| Age | Commit message (Collapse) | Author |
|---|
|
/data is not guaranteed to be mounted when 'boot' triggers.
'post-fs-data' guarantees that. Also, move the daemon to class
'late_start', since post-fs-data will not happen in time for class
'main'.
Bug: 25122706
Change-Id: I2a636df27461ebc21270dd2380c6d5d69f253d3d
|
|
'tlsdated' and 'tlsdate' account for more than 50% of all logcat output
in any Brillo build. Now that tlsdate is working, remove verbose logging.
Bug: None
Change-Id: I7c0461620df66a6dcc3ed2b391b2bada577a6a07
|
|
Bug: 23651876
Change-Id: Ie924bbe5cee74e3095876d6386a6ea21399b8d97
|
|
The executable is already labelled in the filesystem.
Bug: 24571067
Change-Id: Ic6b9f85628ca391fc8e9d3232bc74d2df730be35
|
|
This enables use of a timestamp file. Note the fchmod(2) call after file
opening/creation, used for working around unfavorable umask settings.
Bug: 22373707
Change-Id: Id759d3eda55c9c2215991268291ceeac490373d6
|
|
This ensures that parse_supp_groups() is only built with main().
Bug: 22373707
Change-Id: I81ab8b7718592d43a8ccccb1ee1e694367205463
|
|
Bug: 22373707
Bug: 23651876
Change-Id: I51112d65f53489ff04a0f14b31c198ee4f49c0a3
|
|
This ensures that, by default, tlsdated runs with the least privileges.
We use the new supplementary groups feature to allow use of specific
system resources (TCP sockets, DBus).
Bug: 22373707
Bug: 23651876
Change-Id: I157f40c0fb42158bbc8f5233af49fe368d23892b
|
|
On Android, we need support for supplementary groups when dropping
privileges in order to retain permissions for accessing system resources
such as the DBus socket. This CL:
1) Adds a flag -G to tlsdated for listing supplementary groups used when
dropping privileges.
2) Adds '-G dbus' to tlsdated Android init script.
Bug: 22373707
Bug: 23651876
Change-Id: I0769d5ef496d073c20016c3252c5edbfead2aaa5
|
|
Due to dropping privileges early on in its execution, and due to
Android's restricted access to DBus and limitations on supplementary GID
setup, we temporarily disable tlsdated's connection to DBus.
Bug: 22373707
Bug: 23651876
Change-Id: I392d41381e7515223a098457583d3019d65dc6e1
|
|
This is actually needed so it can drop privileges shortly after
starting.
Bug: 22373707
Change-Id: Ie114a96b80bc5e50525411904c1266fa7072ded0
|
|
Otherwise, we segfault.
Bug: 22373707
Change-Id: I94601696055e5f649334f470f4827f92614ff74a
|
|
1) We are adding a specific file capability (CAP_SYS_TIME) that allows
tlsdated to start as user 'system', like other services. Hence,
switching to use the standard init template.
2) Our unprivileged execution needs to connect a socket so we're reusing
the existing 'inet' user/group. In the long run, we should have
dedicated UID/GID for tlsdated that will provide these privileges.
Bug: 22373707
Change-Id: I85f9a5ee744be71691f1187030021d3178ca0861
|
|
The returned object isn't used anyway.
Bug: 22373707
Change-Id: I93fb7ef9c64ab4ffc60eed242264fe375ec55a95
|
|
Bug: 22373707
Change-Id: I3b6cc6febc272926edaaf0a98fdd2908155a9ec1
|
|
1) EVP_PKEY_bits already returns the number of bits of keys of any type,
so no need for case-by-case handling.
2) Some EVP_PKEY constants are not defined in BoringSSL, so we only test
them if they're defined.
The conversion from key types values to strings was moved to a separate
function.
Bug: 22373707
Change-Id: I73c383367147afb316fa6e92e456f24078d48c32
|
|
This type of BIO is not support in BoringSSL. Also, it is not really
needed: the same can achieved with an ordinary connect BIO that is added
to an SSL object. This form is backward compatible with OpenSSL and
therefore preferable.
Bug: 22373707
Change-Id: Ib140da3ce534c687dec1502c2cb1bb0b846bcad1
|
|
1) With the new Android initrc installation schema, all init files are
simply named <daemon_name>.rc. No reason to be different.
2) Actually tie it to tlsdated (and not tlsdated_unittest).
