From e46f9d510db9351682cf17c49115110870147335 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Fri, 13 Jan 2012 08:48:47 -0500 Subject: Extend init and ueventd for SE Android. Add SE Android support for init and ueventd. init: - Load policy at boot. - Set the security context for service daemons and their sockets. - New built-in commands: setcon, setenforce, restorecon, setsebool. - New option for services: seclabel. ueventd: - Set the security context for device directories and nodes. Change-Id: I98ed752cde503c94d99dfa5b5a47e3c33db16aac --- init/util.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'init/util.c') diff --git a/init/util.c b/init/util.c index 13c9ca25..3a4b10b0 100755 --- a/init/util.c +++ b/init/util.c @@ -23,6 +23,10 @@ #include #include +#ifdef HAVE_SELINUX +#include +#endif + #include #include #include @@ -33,6 +37,7 @@ #include +#include "init.h" #include "log.h" #include "util.h" @@ -84,6 +89,9 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid) { struct sockaddr_un addr; int fd, ret; +#ifdef HAVE_SELINUX + char *secon; +#endif fd = socket(PF_UNIX, type, 0); if (fd < 0) { @@ -102,12 +110,26 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid) goto out_close; } +#ifdef HAVE_SELINUX + secon = NULL; + if (sehandle) { + ret = selabel_lookup(sehandle, &secon, addr.sun_path, S_IFSOCK); + if (ret == 0) + setfscreatecon(secon); + } +#endif + ret = bind(fd, (struct sockaddr *) &addr, sizeof (addr)); if (ret) { ERROR("Failed to bind socket '%s': %s\n", name, strerror(errno)); goto out_unlink; } +#ifdef HAVE_SELINUX + setfscreatecon(NULL); + freecon(secon); +#endif + chown(addr.sun_path, uid, gid); chmod(addr.sun_path, perm); -- cgit v1.2.3