libselinux: add /system_ext support.
Adds libselinux support for: system_ext_file_contexts system_ext_property_contexts system_ext_seapp_contexts system_ext_service_contexts system_ext_hwservice_contexts Bug: 137712473 Test: boot crosshatch Change-Id: Ia79aa070a5ce205e7fd487b79078d9124b59e4a1
This commit is contained in:
Bowgo Tsai
parent
82a225fbcd
commit
5077059ae3
2 changed files with 54 additions and 2 deletions
|
|
@ -1,6 +1,7 @@
|
|||
#include "android_common.h"
|
||||
|
||||
// For 'system', 'product' (optional), 'vendor' (mandatory) and/or 'odm' (optional).
|
||||
// For 'system', 'system_ext' (optional), 'product' (optional), 'vendor' (mandatory)
|
||||
// and/or 'odm' (optional).
|
||||
#define MAX_FILE_CONTEXT_SIZE 4
|
||||
|
||||
#ifdef __ANDROID_VNDK__
|
||||
|
|
@ -13,6 +14,10 @@ static const struct selinux_opt seopts_service_plat[] = {
|
|||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_service_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/plat_service_contexts" }
|
||||
};
|
||||
static const struct selinux_opt seopts_service_system_ext[] = {
|
||||
{ SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_service_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/system_ext_service_contexts" }
|
||||
};
|
||||
static const struct selinux_opt seopts_service_product[] = {
|
||||
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_service_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/product_service_contexts" }
|
||||
|
|
@ -29,6 +34,10 @@ static const struct selinux_opt seopts_hwservice_plat[] = {
|
|||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_hwservice_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/plat_hwservice_contexts" }
|
||||
};
|
||||
static const struct selinux_opt seopts_hwservice_system_ext[] = {
|
||||
{ SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_hwservice_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/system_ext_hwservice_contexts" }
|
||||
};
|
||||
static const struct selinux_opt seopts_hwservice_product[] = {
|
||||
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_hwservice_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/product_hwservice_contexts" }
|
||||
|
|
@ -82,6 +91,12 @@ struct selabel_handle* selinux_android_service_context_handle(void)
|
|||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seopts_service_system_ext); i++) {
|
||||
if (access(seopts_service_system_ext[i].value, R_OK) != -1) {
|
||||
seopts_service[size++] = seopts_service_system_ext[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seopts_service_product); i++) {
|
||||
if (access(seopts_service_product[i].value, R_OK) != -1) {
|
||||
seopts_service[size++] = seopts_service_product[i];
|
||||
|
|
@ -109,6 +124,12 @@ struct selabel_handle* selinux_android_hw_service_context_handle(void)
|
|||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seopts_hwservice_system_ext); i++) {
|
||||
if (access(seopts_hwservice_system_ext[i].value, R_OK) != -1) {
|
||||
seopts_service[size++] = seopts_hwservice_system_ext[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seopts_hwservice_product); i++) {
|
||||
if (access(seopts_hwservice_product[i].value, R_OK) != -1) {
|
||||
seopts_service[size++] = seopts_hwservice_product[i];
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
#include "android_common.h"
|
||||
#include <packagelistparser/packagelistparser.h>
|
||||
|
||||
// For 'system', 'product' (optional), 'vendor' (mandatory) and/or 'odm' (optional).
|
||||
// For 'system', 'system_ext' (optional), 'product' (optional), 'vendor' (mandatory)
|
||||
// and/or 'odm' (optional).
|
||||
#define MAX_FILE_CONTEXT_SIZE 4
|
||||
|
||||
static const char *const sepolicy_file = "/sepolicy";
|
||||
|
|
@ -10,6 +11,10 @@ static const struct selinux_opt seopts_file_plat[] = {
|
|||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_file_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/plat_file_contexts" }
|
||||
};
|
||||
static const struct selinux_opt seopts_file_system_ext[] = {
|
||||
{ SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_file_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/system_ext_file_contexts" }
|
||||
};
|
||||
static const struct selinux_opt seopts_file_product[] = {
|
||||
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_file_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/product_file_contexts" }
|
||||
|
|
@ -30,6 +35,10 @@ static const struct selinux_opt seopts_prop_plat[] = {
|
|||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_property_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/plat_property_contexts" }
|
||||
};
|
||||
static const struct selinux_opt seopts_prop_system_ext[] = {
|
||||
{ SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_property_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/system_ext_property_contexts" }
|
||||
};
|
||||
static const struct selinux_opt seopts_prop_product[] = {
|
||||
{ SELABEL_OPT_PATH, "/product/etc/selinux/product_property_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/product_property_contexts" }
|
||||
|
|
@ -56,6 +65,10 @@ static char const * const seapp_contexts_plat[] = {
|
|||
"/system/etc/selinux/plat_seapp_contexts",
|
||||
"/plat_seapp_contexts"
|
||||
};
|
||||
static char const * const seapp_contexts_system_ext[] = {
|
||||
"/system_ext/etc/selinux/system_ext_seapp_contexts",
|
||||
"/system_ext_seapp_contexts"
|
||||
};
|
||||
static char const * const seapp_contexts_product[] = {
|
||||
"/product/etc/selinux/product_seapp_contexts",
|
||||
"/product_seapp_contexts"
|
||||
|
|
@ -105,6 +118,12 @@ struct selabel_handle* selinux_android_file_context_handle(void)
|
|||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seopts_file_system_ext); i++) {
|
||||
if (access(seopts_file_system_ext[i].value, R_OK) != -1) {
|
||||
seopts_file[size++] = seopts_file_system_ext[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seopts_file_product); i++) {
|
||||
if (access(seopts_file_product[i].value, R_OK) != -1) {
|
||||
seopts_file[size++] = seopts_file_product[i];
|
||||
|
|
@ -138,6 +157,12 @@ struct selabel_handle* selinux_android_prop_context_handle(void)
|
|||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seopts_prop_system_ext); i++) {
|
||||
if (access(seopts_prop_system_ext[i].value, R_OK) != -1) {
|
||||
seopts_prop[size++] = seopts_prop_system_ext[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seopts_prop_product); i++) {
|
||||
if (access(seopts_prop_product[i].value, R_OK) != -1) {
|
||||
seopts_prop[size++] = seopts_prop_product[i];
|
||||
|
|
@ -405,6 +430,12 @@ int selinux_android_seapp_context_reload(void)
|
|||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seapp_contexts_system_ext); i++) {
|
||||
if (access(seapp_contexts_system_ext[i], R_OK) != -1) {
|
||||
seapp_contexts_files[files_len++] = seapp_contexts_system_ext[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < ARRAY_SIZE(seapp_contexts_product); i++) {
|
||||
if (access(seapp_contexts_product[i], R_OK) != -1) {
|
||||
seapp_contexts_files[files_len++] = seapp_contexts_product[i];
|
||||
|
|
|
|||
Loading…
Reference in a new issue