Changed a function to actually use its parameter instead of a global
variable. All callers of the function pass the global variable as an
argument anyway so behaviour is unchanged.
Change-Id: Ib84d45c17d2213c4d441bf2f423feca14e7aa2f4
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Ariel J Bernal <ariel.j.bernal@intel.com>
This is a set of changes to the init property service
implementation to apply a SELinux check over who can
change what properties. Also included control hooks
for the 'ctl' keys.
Change-Id: I5a18809bf5536f6459a36b6bf0d622b9f5061aa0
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
libsuspend had only a single warning in the clang build. Fixing it to
make the build clean.
Change-Id: Iaac5f9144b6e6cb122141c6416056c1b2c9aa98e
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Kevin P Schoedel <kevin.p.schoedel@intel.com>
libnetutils had a single warning. Fixed it to make it clean.
Change-Id: I9297e556657a38dbdd7d1d0ac4bc3574801d5ac9
Author: Edwin Vane <edwin.vane@intel.com>
Reviewed-by: Kevin P Schoedel <kevin.p.schoedel@intel.com>
These un-initialized variables were being used before initialized.
Change-Id: I80c94c5e0c2e959834b99618549377bfb3607272
Author: Tareq A. Siraj <tareq.a.siraj@intel.com>
Set the security context for the init process.
Restore the security contexts of /cache and /data in case they were reset.
Specify the security context for services launched from the rootfs since
we cannot label their executables.
If on the emulator, set a policy boolean and restore the context of
/sys/qemu_trace to allow accesses not normally permitted on a device.
Change-Id: I166ffc267e8e0543732e7118eb0fd4b031efac3b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The values need to be converted to loff_t *before* performing
the multiplication, else any sector offset past MAX_INT
bytes will overflow.
Change-Id: Ib8992f28aa4119ac7b4ad354b2448c4b0cfaf846
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Automatically set the SELinux security label on directories created
by init.rc. This avoids the need to separately call restorecon on
each such directory from the init.rc file. Also restorecon /dev
and /dev/socket after initial policy load so that they are labeled
correctly before any other dev nodes or sockets are created.
Change-Id: If6af6c4887cdead949737cebdd673957e9273ead
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Change the default sparse limit to disabled to prevent resparsing files
unless the bootloader or user specifies a sparse limit. Some
bootloaders issue an erase before every flash command, which causes
earlier parts of the downloaded image to get erased.
Change-Id: Iac6f3b05580aba8b82ed0f2f800979a49c33c691
"fastboot -w" would segfault because *argv was invalid when no
non-option arguments were specified. Check argc > 0 before
dereferencing argv.
Change-Id: I822a799e6a38e4e5c0a4eca48c6343b8a08a6185
last_block * s->block_size can overflow when writing large filesystems,
cast to 64 bits before multiplying.
Change-Id: I3e54097852ce7d0fd271eab53d65e666284898e4
This device is required by libdrm for GPUs like IvyBridge.
Change-Id: I0ac47056a9cec2100f3e6eaa5591571fe6bbc145
Signed-off-by: Lukasz Anaczkowski <lukasz.anaczkowski@intel.com>
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When using a third party screen capture program called androidscreencast
(http://code.google.com/p/androidscreencast/) to get the framebuffer of
the device, there are tons of screencap zombie processes got left behind.
The issue is also mentioned here: http://code.google.com/p/android/issues/detail?id=22836.
The cause of the issue is that adbd spawns off screencap processes,
and these child processes were not waited to be finished.
This change fixes the issue.
Change-Id: Ife928d65ecf6a2ff39b8b72ddba930fda6733a00
Signed-off-by: Yuriy Zabroda <yuriy.zabroda@ti.com>
Restore the security contexts of tombstone directory
when initially created.
Change-Id: I25b53730991576eccb62ca57050decd584acc639
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
