Revert "Revert "move selinux policy loading APIs to platform libselinux""
This reverts commit eae131fee2.
Bug: 37919668
Bug: 37343404
Signed-off-by: Sandeep Patil <sspatil@google.com>
This commit is contained in:
Sandeep Patil
parent
554b7e4e82
commit
43d548e365
2 changed files with 62 additions and 63 deletions
|
|
@ -1,8 +1,5 @@
|
|||
#include "android_common.h"
|
||||
|
||||
|
||||
static const char *const sepolicy_file = "/sepolicy";
|
||||
|
||||
static const struct selinux_opt seopts_prop_split[] = {
|
||||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_property_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/vendor/etc/selinux/nonplat_property_contexts"}
|
||||
|
|
@ -124,66 +121,6 @@ struct selabel_handle* selinux_android_vendor_service_context_handle(void)
|
|||
return selinux_android_service_open_context_handle(seopts_service, 1);
|
||||
}
|
||||
|
||||
int selinux_android_load_policy()
|
||||
{
|
||||
int fd = -1;
|
||||
|
||||
fd = open(sepolicy_file, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
|
||||
if (fd < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not open %s: %s\n",
|
||||
sepolicy_file, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
int ret = selinux_android_load_policy_from_fd(fd, sepolicy_file);
|
||||
close(fd);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int selinux_android_load_policy_from_fd(int fd, const char *description)
|
||||
{
|
||||
int rc;
|
||||
struct stat sb;
|
||||
void *map = NULL;
|
||||
static int load_successful = 0;
|
||||
|
||||
/*
|
||||
* Since updating policy at runtime has been abolished
|
||||
* we just check whether a policy has been loaded before
|
||||
* and return if this is the case.
|
||||
* There is no point in reloading policy.
|
||||
*/
|
||||
if (load_successful){
|
||||
selinux_log(SELINUX_WARNING, "SELinux: Attempted reload of SELinux policy!/n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
set_selinuxmnt(SELINUXMNT);
|
||||
if (fstat(fd, &sb) < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not stat %s: %s\n",
|
||||
description, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
map = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
|
||||
if (map == MAP_FAILED) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not map %s: %s\n",
|
||||
description, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
rc = security_load_policy(map, sb.st_size);
|
||||
if (rc < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not load policy: %s\n",
|
||||
strerror(errno));
|
||||
munmap(map, sb.st_size);
|
||||
return -1;
|
||||
}
|
||||
|
||||
munmap(map, sb.st_size);
|
||||
selinux_log(SELINUX_INFO, "SELinux: Loaded policy from %s\n", description);
|
||||
load_successful = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int selinux_log_callback(int type, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
#include "android_common.h"
|
||||
#include <packagelistparser/packagelistparser.h>
|
||||
|
||||
static const char *const sepolicy_file = "/sepolicy";
|
||||
|
||||
static const struct selinux_opt seopts_file_split[] = {
|
||||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_file_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/vendor/etc/selinux/nonplat_file_contexts" }
|
||||
|
|
@ -1567,3 +1569,63 @@ void selinux_android_set_sehandle(const struct selabel_handle *hndl)
|
|||
fc_sehandle = (struct selabel_handle *) hndl;
|
||||
}
|
||||
|
||||
int selinux_android_load_policy()
|
||||
{
|
||||
int fd = -1;
|
||||
|
||||
fd = open(sepolicy_file, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
|
||||
if (fd < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not open %s: %s\n",
|
||||
sepolicy_file, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
int ret = selinux_android_load_policy_from_fd(fd, sepolicy_file);
|
||||
close(fd);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int selinux_android_load_policy_from_fd(int fd, const char *description)
|
||||
{
|
||||
int rc;
|
||||
struct stat sb;
|
||||
void *map = NULL;
|
||||
static int load_successful = 0;
|
||||
|
||||
/*
|
||||
* Since updating policy at runtime has been abolished
|
||||
* we just check whether a policy has been loaded before
|
||||
* and return if this is the case.
|
||||
* There is no point in reloading policy.
|
||||
*/
|
||||
if (load_successful){
|
||||
selinux_log(SELINUX_WARNING, "SELinux: Attempted reload of SELinux policy!/n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
set_selinuxmnt(SELINUXMNT);
|
||||
if (fstat(fd, &sb) < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not stat %s: %s\n",
|
||||
description, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
map = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
|
||||
if (map == MAP_FAILED) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not map %s: %s\n",
|
||||
description, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
rc = security_load_policy(map, sb.st_size);
|
||||
if (rc < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not load policy: %s\n",
|
||||
strerror(errno));
|
||||
munmap(map, sb.st_size);
|
||||
return -1;
|
||||
}
|
||||
|
||||
munmap(map, sb.st_size);
|
||||
selinux_log(SELINUX_INFO, "SELinux: Loaded policy from %s\n", description);
|
||||
load_successful = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue