diff options
| author | Tom Cherry <tomcherry@google.com> | 2015-12-10 17:20:59 -0800 |
|---|---|---|
| committer | Tom Cherry <tomcherry@google.com> | 2015-12-16 17:56:37 -0800 |
| commit | 8b78078de454d54e5eb9544aa1e5a170f079fbcc (patch) | |
| tree | b6ac151716586414da6edf4b4d45b19c0c158398 | |
| parent | be5f860effa9aff2afb397703f64de7acf92ad6d (diff) | |
| download | libselinux-8b78078de454d54e5eb9544aa1e5a170f079fbcc.tar.gz | |
Create selinux_android_setcon()
System properties are backed by various property files that are
mmap()'ed into a process's address space. setcon() does not revoke
access to such mmap()'ed regions, so we may leak access to property
files when moving to a more restrictive context.
This commit creates a new selinux_android_setcon() function that
explicitly reinitializes system properties after
calling setcon() to ensure that no leaks occur.
This new function is used in place of setcon() in
selinux_android_setcontext().
Bug 26114086
Change-Id: I631a8d6f3f474f62b2b4ecca3c842a0700486ddd
| -rw-r--r-- | include/selinux/android.h | 2 | ||||
| -rw-r--r-- | src/android.c | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/include/selinux/android.h b/include/selinux/android.h index b2f1ae8..4971ff0 100644 --- a/include/selinux/android.h +++ b/include/selinux/android.h @@ -23,6 +23,8 @@ extern int selinux_android_load_policy(void); extern int selinux_android_reload_policy(void); +extern int selinux_android_setcon(const char *con); + extern int selinux_android_setcontext(uid_t uid, bool isSystemServer, const char *seinfo, diff --git a/src/android.c b/src/android.c index eb58201..173adc1 100644 --- a/src/android.c +++ b/src/android.c @@ -34,6 +34,9 @@ #include <libgen.h> #include <packagelistparser/packagelistparser.h> +#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ +#include <sys/_system_properties.h> + /* * XXX Where should this configuration file be located? * Needs to be accessible by zygote and installd when @@ -864,6 +867,19 @@ oom: goto out; } +int selinux_android_setcon(const char *con) +{ + int ret = setcon(con); + if (ret) + return ret; + /* + System properties must be reinitialized after setcon() otherwise the + previous property files will be leaked since mmap()'ed regions are not + closed as a result of setcon(). + */ + return __system_properties_init(); +} + int selinux_android_setcontext(uid_t uid, bool isSystemServer, const char *seinfo, @@ -900,7 +916,7 @@ int selinux_android_setcontext(uid_t uid, goto err; if (strcmp(ctx_str, orig_ctx_str)) { - rc = setcon(ctx_str); + rc = selinux_android_setcon(ctx_str); if (rc < 0) goto err; } |