Merge changes Ieb44fa8f,I01b26fe5

* changes: init: setup keyring before ueventd starts logd: refine permissions to access /data/system/packages.list
author: Treehugger Robot <treehugger-gerrit@google.com> 2017-05-03 23:24:13 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2017-05-03 23:24:14 +0000
commit: e1e3e20337a192ce7de37a2cf2c99614d0d0ce1e (patch)
tree: cfeda341cc4156f9c7f936c75c7d7ccf0f6378ec /init/init.cpp
parent: 5ad06cbb1c934997e2c0af0608d7c80ce4ee477c (diff)
parent: 4599627492aa90e537fe681c1f2f439a29549382 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/init/init.cpp b/init/init.cpp
index 99ce5e6924..8758653a41 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -21,6 +21,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
+#include <keyutils.h>
 #include <libgen.h>
 #include <paths.h>
 #include <signal.h>
@@ -1015,6 +1016,11 @@ int main(int argc, char** argv) {
     InitKernelLogging(argv);
     LOG(INFO) << "init second stage started!";
 
+    // Set up a session keyring that all processes will have access to. It
+    // will hold things like FBE encryption keys. No process should override
+    // its session keyring.
+    keyctl(KEYCTL_GET_KEYRING_ID, KEY_SPEC_SESSION_KEYRING, 1);
+
     // Indicate that booting is in progress to background fw loaders, etc.
     close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
author	Treehugger Robot <treehugger-gerrit@google.com>	2017-05-03 23:24:13 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2017-05-03 23:24:14 +0000
commit	e1e3e20337a192ce7de37a2cf2c99614d0d0ce1e (patch)
tree	cfeda341cc4156f9c7f936c75c7d7ccf0f6378ec /init/init.cpp
parent	5ad06cbb1c934997e2c0af0608d7c80ce4ee477c (diff)
parent	4599627492aa90e537fe681c1f2f439a29549382 (diff)