libselinux: add /system_ext support.
Adds libselinux support for: system_ext_file_contexts system_ext_property_contexts system_ext_seapp_contexts system_ext_service_contexts system_ext_hwservice_contexts Bug: 137712473 Test: boot crosshatch Change-Id: Ia79aa070a5ce205e7fd487b79078d9124b59e4a1
This commit is contained in:
Bowgo Tsai
parent
82a225fbcd
commit
5077059ae3
2 changed files with 54 additions and 2 deletions
|
|
@ -1,6 +1,7 @@
|
||||||
#include "android_common.h"
|
#include "android_common.h"
|
||||||
|
|
||||||
// For 'system', 'product' (optional), 'vendor' (mandatory) and/or 'odm' (optional).
|
// For 'system', 'system_ext' (optional), 'product' (optional), 'vendor' (mandatory)
|
||||||
|
// and/or 'odm' (optional).
|
||||||
#define MAX_FILE_CONTEXT_SIZE 4
|
#define MAX_FILE_CONTEXT_SIZE 4
|
||||||
|
|
||||||
#ifdef __ANDROID_VNDK__
|
#ifdef __ANDROID_VNDK__
|
||||||
|
|
@ -13,6 +14,10 @@ static const struct selinux_opt seopts_service_plat[] = {
|
||||||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_service_contexts" },
|
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_service_contexts" },
|
||||||
{ SELABEL_OPT_PATH, "/plat_service_contexts" }
|
{ SELABEL_OPT_PATH, "/plat_service_contexts" }
|
||||||
};
|
};
|
||||||
|
static const struct selinux_opt seopts_service_system_ext[] = {
|
||||||
|
{ SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_service_contexts" },
|
||||||
|
{ SELABEL_OPT_PATH, "/system_ext_service_contexts" }
|
||||||
|
};
|
||||||
static const struct selinux_opt seopts_service_product[] = {
|
static const struct selinux_opt seopts_service_product[] = {
|
||||||
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_service_contexts" },
|
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_service_contexts" },
|
||||||
{ SELABEL_OPT_PATH, "/product_service_contexts" }
|
{ SELABEL_OPT_PATH, "/product_service_contexts" }
|
||||||
|
|
@ -29,6 +34,10 @@ static const struct selinux_opt seopts_hwservice_plat[] = {
|
||||||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_hwservice_contexts" },
|
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_hwservice_contexts" },
|
||||||
{ SELABEL_OPT_PATH, "/plat_hwservice_contexts" }
|
{ SELABEL_OPT_PATH, "/plat_hwservice_contexts" }
|
||||||
};
|
};
|
||||||
|
static const struct selinux_opt seopts_hwservice_system_ext[] = {
|
||||||
|
{ SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_hwservice_contexts" },
|
||||||
|
{ SELABEL_OPT_PATH, "/system_ext_hwservice_contexts" }
|
||||||
|
};
|
||||||
static const struct selinux_opt seopts_hwservice_product[] = {
|
static const struct selinux_opt seopts_hwservice_product[] = {
|
||||||
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_hwservice_contexts" },
|
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_hwservice_contexts" },
|
||||||
{ SELABEL_OPT_PATH, "/product_hwservice_contexts" }
|
{ SELABEL_OPT_PATH, "/product_hwservice_contexts" }
|
||||||
|
|
@ -82,6 +91,12 @@ struct selabel_handle* selinux_android_service_context_handle(void)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
for (i = 0; i < ARRAY_SIZE(seopts_service_system_ext); i++) {
|
||||||
|
if (access(seopts_service_system_ext[i].value, R_OK) != -1) {
|
||||||
|
seopts_service[size++] = seopts_service_system_ext[i];
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
for (i = 0; i < ARRAY_SIZE(seopts_service_product); i++) {
|
for (i = 0; i < ARRAY_SIZE(seopts_service_product); i++) {
|
||||||
if (access(seopts_service_product[i].value, R_OK) != -1) {
|
if (access(seopts_service_product[i].value, R_OK) != -1) {
|
||||||
seopts_service[size++] = seopts_service_product[i];
|
seopts_service[size++] = seopts_service_product[i];
|
||||||
|
|
@ -109,6 +124,12 @@ struct selabel_handle* selinux_android_hw_service_context_handle(void)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
for (i = 0; i < ARRAY_SIZE(seopts_hwservice_system_ext); i++) {
|
||||||
|
if (access(seopts_hwservice_system_ext[i].value, R_OK) != -1) {
|
||||||
|
seopts_service[size++] = seopts_hwservice_system_ext[i];
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
for (i = 0; i < ARRAY_SIZE(seopts_hwservice_product); i++) {
|
for (i = 0; i < ARRAY_SIZE(seopts_hwservice_product); i++) {
|
||||||
if (access(seopts_hwservice_product[i].value, R_OK) != -1) {
|
if (access(seopts_hwservice_product[i].value, R_OK) != -1) {
|
||||||
seopts_service[size++] = seopts_hwservice_product[i];
|
seopts_service[size++] = seopts_hwservice_product[i];
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,8 @@
|
||||||
#include "android_common.h"
|
#include "android_common.h"
|
||||||
#include <packagelistparser/packagelistparser.h>
|
#include <packagelistparser/packagelistparser.h>
|
||||||
|
|
||||||
// For 'system', 'product' (optional), 'vendor' (mandatory) and/or 'odm' (optional).
|
// For 'system', 'system_ext' (optional), 'product' (optional), 'vendor' (mandatory)
|
||||||
|
// and/or 'odm' (optional).
