aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* libutils: fix overflow in SharedBuffer [DO NOT MERGE]HEADmasterSergio Giro2015-10-181-1/+15
| | | | | | | | | | | | | | See https://code.google.com/p/android/issues/detail?id=181910 Bug: 22952485 (cherry picked from commit 66b6eb9490beeeabc804d790c1c4060ce047afd4) Change-Id: Ic71dd0025b9a7588c4f3bb1c7be1bd13d2ff5105 Conflicts: libpixelflinger/tinyutils/SharedBuffer.cpp libutils/Android.mk
* Prevent integer overflow when allocating native_handle_tAdam Lesinski2015-10-181-5/+13
| | | | | | | | | | User specified values of numInts and numFds can overflow and cause malloc to allocate less than we expect, causing heap corruption in subsequent operations on the allocation. Bug: 19334482 Change-Id: I43c75f536ea4c08f14ca12ca6288660fd2d1ec55 Tested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* Revert "init.rc: Create /storage mountpoint so Dalvik can mark as slave in ↵Ricardo Cerqueira2014-12-281-2/+0
| | | | | | | | zygotes" This reverts commit 36454361efaa4d30a6c8c2cca49121e35ef74f7e, since the tmpfs is clobbering mountpoints created by init.hardware.rc. Most (all?) devices with non-emulated SDs are currently b0rked. Change-Id: Ib34660e2d45473775757e94800fc4ec57f6c8d77
* adbd: Don't close/reopen FFS ep0 on disconnectJack Pham2014-05-031-19/+24
| | | | | | | | | | | | | | | | | | | In case of bulk read/write failure or disconnect, transport_usb calls usb_ffs_kick in order to force the daemon to re-open the FunctionFS ep files as a way to soft restart the kernel driver. However, there's no reason to always close the ep0 file, as it would need to be reopened and the descriptors rewritten--this is unnecessary, especially in the simple/frequent case of cable disconnect, and causes the kernel driver to unbind and bind *all* of the function drivers. This is causing USB Chapter 9 tests to fail. Thus, try to reuse the same ep0 file handle across reconnects. In case there is a failure, the ep1/ep2 opens would fail and all the file handles get dropped. For the adb root case, the entire daemon gets restarted anyway. Change-Id: I0840085c52a0795dcb2d751c39aa4a436c039ee2
* charger: Animation on more home keys pressPaul Kocialkowski2013-12-231-0/+2
| | | | Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
* rootdir: root consolePaul Kocialkowski2013-12-231-2/+2
| | | | Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
* Revert "init.goldfish.rc: use ext4"Paul Kocialkowski2013-11-091-8/+0
| | | | This reverts commit ac8ccace4b5355b108a69ea1ecc4ed54bc1303be.
* ueventd: allow platform devices to have just a /devices/ prefix - DO NOT MERGEDima Zavin2013-09-051-39/+44
| | | | | | | | | | | | | | When using device tree, platform devices may not have a /devices/platform/ path prefix, but can be rooted in /devices/. Modify the platform device tracking code to store the device path as well as the name. This way, when we create symlinks, we can correctly skip the base platform device prefix and get to the proper device node path. Change-Id: I939ef8fbcb45c5c803cd9a054e40136a912efc72 Signed-off-by: Dima Zavin <dima@android.com>
* mkbootimg: Add --dt parameter to specify DT imageDavid Ng2013-08-292-2/+26
| | | | | | | New optional --dt parameter to specify a kernel device tree image. Change-Id: I7e2c48c25c04165642eedadc3dc16a082dd99eb0
* Fix failure to build from source with modern _host_ glibc/gcc.Dmitrijs Ledkovs2013-07-231-6/+6
| | | | | | | | | One should not define __USE_GNU directly, and instead _GNU_SOURCE should be defined as early as possible, before first (indirect) inclusion of features.h Change-Id: I4d109d4fa0c3d266b873d2a0a66a52e1a4faa234 Signed-off-by: Dmitrijs Ledkovs <dmitrijs.ledkovs@canonical.com>
* fs_mgr: Drop the context mount option from non-selinux buildsRicardo Cerqueira2013-07-222-2/+12
| | | | | | | | | | Transitioning devices may have the context option present in the fstab, even if we're not doing selinux builds. Since we don't set or even create the contexts on those builds, this will make mount fail, and either the mountpoint ends up absent, or boot fails entirely Change-Id: Ic5cc7f5632cc3d62459dfaaf7719d662737e1641
* Revert "fs_mgr: Drop the context mount option from non-selinux builds"Ricardo Cerqueira2013-07-222-15/+0
| | | | | | | | This reverts commit 806fc566fd4544cfcd3334aa1a992bab0f6d277c. Revert "fs_mgr: Don't assume all fstab entries have options" This reverts commit a73b2264dfd89d526054e4be9926be9f50cca791.
