ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
34607 commits 1 branch 0 tags 217 MiB
Find a file
Tom Cherry cb0f9bbc85 init: run vendor commands in a separate SELinux context 
One of the major aspects of treble is the compartmentalization of system
and vendor components, however init leaves a huge gap here, as vendor
init scripts run in the same context as system init scripts and thus can
access and modify the same properties, files, etc as the system can.

This change is meant to close that gap.  It forks a separate 'subcontext'
init that runs in a different SELinux context with permissions that match
what vendors should have access to.  Commands get sent over a socket to
this 'subcontext' init that then runs them in this SELinux context and
returns the result.

Note that not all commands run in the subcontext; some commands such as
those dealing with services only make sense in the context of the main
init process.

Bug: 62875318
Test: init unit tests, boot bullhead, boot sailfish

Change-Id: Idf4a4ebf98842d27b8627f901f961ab9eb412aee
2017-09-29 13:06:26 -07:00
adb Reland "Remove comments and code about ro.boot.slot" 2017-09-25 16:04:30 +00:00
adf libadfhwc: Fix adf_hwc_close 2017-03-02 17:40:16 +00:00
base Base: Warn on using ostream<< with std::string* 2017-09-22 16:25:58 -07:00
bootstat bootstat: Add reboot,userrequested 2017-09-21 11:30:29 -07:00
cpio Possible null pointer miss on realloc 2017-03-23 22:41:14 +01:00
debuggerd Merge "Show the number of VMAs in the tombstone." 2017-09-26 21:01:20 +00:00
demangle Enable libdemangle and libunwindstack on host bionic 2017-09-20 13:16:13 -07:00
fastboot fastboot: bail out if failed to generate fs image 2017-08-23 13:43:15 -07:00
fs_mgr fs_mgr_fstab: do an exact match when searching a mount point 2017-09-26 21:06:59 +08:00
gatekeeperd gatekeeperd: use std::unique_ptr 2017-09-15 01:12:43 +00:00
healthd Merge "healthd: notify listeners using local copy of list, drop lock" 2017-06-29 22:29:36 +00:00
include Move android_filesystem_config.h => fs_config.h 2017-08-02 16:31:19 -07:00
init init: run vendor commands in a separate SELinux context 2017-09-29 13:06:26 -07:00
libappfuse libappfuse: use an explicit buffer size 2017-08-02 14:11:25 -07:00
libasyncio adb: Use kernel aio for functionfs. 2017-08-10 15:12:47 -07:00
libbacktrace Merge "Show the number of VMAs in the tombstone." 2017-09-26 21:01:20 +00:00
libbinderwrapper libbinderwrapper: Android.mk -> Android.bp 2017-04-25 15:55:26 -07:00
libcrypto_utils Mark the modules as VNDK in Android.bp 2017-09-14 08:35:16 +00:00
libcutils bootstat: introduce sys.boot.reason 2017-09-12 09:28:25 -07:00
libdiskconfig Mark the modules as VNDK in Android.bp 2017-09-14 08:35:16 +00:00
libgrallocusage Mark libgrallocusage as vendor_available 2017-09-05 14:49:53 -07:00
libion Merge "libion: Adapt to new ION interface" 2017-09-21 01:06:32 +00:00
libkeyutils Add libkeyutils. 2017-05-10 10:40:11 -07:00
liblog Add vendor_available to liblog_headers. 2017-09-06 12:55:32 -07:00
libmemtrack Mark libmemtrack as VNDK in Android.bp 2017-09-14 02:46:36 +00:00
libmemunreachable Silence static analyzer warnings about memory leaks 2017-09-24 13:36:29 -07:00
libmetricslogger libmetricslogger: Lookup tag ID by name at runtime. 2017-09-19 16:37:00 -07:00
libnativebridge Define current ABI string in android-base/macros.h 2017-08-23 20:46:38 +02:00
