When vold mounts things in /mnt/secure/staging, it expects to MS_MOVE
those mountpoints when vetting is finished. However, the kernel
doesn't allow MS_MOVE when the source is shared to child namespaces.
To work around this, create a tmpfs at /mnt/secure and mark it as
private (not shared). Verified that vold can now successfully move
from the staging area.
Bug: 7094858
Change-Id: I5e05b1005c63efa277935c9bbd18cbf3ffdd47a3
Define /storage as top-level concept, so that we enforce permissions
uniformly. Moves external storage paths from headers to per-device
environment variables. Added missing mount flags, and we no longer
have adb-specific external storage.
Bug: 6925012
Change-Id: Ic7ca953be2f552d3f0ec9e69f89fef751daa1b29
Also remove mount() from adb, since it can come online long before
data partition is ready. Set EXTERNAL_STORAGE environment variable
to point to owner for backwards compatibility.
Bug: 7005701
Change-Id: I63444f6636624eb7ad89f053daa289663424639e
Remount rootfs as recursively shared, so that mount changes are
propagated into child namespaces. Mount external storage for access
from adb.
Clean multi-user dependencies for use in Dalvik. Also define
external storage paths.
Bug: 6925012
Change-Id: I375de581a63f4f36667894c56a34a9dd45361e8f
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
chown /proc/last_kmsg to user system group log during init, and
chmod it to readable only by user and group.
Bug: 6925227
Change-Id: I645b6a2d4fecc01a2bd4b7fa7ed6aae3ef638cb9
Set the security context for the init process.
Restore the security contexts of /cache and /data in case they were reset.
Specify the security context for services launched from the rootfs since
we cannot label their executables.
If on the emulator, set a policy boolean and restore the context of
/sys/qemu_trace to allow accesses not normally permitted on a device.
Change-Id: I166ffc267e8e0543732e7118eb0fd4b031efac3b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This change adds init.rc steps to:
* allow kernel tracing to be enabled via adb
* allow a limited set of kernel trace events to be enabled via adb
* allow the kernel trace to be read via adb
* allow all users to write to the kernel trace from userland
Bug: 6513400
Change-Id: Ic3c189b5697aa5edf88d2f507c932971bed6caff
With this change, the audio rr/fifo threads will just run in
the fg cgroup.
Also, the RR budget for the apps fg/bg threads has been bumped
to 80%. Ideally, the bg budget would be much smaller but there
are legacy libraries that seem to be very sensitive to this so
for now keep it at this value.
Bug: 6528015
Change-Id: I08f295e7ba195a449b96cd79d954b0529cee8636
Signed-off-by: Dima Zavin <dima@android.com>
GPS on yakju puts SCHED_RR threads in the fg and bg groups, and
is unhappy with 0.1% limits. Increase the limits to 10%.
Change-Id: I971c9b0a815890d41694b965fdd2b023937a4411
rt_runtime_us=0 can cause deadlocks if a SCHED_FIFO/SCHED_RR thread
is moved into the wrong cgroup.
Change-Id: I4633392fb529039dff6ba5d3a6b672e0de9fc2d9
DRM server process needs to be able to access movies on sdcard
to acquire rights.
related-to-bug: 6414503
Change-Id: If90404e32fd437b8fb7d5a6ec8dfb30a499ef733
CVE-2011-3918: Address denial of service attack against Android's
zygote process. This change enforces that only UID=system can
directly connect to zygote to spawn processes.
Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
