Merge "Make usage() static in du.c to avoid conflicts"
diff --git a/include/arch/linux-sh/AndroidConfig.h b/include/arch/linux-sh/AndroidConfig.h
deleted file mode 100644
index 818b628..0000000
--- a/include/arch/linux-sh/AndroidConfig.h
+++ /dev/null
@@ -1,379 +0,0 @@
-/*
- * Copyright (C) 2009 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * Android config -- "android-sh". Used for SuperH device builds.
- */
-#ifndef _ANDROID_CONFIG_H
-#define _ANDROID_CONFIG_H
-
-/*
- * ===========================================================================
- * !!! IMPORTANT !!!
- * ===========================================================================
- *
- * This file is included by ALL C/C++ source files. Don't put anything in
- * here unless you are absolutely certain it can't go anywhere else.
- *
- * Any C++ stuff must be wrapped with "#ifdef __cplusplus". Do not use "//"
- * comments.
- */
-
-/*
- * Threading model. Choose one:
- *
- * HAVE_PTHREADS - use the pthreads library.
- * HAVE_WIN32_THREADS - use Win32 thread primitives.
- * -- combine HAVE_CREATETHREAD, HAVE_CREATEMUTEX, and HAVE__BEGINTHREADEX
- */
-#define HAVE_PTHREADS
-
-/*
- * Do we have pthread_setname_np()?
- *
- * (HAVE_PTHREAD_SETNAME_NP is used by WebKit to enable a function with
- * the same name but different parameters, so we can't use that here.)
- */
-#define HAVE_ANDROID_PTHREAD_SETNAME_NP
-
-/*
- * Do we have the futex syscall?
- */
-#define HAVE_FUTEX
-
-/*
- * Define if we already have the futex wrapper functions defined. Yes if
- * compiling against bionic.
- */
-#define HAVE_FUTEX_WRAPPERS 1
-
-/*
- * Process creation model. Choose one:
- *
- * HAVE_FORKEXEC - use fork() and exec()
- * HAVE_WIN32_PROC - use CreateProcess()
- */
-#define HAVE_FORKEXEC
-
-/*
- * Process out-of-memory adjustment. Set if running on Linux,
- * where we can write to /proc/<pid>/oom_adj to modify the out-of-memory
- * badness adjustment.
- */
-#define HAVE_OOM_ADJ
-
-/*
- * IPC model. Choose one:
- *
- * HAVE_SYSV_IPC - use the classic SysV IPC mechanisms (semget, shmget).
- * HAVE_MACOSX_IPC - use Macintosh IPC mechanisms (sem_open, mmap).
- * HAVE_WIN32_IPC - use Win32 IPC (CreateSemaphore, CreateFileMapping).
- * HAVE_ANDROID_IPC - use Android versions (?, mmap).
- */
-#define HAVE_ANDROID_IPC
-
-/*
- * Memory-mapping model. Choose one:
- *
- * HAVE_POSIX_FILEMAP - use the Posix sys/mmap.h
- * HAVE_WIN32_FILEMAP - use Win32 filemaps
- */
-#define HAVE_POSIX_FILEMAP
-
-/*
- * Define this if you have <termio.h>
- */
-#define HAVE_TERMIO_H 1
-
-/*
- * Define this if you have <sys/sendfile.h>
- */
-#define HAVE_SYS_SENDFILE_H 1
-
-/*
- * Define this if you build against MSVCRT.DLL
- */
-/* #define HAVE_MS_C_RUNTIME */
-
-/*
- * Define this if you have sys/uio.h
- */
-#define HAVE_SYS_UIO_H 1
-
-/*
- * Define this if your platforms implements symbolic links
- * in its filesystems
- */
-#define HAVE_SYMLINKS
-
-/*
- * Define this if we have localtime_r().
- */
-/* #define HAVE_LOCALTIME_R 1 */
-
-/*
- * Define this if we have gethostbyname_r().
- */
-/* #define HAVE_GETHOSTBYNAME_R */
-
-/*
- * Define this if we have ioctl().
- */
-#define HAVE_IOCTL
-
-/*
- * Define this if we want to use WinSock.
- */
-/* #define HAVE_WINSOCK */
-
-/*
- * Define this if have clock_gettime() and friends
- */
-#define HAVE_POSIX_CLOCKS
-
-/*
- * Define this if we have pthread_cond_timedwait_monotonic() and
- * clock_gettime(CLOCK_MONOTONIC).
- */
-/* #define HAVE_TIMEDWAIT_MONOTONIC */
-
-/*
- * Define this if we have linux style epoll()
- */
-#define HAVE_EPOLL
-
-/*
- * Endianness of the target machine. Choose one:
- *
- * HAVE_ENDIAN_H -- have endian.h header we can include.
- * HAVE_LITTLE_ENDIAN -- we are little endian.
- * HAVE_BIG_ENDIAN -- we are big endian.
- */
-#define HAVE_ENDIAN_H
-#define HAVE_LITTLE_ENDIAN
-
-/*
- * We need to choose between 32-bit and 64-bit off_t. All of our code should
- * agree on the same size. For desktop systems, use 64-bit values,
- * because some of our libraries (e.g. wxWidgets) expect to be built that way.