libnativeloader Remove LOCAL_CLANG and clang: true 2017-07-25 14:29:50 +02:00
libnetutils Mark the modules as VNDK in Android.bp 2017-09-14 08:35:16 +00:00
libpackagelistparser Remove LOCAL_CLANG and clang: true 2017-07-25 14:29:50 +02:00
libpixelflinger Va_end should be used with va_start 2017-03-23 22:41:42 +01:00
libprocessgroup Add memcg related configs to init. 2017-07-18 15:58:40 -07:00
libprocinfo Mark the modules as VNDK in Android.bp 2017-09-14 08:35:16 +00:00
libsparse Merge "libsparse: Fix odd-sized input files total_blks" am: 652ce94f40 am: ab74c778df 2017-04-19 19:26:27 +00:00
libsuspend Mark the modules as VNDK in Android.bp 2017-09-14 08:35:16 +00:00
libsync Merge "libsync: Add fence info tests" 2017-09-26 23:46:32 +00:00
libsystem Add NATIVE_WINDOW_CONSUMER_IS_PROTECTED enum 2017-05-01 16:41:26 -07:00
libsysutils Mark the modules as VNDK in Android.bp 2017-09-14 08:35:16 +00:00
libunwindstack Add a new unwind method on error. 2017-09-22 16:55:12 -07:00
libusbhost Mark the modules as VNDK in Android.bp 2017-09-14 08:35:16 +00:00
libutils Merge "Add "operator bool" overload to android::sp." 2017-09-13 20:35:38 +00:00
libvndksupport Merge "libvndksupport: Do not lookup default namespace for sphal failure" into oc-dev 2017-05-31 07:01:41 +00:00
libziparchive Mark libziparchive as VNDK in Android.bp 2017-09-15 01:07:40 +00:00
lmkd lmkd: Android.mk -> Android.bp 2017-04-28 15:20:18 -07:00
logcat Don't try to strip a shell script 2017-08-09 20:20:48 -07:00
logd Merge "Add a feature to show which bugs are tracking which se denials" 2017-08-25 16:54:19 +00:00
logwrapper Merge "logwrapper: add a benchmark for android_fork_execvp_ext" 2017-03-23 11:56:10 +00:00
mkbootimg mkbootimg: use int for os_version and os_patch_level 2016-03-29 16:06:37 -07:00
reboot adb: reboot: last boot command default 2017-09-12 12:24:02 -07:00
rootdir Merge "Move adbd from root to system" 2017-08-31 06:22:16 +00:00
run-as Define range of GIDs for cached app data. 2016-12-13 13:28:08 -07:00
sdcard Revert "Add derive_gid flag for mounting sdcardfs" 2017-09-22 09:03:18 -07:00
shell_and_utilities Update shell and utilities docs for O. 2017-09-13 20:59:25 -07:00
storaged storaged: stop binder threads before exiting 2017-04-04 19:44:01 +00:00
toolbox Merge "Add building and installing of grep for vendor." 2017-06-16 23:24:32 +00:00
trusty Add missing include for readv. 2017-08-25 17:33:38 -07:00
.clang-format Add a 2 width option of clang format. 2017-03-10 13:01:39 -08:00
.clang-format-2 Only allow short functions in class definitions. 2017-03-28 12:31:37 -07:00
.clang-format-4 Only allow short functions in class definitions. 2017-03-28 12:31:37 -07:00
.gitignore Ignore adb/*.pyc files 2015-08-11 12:59:58 -07:00
Android.bp Export android_filesystem_config.h as a filegroup 2017-01-17 18:20:28 -08:00
Android.mk Remove the simulator target from all makefiles. 2011-07-11 22:12:32 -07:00
CleanSpec.mk init.rc: have hwservicemanager start the HAL class 2016-09-26 00:23:51 -07:00
MODULE_LICENSE_APACHE2 auto import from //depot/cupcake/@135843 2013-07-30 13:56:49 -07:00
NOTICE Fix omission in NOTICE file. 2013-07-30 13:56:55 -07:00
platform_tools_tool_version.mk Fix warning on the build servers 2017-05-25 12:35:40 -07:00
PREUPLOAD.cfg Add a PREUPLOAD.cfg file to run git-clang-format on every commit 2017-03-08 16:51:26 +08:00