From 30f30330420ca4d7913a49e6fd652b4768045ecb Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Fri, 16 Nov 2012 14:34:27 -0500 Subject: Label sockets consistently with the seclabel value if specified. This is necessary to ensure that the adbd socket is created in the adbd domain rather than the init domain. Change-Id: Id4997d7f074aeefea62b41c87b46a6609e03f527 Signed-off-by: Stephen Smalley --- init/init.c | 46 +++++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/init/init.c b/init/init.c index b20b434..48d8559 100755 --- a/init/init.c +++ b/init/init.c @@ -198,28 +198,36 @@ void service_start(struct service *svc, const char *dynamic_args) } if (is_selinux_enabled() > 0) { - char *mycon = NULL, *fcon = NULL; + if (svc->seclabel) { + scon = strdup(svc->seclabel); + if (!scon) { + ERROR("Out of memory while starting '%s'\n", svc->name); + return; + } + } else { + char *mycon = NULL, *fcon = NULL; - INFO("computing context for service '%s'\n", svc->args[0]); - rc = getcon(&mycon); - if (rc < 0) { - ERROR("could not get context while starting '%s'\n", svc->name); - return; - } + INFO("computing context for service '%s'\n", svc->args[0]); + rc = getcon(&mycon); + if (rc < 0) { + ERROR("could not get context while starting '%s'\n", svc->name); + return; + } - rc = getfilecon(svc->args[0], &fcon); - if (rc < 0) { - ERROR("could not get context while starting '%s'\n", svc->name); - freecon(mycon); - return; - } + rc = getfilecon(svc->args[0], &fcon); + if (rc < 0) { + ERROR("could not get context while starting '%s'\n", svc->name); + freecon(mycon); + return; + } - rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon); - freecon(mycon); - freecon(fcon); - if (rc < 0) { - ERROR("could not get context while starting '%s'\n", svc->name); - return; + rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon); + freecon(mycon); + freecon(fcon); + if (rc < 0) { + ERROR("could not get context while starting '%s'\n", svc->name); + return; + } } } -- cgit v1.1