- */
-/* #define _FILE_OFFSET_BITS 64 */
-/* #define _LARGEFILE_SOURCE 1 */
-
-/*
- * Define if platform has off64_t (and lseek64 and other xxx64 functions)
- */
-#define HAVE_OFF64_T
-
-/*
- * Defined if we have the backtrace() call for retrieving a stack trace.
- * Needed for CallStack to operate; if not defined, CallStack is
- * non-functional.
- */
-#define HAVE_BACKTRACE 0
-
-/*
- * Defined if we have the dladdr() call for retrieving the symbol associated
- * with a memory address. If not defined, stack crawls will not have symbolic
- * information.
- */
-#define HAVE_DLADDR 0
-
-/*
- * Defined if we have the cxxabi.h header for demangling C++ symbols. If
- * not defined, stack crawls will be displayed with raw mangled symbols
- */
-#define HAVE_CXXABI 0
-
-/*
- * Defined if we have the gettid() system call.
- */
-#define HAVE_GETTID
-
-/*
- * Defined if we have the sched_setscheduler() call
- */
-#define HAVE_SCHED_SETSCHEDULER
-
-/*
- * Add any extra platform-specific defines here.
- */
-/* #define __linux__ */ /* for SuperH */
-
-/*
- * Define if we have <malloc.h> header
- */
-#define HAVE_MALLOC_H
-
-/*
- * Define if we're running on *our* linux on device or emulator.
- */
-#define HAVE_ANDROID_OS 1
-
-/*
- * Define if we have Linux-style non-filesystem Unix Domain Sockets
- */
-#define HAVE_LINUX_LOCAL_SOCKET_NAMESPACE 1
-
-/*
- * Define if we have Linux's inotify in <sys/inotify.h>.
- */
-#define HAVE_INOTIFY 1
-
-/*
- * Define if we have madvise() in <sys/mman.h>
- */
-#define HAVE_MADVISE 1
-
-/*
- * Define if tm struct has tm_gmtoff field
- */
-#define HAVE_TM_GMTOFF 1
-
-/*
- * Define if dirent struct has d_type field
- */
-#define HAVE_DIRENT_D_TYPE 1
-
-/*
- * Define if libc includes Android system properties implementation.
- */
-#define HAVE_LIBC_SYSTEM_PROPERTIES 1
-
-/*
- * Define if system provides a system property server (should be
- * mutually exclusive with HAVE_LIBC_SYSTEM_PROPERTIES).
- */
-/* #define HAVE_SYSTEM_PROPERTY_SERVER */
-
-/*
- * What CPU architecture does this platform use?
- */
-#define ARCH_SH
-
-/*
- * Define if the size of enums is as short as possible,
- */
-/* #define HAVE_SHORT_ENUMS */
-
-/*
- * sprintf() format string for shared library naming.
- */
-#define OS_SHARED_LIB_FORMAT_STR "lib%s.so"
-
-/*
- * Do we have __memcmp16()?
- *
- * TODO : Investigate the perfomance impact of __memcmp16()
- * and implement it.
- * This influences on dalvikVM's string performance.
- * See dalvik/vm/InlineNative.c.
- */
-/* #define HAVE__MEMCMP16 */
-
-/*
- * type for the third argument to mincore().
- */
-#define MINCORE_POINTER_TYPE unsigned char *
-
-/*
- * Do we have the sigaction flag SA_NOCLDWAIT?
- */
-#define HAVE_SA_NOCLDWAIT
-
-/*
- * The default path separator for the platform
- */
-#define OS_PATH_SEPARATOR '/'
-
-/*
- * Is the filesystem case sensitive?
- */
-#define OS_CASE_SENSITIVE
-
-/*
- * Define if <sys/socket.h> exists.
- */
-#define HAVE_SYS_SOCKET_H 1
-
-/*
- * Define if the strlcpy() function exists on the system.
- */
-#define HAVE_STRLCPY 1
-
-/*
- * Define if the open_memstream() function exists on the system.
- */
-/* #define HAVE_OPEN_MEMSTREAM 1 */
-
-/*
- * Define if the BSD funopen() function exists on the system.
- */
-#define HAVE_FUNOPEN 1
-
-/*
- * Define if prctl() exists
- */
-#define HAVE_PRCTL 1
-
-/*
- * Define if writev() exists
- */
-#define HAVE_WRITEV 1
-
-/*
- * For dalvik/libcore
- */
-#define CANT_PASS_VALIST_AS_CHARPTR
-
-/*
- * For external/bluez/utils/tools/hciattach.c
- * TODO : This definition should be somewhere in bionic/libc/kernel/(*).
- * Cosider the place and move it there.
- */
-#define N_TTY 0
-
-/*
- * Whether or not _Unwind_Context is defined as a struct.
- */
-#define HAVE_UNWIND_CONTEXT_STRUCT
-
-/*
- * Define if pread() exists
- */
-#define HAVE_PREAD 1
-
-/*
- * Define if we have st_mtim in struct stat
- */
-#define HAVE_STAT_ST_MTIM 1
-
-/*
- * Define if printf() supports %zd for size_t arguments
- */
-#define HAVE_PRINTF_ZD 1
-
-/*
- * Define to 1 if <stdlib.h> provides qsort_r() with a BSD style function prototype.
