Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 62767fe29f8aaf62470781a3cf419ba11187d178^! / . / init / readme.txt
commit62767fe29f8aaf62470781a3cf419ba11187d178[log] [tgz]
authorMark Salyzyn <salyzyn@google.com>Thu Oct 27 07:45:34 2016 -0700
committerMark Salyzyn <salyzyn@google.com>Thu Nov 03 13:34:26 2016 -0700
tree42ca647c67feecbda7a82c60ec58c5e5c69a20b3
parent0b034d9d7b1af4e2f608ddf2dc2a0e08773e69ac [diff] [blame]
init: service file keyword

Solve one more issue where privilege is required to open a file and
we do not want to grant such to the service. This is the service side
of the picture, android_get_control_file() in libcutils is the client.
The file's descriptor is placed into the environment as
"ANDROID_FILE_<path>".  For socket and files where non-alpha and
non-numeric characters in the <name/path> are replaced with _.  There
was an accompanying change in android_get_control_socket() to match
in commit 'libcutils: add android_get_control_socket() test'

Add a gTest unit test for this that tests create_file and
android_get_control_file().

Test: gTest init_tests --gtest_filter=util.create_file
Bug: 32450474
Change-Id: I96eb970c707db6d51a9885873329ba1cb1f23140

diff --git a/init/readme.txt b/init/readme.txt
index e7e369c..500b1d8 100644
--- a/init/readme.txt
+++ b/init/readme.txt

@@ -141,12 +141,20 @@
   Set the environment variable <name> to <value> in the launched process.
 
 socket <name> <type> <perm> [ <user> [ <group> [ <seclabel> ] ] ]
-  Create a unix domain socket named /dev/socket/<name> and pass
-  its fd to the launched process.  <type> must be "dgram", "stream" or "seqpacket".
-  User and group default to 0.
-  'seclabel' is the SELinux security context for the socket.
-  It defaults to the service security context, as specified by seclabel or
-  computed based on the service executable file security context.
+  Create a unix domain socket named /dev/socket/<name> and pass its fd to the
+  launched process.  <type> must be "dgram", "stream" or "seqpacket".  User and
+  group default to 0.  'seclabel' is the SELinux security context for the
+  socket.  It defaults to the service security context, as specified by
+  seclabel or computed based on the service executable file security context.
+  For native executables see libcutils android_get_control_socket().
+
+file <path> <type> <perm> [ <user> [ <group> [ <seclabel> ] ] ]
+  Open/Create a file path and pass its fd to the launched process.  <type> must
+  be "r", "w" or "rw".  User and group default to 0.  'seclabel' is the SELinux
+  security context for the file if it must be created.  It defaults to the
+  service security context, as specified by seclabel or computed based on the
+  service executable file security context.  For native executables see
+  libcutils android_get_control_file().
 
 user <username>
   Change to 'username' before exec'ing this service.