summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2012-11-16 14:34:27 -0500
committerStephen Smalley <sds@tycho.nsa.gov>2012-11-16 14:35:55 -0500
commit30f30330420ca4d7913a49e6fd652b4768045ecb (patch)
tree4e3b862ffc63ec9f3ee7de2fe9b28f4513e47da7
parent3ddc0059bb897c4d7d2e0c6d9812d590388480d1 (diff)
downloadsystem_core-30f30330420ca4d7913a49e6fd652b4768045ecb.zip
system_core-30f30330420ca4d7913a49e6fd652b4768045ecb.tar.gz
system_core-30f30330420ca4d7913a49e6fd652b4768045ecb.tar.bz2
Label sockets consistently with the seclabel value if specified.
This is necessary to ensure that the adbd socket is created in the adbd domain rather than the init domain. Change-Id: Id4997d7f074aeefea62b41c87b46a6609e03f527 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
-rwxr-xr-xinit/init.c46
1 files changed, 27 insertions, 19 deletions
diff --git a/init/init.c b/init/init.c
index b20b434..48d8559 100755
--- a/init/init.c
+++ b/init/init.c
@@ -198,28 +198,36 @@ void service_start(struct service *svc, const char *dynamic_args)
}
if (is_selinux_enabled() > 0) {
- char *mycon = NULL, *fcon = NULL;
+ if (svc->seclabel) {
+ scon = strdup(svc->seclabel);
+ if (!scon) {
+ ERROR("Out of memory while starting '%s'\n", svc->name);
+ return;
+ }
+ } else {
+ char *mycon = NULL, *fcon = NULL;
- INFO("computing context for service '%s'\n", svc->args[0]);
- rc = getcon(&mycon);
- if (rc < 0) {
- ERROR("could not get context while starting '%s'\n", svc->name);
- return;
- }
+ INFO("computing context for service '%s'\n", svc->args[0]);
+ rc = getcon(&mycon);
+ if (rc < 0) {
+ ERROR("could not get context while starting '%s'\n", svc->name);
+ return;
+ }
- rc = getfilecon(svc->args[0], &fcon);
- if (rc < 0) {
- ERROR("could not get context while starting '%s'\n", svc->name);
- freecon(mycon);
- return;
- }
+ rc = getfilecon(svc->args[0], &fcon);
+ if (rc < 0) {
+ ERROR("could not get context while starting '%s'\n", svc->name);
+ freecon(mycon);
+ return;
+ }
- rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
- freecon(mycon);
- freecon(fcon);
- if (rc < 0) {
- ERROR("could not get context while starting '%s'\n", svc->name);
- return;
+ rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
+ freecon(mycon);
+ freecon(fcon);
+ if (rc < 0) {
+ ERROR("could not get context while starting '%s'\n", svc->name);
+ return;
+ }
}
}