diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-11-16 14:34:27 -0500 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2012-11-16 14:35:55 -0500 |
commit | 30f30330420ca4d7913a49e6fd652b4768045ecb (patch) | |
tree | 4e3b862ffc63ec9f3ee7de2fe9b28f4513e47da7 | |
parent | 3ddc0059bb897c4d7d2e0c6d9812d590388480d1 (diff) | |
download | system_core-30f30330420ca4d7913a49e6fd652b4768045ecb.zip system_core-30f30330420ca4d7913a49e6fd652b4768045ecb.tar.gz system_core-30f30330420ca4d7913a49e6fd652b4768045ecb.tar.bz2 |
Label sockets consistently with the seclabel value if specified.
This is necessary to ensure that the adbd socket is created in the
adbd domain rather than the init domain.
Change-Id: Id4997d7f074aeefea62b41c87b46a6609e03f527
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
-rwxr-xr-x | init/init.c | 46 |
1 files changed, 27 insertions, 19 deletions
diff --git a/init/init.c b/init/init.c index b20b434..48d8559 100755 --- a/init/init.c +++ b/init/init.c @@ -198,28 +198,36 @@ void service_start(struct service *svc, const char *dynamic_args) } if (is_selinux_enabled() > 0) { - char *mycon = NULL, *fcon = NULL; + if (svc->seclabel) { + scon = strdup(svc->seclabel); + if (!scon) { + ERROR("Out of memory while starting '%s'\n", svc->name); + return; + } + } else { + char *mycon = NULL, *fcon = NULL; - INFO("computing context for service '%s'\n", svc->args[0]); - rc = getcon(&mycon); - if (rc < 0) { - ERROR("could not get context while starting '%s'\n", svc->name); - return; - } + INFO("computing context for service '%s'\n", svc->args[0]); + rc = getcon(&mycon); + if (rc < 0) { + ERROR("could not get context while starting '%s'\n", svc->name); + return; + } - rc = getfilecon(svc->args[0], &fcon); - if (rc < 0) { - ERROR("could not get context while starting '%s'\n", svc->name); - freecon(mycon); - return; - } + rc = getfilecon(svc->args[0], &fcon); + if (rc < 0) { + ERROR("could not get context while starting '%s'\n", svc->name); + freecon(mycon); + return; + } - rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon); - freecon(mycon); - freecon(fcon); - if (rc < 0) { - ERROR("could not get context while starting '%s'\n", svc->name); - return; + rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon); + freecon(mycon); + freecon(fcon); + if (rc < 0) { + ERROR("could not get context while starting '%s'\n", svc->name); + return; + } } } |