ef4b81f4418a
 2013-10-08 12:56:37 -07:00
Colin Cross
ecb2e3903b am ad296139: am 410f8c30: am 79b277ab: Merge "Set security context of /adb_keys and /data/misc/adb/adb_keys." 
* commit 'ad2961397f1c7b79b114672108a3bc9b87dc8174':
  Set security context of /adb_keys and /data/misc/adb/adb_keys.
 2013-10-03 15:17:53 -07:00
Colin Cross
ad2961397f am 410f8c30: am 79b277ab: Merge "Set security context of /adb_keys and /data/misc/adb/adb_keys." 
* commit '410f8c305b416484f17f068c37b785605a2f69eb':
  Set security context of /adb_keys and /data/misc/adb/adb_keys.
 2013-10-03 15:15:43 -07:00
Colin Cross
410f8c305b am 79b277ab: Merge "Set security context of /adb_keys and /data/misc/adb/adb_keys." 
* commit '79b277ab73711313690d03a9fb2e9cb3f9242b39':
  Set security context of /adb_keys and /data/misc/adb/adb_keys.
 2013-10-03 15:14:14 -07:00
Colin Cross
41c9fd6480 am 0d3ac55d: am 230252d5: am 61afb07b: Merge "Trigger a policy reload from post-fs-data." 
* commit '0d3ac55d0654fe4f6d37923782dcd41f0590c741':
  Trigger a policy reload from post-fs-data.
 2013-10-01 20:59:43 -07:00
Colin Cross
0d3ac55d06 am 230252d5: am 61afb07b: Merge "Trigger a policy reload from post-fs-data." 
* commit '230252d5cd70f5be4c24046c7a409e9498ac97f5':
  Trigger a policy reload from post-fs-data.
 2013-10-01 18:53:51 -07:00
Colin Cross
230252d5cd am 61afb07b: Merge "Trigger a policy reload from post-fs-data." 
* commit '61afb07b9b14233f76a969840f74ce1ced22bf58':
  Trigger a policy reload from post-fs-data.
 2013-10-01 18:50:18 -07:00
Stephen Smalley
deb41e5127 Set security context of /adb_keys and /data/misc/adb/adb_keys. 
I97b3d86a69681330bba549491a2fb39df6cf20ef introduced a separate type
for the adb_keys file.  Set the security context of the adb_keys file
accordingly by adding restorecon commands to init.rc.

Change-Id: I30e4d2a1ae223a03eadee58a883c79932fff59fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 2013-10-01 09:21:47 -04:00