diff options
author | Yabin Cui <yabinc@google.com> | 2018-11-02 15:22:13 -0700 |
---|---|---|
committer | Yabin Cui <yabinc@google.com> | 2018-11-06 15:31:59 -0800 |
commit | 97e3bb3a948e407a1ec364401719121ec379ff6e (patch) | |
tree | fc1df6324d76abf43408570327ae08955c5ae966 /run-as | |
parent | a97d6e36d5e3902d52d258ec0ec76d21c481ffed (diff) | |
download | system_core-97e3bb3a948e407a1ec364401719121ec379ff6e.tar.gz system_core-97e3bb3a948e407a1ec364401719121ec379ff6e.tar.bz2 system_core-97e3bb3a948e407a1ec364401719121ec379ff6e.zip |
run-as: add ":fromRunAs" selector in seinfo.
It notifies libselinux that the setcontext request is from run-as.
And libselinux will set current process to runas_app domain, which
can execute app data files.
Bug: 118737210
Test: run CtsSimpleperfTestCases.
Change-Id: Ib94087f910786dd5d2a2b2e3b1bf76dfa7131ced
Diffstat (limited to 'run-as')
-rw-r--r-- | run-as/run-as.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/run-as/run-as.cpp b/run-as/run-as.cpp index 971b9f4e4..f49bdf720 100644 --- a/run-as/run-as.cpp +++ b/run-as/run-as.cpp @@ -25,6 +25,8 @@ #include <sys/types.h> #include <unistd.h> +#include <string> + #include <libminijail.h> #include <scoped_minijail.h> @@ -214,7 +216,8 @@ int main(int argc, char* argv[]) { minijail_keep_supplementary_gids(j.get()); minijail_enter(j.get()); - if (selinux_android_setcontext(uid, 0, info.seinfo, pkgname) < 0) { + std::string seinfo = std::string(info.seinfo) + ":fromRunAs"; + if (selinux_android_setcontext(uid, 0, seinfo.c_str(), pkgname) < 0) { error(1, errno, "couldn't set SELinux security context"); } |