init: always expand args in subcontext
Currently init expands properties in arguments only when those
commands are run in a subcontext. This creates a hole where
properties that should not be accessible from a given subcontext of
init can be accessed when running a command in the main init
executable (for example `start`).
This change creates a callback in subcontext init that simply expands
and returns arguments back to the main init process, to ensure that
only those properties that a subcontext can access get expanded.
Bug: 62875318
Test: boot bullhead, new unit tests
Change-Id: I2850009e70da877c08e4cc83350c727b0ea98796
diff --git a/init/subcontext.proto b/init/subcontext.proto
index 0d89734..e68115e 100644
--- a/init/subcontext.proto
+++ b/init/subcontext.proto
@@ -19,15 +19,23 @@
message SubcontextCommand {
message ExecuteCommand { repeated string args = 1; }
- oneof command { ExecuteCommand execute_command = 1; }
+ message ExpandArgsCommand { repeated string args = 1; }
+ oneof command {
+ ExecuteCommand execute_command = 1;
+ ExpandArgsCommand expand_args_command = 2;
+ }
}
message SubcontextReply {
- message ResultMessage {
- optional bool success = 1;
- optional string error_string = 2;
- optional int32 error_errno = 3;
+ message Failure {
+ optional string error_string = 1;
+ optional int32 error_errno = 2;
}
+ message ExpandArgsReply { repeated string expanded_args = 1; }
- oneof reply { ResultMessage result = 1; }
+ oneof reply {
+ bool success = 1;
+ Failure failure = 2;
+ ExpandArgsReply expand_args_reply = 3;
+ }
}
\ No newline at end of file