- */
-#define HAVE_BSD_QSORT_R 0
-
-/*
- * Define to 1 if <stdlib.h> provides qsort_r() with a GNU style function prototype.
- */
-#define HAVE_GNU_QSORT_R 0
-
-#endif /* _ANDROID_CONFIG_H */
diff --git a/include/cutils/atomic-inline.h b/include/cutils/atomic-inline.h
index 64cdd9d..0b13138 100644
--- a/include/cutils/atomic-inline.h
+++ b/include/cutils/atomic-inline.h
@@ -47,8 +47,6 @@
#include <cutils/atomic-arm.h>
#elif defined(__i386__) || defined(__x86_64__)
#include <cutils/atomic-x86.h>
-#elif defined(__sh__)
-/* implementation is in atomic-android-sh.c */
#elif defined(__mips__)
#include <cutils/atomic-mips.h>
#else
diff --git a/init/devices.c b/init/devices.c
index 943a147..c30303f 100644
--- a/init/devices.c
+++ b/init/devices.c
@@ -33,6 +33,7 @@
#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
+#include <selinux/android.h>
#endif
#include <private/android_filesystem_config.h>
@@ -599,6 +600,9 @@
} else if (!strncmp(uevent->subsystem, "graphics", 8)) {
base = "/dev/graphics/";
make_dir(base, 0755);
+ } else if (!strncmp(uevent->subsystem, "drm", 3)) {
+ base = "/dev/dri/";
+ make_dir(base, 0755);
} else if (!strncmp(uevent->subsystem, "oncrpc", 6)) {
base = "/dev/oncrpc/";
make_dir(base, 0755);
@@ -879,12 +883,10 @@
struct stat info;
int fd;
#ifdef HAVE_SELINUX
- struct selinux_opt seopts[] = {
- { SELABEL_OPT_PATH, "/file_contexts" }
- };
-
- if (is_selinux_enabled() > 0)
- sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+ sehandle = NULL;
+ if (is_selinux_enabled() > 0) {
+ sehandle = selinux_android_file_context_handle();
+ }
#endif
/* is 64K enough? udev uses 16MB! */
device_fd = uevent_open_socket(64*1024, true);
diff --git a/init/init.c b/init/init.c
index 4cf8414..6127fd3 100755
--- a/init/init.c
+++ b/init/init.c
@@ -33,9 +33,9 @@
#include <sys/un.h>
#ifdef HAVE_SELINUX
-#include <sys/mman.h>
#include <selinux/selinux.h>
#include <selinux/label.h>
+#include <selinux/android.h>
#endif
#include <libgen.h>
@@ -62,6 +62,7 @@
#ifdef HAVE_SELINUX
struct selabel_handle *sehandle;
+struct selabel_handle *sehandle_prop;
#endif
static int property_triggers_enabled = 0;
@@ -78,7 +79,6 @@
#ifdef HAVE_SELINUX
static int selinux_enabled = 1;
-static int selinux_enforcing = 0;
#endif
static struct action *cur_action = NULL;
@@ -605,9 +605,7 @@
if (name_len == 0) return;
#ifdef HAVE_SELINUX
- if (!strcmp(name,"enforcing")) {
- selinux_enforcing = atoi(value);
- } else if (!strcmp(name,"selinux")) {
+ if (!strcmp(name,"selinux")) {
selinux_enabled = atoi(value);
}
#endif
@@ -759,94 +757,64 @@
#endif
#ifdef HAVE_SELINUX
-void selinux_load_policy(void)
+static const struct selinux_opt seopts_prop[] = {
+ { SELABEL_OPT_PATH, "/data/system/property_contexts" },
+ { SELABEL_OPT_PATH, "/property_contexts" },
+ { 0, NULL }
+};
+
+struct selabel_handle* selinux_android_prop_context_handle(void)
{
- const char path_prefix[] = "/sepolicy";
- struct selinux_opt seopts[] = {
- { SELABEL_OPT_PATH, "/file_contexts" }
- };
- char path[PATH_MAX];
- int fd, rc, vers;
- struct stat sb;
- void *map;
-
- sehandle = NULL;
- if (!selinux_enabled) {
- INFO("SELinux: Disabled by command line option\n");
- return;
+ int i = 0;
+ struct selabel_handle* sehandle = NULL;
+ while ((sehandle == NULL) && seopts_prop[i].value) {
+ sehandle = selabel_open(SELABEL_CTX_ANDROID_PROP, &seopts_prop[i], 1);
+ i++;
}
- mkdir(SELINUXMNT, 0755);
- if (mount("selinuxfs", SELINUXMNT, "selinuxfs", 0, NULL)) {
- if (errno == ENODEV) {
- /* SELinux not enabled in kernel */
- return;
- }
- ERROR("SELinux: Could not mount selinuxfs: %s\n",
- strerror(errno));
- return;
- }
- set_selinuxmnt(SELINUXMNT);
-
- vers = security_policyvers();
- if (vers <= 0) {
- ERROR("SELinux: Unable to read policy version\n");
- return;
- }
- INFO("SELinux: Maximum supported policy version: %d\n", vers);
-
- snprintf(path, sizeof(path), "%s.%d",
- path_prefix, vers);
- fd = open(path, O_RDONLY);
- while (fd < 0 && errno == ENOENT && --vers) {
- snprintf(path, sizeof(path), "%s.%d",
- path_prefix, vers);
- fd = open(path, O_RDONLY);
- }
- if (fd < 0) {
- ERROR("SELinux: Could not open %s: %s\n",
- path, strerror(errno));
- return;
- }
- if (fstat(fd, &sb) < 0) {
- ERROR("SELinux: Could not stat %s: %s\n",
- path, strerror(errno));
- return;
- }
- map = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
