diff options
| author | Tom Cherry <tomcherry@google.com> | 2018-01-18 16:14:25 -0800 |
|---|---|---|
| committer | Tom Cherry <tomcherry@google.com> | 2018-01-22 18:20:56 +0000 |
| commit | 32228485ffac6ff0b674210be448b121bbd6427c (patch) | |
| tree | 5091f252b64d206d32747aa66aacbd15a763f6ce /init/subcontext.cpp | |
| parent | ad939afaf437f910dd3c4869c2683ca797a44f7c (diff) | |
| download | system_core-32228485ffac6ff0b674210be448b121bbd6427c.tar.gz system_core-32228485ffac6ff0b674210be448b121bbd6427c.tar.bz2 system_core-32228485ffac6ff0b674210be448b121bbd6427c.zip | |
Make vendor_init check SELinux before setting properties
Finishing a TODO from vendor_init, check SELinux permissions before
setting properties in vendor_init.
Bug: 62875318
Test: N/A
Change-Id: I3cb6abadd2613ae083705cc6b9c970587b6c6b19
Diffstat (limited to 'init/subcontext.cpp')
| -rw-r--r-- | init/subcontext.cpp | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/init/subcontext.cpp b/init/subcontext.cpp index be754da73..f3b643ad7 100644 --- a/init/subcontext.cpp +++ b/init/subcontext.cpp @@ -27,9 +27,13 @@ #include <selinux/android.h> #include "action.h" +#include "property_service.h" #include "selinux.h" #include "util.h" +#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ +#include <sys/_system_properties.h> + using android::base::GetExecutablePath; using android::base::Join; using android::base::Socketpair; @@ -75,6 +79,13 @@ Result<Success> SendMessage(int socket, const T& message) { return Success(); } +std::vector<std::pair<std::string, std::string>> properties_to_set; + +uint32_t SubcontextPropertySet(const std::string& name, const std::string& value) { + properties_to_set.emplace_back(name, value); + return PROP_SUCCESS; +} + class SubcontextProcess { public: SubcontextProcess(const KeywordFunctionMap* function_map, std::string context, int init_fd) @@ -108,6 +119,14 @@ void SubcontextProcess::RunCommand(const SubcontextCommand::ExecuteCommand& exec result = RunBuiltinFunction(map_result->second, args, context_); } + for (const auto& [name, value] : properties_to_set) { + auto property = reply->add_properties_to_set(); + property->set_name(name); + property->set_value(value); + } + + properties_to_set.clear(); + if (result) { reply->set_success(true); } else { @@ -186,6 +205,9 @@ int SubcontextMain(int argc, char** argv, const KeywordFunctionMap* function_map auto init_fd = std::atoi(argv[3]); SelabelInitialize(); + + property_set = SubcontextPropertySet; + auto subcontext_process = SubcontextProcess(function_map, context, init_fd); subcontext_process.MainLoop(); return 0; @@ -257,10 +279,6 @@ Result<SubcontextReply> Subcontext::TransmitMessage(const SubcontextCommand& sub Restart(); return Error() << "Unable to parse message from subcontext"; } - if (subcontext_reply.reply_case() == SubcontextReply::kFailure) { - auto& failure = subcontext_reply.failure(); - return ResultError(failure.error_string(), failure.error_errno()); - } return subcontext_reply; } @@ -275,6 +293,16 @@ Result<Success> Subcontext::Execute(const std::vector<std::string>& args) { return subcontext_reply.error(); } + for (const auto& property : subcontext_reply->properties_to_set()) { + ucred cr = {.pid = pid_, .uid = 0, .gid = 0}; + HandlePropertySet(property.name(), property.value(), context_, cr); + } + + if (subcontext_reply->reply_case() == SubcontextReply::kFailure) { + auto& failure = subcontext_reply->failure(); + return ResultError(failure.error_string(), failure.error_errno()); + } + if (subcontext_reply->reply_case() != SubcontextReply::kSuccess) { return Error() << "Unexpected message type from subcontext: " << subcontext_reply->reply_case(); @@ -294,6 +322,11 @@ Result<std::vector<std::string>> Subcontext::ExpandArgs(const std::vector<std::s return subcontext_reply.error(); } + if (subcontext_reply->reply_case() == SubcontextReply::kFailure) { + auto& failure = subcontext_reply->failure(); + return ResultError(failure.error_string(), failure.error_errno()); + } + if (subcontext_reply->reply_case() != SubcontextReply::kExpandArgsReply) { return Error() << "Unexpected message type from subcontext: " << subcontext_reply->reply_case(); |