diff options
Diffstat (limited to 'init/property_service.c')
| -rwxr-xr-x | init/property_service.c | 85 |
1 files changed, 41 insertions, 44 deletions
diff --git a/init/property_service.c b/init/property_service.c index 61dd86f..f58e07d 100755 --- a/init/property_service.c +++ b/init/property_service.c @@ -40,8 +40,10 @@ #include <sys/atomics.h> #include <private/android_filesystem_config.h> +#ifdef HAVE_SELINUX #include <selinux/selinux.h> #include <selinux/label.h> +#endif #include "property_service.h" #include "init.h" @@ -123,7 +125,7 @@ static int init_workspace(workspace *w, size_t size) /* dev is a tmpfs that we can use to carve a shared workspace * out of, so let's do that... */ - fd = open("/dev/__properties__", O_RDWR | O_CREAT | O_NOFOLLOW, 0600); + fd = open("/dev/__properties__", O_RDWR | O_CREAT, 0600); if (fd < 0) return -1; @@ -136,7 +138,7 @@ static int init_workspace(workspace *w, size_t size) close(fd); - fd = open("/dev/__properties__", O_RDONLY | O_NOFOLLOW); + fd = open("/dev/__properties__", O_RDONLY); if (fd < 0) return -1; @@ -199,6 +201,7 @@ static void update_prop_info(prop_info *pi, const char *value, unsigned len) static int check_mac_perms(const char *name, char *sctx) { +#ifdef HAVE_SELINUX if (is_selinux_enabled() <= 0) return 1; @@ -222,10 +225,15 @@ static int check_mac_perms(const char *name, char *sctx) freecon(tctx); err: return result; + +#endif + return 1; } static int check_control_mac_perms(const char *name, char *sctx) { +#ifdef HAVE_SELINUX + /* * Create a name prefix out of ctl.<service name> * The new prefix allows the use of the existing @@ -239,6 +247,9 @@ static int check_control_mac_perms(const char *name, char *sctx) return 0; return check_mac_perms(ctl_name, sctx); + +#endif + return 1; } /* @@ -309,12 +320,13 @@ const char* property_get(const char *name) static void write_persistent_property(const char *name, const char *value) { - char tempPath[PATH_MAX]; + const char *tempPath = PERSISTENT_PROPERTY_DIR "/.temp"; char path[PATH_MAX]; - int fd; + int fd, length; + + snprintf(path, sizeof(path), "%s/%s", PERSISTENT_PROPERTY_DIR, name); - snprintf(tempPath, sizeof(tempPath), "%s/.temp.XXXXXX", PERSISTENT_PROPERTY_DIR); - fd = mkstemp(tempPath); + fd = open(tempPath, O_WRONLY|O_CREAT|O_TRUNC, 0600); if (fd < 0) { ERROR("Unable to write persistent property to temp file %s errno: %d\n", tempPath, errno); return; @@ -322,7 +334,6 @@ static void write_persistent_property(const char *name, const char *value) write(fd, value, strlen(value)); close(fd); - snprintf(path, sizeof(path), "%s/%s", PERSISTENT_PROPERTY_DIR, name); if (rename(tempPath, path)) { unlink(tempPath); ERROR("Unable to rename persistent property file %s to %s\n", tempPath, path); @@ -334,8 +345,8 @@ int property_set(const char *name, const char *value) prop_area *pa; prop_info *pi; - size_t namelen = strlen(name); - size_t valuelen = strlen(value); + int namelen = strlen(name); + int valuelen = strlen(value); if(namelen >= PROP_NAME_MAX) return -1; if(valuelen >= PROP_VALUE_MAX) return -1; @@ -385,9 +396,11 @@ int property_set(const char *name, const char *value) * to prevent them from being overwritten by default values. */ write_persistent_property(name, value); +#ifdef HAVE_SELINUX } else if (strcmp("selinux.reload_policy", name) == 0 && strcmp("1", value) == 0) { selinux_reload_policy(); +#endif } property_changed(name, value); return 0; @@ -412,13 +425,13 @@ void handle_property_set_fd() /* Check socket options here */ if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) { close(s); - ERROR("Unable to receive socket options\n"); + ERROR("Unable to recieve socket options\n"); return; } r = TEMP_FAILURE_RETRY(recv(s, &msg, sizeof(msg), 0)); if(r != sizeof(prop_msg)) { - ERROR("sys_prop: mis-match msg size received: %d expected: %d errno: %d\n", + ERROR("sys_prop: mis-match msg size recieved: %d expected: %d errno: %d\n", r, sizeof(prop_msg), errno); close(s); return; @@ -429,7 +442,9 @@ void handle_property_set_fd() msg.name[PROP_NAME_MAX-1] = 0; msg.value[PROP_VALUE_MAX-1] = 0; +#ifdef HAVE_SELINUX getpeercon(s, &source_ctx); +#endif if(memcmp(msg.name,"ctl.",4) == 0) { // Keep the old close-socket-early behavior when handling @@ -454,7 +469,10 @@ void handle_property_set_fd() // the property is written to memory. close(s); } +#ifdef HAVE_SELINUX freecon(source_ctx); +#endif + break; default: @@ -512,14 +530,12 @@ static void load_properties_from_file(const char *fn) static void load_persistent_properties() { DIR* dir = opendir(PERSISTENT_PROPERTY_DIR); - int dir_fd; struct dirent* entry; + char path[PATH_MAX]; char value[PROP_VALUE_MAX]; int fd, length; - struct stat sb; if (dir) { - dir_fd = dirfd(dir); while ((entry = readdir(dir)) != NULL) { if (strncmp("persist.", entry->d_name, strlen("persist."))) continue; @@ -528,39 +544,20 @@ static void load_persistent_properties() continue; #endif /* open the file and read the property value */ - fd = openat(dir_fd, entry->d_name, O_RDONLY | O_NOFOLLOW); - if (fd < 0) { - ERROR("Unable to open persistent property file \"%s\" errno: %d\n", - entry->d_name, errno); - continue; - } - if (fstat(fd, &sb) < 0) { - ERROR("fstat on property file \"%s\" failed errno: %d\n", entry->d_name, errno); - close(fd); - continue; - } - - // File must not be accessible to others, be owned by root/root, and - // not be a hard link to any other file. - if (((sb.st_mode & (S_IRWXG | S_IRWXO)) != 0) - || (sb.st_uid != 0) - || (sb.st_gid != 0) - || (sb.st_nlink != 1)) { - ERROR("skipping insecure property file %s (uid=%lu gid=%lu nlink=%d mode=%o)\n", - entry->d_name, sb.st_uid, sb.st_gid, sb.st_nlink, sb.st_mode); + snprintf(path, sizeof(path), "%s/%s", PERSISTENT_PROPERTY_DIR, entry->d_name); + fd = open(path, O_RDONLY); + if (fd >= 0) { + length = read(fd, value, sizeof(value) - 1); + if (length >= 0) { + value[length] = 0; + property_set(entry->d_name, value); + } else { + ERROR("Unable to read persistent property file %s errno: %d\n", path, errno); + } close(fd); - continue; - } - - length = read(fd, value, sizeof(value) - 1); - if (length >= 0) { - value[length] = 0; - property_set(entry->d_name, value); } else { - ERROR("Unable to read persistent property file %s errno: %d\n", - entry->d_name, errno); + ERROR("Unable to open persistent property file %s errno: %d\n", path, errno); } - close(fd); } closedir(dir); } else { |