diff options
| author | Jeff Vander Stoep <jeffv@google.com> | 2017-03-09 21:41:35 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2017-03-09 21:41:35 +0000 |
| commit | a9ffc12efd98b0f85c4e2195490f25498f4811b1 (patch) | |
| tree | dbe383f67afdc351cf86bdf7db4ca6737339d343 | |
| parent | d26d13618d4eb3819a2ab655863407f79cf9c63c (diff) | |
| parent | 54bc1453c6471a840ae6e22f17fc5c6673d90de9 (diff) | |
| download | selinux-a9ffc12efd98b0f85c4e2195490f25498f4811b1.tar.gz | |
Prefer seapp/service_contexts from /system & /vendor am: e9e59e224d am: d2f39ac727
am: 54bc1453c6
Change-Id: I3a2ceaabb1bb59c73f3e638406825e901a4c0d94
| -rw-r--r-- | libselinux/src/android/android.c | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/libselinux/src/android/android.c b/libselinux/src/android/android.c index 4af64e90..aca1066b 100644 --- a/libselinux/src/android/android.c +++ b/libselinux/src/android/android.c @@ -45,9 +45,14 @@ * setting credentials for app processes and setting permissions * on app data directories. */ -static char const * const seapp_contexts_files[] = { +static char const * const seapp_contexts_split[] = { + "/system/etc/selinux/plat_seapp_contexts", + "/vendor/etc/selinux/nonplat_seapp_contexts" +}; + +static char const * const seapp_contexts_rootfs[] = { "/plat_seapp_contexts", - "/nonplat_seapp_contexts" // TODO, switch to diff partition when final + "/nonplat_seapp_contexts" }; static const struct selinux_opt seopts_file[] = { @@ -67,10 +72,12 @@ static const struct selinux_opt seopts_prop_rootfs[] = { { SELABEL_OPT_PATH, "/nonplat_property_contexts"} }; -/* TODO: Change file paths to /system/plat_service_contexts - * and /vendor/nonplat_service_contexts after b/27805372 - */ -static const struct selinux_opt seopts_service[] = { +static const struct selinux_opt seopts_service_split[] = { + { SELABEL_OPT_PATH, "/system/etc/selinux/plat_service_contexts" }, + { SELABEL_OPT_PATH, "/vendor/etc/selinux/nonplat_service_contexts" } +}; + +static const struct selinux_opt seopts_service_rootfs[] = { { SELABEL_OPT_PATH, "/plat_service_contexts" }, { SELABEL_OPT_PATH, "/nonplat_service_contexts" } }; @@ -308,10 +315,19 @@ int selinux_android_seapp_context_reload(void) char *p, *name = NULL, *value = NULL, *saveptr; size_t i, len, files_len; int n, ret; + const char *const *seapp_contexts_files; + + // Prefer files from /system & /vendor, fall back to files from / + if (access(seapp_contexts_split[0], R_OK) != -1) { + seapp_contexts_files = seapp_contexts_split; + files_len = sizeof(seapp_contexts_split)/sizeof(seapp_contexts_split[0]); + } else { + seapp_contexts_files = seapp_contexts_rootfs; + files_len = sizeof(seapp_contexts_rootfs)/sizeof(seapp_contexts_rootfs[0]); + } free_seapp_contexts(); - files_len = sizeof(seapp_contexts_files)/sizeof(seapp_contexts_files[0]); nspec = 0; for (i = 0; i < files_len; i++) { fp = fopen(seapp_contexts_files[i], "re"); @@ -1614,6 +1630,14 @@ struct selabel_handle* selinux_android_prop_context_handle(void) struct selabel_handle* selinux_android_service_context_handle(void) { struct selabel_handle* sehandle; + const struct selinux_opt* seopts_service; + + // Prefer files from /system & /vendor, fall back to files from / + if (access(seopts_service_split[0].value, R_OK) != -1) { + seopts_service = seopts_service_split; + } else { + seopts_service = seopts_service_rootfs; + } sehandle = selabel_open(SELABEL_CTX_ANDROID_SERVICE, seopts_service, 2); |