diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2013-05-13 12:37:04 -0400 |
|---|---|---|
| committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-07-18 20:38:39 +0100 |
| commit | 0298df1eec5edeca7677c80503ba3b9c8a89aa55 (patch) | |
| tree | b341766c8110301b98bddef97b359e754e229576 /init/util.h | |
| parent | 2c22ff681c44714ba6c23e08c6d9a5c3257e33fa (diff) | |
| download | system_core-0298df1eec5edeca7677c80503ba3b9c8a89aa55.tar.gz system_core-0298df1eec5edeca7677c80503ba3b9c8a89aa55.tar.bz2 system_core-0298df1eec5edeca7677c80503ba3b9c8a89aa55.zip | |
Add support for socket security context specification.
Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Conflicts:
init/init.c
init/util.c
Diffstat (limited to 'init/util.h')
| -rw-r--r-- | init/util.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/init/util.h b/init/util.h index 45905b61..39d6f524 100644 --- a/init/util.h +++ b/init/util.h @@ -26,7 +26,7 @@ static const char *coldboot_done = "/dev/.coldboot_done"; int mtd_name_to_number(const char *name); int create_socket(const char *name, int type, mode_t perm, - uid_t uid, gid_t gid); + uid_t uid, gid_t gid, const char *socketcon); void *read_file(const char *fn, unsigned *_sz); time_t gettime(void); unsigned int decode_uid(const char *s); |