Commit Graph

9 Commits

Author SHA1 Message Date
Nick Kralevich ae76f6dbcf init: call restorecon on /sys
Not all files on /sys are not getting labeled properly. Fix them.

Change-Id: I9dcff76354e7f50d41f1b6e702836cfbbc149278
2013-09-03 15:55:58 -07:00
Stephen Smalley 8348d279c7 Add support for socket security context specification.
Add an optional argument to the socket option for specifying
a SELinux security context for the socket.  Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.

2) Situations where a service has multiple sockets and we want to
label them distinctly.

Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-08-23 08:35:43 -04:00
Stephen Smalley e096e36e50 Set the SELinux security label on new directories.
Automatically set the SELinux security label on directories created
by init.rc.  This avoids the need to separately call restorecon on
each such directory from the init.rc file.  Also restorecon /dev
and /dev/socket after initial policy load so that they are labeled
correctly before any other dev nodes or sockets are created.

Change-Id: If6af6c4887cdead949737cebdd673957e9273ead
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-07-26 09:01:22 -04:00
Vladimir Chtchetkine 2b99543cef Pick up on androidboot.hardware kernel cmd option
x86 emulator passes hardware name through the androidboot.hardware kernel cmd option, and
ueventd must pick up on it to locate proper ueventd.rc file for that hardware.

Change-Id: Id61c5b67fe6275a15c7aa62556e0b89eda7968f8
2011-09-28 11:44:30 -07:00
Colin Cross 44b65d047c init: Add ueventd.rc parsing to ueventd
Change-Id: Iea53050d6c10e8cabf563e5d80e84eaf78873695
2010-04-21 20:59:42 -07:00
Colin Cross f83d0b9af5 init: Move uevent handling to an external ueventd process
Change-Id: Iea6c56013062ade633a1754f7bcf8cf09b3dedc1
2010-04-21 20:59:38 -07:00
Colin Cross cd0f173e27 init: Add wait command and mount wait flag
Change-Id: I6b4c10f8f246095a7fb7342388ec4f6ff97d5733
2010-04-21 19:43:35 -07:00
Colin Cross b0ab94b7d5 init: create symlinks to block device nodes
eMMC block device names may change based on the detection order of
the eMMC device and any other SD bus devices, such as a removable SD
card.

This patch adds support to init for:
  * Symlinks to block devices.  When a block device uevent is
    processed, if it starts with "/devices/platform", the platform
    driver name is parsed out, and symlinks to the block device are
    created in /dev/block/platform/<platform driver>/
  * Symlinks based on partition name and number.  If the uevent for
    a block device contains information on the partition name or
    number, symlinks are created under
    /dev/block/platform/<platform driver>/by-num/p<partition>
    and
    /dev/block/platform/<platform driver>/by-name/<partition name>

init.rc can then use a device path like the following to mount an
eMMC device:
/dev/block/platform/<platform>/by-name/system /system ro

Change-Id: Id11bb7cdf1e2ada7752a5bd671cbf87237b34ae2
2010-04-21 19:43:28 -07:00
Colin Cross 3899e9fc01 init: Move prototypes for util.c into util.h
Change-Id: I46a91849ce5297eb2597dd6134412f817564ec24
2010-04-13 22:52:10 -07:00