* fs_mgr: Don't assume all fstab entries have optionsRicardo Cerqueira2013-07-221-4/+6
| | | | Change-Id: I5f537b09d96efa2758372f9da6d66996c2164ee8
* fs_mgr: Drop the context mount option from non-selinux buildsRicardo Cerqueira2013-07-212-0/+13
| | | | | | | This will require that transitioning devices have context as the last mount option, since everything after it will be ignored Change-Id: Ic5cc7f5632cc3d62459dfaaf7719d662737e1641
* toolbox: Add levelFromUid categorization support to restoreconRicardo Cerqueira2013-07-191-0/+11
| | | | | | | | This is necessary for the app data relabeling on migrated devices to include the proper app context. Freshly installed apps get this done automagically, as do newly created files. Change-Id: If7421dac01c6ae8bd78e66f71e69298ed850a7ab
* Fix building without SELINUXRicardo Cerqueira2013-07-181-1/+1
| | | | | | | since the scon is now a mandatory arg, it needs to exist even if NULL Change-Id: I8ba31a7a8cf357e9b0c43cee81ab49d3eb192819
* Explicitly add the theme manager's AID to fs configRicardo Cerqueira2013-07-181-0/+3
| | | | | | | SELinux failed to set the theme manager's context since the app has a fixed non-user ID, and it didn't map to a pseudo-username. Change-Id: I287dc0dd02abc164fe22e14c9f3f505c3dcb938d
* Add support for socket security context specification.Stephen Smalley2013-07-187-16/+25
| | | | | | | | | | | | | | | | | | | | | | | Add an optional argument to the socket option for specifying a SELinux security context for the socket. Normally the socket security context is automatically computed from the service security context or set using the seclabel option, but this facility allows dealing with two scenarios that cannot be addressed using the existing mechanisms: 1) Use of logwrapper to wrap a service. In this case, init cannot determine the service security context as it does not directly execute it and we do not want logwrapper to run in the same domain as the service. 2) Situations where a service has multiple sockets and we want to label them distinctly. Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Conflicts: init/init.c init/util.c
* Fix perms on /data/securityWilliam Roberts2013-07-181-1/+1
| | | | | | | | installd and zygote need to be able to search the directory to access the policy files. Change-Id: I0679fd2084d2664dfb5a594f493317eff058415d
* sys/capability.h does not exist in the 4.2 bionic.Stephen Smalley2013-07-181-1/+0
|
* Sync with master auditd.Stephen Smalley2013-07-189-858/+911
|
* Correct run-as with seinfo parsing capability.Robert Craig2013-07-181-3/+4
| | | | Change-Id: I874ccf70bf4d113e294eeb3b7fa5ca7324ad52b3
* Auditd initial commitWilliam Roberts2013-07-1810-0/+1306
| | | | | | | | | | | | | | | | | | | | | | Initial commit for an audit daemon that writes kernel audit messages to a log file. The daemon runs in uid "audit" or AID_AUDIT. The log files are located at /data/misc/audit/ The daemon maintains two files at this location: audit.log and optionally audit.old. On boot ( if the file is non-zero in size), or when a fixed threshold is hit, the daemon rotates audit.log to audit.old. Optionally, if passed the -k option, the daemon polls dmesg for all lines that contain "audit" and writes them into the log. After that it continues to operate as normal, receiving the messages from the netlink socket. Change-Id: I5b5037a5a8b39a054213848249afb7808f8b0ffa
* Reserve AID_AUDITWilliam Roberts2013-07-181-0/+2
| | | | | | | | | | | AID_AUDIT will be used for an audit daemon for gathering and controlling the Linux audit subsystem. Change-Id: I95d597524b5547a60f3a59f692b4b0a6df0a9645 Conflicts: include/private/android_filesystem_config.h
* Fix mode on /data/security.Stephen Smalley2013-07-181-1/+1
|
* Create a new location for /data policy filesWilliam Roberts2013-07-183-2/+5
| | | | | | | | | | Updating the location of policy files from /data/system to /data/securtiy. Requires a new directory to be created by init and an update to the location of the property_contexts file for property service. Change-Id: Ibac2a84dfb403339bd169787cb5b7f24655be429
* toolbox: silence some compiler warningsKenny Root2013-07-181-3/+3
| | | | | | | Comparison of signed and unsigned integers. Use parenthesis around a group of bitwise OR operations. Change-Id: Ia404380593ce2c2a291133c07c0fc7a016a3ad3f
* Change setsebool syntax to be consistent with other init built-ins.Stephen Smalley2013-07-184-48/+34
| | | | | | | | | | | | | Change setsebool syntax from name=value to name value. This is to make it consistent with setprop and similar commands. Update both the init built-in command and the toolbox command for consistency. Change-Id: I2c8e016ba26731c4a2ad4a49ae3b89362bf8f8a8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Conflicts: init/builtins.c
* Label sockets consistently with the seclabel value if specified.Stephen Smalley2013-07-181-19/+27
| | | | | | | | This is necessary to ensure that the adbd socket is created in the adbd domain rather than the init domain. Change-Id: Id4997d7f074aeefea62b41c87b46a6609e03f527 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* Add persist.mac_enforcing_mode propertyBob Craig2013-07-181-0/+1
| | | | | Conflicts: init/property_service.c
* Document the SELinux extensions to the Android init language.Stephen Smalley2013-07-181-0/+26
| | | | | Change-Id: I9b066e0789c93e5147c28a60baeed91c44dd9359 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* run-as: Get seinfo from packages.list and pass to libselinux.Robert Craig2013-07-183-1/+15
|
* run-as: set the SELinux security context.Stephen Smalley2013-07-182-0/+8
| | | | | | | | Before invoking the specified command or a shell, set the SELinux security context. Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* Allow system UID to setenforce and set booleans for SELinux.Stephen Smalley2013-07-181-0/+10
| | | | | | Allow system UID to setenforce and set booleans for SELinux. Boolean ownerships must also be reset upon policy reload as the boolean files in selinuxfs are regenerated to match the new policy.
