summaryrefslogtreecommitdiffstats
path: root/logd/logd.rc
Commit message (Collapse)AuthorAgeFilesLines
* logd: Move the capabilities from file based to ambientLuis Hector Chavez2018-06-111-0/+1
| | | | | | | | | | | | | | | | | This change moves logd's capabilities from being file based to being set by init through ambient capabilities. Bug: 62845925 Test: sailfish:/ # grep Cap /proc/`pidof logd`/status CapInh: 0000000000000000 CapPrm: 0000000440000000 CapEff: 0000000440000000 CapBnd: 0000000440000040 CapAmb: 0000000000000000 $ capsh --decode=0x440000040 0x440000040=cap_setgid,cap_audit_control,cap_syslog Test: liblog-unit-tests, logd-unit-tests, logcat-unit-tests Change-Id: I28c7c4ad37ad5eafd399aef78c303ce31298a9ef
* Remove unnecessary restorecon.Joel Galenson2017-11-301-1/+0
| | | | | | | | | Now that creating a symlink in init automatically sets its context, we do not need to call restorecon manually. Bug: 69965807 Test: Booted device and tested wifi and camera. Change-Id: I0863198f2c2bfce79566b5320c7ef035698f3afb
* logd: add "+passcred" for logdw socketMark Salyzyn2017-05-081-1/+1
| | | | | | | | Tell init to set SO_PASSCRED on the socket before bind() and handoff. Test: gtest logd-unit-test --gtest_filter=logd.statistics right after boot Bug: 37985222 Change-Id: I318969ee3241834e5326233aabd97e52ef505969
* logd: refine permissions to access /data/system/packages.listMark Salyzyn2017-05-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | Refine DAC security surrounding logd.daemon worker thread and add a positive test for logd failure to access /data/system/packages.list. - Add AID_PACKAGE_INFO to groups of worker thread. - Move AID_SYSTEM to groups, setgid to AID_LOGD. - Do not drop capabilities until after setting the uid and gids. - Add a test that is part of logd.statistics test to check when packagelistparser appears broken. - If /data/system/packages.list is encrypted, ensure we do not pick up the existing inode to ensure strong positive when finding access problems. - Replace all occurrences of NULL with nullptr in gTest code for compliance with best practices. Test: gTest logd-unit-tests --gtest_filter=logd.statistics (expect consistent failure, later CLs fix) Bug: 37751120 Bug: 36645158 Change-Id: I01b26fe5e25203246ae432d272c8daa9c07cab54
* logd: add getEventTag command and serviceMark Salyzyn2017-02-021-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Will register a new event tag by name and format, and return an event-log-tags format response with the newly allocated tag. If format is not specified, then nothing will be recorded, but a pre-existing named entry will be listed. If name and format are not specified, list all dynamic entries. If name=* list all event log tag entries. Stickiness through logd crash will be managed with the tmpfs file /dev/event-log-tags and through a reboot with add_tag entries in the pmsg last logcat event log. On debug builds we retain a /data/misc/logd/event-log-tags file that aids stickiness and that can be picked up by the bugreport. If we detect truncation damage to /dev/event-log-tags, or to /data/misc/logd/event-log-tags, rebuild file with a new first line signature incorporating the time so mmap'd readers of the file can detect the possible change in shape and order. Manual testing: Make sure nc (netcat) is built for the target platform on the host: $ m nc Then the following can be used to issue a request on the platform: $ echo -n 'getEventTag name=<name> format="<format>"\0EXIT\0' | > nc -U /dev/socket/logd Test: gTest logd-unit-test --gtest_filter=getEventTag* Bug: 31456426 Change-Id: I5dacc5f84a24d52dae09cca5ee1a3a9f9207f06d
* logd: start logd service in logd uidMark Salyzyn2016-11-031-0/+1
| | | | | | | Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests Manual inspect grep '^Cap' /proc/<tid>/status for correct capabilities Bug: 32450474 Change-Id: Ia6a3872901969a789d4309d410dbfd5f5d17b3ce
* logd: start logd services in logd gidMark Salyzyn2016-11-031-1/+3
| | | | | | | | | | logd - start as root:logd+system+readproc logd-reinit - start as logd:logd ToDo: start as logd:logd+system+readproc (libminijail) Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests Bug: 32450474 Change-Id: I42c806ca1730a7f9eb9e34f064ae31a2ef9fc678
* logd: inherit android_get_control_file()Mark Salyzyn2016-11-031-0/+2
| | | | | | | | | Setup and then collect from the environment /proc/kmsg and /dev/kmsg file descriptors. Do not do so for logcat --reinit. Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests Bug: 32450474 Change-Id: Ied537ca561fcd4e71a9ad9c57398a23ba23f6ced
* init.rc: too many start logdMark Salyzyn2016-02-021-1/+0
| | | | | Bug: 26934873 Change-Id: Ia00da6253a50bedc8ba825df1cf641b86cdebeed
* Enable hidepid=2 on /procNick Kralevich2015-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Add the following mount options to the /proc filesystem: hidepid=2,gid=3009 This change blocks /proc access unless you're in group 3009 (aka AID_READPROC). Please see https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt for documentation on the hidepid option. hidepid=2 is preferred over hidepid=1 since it leaks less information and doesn't generate SELinux ptrace denials when trying to access /proc without being in the proper group. Add AID_READPROC to processes which need to access /proc entries for other UIDs. Bug: 23310674 Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
* resolved conflicts for 5caca3dd to mnc-dr-dev-plus-aospTom Cherry2015-09-211-0/+2
| | | | Change-Id: I773e514a8232b77cdd566dc36c9efc4e15f206f0
* update bundled rc files to their contents from rootdir/init.rcTom Cherry2015-08-211-0/+1
| | | | | | | Bug 23186545 Change-Id: Ieb03ba89db2dee0365ae346295207ddfd29bd2b7 (cherry picked from commit 297991b3248f1e15ccc6c775b9a12e62925095f3)
* bundle init.rc contents with its serviceTom Cherry2015-08-211-0/+9
Bug: 23186545 Change-Id: I52616b8ab1165fdef716f9b8f958665f2308c12e
    generated by cgit v1.2.3 (git 2.39.2)