- if (map == MAP_FAILED) {
- ERROR("SELinux: Could not map %s: %s\n",
- path, strerror(errno));
- return;
- }
-
- rc = security_load_policy(map, sb.st_size);
- if (rc < 0) {
- ERROR("SELinux: Could not load policy: %s\n",
- strerror(errno));
- return;
- }
-
- rc = security_setenforce(selinux_enforcing);
- if (rc < 0) {
- ERROR("SELinux: Could not set enforcing mode to %s: %s\n",
- selinux_enforcing ? "enforcing" : "permissive", strerror(errno));
- return;
- }
-
- munmap(map, sb.st_size);
- close(fd);
- INFO("SELinux: Loaded policy from %s\n", path);
-
- sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
if (!sehandle) {
- ERROR("SELinux: Could not load file_contexts: %s\n",
+ ERROR("SELinux: Could not load property_contexts: %s\n",
strerror(errno));
- return;
+ return NULL;
}
- INFO("SELinux: Loaded file contexts from %s\n", seopts[0].value);
- return;
+ INFO("SELinux: Loaded property contexts from %s\n", seopts_prop[i - 1].value);
+ return sehandle;
}
+
+void selinux_init_all_handles(void)
+{
+ sehandle = selinux_android_file_context_handle();
+ sehandle_prop = selinux_android_prop_context_handle();
+}
+
+int selinux_reload_policy(void)
+{
+ if (!selinux_enabled) {
+ return -1;
+ }
+
+ INFO("SELinux: Attempting to reload policy files\n");
+
+ if (selinux_android_reload_policy() == -1) {
+ return -1;
+ }
+
+ if (sehandle)
+ selabel_close(sehandle);
+
+ if (sehandle_prop)
+ selabel_close(sehandle_prop);
+
+ selinux_init_all_handles();
+ return 0;
+}
+
+int audit_callback(void *data, security_class_t cls, char *buf, size_t len)
+{
+ snprintf(buf, len, "property=%s", !data ? "NULL" : (char *)data);
+ return 0;
+}
+
#endif
int main(int argc, char **argv)
@@ -903,9 +871,25 @@
process_kernel_cmdline();
#ifdef HAVE_SELINUX
+ union selinux_callback cb;
+ cb.func_log = klog_write;
+ selinux_set_callback(SELINUX_CB_LOG, cb);
+
+ cb.func_audit = audit_callback;
+ selinux_set_callback(SELINUX_CB_AUDIT, cb);
+
INFO("loading selinux policy\n");
- selinux_load_policy();
- /* These directories were necessarily created before policy load
+ if (selinux_enabled) {
+ if (selinux_android_load_policy() < 0) {
+ selinux_enabled = 0;
+ INFO("SELinux: Disabled due to failed policy load\n");
+ } else {
+ selinux_init_all_handles();
+ }
+ } else {
+ INFO("SELinux: Disabled by command line option\n");
+ }
+ /* These directories were necessarily created before initial policy load
* and therefore need their security context restored to the proper value.
* This must happen before /dev is populated by ueventd.
*/
diff --git a/init/init.h b/init/init.h
index 58bbbfe..b7e06c9 100644
--- a/init/init.h
+++ b/init/init.h
@@ -138,6 +138,8 @@
#ifdef HAVE_SELINUX
extern struct selabel_handle *sehandle;
+extern struct selabel_handle *sehandle_prop;
+extern int selinux_reload_policy(void);
#endif
#endif /* _INIT_INIT_H */
diff --git a/init/property_service.c b/init/property_service.c
index b092077..5eb0a8a 100755
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -40,6 +40,11 @@
#include <sys/atomics.h>
#include <private/android_filesystem_config.h>
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+#endif
+
#include "property_service.h"
#include "init.h"
#include "util.h"
@@ -88,6 +93,7 @@
{ "persist.service.", AID_SYSTEM, 0 },
{ "persist.security.", AID_SYSTEM, 0 },
{ "persist.service.bdroid.", AID_BLUETOOTH, 0 },
+ { "selinux." , AID_SYSTEM, 0 },
{ NULL, 0, 0 }
};
@@ -193,23 +199,77 @@
__futex_wake(&pi->serial, INT32_MAX);
}
+static int check_mac_perms(const char *name, char *sctx)
+{
+#ifdef HAVE_SELINUX
+ if (is_selinux_enabled() <= 0)
+ return 1;
+
+ char *tctx = NULL;
+ const char *class = "property_service";
+ const char *perm = "set";
+ int result = 0;
+
+ if (!sctx)
+ goto err;
+
+ if (!sehandle_prop)
+ goto err;
+
+ if (selabel_lookup(sehandle_prop, &tctx, name, 1) != 0)
+ goto err;
+
+ if (selinux_check_access(sctx, tctx, class, perm, name) == 0)
+ result = 1;
+
+ freecon(tctx);
+ err:
+ return result;
+
+#endif
+ return 1;
+}
+
+static int check_control_mac_perms(const char *name, char *sctx)
+{
+#ifdef HAVE_SELINUX
+
+ /*
+ * Create a name prefix out of ctl.<service name>
+ * The new prefix allows the use of the existing
+ * property service backend labeling while avoiding
+ * mislabels based on true property prefixes.
