diff options
| -rw-r--r-- | debuggerd/Android.mk | 6 | ||||
| -rw-r--r-- | debuggerd/tombstone.c | 11 | ||||
| -rw-r--r-- | init/builtins.c | 18 | ||||
| -rw-r--r-- | init/devices.c | 28 | ||||
| -rwxr-xr-x | init/init.c | 6 | ||||
| -rwxr-xr-x | init/util.c | 53 | ||||
| -rw-r--r-- | init/util.h | 2 | ||||
| -rw-r--r-- | libdiskconfig/config_mbr.c | 2 | ||||
| -rw-r--r-- | toolbox/kill.c | 2 |
9 files changed, 82 insertions, 46 deletions
diff --git a/debuggerd/Android.mk b/debuggerd/Android.mk index 2a516fbe..fe467068 100644 --- a/debuggerd/Android.mk +++ b/debuggerd/Android.mk @@ -25,6 +25,12 @@ endif # ARCH_ARM_HAVE_VFP_D32 LOCAL_SHARED_LIBRARIES := libcutils libc libcorkscrew +ifeq ($(HAVE_SELINUX),true) +LOCAL_SHARED_LIBRARIES += libselinux +LOCAL_C_INCLUDES += external/libselinux/include +LOCAL_CFLAGS += -DHAVE_SELINUX +endif + include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) diff --git a/debuggerd/tombstone.c b/debuggerd/tombstone.c index 16b49433..27ab3fe9 100644 --- a/debuggerd/tombstone.c +++ b/debuggerd/tombstone.c @@ -35,6 +35,10 @@ #include <corkscrew/demangle.h> #include <corkscrew/backtrace.h> +#ifdef HAVE_SELINUX +#include <selinux/android.h> +#endif + #include "machine.h" #include "tombstone.h" #include "utility.h" @@ -680,6 +684,13 @@ char* engrave_tombstone(pid_t pid, pid_t tid, int signal, mkdir(TOMBSTONE_DIR, 0755); chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM); +#ifdef HAVE_SELINUX + if (selinux_android_restorecon(TOMBSTONE_DIR) == -1) { + *detach_failed = false; + return NULL; + } +#endif + int fd; char* path = find_and_open_tombstone(&fd); if (!path) { diff --git a/init/builtins.c b/init/builtins.c index ac9585e8..5bda7a07 100644 --- a/init/builtins.c +++ b/init/builtins.c @@ -302,7 +302,7 @@ int do_mkdir(int nargs, char **args) mode = strtoul(args[2], 0, 8); } - ret = mkdir(args[1], mode); + ret = make_dir(args[1], mode); /* chmod in case the directory already exists */ if (ret == -1 && errno == EEXIST) { ret = _chmod(args[1], mode); @@ -736,26 +736,12 @@ int do_chmod(int nargs, char **args) { } int do_restorecon(int nargs, char **args) { -#ifdef HAVE_SELINUX - char *secontext = NULL; - struct stat sb; int i; - if (is_selinux_enabled() <= 0 || !sehandle) - return 0; - for (i = 1; i < nargs; i++) { - if (lstat(args[i], &sb) < 0) - return -errno; - if (selabel_lookup(sehandle, &secontext, args[i], sb.st_mode) < 0) + if (restorecon(args[i]) < 0) return -errno; - if (lsetfilecon(args[i], secontext) < 0) { - freecon(secontext); - return -errno; - } - freecon(secontext); } -#endif return 0; } diff --git a/init/devices.c b/init/devices.c index 125f9815..c367de87 100644 --- a/init/devices.c +++ b/init/devices.c @@ -52,7 +52,7 @@ #define FIRMWARE_DIR2 "/vendor/firmware" #ifdef HAVE_SELINUX -static struct selabel_handle *sehandle; +extern struct selabel_handle *sehandle; #endif static int device_fd = -1; @@ -220,32 +220,6 @@ static void make_device(const char *path, #endif } - -static int make_dir(const char *path, mode_t mode) -{ - int rc; - -#ifdef HAVE_SELINUX - char *secontext = NULL; - - if (sehandle) { - selabel_lookup(sehandle, &secontext, path, mode); - setfscreatecon(secontext); - } -#endif - - rc = mkdir(path, mode); - -#ifdef HAVE_SELINUX - if (secontext) { - freecon(secontext); - setfscreatecon(NULL); - } -#endif - return