From 4ead8beac8fe59b01ad1e5670713b99e7f841b9b Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 13 Nov 2012 12:56:48 -0500
Subject: [PATCH] run-as:  set the SELinux security context.

Before invoking the specified command or a shell, set the
SELinux security context.

Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 run-as/Android.mk | 2 ++
 run-as/run-as.c   | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/run-as/Android.mk b/run-as/Android.mk
index 043cc3a36..a8f28850c 100644
--- a/run-as/Android.mk
+++ b/run-as/Android.mk
@@ -3,6 +3,8 @@ include $(CLEAR_VARS)
 
 LOCAL_SRC_FILES:= run-as.c package.c
 
+LOCAL_SHARED_LIBRARIES := libselinux
+
 LOCAL_MODULE:= run-as
 
 include $(BUILD_EXECUTABLE)
diff --git a/run-as/run-as.c b/run-as/run-as.c
index 20e1530e5..9eb09aed3 100644
--- a/run-as/run-as.c
+++ b/run-as/run-as.c
@@ -29,6 +29,7 @@
 #include <time.h>
 #include <stdarg.h>
 
+#include <selinux/android.h>
 #include <private/android_filesystem_config.h>
 #include "package.h"
 
@@ -162,6 +163,11 @@ int main(int argc, char **argv)
         return 1;
     }
 
+    if (selinux_android_setcontext(uid, 0, NULL, pkgname) < 0) {
+        panic("Could not set SELinux security context:  %s\n", strerror(errno));
+        return 1;
+    }
+
     /* User specified command for exec. */
     if (argc >= 3 ) {
         if (execvp(argv[2], argv+2) < 0) {