+ */
+ char ctl_name[PROP_VALUE_MAX+4];
+ int ret = snprintf(ctl_name, sizeof(ctl_name), "ctl.%s", name);
+
+ if (ret < 0 || (size_t) ret >= sizeof(ctl_name))
+ return 0;
+
+ return check_mac_perms(ctl_name, sctx);
+
+#endif
+ return 1;
+}
+
/*
* Checks permissions for starting/stoping system services.
* AID_SYSTEM and AID_ROOT are always allowed.
*
* Returns 1 if uid allowed, 0 otherwise.
*/
-static int check_control_perms(const char *name, unsigned int uid, unsigned int gid) {
+static int check_control_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx) {
+
int i;
if (uid == AID_SYSTEM || uid == AID_ROOT)
- return 1;
+ return check_control_mac_perms(name, sctx);
/* Search the ACL */
for (i = 0; control_perms[i].service; i++) {
if (strcmp(control_perms[i].service, name) == 0) {
if ((uid && control_perms[i].uid == uid) ||
(gid && control_perms[i].gid == gid)) {
- return 1;
+ return check_control_mac_perms(name, sctx);
}
}
}
@@ -220,22 +280,22 @@
* Checks permissions for setting system properties.
* Returns 1 if uid allowed, 0 otherwise.
*/
-static int check_perms(const char *name, unsigned int uid, unsigned int gid)
+static int check_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx)
{
int i;
- if (uid == 0)
- return 1;
-
if(!strncmp(name, "ro.", 3))
name +=3;
+ if (uid == 0)
+ return check_mac_perms(name, sctx);
+
for (i = 0; property_perms[i].prefix; i++) {
- int tmp;
if (strncmp(property_perms[i].prefix, name,
strlen(property_perms[i].prefix)) == 0) {
if ((uid && property_perms[i].uid == uid) ||
(gid && property_perms[i].gid == gid)) {
- return 1;
+
+ return check_mac_perms(name, sctx);
}
}
}
@@ -336,6 +396,11 @@
* to prevent them from being overwritten by default values.
*/
write_persistent_property(name, value);
+#ifdef HAVE_SELINUX
+ } else if (strcmp("selinux.reload_policy", name) == 0 &&
+ strcmp("1", value) == 0) {
+ selinux_reload_policy();
+#endif
}
property_changed(name, value);
return 0;
@@ -351,6 +416,7 @@
struct sockaddr_un addr;
socklen_t addr_size = sizeof(addr);
socklen_t cr_size = sizeof(cr);
+ char * source_ctx = NULL;
if ((s = accept(property_set_fd, (struct sockaddr *) &addr, &addr_size)) < 0) {
return;
@@ -376,18 +442,22 @@
msg.name[PROP_NAME_MAX-1] = 0;
msg.value[PROP_VALUE_MAX-1] = 0;
+#ifdef HAVE_SELINUX
+ getpeercon(s, &source_ctx);
+#endif
+
if(memcmp(msg.name,"ctl.",4) == 0) {
// Keep the old close-socket-early behavior when handling
// ctl.* properties.
close(s);
- if (check_control_perms(msg.value, cr.uid, cr.gid)) {
+ if (check_control_perms(msg.value, cr.uid, cr.gid, source_ctx)) {
handle_control_message((char*) msg.name + 4, (char*) msg.value);
} else {
ERROR("sys_prop: Unable to %s service ctl [%s] uid:%d gid:%d pid:%d\n",
msg.name + 4, msg.value, cr.uid, cr.gid, cr.pid);
}
} else {
- if (check_perms(msg.name, cr.uid, cr.gid)) {
+ if (check_perms(msg.name, cr.uid, cr.gid, source_ctx)) {
property_set((char*) msg.name, (char*) msg.value);
} else {
ERROR("sys_prop: permission denied uid:%d name:%s\n",
@@ -399,6 +469,10 @@
// the property is written to memory.
