diff options
author | Alex Klyubin <klyubin@google.com> | 2017-03-02 01:08:14 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-03-02 01:08:14 +0000 |
commit | 93d52ef26479d8af6867e9cd05a1e4b974d9de4f (patch) | |
tree | b523b82dee8fa677c9c178b924513731570e135e | |
parent | 2593d74d9889856d01347482ad6d00c1c1020e8b (diff) | |
parent | 5678b9d5fb6ce806e5df54855b6d75619aa77e04 (diff) | |
download | selinux-93d52ef26479d8af6867e9cd05a1e4b974d9de4f.tar.gz |
Support loading policy from file via FD
am: 5678b9d5fb
Change-Id: I222cc6bc1bacb06a7be99799858ddce083cdc930
-rw-r--r-- | libselinux/include/selinux/android.h | 2 | ||||
-rw-r--r-- | libselinux/src/android/android.c | 35 |
2 files changed, 22 insertions, 15 deletions
diff --git a/libselinux/include/selinux/android.h b/libselinux/include/selinux/android.h index db8a04ad..78bb7db2 100644 --- a/libselinux/include/selinux/android.h +++ b/libselinux/include/selinux/android.h @@ -21,6 +21,8 @@ extern void selinux_android_set_sehandle(const struct selabel_handle *hndl); extern int selinux_android_load_policy(void); +extern int selinux_android_load_policy_from_fd(int fd, const char *description); + extern int selinux_android_setcon(const char *con); extern int selinux_android_setcontext(uid_t uid, diff --git a/libselinux/src/android/android.c b/libselinux/src/android/android.c index 78eab0e1..15e15cb8 100644 --- a/libselinux/src/android/android.c +++ b/libselinux/src/android/android.c @@ -1624,9 +1624,24 @@ void selinux_android_set_sehandle(const struct selabel_handle *hndl) fc_sehandle = (struct selabel_handle *) hndl; } -int selinux_android_load_policy(void) +int selinux_android_load_policy() { - int fd = -1, rc; + int fd = -1; + + fd = open(sepolicy_file, O_RDONLY | O_NOFOLLOW | O_CLOEXEC); + if (fd < 0) { + selinux_log(SELINUX_ERROR, "SELinux: Could not open %s: %s\n", + sepolicy_file, strerror(errno)); + return -1; + } + int ret = selinux_android_load_policy_from_fd(fd, sepolicy_file); + close(fd); + return ret; +} + +int selinux_android_load_policy_from_fd(int fd, const char *description) +{ + int rc; struct stat sb; void *map = NULL; static int load_successful = 0; @@ -1643,23 +1658,15 @@ int selinux_android_load_policy(void) } set_selinuxmnt(SELINUXMNT); - fd = open(sepolicy_file, O_RDONLY | O_NOFOLLOW | O_CLOEXEC); - if (fd < 0) { - selinux_log(SELINUX_ERROR, "SELinux: Could not open sepolicy: %s\n", - strerror(errno)); - return -1; - } if (fstat(fd, &sb) < 0) { selinux_log(SELINUX_ERROR, "SELinux: Could not stat %s: %s\n", - sepolicy_file, strerror(errno)); - close(fd); + description, strerror(errno)); return -1; } map = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (map == MAP_FAILED) { selinux_log(SELINUX_ERROR, "SELinux: Could not map %s: %s\n", - sepolicy_file, strerror(errno)); - close(fd); + description, strerror(errno)); return -1; } @@ -1668,13 +1675,11 @@ int selinux_android_load_policy(void) selinux_log(SELINUX_ERROR, "SELinux: Could not load policy: %s\n", strerror(errno)); munmap(map, sb.st_size); - close(fd); return -1; } munmap(map, sb.st_size); - close(fd); - selinux_log(SELINUX_INFO, "SELinux: Loaded policy from %s\n", sepolicy_file); + selinux_log(SELINUX_INFO, "SELinux: Loaded policy from %s\n", description); load_successful = 1; return 0; } |