run-as: add ":fromRunAs" selector in seinfo.

It notifies libselinux that the setcontext request is from run-as.
And libselinux will set current process to runas_app domain, which
can execute app data files.

Bug: 118737210
Test: run CtsSimpleperfTestCases.
Change-Id: Ib94087f910786dd5d2a2b2e3b1bf76dfa7131ced

1 files changed, 4 insertions, 1 deletions

diff --git a/run-as/run-as.cpp b/run-as/run-as.cpp
index 971b9f4e4..f49bdf720 100644
--- a/run-as/run-as.cpp
+++ b/run-as/run-as.cpp
@@ -25,6 +25,8 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include <string>
+
 #include <libminijail.h>
 #include <scoped_minijail.h>
 
@@ -214,7 +216,8 @@ int main(int argc, char* argv[]) {
   minijail_keep_supplementary_gids(j.get());
   minijail_enter(j.get());
 
-  if (selinux_android_setcontext(uid, 0, info.seinfo, pkgname) < 0) {
+  std::string seinfo = std::string(info.seinfo) + ":fromRunAs";
+  if (selinux_android_setcontext(uid, 0, seinfo.c_str(), pkgname) < 0) {
     error(1, errno, "couldn't set SELinux security context");
   }