close(s);
}
+#ifdef HAVE_SELINUX
+ freecon(source_ctx);
+#endif
+
break;
default:
diff --git a/libcutils/Android.mk b/libcutils/Android.mk
index 2477d23..8684e8f 100644
--- a/libcutils/Android.mk
+++ b/libcutils/Android.mk
@@ -130,16 +130,12 @@
ifeq ($(TARGET_ARCH),arm)
LOCAL_SRC_FILES += arch-arm/memset32.S
else # !arm
-ifeq ($(TARGET_ARCH),sh)
-LOCAL_SRC_FILES += memory.c atomic-android-sh.c
-else # !sh
ifeq ($(TARGET_ARCH_VARIANT),x86-atom)
LOCAL_CFLAGS += -DHAVE_MEMSET16 -DHAVE_MEMSET32
LOCAL_SRC_FILES += arch-x86/android_memset16.S arch-x86/android_memset32.S memory.c
else # !x86-atom
LOCAL_SRC_FILES += memory.c
endif # !x86-atom
-endif # !sh
endif # !arm
LOCAL_C_INCLUDES := $(libcutils_c_includes) $(KERNEL_HEADERS)
diff --git a/libcutils/atomic-android-sh.c b/libcutils/atomic-android-sh.c
deleted file mode 100644
index 8bac68a..0000000
--- a/libcutils/atomic-android-sh.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (C) 2007 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cutils/atomic.h>
-#ifdef HAVE_WIN32_THREADS
-#include <windows.h>
-#else
-#include <sched.h>
-#endif
-
-/*
- * Note :
- *
- * (1) SuperH does not have CMPXCHG. It has only TAS for atomic
- * operations. It does not seem a good idea to implement CMPXCHG,
- * with TAS. So, we choose to implemnt these operations with
- * posix mutexes. Please be sure that this might cause performance
- * problem for Android-SH. Using LL/SC instructions supported in SH-X3,
- * best performnace would be realized.
- *
- * (2) Mutex initialization problem happens, which is commented for
- * ARM implementation, in this file above.
- * We follow the fact that the initializer for mutex is a simple zero
- * value.
- *
- * (3) These operations are NOT safe for SMP, as there is no currently
- * no definition for a memory barrier operation.
- */
-
-#include <pthread.h>
-
-#define SWAP_LOCK_COUNT 32U
-static pthread_mutex_t _swap_locks[SWAP_LOCK_COUNT];
-
-#define SWAP_LOCK(addr) \
- &_swap_locks[((unsigned)(void*)(addr) >> 3U) % SWAP_LOCK_COUNT]
-
-
-int32_t android_atomic_acquire_load(volatile const int32_t* addr)
-{
- return *addr;
-}
-
-int32_t android_atomic_release_load(volatile const int32_t* addr)
-{
- return *addr;
-}
-
-void android_atomic_acquire_store(int32_t value, volatile int32_t* addr) {
- int32_t oldValue;
- do {
- oldValue = *addr;
- } while (android_atomic_release_cas(oldValue, value, addr));
-}
-
-void android_atomic_release_store(int32_t value, volatile int32_t* addr) {
- int32_t oldValue;
- do {
- oldValue = *addr;
- } while (android_atomic_release_cas(oldValue, value, addr));
-}
-
-int32_t android_atomic_inc(volatile int32_t* addr) {
- int32_t oldValue;
- do {
- oldValue = *addr;
- } while (android_atomic_release_cas(oldValue, oldValue+1, addr));
- return oldValue;
-}
-
-int32_t android_atomic_dec(volatile int32_t* addr) {
- int32_t oldValue;
- do {
- oldValue = *addr;
- } while (android_atomic_release_cas(oldValue, oldValue-1, addr));
- return oldValue;
-}
-
-int32_t android_atomic_add(int32_t value, volatile int32_t* addr) {
- int32_t oldValue;
- do {
- oldValue = *addr;
- } while (android_atomic_release_cas(oldValue, oldValue+value, addr));
- return oldValue;
-}
-
-int32_t android_atomic_and(int32_t value, volatile int32_t* addr) {
- int32_t oldValue;
- do {
- oldValue = *addr;
- } while (android_atomic_release_cas(oldValue, oldValue&value, addr));
- return oldValue;
-}
-
-int32_t android_atomic_or(int32_t value, volatile int32_t* addr) {
- int32_t oldValue;
- do {
- oldValue = *addr;
- } while (android_atomic_release_cas(oldValue, oldValue|value, addr));
- return oldValue;
-}
-
-int android_atomic_acquire_cmpxchg(int32_t oldvalue, int32_t newvalue,
