Children of init that use any of the SELinux wrapper functions,
including make_dir(), mkdir_recursive(), and plenty others, need to
first initialize the sehandle with SelabelInitialize().
I wish there were a better solution, but early init doesn't actually
want this handle initialized, so that is a valid use case. Ueventd
needs to initialize this before fork()'ing, so lazy initialization is
not universally acceptable either. Likely we won't have other
children that fork() then exec() init again, so this should be okay.
Bug: 62875318
Test: init unit tests
Test: sailfish creates directories with correct SELabel after wipe
Change-Id: I6de937604a060e18945427418f15b90e0b9d5c37
As SEPolicy is developed, use this property to enable/disable
subcontexts.
Bug: 62875318
Test: boot device with/without subcontexts
Change-Id: Ieb879836a71c72d4de1bb16514d083d52480bf9a
'object_r' is supposed to be simply 'r'.
Test: boot sailfish with SELinux fully enabled and subcontexts enabled
Change-Id: I7eb8b2dd18e66f23c09863e8961da339f72d25c5
One of the major aspects of treble is the compartmentalization of system
and vendor components, however init leaves a huge gap here, as vendor
init scripts run in the same context as system init scripts and thus can
access and modify the same properties, files, etc as the system can.
This change is meant to close that gap. It forks a separate 'subcontext'
init that runs in a different SELinux context with permissions that match
what vendors should have access to. Commands get sent over a socket to
this 'subcontext' init that then runs them in this SELinux context and
returns the result.
Note that not all commands run in the subcontext; some commands such as
those dealing with services only make sense in the context of the main
init process.
Bug: 62875318
Test: init unit tests, boot bullhead, boot sailfish
Change-Id: Idf4a4ebf98842d27b8627f901f961ab9eb412aee
Tom Cherry