Merge "[init] start gatekeeperd after device decryption" into mnc-dev
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 9e5f9ff..64a363e 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -803,9 +803,9 @@
return -1;
}
-int do_load_all_props(int nargs, char **args) {
+int do_load_system_props(int nargs, char **args) {
if (nargs == 1) {
- load_all_props();
+ load_system_props();
return 0;
}
return -1;
diff --git a/init/init_parser.cpp b/init/init_parser.cpp
index 666a86e..0f0c88e 100644
--- a/init/init_parser.cpp
+++ b/init/init_parser.cpp
@@ -159,7 +159,7 @@
case 'l':
if (!strcmp(s, "oglevel")) return K_loglevel;
if (!strcmp(s, "oad_persist_props")) return K_load_persist_props;
- if (!strcmp(s, "oad_all_props")) return K_load_all_props;
+ if (!strcmp(s, "oad_system_props")) return K_load_system_props;
break;
case 'm':
if (!strcmp(s, "kdir")) return K_mkdir;
diff --git a/init/keywords.h b/init/keywords.h
index e637d7d..ddaaffb 100644
--- a/init/keywords.h
+++ b/init/keywords.h
@@ -34,7 +34,7 @@
int do_chmod(int nargs, char **args);
int do_loglevel(int nargs, char **args);
int do_load_persist_props(int nargs, char **args);
-int do_load_all_props(int nargs, char **args);
+int do_load_system_props(int nargs, char **args);
int do_verity_load_state(int nargs, char **args);
int do_verity_update_state(int nargs, char **args);
int do_wait(int nargs, char **args);
@@ -66,7 +66,7 @@
KEYWORD(installkey, COMMAND, 1, do_installkey)
KEYWORD(ioprio, OPTION, 0, 0)
KEYWORD(keycodes, OPTION, 0, 0)
- KEYWORD(load_all_props, COMMAND, 0, do_load_all_props)
+ KEYWORD(load_system_props, COMMAND, 0, do_load_system_props)
KEYWORD(load_persist_props, COMMAND, 0, do_load_persist_props)
KEYWORD(loglevel, COMMAND, 1, do_loglevel)
KEYWORD(mkdir, COMMAND, 1, do_mkdir)
diff --git a/init/property_service.cpp b/init/property_service.cpp
index c2881ae..52f6b98 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -560,16 +560,10 @@
close(fd);
}
-void load_all_props() {
+void load_system_props() {
load_properties_from_file(PROP_PATH_SYSTEM_BUILD, NULL);
load_properties_from_file(PROP_PATH_VENDOR_BUILD, NULL);
load_properties_from_file(PROP_PATH_FACTORY, "ro.*");
-
- load_override_properties();
-
- /* Read persistent properties after all default values have been loaded. */
- load_persistent_properties();
-
load_recovery_id_prop();
}
diff --git a/init/property_service.h b/init/property_service.h
index a27053d..303f251 100644
--- a/init/property_service.h
+++ b/init/property_service.h
@@ -23,7 +23,7 @@
extern void property_init(void);
extern void property_load_boot_defaults(void);
extern void load_persist_props(void);
-extern void load_all_props(void);
+extern void load_system_props(void);
extern void start_property_service(void);
void get_property_workspace(int *fd, int *sz);
extern int __property_get(const char *name, char *value);
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 7af2b77..dd97bcd 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -181,8 +181,8 @@
trigger late-init
# Load properties from /system/ + /factory after fs mount.
-on load_all_props_action
- load_all_props
+on load_system_props_action
+ load_system_props
start logd
start logd-reinit
@@ -195,12 +195,16 @@
trigger early-fs
trigger fs
trigger post-fs
- trigger post-fs-data
# Load properties from /system/ + /factory after fs mount. Place
# this in another action so that the load will be scheduled after the prior
# issued fs triggers have completed.
- trigger load_all_props_action
+ trigger load_system_props_action
+
+ # Now we can mount /data. File encryption requires keymaster to decrypt
+ # /data, which in turn can only be loaded when system properties are present
+ trigger post-fs-data
+ trigger load_persist_props
# Remove a file to wake up anything waiting for firmware.
trigger firmware_mounts_complete
diff --git a/sdcard/sdcard.c b/sdcard/sdcard.c
index 3cd5bc4..4b8e0c0 100644
--- a/sdcard/sdcard.c
+++ b/sdcard/sdcard.c
@@ -444,7 +444,16 @@
/* Legacy internal layout places users at top level */
node->perm = PERM_ROOT;
node->userid = strtoul(node->name, NULL, 10);
- node->gid = multiuser_get_uid(node->userid, fuse->gid);
+ if (fuse->gid == AID_SDCARD_RW) {
+ /* As an optimization, certain trusted system components only run
+ * as owner but operate across all users. Since we're now handing
+ * out the sdcard_rw GID only to trusted apps, we're okay relaxing
+ * the user boundary enforcement for the default view. The UIDs
+ * assigned to app directories are still multiuser aware. */
+ node->gid = fuse->gid;
+ } else {
+ node->gid = multiuser_get_uid(node->userid, fuse->gid);
+ }
node->mode = 0771;
break;
case PERM_ROOT:
@@ -1504,16 +1513,14 @@
{
struct fuse* fuse = handler->fuse;
for (;;) {
- ssize_t len = read(fuse->fd,
- handler->request_buffer, sizeof(handler->request_buffer));
+ ssize_t len = TEMP_FAILURE_RETRY(read(fuse->fd,
+ handler->request_buffer, sizeof(handler->request_buffer)));
if (len < 0) {
- if (errno != EINTR) {
- ERROR("[%d] handle_fuse_requests: errno=%d\n", handler->token, errno);
- }
if (errno == ENODEV) {
ERROR("[%d] someone stole our marbles!\n", handler->token);
exit(2);
}
+ ERROR("[%d] handle_fuse_requests: errno=%d\n", handler->token, errno);
continue;
}