diff options
author | Tom Cherry | 2018-06-20 12:21:37 -0500 |
---|---|---|
committer | Tom Cherry | 2018-06-20 12:21:37 -0500 |
commit | 47111aee401300f36b856a8fedca57277172aee3 (patch) | |
tree | fc6c78b1dc25d997f9bfad2b9b46c6ba3a66cfe6 /init | |
parent | 28a3160c077446719fe9c95e0a0730689e8e44ad (diff) | |
download | platform-system-core-47111aee401300f36b856a8fedca57277172aee3.tar.gz platform-system-core-47111aee401300f36b856a8fedca57277172aee3.tar.xz platform-system-core-47111aee401300f36b856a8fedca57277172aee3.zip |
init: document what host init verifier checks
Bug: 36970783
Test: n/a
Change-Id: Ic42a55d7b5bb4fec364ac3b5d9a67bcd38cbcc8d
Diffstat (limited to 'init')
-rw-r--r-- | init/README.md | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/init/README.md b/init/README.md index 550ef0582..b0a73b946 100644 --- a/init/README.md +++ b/init/README.md | |||
@@ -752,3 +752,22 @@ Below is an example of doing the same but with strace | |||
752 | kill -SIGCONT 4343 | 752 | kill -SIGCONT 4343 |
753 | 753 | ||
754 | > strace runs | 754 | > strace runs |
755 | |||
756 | Host Init Script Verification | ||
757 | ----------------------------- | ||
758 | |||
759 | Init scripts are checked for correctness during build time. Specifically the below is checked. | ||
760 | |||
761 | 1) Well formatted action, service and import sections, e.g. no actions without a preceding 'on' | ||
762 | line, and no extraneous lines after an 'import' statement. | ||
763 | 2) All commands map to a valid keyword and the argument count is within the correct range. | ||
764 | 3) All service options are valid. This is stricter than how commands are checked as the service | ||
765 | options' arguments are fully parsed, e.g. UIDs and GIDs must resolve. | ||
766 | |||
767 | There are other parts of init scripts that are only parsed at runtime and therefore not checked | ||
768 | during build time, among them are the below. | ||
769 | |||
770 | 1) The validity of the arguments of commands, e.g. no checking if file paths actually exist, if | ||
771 | SELinux would permit the operation, or if the UIDs and GIDs resolve. | ||
772 | 2) No checking if a service exists or has a valid SELinux domain defined | ||
773 | 3) No checking if a service has not been previously defined in a different init script. | ||