Bug: 22373707
Change-Id: Icb0bc5794da81b81683982f5cae3056c2859877c
|
|
Bug: 22373707
Change-Id: I6431bc535cbf19738c5b109f3ab56bcef1ad8fdd
|
|
Bug: 22373707
Change-Id: I14df7d3b385114f77a6577ddaf3a903307af0f0f
|
|
Bug: 22373707
Change-Id: I5e1ff790d37f14478392272a60d554955753ba5e
|
|
Bug: 22373707
Change-Id: I687dcc8f63d06553905c0ccd5d615a37f155b845
|
|
Bug: 22373707
Change-Id: I330b06e800cf4e7c3baf947d23497fca38471c1b
|
|
Some platforms/archs don't support all legacy syscalls (open, fstat)
whereas others might not support new variants (openat, fstatat,
newfstatat). Furthermore, it is hard to tell how a standard API call
maps to an actual syscall (e.g. open() might use __NR_openat).
This ensures that we allow/deny the complete set of calls covering the
same functionality, whichever is present.
This fixes a build error in aosp_arm64 (__NR_open not supported).
Bug: 22373707
Change-Id: I45e86201836b18d5dd1bcd12dd4ffd1ae5071214
|
|
This constant is not defined in BoringSSL, so we don't need to handle
it.
Bug: 22373707
Change-Id: Id587bae5b38889ada14626a47e0d29c38e58c7bf
|
|
For some reason, there's a difference between how OpenSSL and BoringSSL
specify the type of this callback argument ('bio_info_cb *' vs
'bio_info_cb', respectively). While these should generally be
exchangeable, it turns out that using the former type with the latter
headers declarations fails due to an extra dereferencing level.
This fixes the problem with BoringSSL and is backward compatible when
building against OpenSSL.
Bug: 22373707
Change-Id: Ibad02749fc46f7be23d3e5b4fa205da130549c2b
|
|
The tlsdate-helper target fails due to OpenSSL/BoringSSL
incompatibilities and is currently commented out.
Additionally new unprivileged user/group need to be allocated then set
here.
Bug: 22373707
Change-Id: I08b3dfffb0c541ebd493c872de094e25ba7eec32
|
|
This constant HAVE_ANDROID_SYSTEM is never defined; the file in question
(src/common/fmemopen.h) is included anyway when !defined(HAVE_FMEMOPEN).
Bug: 22373707
Change-Id: I6c94118cd304ed311985835ac1218faea147a52c
|
|
Bug: 22373707
Change-Id: I98651768175e88d4ff174e085fab756f4d332dda
|
|
This one happens inside a netlink macro, despite the code seems to abide
by the "declared" types. Regardless, now fixed.
Bug: 22373707
Change-Id: Ib6ca5bd0abe3f7304dd56dad7c57e871d7f56007
|
|
Bug: 22373707
Change-Id: If5ea9ea2885a388419c9cbf0910112b27dd1a536
|
|
This reverts commit c300c30a28a8673d5c53981c72149a9fb6b3d17a.
Change-Id: If1845b4321c360d02f6deef26aea07f7b502c35a
|
|
The tlsdate-helper target fails due to OpenSSL/BoringSSL
incompatibilities and is currently commented out.
Additionally new unprivileged user/group need to be allocated then set
here.
Bug: 22373707
Change-Id: Ie3b7c0a4284dca4bfcbf2be90ec2870471279e75
|
|
Bug: 22373707
Change-Id: I2a68db5a2a4afae896ad46a717ec944dee495730
|
|
These are non-standard functions that may not be supported in all
environments. We replace them with pread/pwrite, which provide similar
atomicity and side-effect semantics, and are also simpler to use.
This also adds EINTR protection around pread.
Bug: 22373707
Change-Id: I78d813c14a958747ed5750e6d00c1ee8fe8031ad
|
|
Also fixes an implicit casting to unsigned of sprintf() return value.
Bug: 22373707
Change-Id: I5f04f0abd0ecd2594e204dcfe70e161db94484d6
|
|
1) Get rid of strchrnul use; this is a non-standard GNU extension that's
being used in one place.
2) Move MIN into src/common/fmemopen.c, where it's actually being used.
Thereafter, remove all includes of src/common/android.h and any mention
of android.c in the build files.
Bug: 22373707
Change-Id: Ide6e47a24291e6971d08b4abae2f1cad9c151e0e
|
|
Change-Id: I1445df690afb8b5a1fe963d9006b9499b18b00d7
|
|
|
|
|
|
|
|
Switch from www.ptb.de which is sending a randomised time to google.com.
|
|
Signed-off-by: david <db@d1b.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