rc; -} - - static void add_platform_device(const char *name) { int name_len = strlen(name); diff --git a/init/init.c b/init/init.c index 4f571443..cc98afcf 100755 --- a/init/init.c +++ b/init/init.c @@ -901,6 +901,12 @@ int main(int argc, char **argv) #ifdef HAVE_SELINUX INFO("loading selinux policy\n"); selinux_load_policy(); + /* These directories were necessarily created before policy load + * and therefore need their security context restored to the proper value. + * This must happen before /dev is populated by ueventd. + */ + restorecon("/dev"); + restorecon("/dev/socket"); #endif is_charger = !strcmp(bootmode, "charger"); diff --git a/init/util.c b/init/util.c index 7d79f398..f994ab9f 100755 --- a/init/util.c +++ b/init/util.c @@ -302,12 +302,12 @@ int mkdir_recursive(const char *pathname, mode_t mode) memcpy(buf, pathname, width); buf[width] = 0; if (stat(buf, &info) != 0) { - ret = mkdir(buf, mode); + ret = make_dir(buf, mode); if (ret && errno != EEXIST) return ret; } } - ret = mkdir(pathname, mode); + ret = make_dir(pathname, mode); if (ret && errno != EEXIST) return ret; return 0; @@ -463,3 +463,52 @@ void import_kernel_cmdline(int in_qemu, ptr = x; } } + +int make_dir(const char *path, mode_t mode) +{ + int rc; + +#ifdef HAVE_SELINUX + char *secontext = NULL; + + if (sehandle) { + selabel_lookup(sehandle, &secontext, path, mode); + setfscreatecon(secontext); + } +#endif + + rc = mkdir(path, mode); + +#ifdef HAVE_SELINUX + if (secontext) { + int save_errno = errno; + freecon(secontext); + setfscreatecon(NULL); + errno = save_errno; + } +#endif + return rc; +} + +int restorecon(const char *pathname) +{ +#ifdef HAVE_SELINUX + char *secontext = NULL; + struct stat sb; + int i; + + if (is_selinux_enabled() <= 0 || !sehandle) + return 0; + + if (lstat(pathname, &sb) < 0) + return -errno; + if (selabel_lookup(sehandle, &secontext, pathname, sb.st_mode) < 0) + return -errno; + if (lsetfilecon(pathname, secontext) < 0) { + freecon(secontext); + return -errno; + } + freecon(secontext); +#endif + return 0; +} diff --git a/init/util.h b/init/util.h index 9247739b..45905b61 100644 --- a/init/util.h +++ b/init/util.h @@ -39,4 +39,6 @@ int wait_for_file(const char *filename, int timeout); void open_devnull_stdio(void); void get_hardware_name(char *hardware, unsigned int *revision); void import_kernel_cmdline(int in_qemu, void (*import_kernel_nv)(char *name, int in_qemu)); +int make_dir(const char *path, mode_t mode); +int restorecon(const char *pathname); #endif diff --git a/libdiskconfig/config_mbr.c b/libdiskconfig/config_mbr.c index 703484c2..b89d382b 100644 --- a/libdiskconfig/config_mbr.c +++ b/libdiskconfig/config_mbr.c @@ -152,7 +152,7 @@ mk_ext_pentry(struct disk_info *dinfo, struct part_info *pinfo, uint32_t *lba, /* we are going to write the ebr at the current LBA, and then bump the * lba counter since that is where the logical data partition will start */ - item->offset = (*lba) * dinfo->sect_size; + item->offset = ((loff_t)(*lba)) * dinfo->sect_size; (*lba)++; ebr = (struct pc_boot_record *) &item->data; diff --git a/toolbox/kill.c b/toolbox/kill.c index b79805fd..fa2f649c 100644 --- a/toolbox/kill.c +++ b/toolbox/kill.c @@ -42,7 +42,9 @@ static struct { /* non-SUS signals */ _SIG(IO), _SIG(PWR), +#ifdef SIGSTKFLT _SIG(STKFLT), +#endif _SIG(WINCH), #undef _SIG }; |