Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libselinux / 7e61ee9b2f568b29adbb8e860fc366b5cd77e9b0^2..7e61ee9b2f568b29adbb8e860fc366b5cd77e9b0 / .
commit7e61ee9b2f568b29adbb8e860fc366b5cd77e9b0[log] [tgz]
authorTom Cherry <tomcherry@google.com>Thu Dec 17 16:16:35 2015 -0800
committerandroid-build-merger <android-build-merger@google.com>Thu Dec 17 16:16:35 2015 -0800
tree3eef5aaa990101187462244b345f59b6a2ca257b
parent3e08682ba440ab3ae74e7b19878f7d7ed95e2407 [diff]
parent8b78078de454d54e5eb9544aa1e5a170f079fbcc [diff]
Create selinux_android_setcon()
am: 8b78078de4

* commit '8b78078de454d54e5eb9544aa1e5a170f079fbcc':
  Create selinux_android_setcon()

diff --git a/src/android.c b/src/android.c
index 173adc1..0b54155 100644
--- a/src/android.c
+++ b/src/android.c

@@ -171,6 +171,8 @@
 struct seapp_context {
 	/* input selectors */
 	bool isSystemServer;
+	bool isAutoPlayAppSet;
+	bool isAutoPlayApp;
 	bool isOwnerSet;
 	bool isOwner;
 	struct prefix_str user;
@@ -213,6 +215,12 @@
 	if (s1->isSystemServer != s2->isSystemServer)
 		return (s1->isSystemServer ? -1 : 1);
 
+	/* Give precedence to a specified isAutoPlayApp= over an
+	 * unspecified isAutoPlayApp=. */
+	if (s1->isAutoPlayAppSet != s2->isAutoPlayAppSet)
+		return (s1->isAutoPlayAppSet ? -1 : 1);
+
+
 	/* Give precedence to a specified isOwner= over an unspecified isOwner=. */
 	if (s1->isOwnerSet != s2->isOwnerSet)
 		return (s1->isOwnerSet ? -1 : 1);
@@ -396,6 +404,16 @@
 					free_seapp_context(cur);
 					goto err;
 				}
+			} else if (!strcasecmp(name, "isAutoPlayApp")) {
+				cur->isAutoPlayAppSet = true;
+				if (!strcasecmp(value, "true"))
+					cur->isAutoPlayApp = true;
+				else if (!strcasecmp(value, "false"))
+					cur->isAutoPlayApp = false;
+				else {
+					free_seapp_context(cur);
+					goto err;
+				}
 			} else if (!strcasecmp(name, "isOwner")) {
 				cur->isOwnerSet = true;
 				if (!strcasecmp(value, "true"))
@@ -563,9 +581,11 @@
 		int i;
 		for (i = 0; i < nspec; i++) {
 			cur = seapp_contexts[i];
-			selinux_log(SELINUX_INFO, "%s:  isSystemServer=%s isOwner=%s user=%s seinfo=%s name=%s path=%s isPrivApp=%s -> domain=%s type=%s level=%s levelFrom=%s",
+			selinux_log(SELINUX_INFO, "%s:  isSystemServer=%s  isAutoPlayApp=%s isOwner=%s user=%s seinfo=%s "
+					"name=%s path=%s isPrivApp=%s -> domain=%s type=%s level=%s levelFrom=%s",
 				__FUNCTION__,
 				cur->isSystemServer ? "true" : "false",
+				cur->isAutoPlayAppSet ? (cur->isAutoPlayApp ? "true" : "false") : "null",
 				cur->isOwnerSet ? (cur->isOwner ? "true" : "false") : "null",
 				cur->user.str,
 				cur->seinfo, cur->name.str, cur->path.str,
@@ -616,10 +636,7 @@
 };
 
 #define PRIVILEGED_APP_STR ":privapp"
-static bool is_app_privileged(const char *seinfo)
-{
-	return strstr(seinfo, PRIVILEGED_APP_STR) != NULL;
-}
+#define AUTOPLAY_APP_STR ":autoplayapp"
 
 static int seinfo_parse(char *dest, const char *src, size_t size)
 {
@@ -656,6 +673,7 @@
 	uid_t userid;
 	uid_t appid;
 	bool isPrivApp = false;
+	bool isAutoPlayApp = false;
 	char parsedseinfo[BUFSIZ];
 
 	__selinux_once(once, seapp_context_init);
@@ -663,7 +681,8 @@
 	if (seinfo) {
 		if (seinfo_parse(parsedseinfo, seinfo, BUFSIZ))
 			goto err;
-		isPrivApp = is_app_privileged(seinfo);
+		isPrivApp = strstr(seinfo, PRIVILEGED_APP_STR) ? true : false;
+		isAutoPlayApp = strstr(seinfo, AUTOPLAY_APP_STR) ? true : false;
 		seinfo = parsedseinfo;
 	}
 
@@ -696,6 +715,9 @@
 		if (cur->isSystemServer != isSystemServer)
 			continue;
 
+		if (cur->isAutoPlayAppSet && cur->isAutoPlayApp != isAutoPlayApp)
+			continue;
+
 		if (cur->isOwnerSet && cur->isOwner != isOwner)
 			continue;