|
||||||
#define MAX_FILE_CONTEXT_SIZE 4
|
#define MAX_FILE_CONTEXT_SIZE 4
|
||||||
|
|
||||||
static const char *const sepolicy_file = "/sepolicy";
|
static const char *const sepolicy_file = "/sepolicy";
|
||||||
|
|
@ -10,6 +11,10 @@ static const struct selinux_opt seopts_file_plat[] = {
|
||||||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_file_contexts" },
|
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_file_contexts" },
|
||||||
{ SELABEL_OPT_PATH, "/plat_file_contexts" }
|
{ SELABEL_OPT_PATH, "/plat_file_contexts" }
|
||||||
};
|
};
|
||||||
|
static const struct selinux_opt seopts_file_system_ext[] = {
|
||||||
|
{ SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_file_contexts" },
|
||||||
|
{ SELABEL_OPT_PATH, "/system_ext_file_contexts" }
|
||||||
|
};
|
||||||
static const struct selinux_opt seopts_file_product[] = {
|
static const struct selinux_opt seopts_file_product[] = {
|
||||||
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_file_contexts" },
|
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_file_contexts" },
|
||||||
{ SELABEL_OPT_PATH, "/product_file_contexts" }
|
{ SELABEL_OPT_PATH, "/product_file_contexts" }
|
||||||
|
|
@ -30,6 +35,10 @@ static const struct selinux_opt seopts_prop_plat[] = {
|
||||||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_property_contexts" },
|
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_property_contexts" },
|
||||||
{ SELABEL_OPT_PATH, "/plat_property_contexts" }
|
{ SELABEL_OPT_PATH, "/plat_property_contexts" }
|
||||||
};
|
};
|
||||||
|
static const struct selinux_opt seopts_prop_system_ext[] = {
|
||||||
|
{ SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_property_contexts" },
|
||||||
|
{ SELABEL_OPT_PATH, "/system_ext_property_contexts" }
|
||||||
|
};
|
||||||
static const struct selinux_opt seopts_prop_product[] = {
|
static const struct selinux_opt seopts_prop_product[] = {
|
||||||
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_property_contexts" },
|
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_property_contexts" },
|
||||||
{ SELABEL_OPT_PATH, "/product_property_contexts" }
|
{ SELABEL_OPT_PATH, "/product_property_contexts" }
|
||||||
|
|
@ -56,6 +65,10 @@ static char const * const seapp_contexts_plat[] = {
|
||||||
"/system/etc/selinux/plat_seapp_contexts",
|
"/system/etc/selinux/plat_seapp_contexts",
|
||||||
"/plat_seapp_contexts"
|
"/plat_seapp_contexts"
|
||||||
};
|
};
|
||||||
|
static char const * const seapp_contexts_system_ext[] = {
|
||||||
|
"/system_ext/etc/selinux/system_ext_seapp_contexts",
|
||||||
|
"/system_ext_seapp_contexts"
|
||||||
|
};
|
||||||
static char const * const seapp_contexts_product[] = {
|
static char const * const seapp_contexts_product[] = {
|
||||||
"/product/etc/selinux/product_seapp_contexts",
|
"/product/etc/selinux/product_seapp_contexts",
|
||||||
"/product_seapp_contexts"
|
"/product_seapp_contexts"
|
||||||
|
|
@ -105,6 +118,12 @@ struct selabel_handle* selinux_android_file_context_handle(void)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
for (i = 0; i < ARRAY_SIZE(seopts_file_system_ext); i++) {
|
||||||
|
if (access(seopts_file_system_ext[i].value, R_OK) != -1) {
|
||||||
|
seopts_file[size++] = seopts_file_system_ext[i];
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
for (i = 0; i < ARRAY_SIZE(seopts_file_product); i++) {
|
for (i = 0; i < ARRAY_SIZE(seopts_file_product); i++) {
|
||||||
if (access(seopts_file_product[i].value, R_OK) != -1) {
|
if (access(seopts_file_product[i].value, R_OK) != -1) {
|
||||||
seopts_file[size++] = seopts_file_product[i];
|
seopts_file[size++] = seopts_file_product[i];
|
||||||
|
|
@ -138,6 +157,12 @@ struct selabel_handle* selinux_android_prop_context_handle(void)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
for (i = 0; i < ARRAY_SIZE(seopts_prop_system_ext); i++) {
|
||||||
|
if (access(seopts_prop_system_ext[i].value, R_OK) != -1) {
|
||||||
|
seopts_prop[size++] = seopts_prop_system_ext[i];
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
for (i = 0; i < ARRAY_SIZE(seopts_prop_product); i++) {
|
for (i = 0; i < ARRAY_SIZE(seopts_prop_product); i++) {
|
||||||
if (access(seopts_prop_product[i].value, R_OK) != -1) {
|
if (access(seopts_prop_product[i].value, R_OK) != -1) {
|
||||||
seopts_prop[size++] = seopts_prop_product[i];
|
seopts_prop[size++] = seopts_prop_product[i];
|
||||||
|
|
@ -405,6 +430,12 @@ int selinux_android_seapp_context_reload(void)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
for (i = 0; i < ARRAY_SIZE(seapp_contexts_system_ext); i++) {
|
||||||
|
if (access(seapp_contexts_system_ext[i], R_OK) != -1) {
|
||||||
|
seapp_contexts_files[files_len++] = seapp_contexts_system_ext[i];
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
for (i = 0; i < ARRAY_SIZE(seapp_contexts_product); i++) {
|
for (i = 0; i < ARRAY_SIZE(seapp_contexts_product); i++) {
|
||||||
if (access(seapp_contexts_product[i], R_OK) != -1) {
|
if (access(seapp_contexts_product[i], R_OK) != -1) {
|
||||||
seapp_contexts_files[files_len++] = seapp_contexts_product[i];
|
seapp_contexts_files[files_len++] = seapp_contexts_product[i];
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue