commit a1ee12ca3a0ec44bb8a3eb917d13c0b5178075d9
author Jamie Gennis <jgennis@google.com> Wed May 08 01:12:18 2013 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed May 08 01:12:19 2013 +0000
tree 95aaa758c05821b976746f54d169b478c98b8774
parent fee250d27a9c03af1ba439047b976d89563b1887
parent 2b68e0675b3e3e2f45001e4597872609d26956ae

Merge "libcutils: add a trace tag for Dalvik" into jb-mr2-dev

include/private/android_filesystem_config.h

diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index 540318f..5d363a7 100644
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@@ -71,6 +71,7 @@
 #define AID_SDCARD_R      1028  /* external storage read access */
 #define AID_CLAT          1029  /* clat part of nat464 */
 #define AID_LOOP_RADIO    1030  /* loop radio devices */
+#define AID_MEDIA_DRM     1031  /* MediaDrm plugins */
 
 #define AID_SHELL         2000  /* adb and debug shell user */
 #define AID_CACHE         2001  /* cache access */
@@ -150,6 +151,7 @@
     { "misc",      AID_MISC, },
     { "nobody",    AID_NOBODY, },
     { "clat",      AID_CLAT, },
+    { "mediadrm",  AID_MEDIA_DRM, },
 };
 
 #define android_id_count \
@@ -205,7 +207,6 @@
     { 00550, AID_ROOT,      AID_SHELL,     0, "system/etc/init.ril" },
     { 00550, AID_ROOT,      AID_SHELL,     0, "system/etc/init.testmenu" },
     { 00550, AID_DHCP,      AID_SHELL,     0, "system/etc/dhcpcd/dhcpcd-run-hooks" },
-    { 00440, AID_BLUETOOTH, AID_BLUETOOTH, 0, "system/etc/dbus.conf" },
     { 00444, AID_RADIO,     AID_AUDIO,     0, "system/etc/AudioPara4.csv" },
     { 00555, AID_ROOT,      AID_ROOT,      0, "system/etc/ppp/*" },
     { 00555, AID_ROOT,      AID_ROOT,      0, "system/etc/rc.*" },

init/builtins.c

diff --git a/init/builtins.c b/init/builtins.c
index 0f9f131..275a1af 100644
--- a/init/builtins.c
+++ b/init/builtins.c
@@ -515,6 +515,12 @@
     return ret;
 }
 
+int do_selinux_reload(int nargs, char **args) {
+    if (is_selinux_enabled() <= 0)
+        return 0;
+    return selinux_reload_policy();
+}
+
 int do_setcon(int nargs, char **args) {
     if (is_selinux_enabled() <= 0)
         return 0;

init/init_parser.c

diff --git a/init/init_parser.c b/init/init_parser.c
index 686640e..5182a29 100644
--- a/init/init_parser.c
+++ b/init/init_parser.c
@@ -138,6 +138,7 @@
         break;
     case 's':
         if (!strcmp(s, "eclabel")) return K_seclabel;
+        if (!strcmp(s, "elinux_reload_policy")) return K_selinux_reload_policy;
         if (!strcmp(s, "ervice")) return K_service;
         if (!strcmp(s, "etcon")) return K_setcon;
         if (!strcmp(s, "etenforce")) return K_setenforce;

init/keywords.h

diff --git a/init/keywords.h b/init/keywords.h
index f188db5..55d6af3 100644
--- a/init/keywords.h
+++ b/init/keywords.h
@@ -18,6 +18,7 @@
 int do_restorecon(int nargs, char **args);
 int do_rm(int nargs, char **args);
 int do_rmdir(int nargs, char **args);
+int do_selinux_reload(int nargs, char **args);
 int do_setcon(int nargs, char **args);
 int do_setenforce(int nargs, char **args);
 int do_setkey(int nargs, char **args);
@@ -71,6 +72,7 @@
     KEYWORD(rm,          COMMAND, 1, do_rm)
     KEYWORD(rmdir,       COMMAND, 1, do_rmdir)
     KEYWORD(seclabel,    OPTION,  0, 0)
+    KEYWORD(selinux_reload_policy,    COMMAND, 0, do_selinux_reload)
     KEYWORD(service,     SECTION, 0, 0)
     KEYWORD(setcon,      COMMAND, 1, do_setcon)
     KEYWORD(setenforce,  COMMAND, 1, do_setenforce)

