diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-11-16 14:34:27 -0500 |
|---|---|---|
| committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-07-18 20:38:39 +0100 |
| commit | 0995719a7cf5c1aed43d1d8409de5d432f2a2973 (patch) | |
| tree | 849601e56bf5f5c5e61335e3f9f9c9d98629a431 | |
| parent | fd44b1c95e688fea388376d4dd8d5b23d9575201 (diff) | |
| download | system_core-0995719a7cf5c1aed43d1d8409de5d432f2a2973.zip system_core-0995719a7cf5c1aed43d1d8409de5d432f2a2973.tar.gz system_core-0995719a7cf5c1aed43d1d8409de5d432f2a2973.tar.bz2 | |
Label sockets consistently with the seclabel value if specified.
This is necessary to ensure that the adbd socket is created in the
adbd domain rather than the init domain.
Change-Id: Id4997d7f074aeefea62b41c87b46a6609e03f527
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
| -rwxr-xr-x | init/init.c | 46 |
1 files changed, 27 insertions, 19 deletions
diff --git a/init/init.c b/init/init.c index 576805c..276de75 100755 --- a/init/init.c +++ b/init/init.c @@ -216,28 +216,36 @@ void service_start(struct service *svc, const char *dynamic_args) #ifdef HAVE_SELINUX if (is_selinux_enabled() > 0) { - char *mycon = NULL, *fcon = NULL; + if (svc->seclabel) { + scon = strdup(svc->seclabel); + if (!scon) { + ERROR("Out of memory while starting '%s'\n", svc->name); + return; + } + } else { + char *mycon = NULL, *fcon = NULL; - INFO("computing context for service '%s'\n", svc->args[0]); - rc = getcon(&mycon); - if (rc < 0) { - ERROR("could not get context while starting '%s'\n", svc->name); - return; - } + INFO("computing context for service '%s'\n", svc->args[0]); + rc = getcon(&mycon); + if (rc < 0) { + ERROR("could not get context while starting '%s'\n", svc->name); + return; + } - rc = getfilecon(svc->args[0], &fcon); - if (rc < 0) { - ERROR("could not get context while starting '%s'\n", svc->name); - freecon(mycon); - return; - } + rc = getfilecon(svc->args[0], &fcon); + if (rc < 0) { + ERROR("could not get context while starting '%s'\n", svc->name); + freecon(mycon); + return; + } - rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon); - freecon(mycon); - freecon(fcon); - if (rc < 0) { - ERROR("could not get context while starting '%s'\n", svc->name); - return; + rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon); + freecon(mycon); + freecon(fcon); + if (rc < 0) { + ERROR("could not get context while starting '%s'\n", svc->name); + return; + } } } #endif |