* Add support for -R (recurse) to init chown builtin.Stephen Smalley2013-07-182-2/+44
| | | | | | | | | This is helpful for setting ownerships on entire directory trees, such as sysfs and selinuxfs, particularly when the precise set of files is dynamically generated at runtime. Change-Id: I81070ea36fd7ffcab4ee8b3ef1bb0028d4b7839c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* init.goldfish.rc: use ext4Chirayu Desai2013-07-131-0/+8
| | | | Change-Id: Ib5e0bb0d199f09c9cb2d5903f77fae896d4720d6
* rootdir: Set permissions for additional interactive sysfs nodesGiulio Cervera2013-07-121-0/+2
| | | | Change-Id: I2dbcdcc199c5f75d08e8ebf41cd6768c7648e27b
* Correct LOCAL_LDLIBS of adbChih-Wei Huang2013-07-111-2/+2
| | | | | | | | | adb doesn't really use ncurses-libs, remove it. Add -ldl for the symbols dlclose, dlerror, dlopen... introduced from dso_dlfcn.c of libcrypto_static.a. Change-Id: If1cc23987a9b35ec535bbf8f4e7db141b9f10af7
* Merge "Fixed reversed output in netstat Recv-Q Send-Q columns" into cm-10.1Steve Kondik2013-07-031-2/+2
|\
| * Fixed reversed output in netstat Recv-Q Send-Q columnsBrian Carlstrom2013-06-081-2/+2
| | | | | | | | Change-Id: I2bc7ac6c886808910212432497f05e34596f5e85
* | lolcatChirayu Desai2013-07-031-0/+10
| | | | | | | | Change-Id: I4fecd80884a86c2d9bb720c9e821bd1605814d8c
* | rootdir: Set permissions for additional ondemand sysfs nodesSteve Kondik2013-06-291-0/+5
| | | | | | | | Change-Id: Id39cab7ab69ea8f67de99f5b4ee342e2c52ebedd
* | Merge "libsysutils: fix null pointer and memory leak issue" into cm-10.1Ricardo Cerqueira2013-06-111-1/+8
|\ \ | |/
| * libsysutils: fix null pointer and memory leak issueHong-Mei Li2013-05-251-1/+8
| | | | | | | | | | | | | | | | | | In SocketClient::quoteArg function 1. Fix potential null pointer accessing issue 2. Fix potential memory leak introduced by realloc fail Change-Id: I1ca0f9089290d43452e9a71428244545f4ed866b Signed-off-by: Hong-Mei Li <a21834@motorola.com>
* | Merge "init.rc: setup qtaguid group ownership of ctrl and stat files" into ↵Ricardo Cerqueira2013-06-111-0/+6
|\ \ | |/ |/| | | cm-10.1
| * init.rc: setup qtaguid group ownership of ctrl and stat filesJP Abgrall2013-05-201-0/+6
| | | | | | | | | | | | | | | | | | | | This will help get rid of android_aid.h in the kernel. The group of the proc entries will be used in place of the default values picked up by the xt_qtaguid netfilter module (AID_NET_BW_STATS, AID_NET_BW_ACCT). This change has no effect until the matching kernel changes are submitted. Change-Id: I3c177e7b5caf9c59300eba6bd4a976634b333674
* | Merge "init: provide initial pemissions for ondemand governor" into cm-10.1Giulio Cervera2013-05-221-26/+47
|\ \
| * | init: provide initial pemissions for ondemand governorGiulio Cervera2013-05-211-26/+47
| |/ | | | | | | | | | | also set all governor permissions a bit late Change-Id: I5c1445b31bcaf34a535efd7438fd612ada460ea2
* | init: fix indentation and tabGiulio Cervera2013-05-211-15/+15
|/ | | | Change-Id: Ia832ab4df5d955b2fa2b791baf9444aca21c2571
* Revert "init: allow media to set persist.camera property"Daniel Hillenbrand2013-05-101-1/+0
| | | | | | | | !!! PROPERTY_PERMS_APPEND !!! This reverts commit 49506dc95cabe45332a34f9ce594a3115c4428ee Change-Id: I815f0145845336834f9022ceba25527c47a9bd5c
generated by cgit v1.1 at 2024-05-06 19:31:45 +0000