init/property_service.c

diff --git a/init/property_service.c b/init/property_service.c
index 5780001..62b6c3d 100755
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -91,6 +91,7 @@
     { "persist.service.", AID_SYSTEM,   0 },
     { "persist.security.", AID_SYSTEM,   0 },
     { "persist.service.bdroid.", AID_BLUETOOTH,   0 },
+    { "persist.selinux.enforcing", AID_SYSTEM,  0},
     { "selinux."         , AID_SYSTEM,   0 },
     { NULL, 0, 0 }
 };
@@ -383,9 +384,6 @@
          * to prevent them from being overwritten by default values.
          */
         write_persistent_property(name, value);
-    } else if (strcmp("selinux.reload_policy", name) == 0 &&
-               strcmp("1", value) == 0) {
-        selinux_reload_policy();
     }
     property_changed(name, value);
     return 0;

rootdir/Android.mk

diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index e6887bb..3417f54 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -4,7 +4,6 @@
 # files that live under /system/etc/...
 
 copy_from := \
-	etc/dbus.conf \
 	etc/hosts
 
 

rootdir/etc/dbus.conf

diff --git a/rootdir/etc/dbus.conf b/rootdir/etc/dbus.conf
deleted file mode 100644
index 75586b9..0000000
--- a/rootdir/etc/dbus.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-
-  <!-- Our well-known bus type, do not change this -->
-  <type>system</type>
-
-  <!-- Only allow socket-credentials-based authentication -->
-  <auth>EXTERNAL</auth>
-
-  <!-- Only listen on a local socket. (abstract=/path/to/socket 
-       means use abstract namespace, don't really create filesystem 
-       file; only Linux supports this. Use path=/whatever on other 
-       systems.) -->
-  <listen>unix:path=/dev/socket/dbus</listen>
-
-  <!-- Allow everything, D-Bus socket is protected by unix filesystem
-       permissions -->
-  <policy context="default">
-    <allow send_interface="*"/>
-    <allow receive_interface="*"/>
-    <allow own="*"/>
-    <allow user="*"/>
-    <allow send_requested_reply="true"/>
-    <allow receive_requested_reply="true"/>
-  </policy>
-</busconfig>

rootdir/init.rc

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 89ec18a..4b4408f 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -177,6 +177,9 @@
     mkdir /cache/lost+found 0770 root root
 
 on post-fs-data
+    # reload SELinux based on what we find on the data partition
+    selinux_reload_policy
+
     # We chown/chmod /data again so because mount is run as root + defaults
     chown system system /data
     chmod 0771 /data
@@ -243,6 +246,10 @@
     # the following directory.
     mkdir /data/drm 0770 drm drm
 
+    # create directory for MediaDrm plug-ins - give drm the read/write access to
+    # the following directory.
+    mkdir /data/mediadrm 0770 mediadrm mediadrm
+
     # symlink to bugreport storage location
     symlink /data/data/com.android.shell/files/bugreports /data/bugreports
 
@@ -406,9 +413,16 @@
     seclabel u:r:ueventd:s0
 
 on property:selinux.reload_policy=1
+    selinux_reload_policy
     restart ueventd
     restart installd
 
+on property:persist.selinux.enforcing=1
+    setenforce 1
+
+on property:persist.selinux.enforcing=0
+    setenforce 0
+
 service console /system/bin/sh
     class core
     console
@@ -483,7 +497,7 @@
 service media /system/bin/mediaserver
     class main
     user media
-    group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc
+    group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
     ioprio rt 4
 
 service bootanim /system/bin/bootanimation