Create a new "androidboot.selinux" option, to control how userspace
handles SELinux. This kernel command line can have three options:
* disabled
* permissive
* enforcing
"disabled" completely disables userspace support for SELinux. No
policy is ever loaded, nor is the SELinux filesystem /sys/fs/selinux
ever mounted.
"permissive" loads the SELinux policy, but puts SELinux into
permissive mode. SELinux policy violations are logged, but not rejected.
"enforcing", the default, loads the SELinux policy, and places
SELinux into enforcing mode. Policy violations are rejected.
This change addresses post review comments for change
b710ed21de .
Change-Id: I912583db8e6a0e9c63380de32ad8ffc47a8a440f
When init starts up, immediately put SELinux into enforcing mode.
This is currently a no-op. We currently have everything in the
unconfined domain, so this should not break anything.
(if it does, I'll roll it back immediately)
If the kernel doesn't have SELinux support compiled in, then
don't try loading a policy and continue without SELinux protections.
Change-Id: Id0279cf82c545ea0f7090137b7566a5bc3ddd641
The change to enable address tracking via netlink incorrectly
changed the subsystem of rtnetlink events from "net" to
"interface". This broke interface add/delete notifications,
which come from the kernel with subsystem "net".
Switch back to "net" and deal with address tracking via new
action codes instead of a new subsystem.
Bug: 10433320
Change-Id: Ibf30efb426949dfd02304cc1d9adb1c005a539a6
handle_rename() would end up acquiring the lock twice. Change to
always derive has_rw inside earlier locks (instead of acquiring a
second time), and pass the value into check_caller_access_to_name().
Bug: 10547597
Change-Id: If5744d6d226a4785676c19d0f7fdf1c05060ed76
On some devices there is a slight delay between the creation of "/dev/bus"
and "/dev/bus/usb". Previously, the code assumed that both are created in the
same time which caused "watch_existing_subdirs" to fail and libusbhost to stop
working until the device is rebooted. The fix will setup an inotify event on the
creation of the "bus/usb" so it will not be missed once it's created.
Change-Id: I17f06dd167e61573307425e48898e12ebc954093
Add an optional argument to the socket option for specifying
a SELinux security context for the socket. Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.
2) Situations where a service has multiple sockets and we want to
label them distinctly.
Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
In Android 4.3 the run-as binary no longer has the SUID/SGID bits
set. Instead, it requires to be installed with setuid and setgid
file-based capabilities. As a result of the above two changes, the
binary no longer executes as root when invoked by the "shell" user
but can still change its UID/GID to that of the target package.
Unfortunately, run-as attempts to chdir into the target package's
data directory before changing its effective UID/GID. As a result,
when run-as is invoked by the "shell" user, the chdir operation
fails.
The fix is for run-as to chdir after changing the effective UID/GID
to those of the target package.
Bug: 10154652
(cherry picked from commit f2904a7b63)
Change-Id: I0f6cb9efd49f5c2c491f7aa1d614d700a5ec2304
On some devices there is a slight delay between the creation of "/dev/bus"
and "/dev/bus/usb". Previously, the code assumed that both are created in the
same time which caused "watch_existing_subdirs" to fail and libusbhost to stop
working until the device is rebooted. The fix will setup an inotify event on the
creation of the "bus/usb" so it will not be missed once it's created.
Change-Id: I17f06dd167e61573307425e48898e12ebc954093
Nick Kralevich