diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2013-05-13 12:37:04 -0400 |
---|---|---|
committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-07-18 20:38:39 +0100 |
commit | 0298df1eec5edeca7677c80503ba3b9c8a89aa55 (patch) | |
tree | b341766c8110301b98bddef97b359e754e229576 | |
parent | 2c22ff681c44714ba6c23e08c6d9a5c3257e33fa (diff) | |
download | system_core-0298df1eec5edeca7677c80503ba3b9c8a89aa55.zip system_core-0298df1eec5edeca7677c80503ba3b9c8a89aa55.tar.gz system_core-0298df1eec5edeca7677c80503ba3b9c8a89aa55.tar.bz2 |
Add support for socket security context specification.
Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Conflicts:
init/init.c
init/util.c
-rwxr-xr-x | init/init.c | 7 | ||||
-rw-r--r-- | init/init.h | 1 | ||||
-rw-r--r-- | init/init_parser.c | 4 | ||||
-rwxr-xr-x | init/property_service.c | 2 | ||||
-rw-r--r-- | init/readme.txt | 5 | ||||
-rwxr-xr-x | init/util.c | 20 | ||||
-rw-r--r-- | init/util.h | 2 |
7 files changed, 25 insertions, 16 deletions
diff --git a/init/init.c b/init/init.c index b2c8012..3b01cfa 100755 --- a/init/init.c +++ b/init/init.c @@ -285,16 +285,12 @@ void service_start(struct service *svc, const char *dynamic_args) for (ei = svc->envvars; ei; ei = ei->next) add_environment(ei->name, ei->value); -#ifdef HAVE_SELINUX - setsockcreatecon(scon); -#endif - for (si = svc->sockets; si; si = si->next) { int socket_type = ( !strcmp(si->type, "stream") ? SOCK_STREAM : (!strcmp(si->type, "dgram") ? SOCK_DGRAM : SOCK_SEQPACKET)); int s = create_socket(si->name, socket_type, - si->perm, si->uid, si->gid); + si->perm, si->uid, si->gid, si->socketcon ?: scon); if (s >= 0) { publish_socket(si->name, s); } @@ -303,7 +299,6 @@ void service_start(struct service *svc, const char *dynamic_args) #ifdef HAVE_SELINUX freecon(scon); scon = NULL; - setsockcreatecon(NULL); #endif if (svc->ioprio_class != IoSchedClass_NONE) { diff --git a/init/init.h b/init/init.h index 858ab11..8c319a1 100644 --- a/init/init.h +++ b/init/init.h @@ -55,6 +55,7 @@ struct socketinfo { uid_t uid; gid_t gid; int perm; + const char *socketcon; }; struct svcenvinfo { diff --git a/init/init_parser.c b/init/init_parser.c index 79bdbb8..66baac8 100644 --- a/init/init_parser.c +++ b/init/init_parser.c @@ -825,7 +825,7 @@ static void parse_line_service(struct parse_state *state, int nargs, char **args svc->envvars = ei; break; } - case K_socket: {/* name type perm [ uid gid ] */ + case K_socket: {/* name type perm [ uid gid context ] */ struct socketinfo *si; if (nargs < 4) { parse_error(state, "socket option requires name, type, perm arguments\n"); @@ -848,6 +848,8 @@ static void parse_line_service(struct parse_state *state, int nargs, char **args si->uid = decode_uid(args[4]); if (nargs > 5) si->gid = decode_uid(args[5]); + if (nargs > 6) + si->socketcon = args[6]; si->next = svc->sockets; svc->sockets = si; break; diff --git a/init/property_service.c b/init/property_service.c index 225d7e8..d3558e7 100755 --- a/init/property_service.c +++ b/init/property_service.c @@ -633,7 +633,7 @@ void start_property_service(void) /* Read persistent properties after all default values have been loaded. */ load_persistent_properties(); - fd = create_socket(PROP_SERVICE_NAME, SOCK_STREAM, 0666, 0, 0); + fd = create_socket(PROP_SERVICE_NAME, SOCK_STREAM, 0666, 0, 0, NULL); if(fd < 0) return; fcntl(fd, F_SETFD, FD_CLOEXEC); fcntl(fd, F_SETFL, O_NONBLOCK); diff --git a/init/readme.txt b/init/readme.txt index ccefcde..3a1051a 100644 --- a/init/readme.txt +++ b/init/readme.txt @@ -70,10 +70,13 @@ disabled setenv <name> <value> Set the environment variable <name> to <value> in the launched process. -socket <name> <type> <perm> [ <user> [ <group> ] ] +socket <name> <type> <perm> [ <user> [ <group> <context> ] ] Create a unix domain socket named /dev/socket/<name> and pass its fd to the launched process. <type> must be "dgram", "stream" or "seqpacket". User and group default to 0. + Context is the SELinux security context for the socket. + It defaults to the service security context, as specified by seclabel or + computed based on the service executable file security context. user <username> Change to username before exec'ing this service. diff --git a/init/util.c b/init/util.c index 2b993bb..df6a962 100755 --- a/init/util.c +++ b/init/util.c @@ -85,12 +85,15 @@ unsigned int decode_uid(const char *s) * daemon. We communicate the file descriptor's value via the environment * variable ANDROID_SOCKET_ENV_PREFIX<name> ("ANDROID_SOCKET_foo"). */ -int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid) +int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid, const char *socketcon) { struct sockaddr_un addr; int fd, ret; #ifdef HAVE_SELINUX - char *secon; + char *filecon; + + if (socketcon) + setsockcreatecon(socketcon); #endif fd = socket(PF_UNIX, type, 0); @@ -99,6 +102,11 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid) return -1; } +#ifdef HAVE_SELINUX + if (socketcon) + setsockcreatecon(NULL); +#endif + memset(&addr, 0 , sizeof(addr)); addr.sun_family = AF_UNIX; snprintf(addr.sun_path, sizeof(addr.sun_path), ANDROID_SOCKET_DIR"/%s", @@ -111,11 +119,11 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid) } #ifdef HAVE_SELINUX - secon = NULL; + filecon = NULL; if (sehandle) { - ret = selabel_lookup(sehandle, &secon, addr.sun_path, S_IFSOCK); + ret = selabel_lookup(sehandle, &filecon, addr.sun_path, S_IFSOCK); if (ret == 0) - setfscreatecon(secon); + setfscreatecon(filecon); } #endif @@ -127,7 +135,7 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid) #ifdef HAVE_SELINUX setfscreatecon(NULL); - freecon(secon); + freecon(filecon); #endif chown(addr.sun_path, uid, gid); diff --git a/init/util.h b/init/util.h index 45905b6..39d6f52 100644 --- a/init/util.h +++ b/init/util.h @@ -26,7 +26,7 @@ static const char *coldboot_done = "/dev/.coldboot_done"; int mtd_name_to_number(const char *name); int create_socket(const char *name, int type, mode_t perm, - uid_t uid, gid_t gid); + uid_t uid, gid_t gid, const char *socketcon); void *read_file(const char *fn, unsigned *_sz); time_t gettime(void); unsigned int decode_uid(const char *s); |