- volatile int32_t* addr) {
- return android_atomic_release_cmpxchg(oldValue, newValue, addr);
-}
-
-int android_atomic_release_cmpxchg(int32_t oldvalue, int32_t newvalue,
- volatile int32_t* addr) {
- int result;
- pthread_mutex_t* lock = SWAP_LOCK(addr);
-
- pthread_mutex_lock(lock);
-
- if (*addr == oldvalue) {
- *addr = newvalue;
- result = 0;
- } else {
- result = 1;
- }
- pthread_mutex_unlock(lock);
- return result;
-}
-
diff --git a/liblog/logd_write.c b/liblog/logd_write.c
index 168bdf8..b91de52 100644
--- a/liblog/logd_write.c
+++ b/liblog/logd_write.c
@@ -141,14 +141,13 @@
/* XXX: This needs to go! */
if (!strcmp(tag, "HTC_RIL") ||
!strncmp(tag, "RIL", 3) || /* Any log tag with "RIL" as the prefix */
+ !strncmp(tag, "IMS", 3) || /* Any log tag with "IMS" as the prefix */
!strcmp(tag, "AT") ||
!strcmp(tag, "GSM") ||
!strcmp(tag, "STK") ||
!strcmp(tag, "CDMA") ||
!strcmp(tag, "PHONE") ||
- !strcmp(tag, "SMS") ||
- !strcmp(tag, "IMS") ||
- !strcmp(tag, "IMSFW"))
+ !strcmp(tag, "SMS"))
log_id = LOG_ID_RADIO;
vec[0].iov_base = (unsigned char *) &prio;
@@ -171,14 +170,13 @@
/* XXX: This needs to go! */
if (!strcmp(tag, "HTC_RIL") ||
!strncmp(tag, "RIL", 3) || /* Any log tag with "RIL" as the prefix */
+ !strncmp(tag, "IMS", 3) || /* Any log tag with "IMS" as the prefix */
!strcmp(tag, "AT") ||
!strcmp(tag, "GSM") ||
!strcmp(tag, "STK") ||
!strcmp(tag, "CDMA") ||
!strcmp(tag, "PHONE") ||
- !strcmp(tag, "SMS") ||
- !strcmp(tag, "IMS") ||
- !strcmp(tag, "IMSFW"))
+ !strcmp(tag, "SMS"))
bufID = LOG_ID_RADIO;
vec[0].iov_base = (unsigned char *) &prio;
diff --git a/libzipfile/centraldir.c b/libzipfile/centraldir.c
index 0e264a3..911e2b9 100644
--- a/libzipfile/centraldir.c
+++ b/libzipfile/centraldir.c
@@ -192,7 +192,7 @@
// too small to be a ZIP archive?
if (bufsize < EOCD_LEN) {
- fprintf(stderr, "Length is %d -- too small\n", bufsize);
+ fprintf(stderr, "Length is %zd -- too small\n", bufsize);
goto bail;
}
diff --git a/logcat/logcat.cpp b/logcat/logcat.cpp
index b71ce86..d3b5ed0 100644
--- a/logcat/logcat.cpp
+++ b/logcat/logcat.cpp
@@ -101,7 +101,7 @@
static int openLogFile (const char *pathname)
{
- return open(g_outputFileName, O_WRONLY | O_APPEND | O_CREAT, S_IRUSR | S_IWUSR);
+ return open(pathname, O_WRONLY | O_APPEND | O_CREAT, S_IRUSR | S_IWUSR);
}
static void rotateLogs()
diff --git a/rootdir/init.rc b/rootdir/init.rc
index c7063b5..4c20ec1 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -359,6 +359,10 @@
critical
seclabel u:r:ueventd:s0
+on property:selinux.reload_policy=1
+ restart ueventd
+ restart installd
+
service console /system/bin/sh
class core
console
diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc
index 07624c4..c1fca00 100644
--- a/rootdir/ueventd.rc
+++ b/rootdir/ueventd.rc
@@ -18,6 +18,9 @@
# gpu driver for adreno200 is globally accessible
/dev/kgsl 0666 root root
+# kms driver for drm based gpu
+/dev/dri/* 0666 root graphics
+
# these should not be world writable
/dev/diag 0660 radio radio
/dev/diag_arm9 0660 radio radio
diff --git a/sdcard/sdcard.c b/sdcard/sdcard.c
index 316588c..877a524 100644
--- a/sdcard/sdcard.c
+++ b/sdcard/sdcard.c
@@ -42,12 +42,10 @@
* permissions at creation, owner, group, and permissions are not
* changeable, symlinks and hardlinks are not createable, etc.
*
- * usage: sdcard <path> <uid> <gid>
+ * See usage() for command line options.
*
- * It must be run as root, but will change to uid/gid as soon as it
- * mounts a filesystem on /storage/sdcard. It will refuse to run if uid or
- * gid are zero.
- *
+ * It must be run as root, but will drop to requested UID/GID as soon as it
+ * mounts a filesystem. It will refuse to run if requested UID/GID are zero.
