ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

am ef3f7fa3: Merge "Set the SELinux security label on new directories."

Browse source 
* commit 'ef3f7fa32b451bd6f180c4c1586a98cee41aa296':
  Set the SELinux security label on new directories.
This commit is contained in:
Jean-Baptiste Queru 2012-08-08 14:04:22 -07:00 committed by Android Git Automerger
commit faad67fac6
5 changed files with 62 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
init/builtins.c
View file

@ -302,7 +302,7 @@ int do_mkdir(int nargs, char **args)
mode = strtoul(args[2], 0, 8); mode = strtoul(args[2], 0, 8);
} }
ret = mkdir(args[1], mode); ret = make_dir(args[1], mode);
/* chmod in case the directory already exists */ /* chmod in case the directory already exists */
if (ret == -1 && errno == EEXIST) { if (ret == -1 && errno == EEXIST) {
ret = _chmod(args[1], mode); ret = _chmod(args[1], mode);
@ -736,26 +736,12 @@ int do_chmod(int nargs, char **args) {
} }
int do_restorecon(int nargs, char **args) { int do_restorecon(int nargs, char **args) {
#ifdef HAVE_SELINUX
char *secontext = NULL;
struct stat sb;
int i; int i;
if (is_selinux_enabled() <= 0 || !sehandle)
return 0;
for (i = 1; i < nargs; i++) { for (i = 1; i < nargs; i++) {
if (lstat(args[i], &sb) < 0) if (restorecon(args[i]) < 0)
return -errno; return -errno;
if (selabel_lookup(sehandle, &secontext, args[i], sb.st_mode) < 0)
return -errno;
if (lsetfilecon(args[i], secontext) < 0) {
freecon(secontext);
return -errno;
}
freecon(secontext);
} }
#endif
return 0; return 0;
} }

28
init/devices.c
View file

@ -52,7 +52,7 @@
#define FIRMWARE_DIR2 "/vendor/firmware" #define FIRMWARE_DIR2 "/vendor/firmware"
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
static struct selabel_handle *sehandle; extern struct selabel_handle *sehandle;
#endif #endif
static int device_fd = -1; static int device_fd = -1;
@ -220,32 +220,6 @@ static void make_device(const char *path,
#endif #endif
} }
static int make_dir(const char *path, mode_t mode)
{
int rc;
#ifdef HAVE_SELINUX
char *secontext = NULL;
if (sehandle) {
selabel_lookup(sehandle, &secontext, path, mode);
setfscreatecon(secontext);
}
#endif
rc = mkdir(path, mode);
#ifdef HAVE_SELINUX
if (secontext) {
freecon(secontext);
setfscreatecon(NULL);
}
#endif
return rc;
}
static void add_platform_device(const char *name) static void add_platform_device(const char *name)
{ {
int name_len = strlen(name); int name_len = strlen(name);

6
init/init.c
View file

@ -901,6 +901,12 @@ int main(int argc, char **argv)
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
INFO("loading selinux policy\n"); INFO("loading selinux policy\n");
selinux_load_policy(); selinux_load_policy();
/* These directories were necessarily created before policy load
* and therefore need their security context restored to the proper value.
* This must happen before /dev is populated by ueventd.
*/
restorecon("/dev");
restorecon("/dev/socket");
#endif #endif
is_charger = !strcmp(bootmode, "charger"); is_charger = !strcmp(bootmode, "charger");

53
init/util.c
View file

@ -302,12 +302,12 @@ int mkdir_recursive(const char *pathname, mode_t mode)
memcpy(buf, pathname, width); memcpy(buf, pathname, width);
buf[width] = 0; buf[width] = 0;
if (stat(buf, &info) != 0) { if (stat(buf, &info) != 0) {
ret = mkdir(buf, mode); ret = make_dir(buf, mode);
if (ret && errno != EEXIST) if (ret && errno != EEXIST)
return ret; return ret;
} }
} }
ret = mkdir(pathname, mode); ret = make_dir(pathname, mode);
if (ret && errno != EEXIST) if (ret && errno != EEXIST)
return ret; return ret;
return 0; return 0;
@ -463,3 +463,52 @@ void import_kernel_cmdline(int in_qemu,
ptr = x; ptr = x;
} }
} }
int make_dir(const char *path, mode_t mode)
{
int rc;
#ifdef HAVE_SELINUX
char *secontext = NULL;
if (sehandle) {
selabel_lookup(sehandle, &secontext, path, mode);
setfscreatecon(secontext);
}
#endif
rc = mkdir(path, mode);
#ifdef HAVE_SELINUX
if (secontext) {
int save_errno = errno;
freecon(secontext);
setfscreatecon(NULL);
errno = save_errno;
}
#endif
return rc;
}
int restorecon(const char *pathname)
{
#ifdef HAVE_SELINUX
char *secontext = NULL;
struct stat sb;
int i;
if (is_selinux_enabled() <= 0 || !sehandle)
return 0;
if (lstat(pathname, &sb) < 0)
return -errno;
if (selabel_lookup(sehandle, &secontext, pathname, sb.st_mode) < 0)
return -errno;
if (lsetfilecon(pathname, secontext) < 0) {
freecon(secontext);
return -errno;
}
freecon(secontext);
#endif
return 0;
}

2
init/util.h
View file

@ -39,4 +39,6 @@ int wait_for_file(const char *filename, int timeout);
void open_devnull_stdio(void); void open_devnull_stdio(void);
void get_hardware_name(char *hardware, unsigned int *revision); void get_hardware_name(char *hardware, unsigned int *revision);
void import_kernel_cmdline(int in_qemu, void (*import_kernel_nv)(char *name, int in_qemu)); void import_kernel_cmdline(int in_qemu, void (*import_kernel_nv)(char *name, int in_qemu));
int make_dir(const char *path, mode_t mode);
int restorecon(const char *pathname);
#endif #endif