Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / core / 8d82ea05cb0945ba6cb8bf321b9ffbd0b6932745^! / . / init / readme.txt
commit8d82ea05cb0945ba6cb8bf321b9ffbd0b6932745[log] [tgz]
authorElliott Hughes <enh@google.com>Fri Feb 06 20:15:18 2015 -0800
committerElliott Hughes <enh@google.com>Wed Feb 25 17:55:34 2015 -0800
tree2b73c3eac0ffb520609acf1f2b52d609e419f227
parent5329d3fd54fa875bb7de78a8c40134cc63921c64 [diff] [blame]
Implement exec.

Change-Id: I20329bc9b378479d745b498d6a00eca0872cd5ab

diff --git a/init/readme.txt b/init/readme.txt
index 9c24220..8161858 100644
--- a/init/readme.txt
+++ b/init/readme.txt

@@ -70,11 +70,11 @@
 setenv <name> <value>
    Set the environment variable <name> to <value> in the launched process.
 
-socket <name> <type> <perm> [ <user> [ <group> [ <context> ] ] ]
+socket <name> <type> <perm> [ <user> [ <group> [ <seclabel> ] ] ]
    Create a unix domain socket named /dev/socket/<name> and pass
    its fd to the launched process.  <type> must be "dgram", "stream" or "seqpacket".
    User and group default to 0.
-   Context is the SELinux security context for the socket.
+   'seclabel' is the SELinux security context for the socket.
    It defaults to the service security context, as specified by seclabel or
    computed based on the service executable file security context.
 
@@ -91,8 +91,8 @@
    supplemental groups of the process (via setgroups()).
    Currently defaults to root.  (??? probably should default to nobody)
 
-seclabel <securitycontext>
-  Change to securitycontext before exec'ing this service.
+seclabel <seclabel>
+  Change to 'seclabel' before exec'ing this service.
   Primarily for use by services run from the rootfs, e.g. ueventd, adbd.
   Services on the system partition can instead use policy-defined transitions
   based on their file security context.
@@ -137,14 +137,17 @@
 Commands
 --------
 
-exec <path> [ <argument> ]*
-   This command is not implemented.
+exec [ <seclabel> [ <user> [ <group> ]* ] ] -- <command> [ <argument> ]*
+   Fork and execute command with the given arguments. The command starts
+   after "--" so that an optional security context, user, and supplementary
+   groups can be provided. No other commands will be run until this one
+   finishes.
 
 execonce <path> [ <argument> ]*
    Fork and execute a program (<path>).  This will block until
    the program completes execution.  This command can be run at most
    once during init's lifetime. Subsequent invocations are ignored.
-   It is best to avoid exec as unlike the builtin commands, it runs
+   It is best to avoid execonce as unlike the builtin commands, it runs
    the risk of getting init "stuck".
 
 export <name> <value>
@@ -220,7 +223,7 @@
    Recursively restore the directory tree named by <path> to the
    security contexts specified in the file_contexts configuration.
 
-setcon <securitycontext>
+setcon <seclabel>
    Set the current process security context to the specified string.
    This is typically only used from early-init to set the init context
    before any other process is started.
@@ -275,7 +278,7 @@
 Init updates some system properties to provide some insight into
 what it's doing:
 
-init.action 
+init.action
    Equal to the name of the action currently being executed or "" if none
 
 init.command