tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Set SELinux contexts on device nodes created by vold."

Browse source
This commit is contained in:
Nick Kralevich 2014-10-18 23:02:30 +00:00 committed by Gerrit Code Review
commit ab083da069
4 changed files with 68 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
Loop.cpp
View file

@ -35,6 +35,7 @@
#include <sysutils/SocketClient.h>
#include "Loop.h"
#include "Asec.h"
#include "sehandle.h"
int Loop::dumpState(SocketClient *c) {
int i;
@ -132,6 +133,7 @@ int Loop::create(const char *id, const char *loopFile, char *loopDeviceBuffer, s
for (i = 0; i < LOOP_MAX; i++) {
struct loop_info64 li;
int rc;
char *secontext = NULL;
sprintf(filename, "/dev/block/loop%d", i);
@ -141,12 +143,29 @@ int Loop::create(const char *id, const char *loopFile, char *loopDeviceBuffer, s
*/
mode_t mode = 0660 | S_IFBLK;
unsigned int dev = (0xff & i) | ((i << 12) & 0xfff00000) | (7 << 8);
if (sehandle) {
rc = selabel_lookup(sehandle, &secontext, filename, S_IFBLK);
if (rc == 0)
setfscreatecon(secontext);
}
if (mknod(filename, mode, dev) < 0) {
if (errno != EEXIST) {
int sverrno = errno;
SLOGE("Error creating loop device node (%s)", strerror(errno));
if (secontext) {
freecon(secontext);
setfscreatecon(NULL);
}
errno = sverrno;
return -1;
}
}
if (secontext) {
freecon(secontext);
setfscreatecon(NULL);
}
if ((fd = open(filename, O_RDWR)) < 0) {
SLOGE("Unable to open %s (%s)", filename, strerror(errno));

18
Volume.cpp
View file

@ -48,6 +48,7 @@
#include "Fat.h"
#include "Process.h"
#include "cryptfs.h"
#include "sehandle.h"
extern "C" void dos_partition_dec(void const *pp, struct dos_partition *d);
extern "C" void dos_partition_enc(void *pp, struct dos_partition *d);
@ -219,13 +220,30 @@ void Volume::setState(int state) {
}
int Volume::createDeviceNode(const char *path, int major, int minor) {
char *secontext = NULL;
mode_t mode = 0660 | S_IFBLK;
dev_t dev = (major << 8) | minor;
int rc;
if (sehandle) {
rc = selabel_lookup(sehandle, &secontext, path, S_IFBLK);
if (rc == 0)
setfscreatecon(secontext);
}
if (mknod(path, mode, dev) < 0) {
if (errno != EEXIST) {
int sverrno = errno;
if (secontext) {
freecon(secontext);
setfscreatecon(NULL);
}
errno = sverrno;
return -1;
}
}
if (secontext) {
setfscreatecon(NULL);
freecon(secontext);
}
return 0;
}

7
main.cpp
View file

@ -36,6 +36,7 @@
#include "NetlinkManager.h"
#include "DirectVolume.h"
#include "cryptfs.h"
#include "sehandle.h"
static int process_config(VolumeManager *vm);
static void coldboot(const char *path);
@ -43,6 +44,8 @@ static void coldboot(const char *path);
#define FSTAB_PREFIX "/fstab."
struct fstab *fstab;
struct selabel_handle *sehandle;
int main() {
VolumeManager *vm;
@ -51,6 +54,10 @@ int main() {
SLOGI("Vold 2.1 (the revenge) firing up");
sehandle = selinux_android_file_context_handle();
if (sehandle)
selinux_android_set_sehandle(sehandle);
mkdir("/dev/block/vold", 0755);
/* For when cryptfs checks and mounts an encrypted filesystem */

24
sehandle.h Normal file
View file

@ -0,0 +1,24 @@
/*
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _SEHANDLE_H
#define _SEHANDLE_H
#include <selinux/android.h>
extern struct selabel_handle *sehandle;
#endif