From c57453d5377a13445c4b1d3f73c0e0ab19aa0c1e Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Thu, 23 Apr 2015 20:26:56 -0700 Subject: init re-execs to set its security context now. Change-Id: I0a014f8dddfe775159903b5d6fa632733fef692c --- etc/init.rc | 7 ------- 1 file changed, 7 deletions(-) (limited to 'etc/init.rc') diff --git a/etc/init.rc b/etc/init.rc index c78a44a2a..6c07c6027 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -1,13 +1,6 @@ import /init.recovery.${ro.hardware}.rc on early-init - # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. - write /sys/fs/selinux/checkreqprot 0 - - # Set the security context for the init process. - # This should occur before anything else (e.g. ueventd) is started. - setcon u:r:init:s0 - start ueventd start healthd -- cgit v1.2.3 From c819dbe95bf80645178b0180f519ab2983da01a0 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Fri, 24 Apr 2015 16:58:33 +0000 Subject: Revert "init re-execs to set its security context now." shamu isn't booting now This reverts commit c57453d5377a13445c4b1d3f73c0e0ab19aa0c1e. Change-Id: I8efbf6260f5fcf983e5056fac6d03916415b944e --- etc/init.rc | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'etc/init.rc') diff --git a/etc/init.rc b/etc/init.rc index 6c07c6027..c78a44a2a 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -1,6 +1,13 @@ import /init.recovery.${ro.hardware}.rc on early-init + # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. + write /sys/fs/selinux/checkreqprot 0 + + # Set the security context for the init process. + # This should occur before anything else (e.g. ueventd) is started. + setcon u:r:init:s0 + start ueventd start healthd -- cgit v1.2.3 From 6f76dd58f496f06c7e332fb5269d20aa2a301d4a Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Fri, 24 Apr 2015 19:41:26 +0000 Subject: Revert "Revert "init re-execs to set its security context now."" This reverts commit c819dbe95bf80645178b0180f519ab2983da01a0. Bug: http://b/19702273 Change-Id: I5c75b148a12e644dd247a4df4f67dc9b4b9ff8cf --- etc/init.rc | 7 ------- 1 file changed, 7 deletions(-) (limited to 'etc/init.rc') diff --git a/etc/init.rc b/etc/init.rc index c78a44a2a..6c07c6027 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -1,13 +1,6 @@ import /init.recovery.${ro.hardware}.rc on early-init - # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. - write /sys/fs/selinux/checkreqprot 0 - - # Set the security context for the init process. - # This should occur before anything else (e.g. ueventd) is started. - setcon u:r:init:s0 - start ueventd start healthd -- cgit v1.2.3 From 98c1a3de23ae8b589c36e74939193c44d25cac65 Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Mon, 6 Jul 2015 10:44:33 -0700 Subject: Change init sequence to support file level encryption File level encryption must get the key between mounting userdata and calling post_fs_data when the directories are created. This requires access to keymaster, which in turn is found from a system property. Split property loaded into system and data, and load in right order. Bug: 22233063 Change-Id: I409c12e3f4a8cef474eb48818e96760fe292cc49 --- etc/init.rc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'etc/init.rc') diff --git a/etc/init.rc b/etc/init.rc index 6c07c6027..427727768 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -47,8 +47,8 @@ on boot class_start default # Load properties from /system/ + /factory after fs mount. -on load_all_props_action - load_all_props +on load_system_props_action + load_system_props on firmware_mounts_complete rm /dev/.booting @@ -63,7 +63,7 @@ on late-init # Load properties from /system/ + /factory after fs mount. Place # this in another action so that the load will be scheduled after the prior # issued fs triggers have completed. - trigger load_all_props_action + trigger load_system_props_action # Remove a file to wake up anything waiting for firmware trigger firmware_mounts_complete -- cgit v1.2.3 From 392879eec0ef42155a3f641f1979891d055f923c Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Tue, 7 Jul 2015 17:05:39 +0000 Subject: Revert "Change init sequence to support file level encryption" This reverts commit 98c1a3de23ae8b589c36e74939193c44d25cac65. Change-Id: I524060418de18f97c3865ebc4435f501015e92ee --- etc/init.rc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'etc/init.rc') diff --git a/etc/init.rc b/etc/init.rc index 427727768..6c07c6027 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -47,8 +47,8 @@ on boot class_start default # Load properties from /system/ + /factory after fs mount. -on load_system_props_action - load_system_props +on load_all_props_action + load_all_props on firmware_mounts_complete rm /dev/.booting @@ -63,7 +63,7 @@ on late-init # Load properties from /system/ + /factory after fs mount. Place # this in another action so that the load will be scheduled after the prior # issued fs triggers have completed. - trigger load_system_props_action + trigger load_all_props_action # Remove a file to wake up anything waiting for firmware trigger firmware_mounts_complete -- cgit v1.2.3