*
* Things I believe to be true:
*
@@ -57,7 +55,6 @@
* - if an op that returns a fuse_entry fails writing the reply to the
* kernel, you must rollback the refcount to reflect the reference the
* kernel did not actually acquire
- *
*/
#define FUSE_TRACE 0
@@ -72,8 +69,6 @@
#define FUSE_UNKNOWN_INO 0xffffffff
-#define MOUNT_POINT "/storage/sdcard0"
-
/* Maximum number of bytes to write in one request. */
#define MAX_WRITE (256 * 1024)
@@ -425,7 +420,7 @@
return child;
}
-static void fuse_init(struct fuse *fuse, int fd, const char *path)
+static void fuse_init(struct fuse *fuse, int fd, const char *source_path)
{
pthread_mutex_init(&fuse->lock, NULL);
@@ -435,8 +430,8 @@
memset(&fuse->root, 0, sizeof(fuse->root));
fuse->root.nid = FUSE_ROOT_ID; /* 1 */
fuse->root.refcount = 2;
- fuse->root.namelen = strlen(path);
- fuse->root.name = strdup(path);
+ fuse->root.namelen = strlen(source_path);
+ fuse->root.name = strdup(source_path);
}
static void fuse_status(struct fuse *fuse, __u64 unique, int err)
@@ -1244,21 +1239,21 @@
static int usage()
{
- ERROR("usage: sdcard [-t<threads>] <path> <uid> <gid>\n"
+ ERROR("usage: sdcard [-t<threads>] <source_path> <dest_path> <uid> <gid>\n"
" -t<threads>: specify number of threads to use, default -t%d\n"
"\n", DEFAULT_NUM_THREADS);
return 1;
}
-static int run(const char* path, uid_t uid, gid_t gid, int num_threads)
-{
+static int run(const char* source_path, const char* dest_path, uid_t uid, gid_t gid,
+ int num_threads) {
int fd;
char opts[256];
int res;
struct fuse fuse;
/* cleanup from previous instance, if necessary */
- umount2(MOUNT_POINT, 2);
+ umount2(dest_path, 2);
fd = open("/dev/fuse", O_RDWR);
if (fd < 0){
@@ -1270,7 +1265,7 @@
"fd=%i,rootmode=40000,default_permissions,allow_other,user_id=%d,group_id=%d",
fd, uid, gid);
- res = mount("/dev/fuse", MOUNT_POINT, "fuse", MS_NOSUID | MS_NODEV, opts);
+ res = mount("/dev/fuse", dest_path, "fuse", MS_NOSUID | MS_NODEV, opts);
if (res < 0) {
ERROR("cannot mount fuse filesystem (error %d)\n", errno);
goto error;
@@ -1288,7 +1283,7 @@
goto error;
}
- fuse_init(&fuse, fd, path);
+ fuse_init(&fuse, fd, source_path);
umask(0);
res = ignite_fuse(&fuse, num_threads);
@@ -1304,7 +1299,8 @@
int main(int argc, char **argv)
{
int res;
- const char *path = NULL;
+ const char *source_path = NULL;
+ const char *dest_path = NULL;
uid_t uid = 0;
gid_t gid = 0;
int num_threads = DEFAULT_NUM_THREADS;
@@ -1314,8 +1310,10 @@
char* arg = argv[i];
if (!strncmp(arg, "-t", 2))
num_threads = strtoul(arg + 2, 0, 10);
- else if (!path)
- path = arg;
+ else if (!source_path)
+ source_path = arg;
+ else if (!dest_path)
+ dest_path = arg;
else if (!uid)
uid = strtoul(arg, 0, 10);
else if (!gid)
@@ -1326,8 +1324,12 @@
}
}
- if (!path) {
- ERROR("no path specified\n");
+ if (!source_path) {
+ ERROR("no source path specified\n");
+ return usage();
+ }
+ if (!dest_path) {
+ ERROR("no dest path specified\n");
return usage();
}
if (!uid || !gid) {
@@ -1339,6 +1341,6 @@
return usage();
}
- res = run(path, uid, gid, num_threads);
+ res = run(source_path, dest_path, uid, gid, num_threads);
return res < 0 ? 1 : 0;
}
diff --git a/toolbox/restorecon.c b/toolbox/restorecon.c
index 5ef0ef1..f9f604f 100644
--- a/toolbox/restorecon.c
+++ b/toolbox/restorecon.c
@@ -7,8 +7,7 @@
#include <fts.h>
#include <selinux/selinux.h>
#include <selinux/label.h>
-
-#define FCPATH "/file_contexts"
+#include <selinux/android.h>
static struct selabel_handle *sehandle;
static const char *progname;
@@ -17,7 +16,7 @@
static void usage(void)
{
- fprintf(stderr, "usage: %s [-f file_contexts] [-nrRv] pathname...\n", progname);
+ fprintf(stderr, "usage: %s [-nrRv] pathname...\n", progname);
exit(1);
}
@@ -54,21 +53,16 @@
int restorecon_main(int argc, char **argv)
{
- struct selinux_opt seopts[] = {
- { SELABEL_OPT_PATH, FCPATH }
- };
int ch, recurse = 0, ftsflags = FTS_PHYSICAL;
+ int i = 0;
progname = argv[0];
do {
- ch = getopt(argc, argv, "f:nrRv");
+ ch = getopt(argc, argv, "nrRv");
if (ch == EOF)
break;
switch (ch) {
- case 'f':
- seopts[0].value = optarg;
- break;
case 'n':
nochange = 1;
break;
@@ -89,9 +83,10 @@
if (!argc)
usage();
- sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+ sehandle = selinux_android_file_context_handle();
+
if (!sehandle) {
- fprintf(stderr, "Could not load file contexts from %s: %s\n", seopts[0].value,
+ fprintf(stderr, "Could not load file_contexts: %s\n",
strerror(errno));
return -1;
}
diff --git a/toolbox/setenforce.c b/toolbox/setenforce.c
index 1b0ea5c..444073d 100644
--- a/toolbox/setenforce.c
+++ b/toolbox/setenforce.c
@@ -7,7 +7,7 @@
#include <errno.h>
#include <selinux/selinux.h>
-void usage(const char *progname)
+static void usage(const char *progname)
{
fprintf(stderr, "usage: %s [ Enforcing | Permissive | 1 | 0 ]\n",
progname);