am 60c5a460: Merge "Remove calls to is_selinux_enabled()"
* commit '60c5a460c1906e52717afde1dc38630b30fc564e': Remove calls to is_selinux_enabled()
This commit is contained in:
Nick Kralevich
Android Git Automerger
commit
a27dca0f7a
5 changed files with 36 additions and 52 deletions
|
|
@ -171,7 +171,7 @@ int adbd_main(int server_port) {
|
|||
|
||||
D("Local port disabled\n");
|
||||
} else {
|
||||
if ((root_seclabel != nullptr) && (is_selinux_enabled() > 0)) {
|
||||
if (root_seclabel != nullptr) {
|
||||
if (setcon(root_seclabel) < 0) {
|
||||
LOG(FATAL) << "Could not set selinux context";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -134,8 +134,6 @@ static int get_process_info(pid_t tid, pid_t* out_pid, uid_t* out_uid, uid_t* ou
|
|||
return fields == 7 ? 0 : -1;
|
||||
}
|
||||
|
||||
static int selinux_enabled;
|
||||
|
||||
/*
|
||||
* Corresponds with debugger_action_t enum type in
|
||||
* include/cutils/debugger.h.
|
||||
|
|
@ -153,9 +151,6 @@ static bool selinux_action_allowed(int s, pid_t tid, debugger_action_t action)
|
|||
const char *perm;
|
||||
bool allowed = false;
|
||||
|
||||
if (selinux_enabled <= 0)
|
||||
return true;
|
||||
|
||||
if (action <= 0 || action >= (sizeof(debuggerd_perms)/sizeof(debuggerd_perms[0]))) {
|
||||
ALOGE("SELinux: No permission defined for debugger action %d", action);
|
||||
return false;
|
||||
|
|
@ -589,7 +584,6 @@ static void usage() {
|
|||
int main(int argc, char** argv) {
|
||||
union selinux_callback cb;
|
||||
if (argc == 1) {
|
||||
selinux_enabled = is_selinux_enabled();
|
||||
cb.func_log = selinux_log_callback;
|
||||
selinux_set_callback(SELINUX_CB_LOG, cb);
|
||||
return do_server();
|
||||
|
|
|
|||
|
|
@ -241,10 +241,8 @@ static void make_device(const char *path,
|
|||
|
||||
mode = get_device_perm(path, links, &uid, &gid) | (block ? S_IFBLK : S_IFCHR);
|
||||
|
||||
if (sehandle) {
|
||||
selabel_lookup_best_match(sehandle, &secontext, path, links, mode);
|
||||
setfscreatecon(secontext);
|
||||
}
|
||||
selabel_lookup_best_match(sehandle, &secontext, path, links, mode);
|
||||
setfscreatecon(secontext);
|
||||
|
||||
dev = makedev(major, minor);
|
||||
/* Temporarily change egid to avoid race condition setting the gid of the
|
||||
|
|
@ -907,7 +905,7 @@ void handle_device_fd()
|
|||
struct uevent uevent;
|
||||
parse_event(msg, &uevent);
|
||||
|
||||
if (sehandle && selinux_status_updated() > 0) {
|
||||
if (selinux_status_updated() > 0) {
|
||||
struct selabel_handle *sehandle2;
|
||||
sehandle2 = selinux_android_file_context_handle();
|
||||
if (sehandle2) {
|
||||
|
|
@ -974,11 +972,8 @@ static void coldboot(const char *path)
|
|||
}
|
||||
|
||||
void device_init() {
|
||||
sehandle = NULL;
|
||||
if (is_selinux_enabled() > 0) {
|
||||
sehandle = selinux_android_file_context_handle();
|
||||
selinux_status_open(true);
|
||||
}
|
||||
sehandle = selinux_android_file_context_handle();
|
||||
selinux_status_open(true);
|
||||
|
||||
/* is 256K enough? udev uses 16MB! */
|
||||
device_fd = uevent_open_socket(256*1024, true);
|
||||
|
|
|
|||
|
|
@ -220,40 +220,38 @@ void service_start(struct service *svc, const char *dynamic_args)
|
|||
}
|
||||
|
||||
char* scon = NULL;
|
||||
if (is_selinux_enabled() > 0) {
|
||||
if (svc->seclabel) {
|
||||
scon = strdup(svc->seclabel);
|
||||
if (!scon) {
|
||||
ERROR("Out of memory while starting '%s'\n", svc->name);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
char *mycon = NULL, *fcon = NULL;
|
||||
if (svc->seclabel) {
|
||||
scon = strdup(svc->seclabel);
|
||||
if (!scon) {
|
||||
ERROR("Out of memory while starting '%s'\n", svc->name);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
char *mycon = NULL, *fcon = NULL;
|
||||
|
||||
INFO("computing context for service '%s'\n", svc->args[0]);
|
||||
int rc = getcon(&mycon);
|
||||
if (rc < 0) {
|
||||
ERROR("could not get context while starting '%s'\n", svc->name);
|
||||
return;
|
||||
}
|
||||
INFO("computing context for service '%s'\n", svc->args[0]);
|
||||
int rc = getcon(&mycon);
|
||||
if (rc < 0) {
|
||||
ERROR("could not get context while starting '%s'\n", svc->name);
|
||||
return;
|
||||
}
|
||||
|
||||
rc = getfilecon(svc->args[0], &fcon);
|
||||
if (rc < 0) {
|
||||
ERROR("could not get context while starting '%s'\n", svc->name);
|
||||
freecon(mycon);
|
||||
return;
|
||||
}
|
||||
|
||||
rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
|
||||
if (rc == 0 && !strcmp(scon, mycon)) {
|
||||
ERROR("Warning! Service %s needs a SELinux domain defined; please fix!\n", svc->name);
|
||||
}
|
||||
rc = getfilecon(svc->args[0], &fcon);
|
||||
if (rc < 0) {
|
||||
ERROR("could not get context while starting '%s'\n", svc->name);
|
||||
freecon(mycon);
|
||||
freecon(fcon);
|
||||
if (rc < 0) {
|
||||
ERROR("could not get context while starting '%s'\n", svc->name);
|
||||
return;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
|
||||
if (rc == 0 && !strcmp(scon, mycon)) {
|
||||
ERROR("Warning! Service %s needs a SELinux domain defined; please fix!\n", svc->name);
|
||||
}
|
||||
freecon(mycon);
|
||||
freecon(fcon);
|
||||
if (rc < 0) {
|
||||
ERROR("could not get context while starting '%s'\n", svc->name);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -335,7 +333,7 @@ void service_start(struct service *svc, const char *dynamic_args)
|
|||
}
|
||||
}
|
||||
if (svc->seclabel) {
|
||||
if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) {
|
||||
if (setexeccon(svc->seclabel) < 0) {
|
||||
ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno));
|
||||
_exit(127);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -92,9 +92,6 @@ void property_init() {
|
|||
|
||||
static int check_mac_perms(const char *name, char *sctx)
|
||||
{
|
||||
if (is_selinux_enabled() <= 0)
|
||||
return 1;
|
||||
|
||||
char *tctx = NULL;
|
||||
int result = 0;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue