This commit fixes code that incorrectly increments s when it
hits the terminator character of the string being sanitized.
This means it will randomly start trashing memory beyond the
end of the string being sanitized until it happens to hit two
NULs (\0\0) which will break it out of the loop.
Change-Id: I76553d7f183236a78a0bc7b408e92559b98f732f
libselinux selinux_android_restorecon API is changing to the more
general interface with flags and dropping the older variants.
Also get rid of the old, no longer used selinux_android_setfilecon API
and rename selinux_android_setfilecon2 to it as it is the only API in use.
Change-Id: I1e71ec398ccdc24cac4ec76f1b858d0f680f4925
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This requires telling libselinux to use the sehandle already
obtained by init rather than re-acquiring it internally. init
retains ownership of the sehandle because it performs the
initial load, uses the sehandle for other purposes (e.g. labeling
of directories created via mkdir and labeling of socket files),
and handles the policy reload property trigger.
Change-Id: I4a380caab7f8481c33eb64fcdb16b6cabe918ebd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Currently, the restorecon_recursive("/sys") call in
init.c takes approx 2 seconds on hammerhead. This change
reduces the delay to 1.2 seconds.
1) Avoid double stat call when using nftw (time savings
of 0.3 seconds)
2) Avoid the repeated calls to is_selinux_enabled() (time
savings of 0.5 seconds)
Avoid calling lsetfilecon if the file is already properly
labeled. This doesn't speed up the restorecon on /sys,
but it should help when handling files on /data.
Bug: 11640230
Change-Id: Ie212ce4f4acade208c5676d60c1f03f50e2388a4
The Linux kernel supports command lines up to 2048 bytes on x86,
see COMMAND_LINE_SIZE in asm/setup.h.
If any androidboot.xxxx arguments were past the 1024 byte limit
here, they were lost.
Change-Id: I6247c511a7de04109490fffa0125801d274a5501
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
We have several partitions with underscores in their names
which would not be properly linked in:
/dev/block/platform/msm_sdcc.1/by-name/
With this change more characters (_-.) are allowed in
partition name links. Also, any other character is
replaced with '_' so the resulting link names have the
same length as the partition name.
Change-Id: I746566c03db98b10326c755692362d2c10e528ae
get_hardware_name() uses a fixed size buffer to slurp the contents of
/proc/cpuinfo into and with newer multicore systems this is not big
enough, leading to the inability to pick up the hardware name.
Fix this by using a dynamically allocated, exponentially growing buffer.
Change-Id: I51c6c276b6e110f462839e205a4428adc6656e75
Signed-off-by: Jon Medhurst <tixy@linaro.org>
Automatically set the SELinux security label on directories created
by init.rc. This avoids the need to separately call restorecon on
each such directory from the init.rc file. Also restorecon /dev
and /dev/socket after initial policy load so that they are labeled
correctly before any other dev nodes or sockets are created.
Change-Id: If6af6c4887cdead949737cebdd673957e9273ead
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Add SE Android support for init and ueventd.
init:
- Load policy at boot.
- Set the security context for service daemons and their sockets.
- New built-in commands: setcon, setenforce, restorecon, setsebool.
- New option for services: seclabel.
ueventd:
- Set the security context for device directories and nodes.
Change-Id: I98ed752cde503c94d99dfa5b5a47e3c33db16aac
x86 emulator passes hardware name through the androidboot.hardware kernel cmd option, and
ueventd must pick up on it to locate proper ueventd.rc file for that hardware.
Change-Id: Id61c5b67fe6275a15c7aa62556e0b89eda7968f8
eMMC block device names may change based on the detection order of
the eMMC device and any other SD bus devices, such as a removable SD
card.
This patch adds support to init for:
* Symlinks to block devices. When a block device uevent is
processed, if it starts with "/devices/platform", the platform
driver name is parsed out, and symlinks to the block device are
created in /dev/block/platform/<platform driver>/
* Symlinks based on partition name and number. If the uevent for
a block device contains information on the partition name or
number, symlinks are created under
/dev/block/platform/<platform driver>/by-num/p<partition>
and
/dev/block/platform/<platform driver>/by-name/<partition name>
init.rc can then use a device path like the following to mount an
eMMC device:
/dev/block/platform/<platform>/by-name/system /system ro
Change-Id: Id11bb7cdf1e2ada7752a5bd671cbf87237b34ae2