Create selinux_android_setcon()
System properties are backed by various property files that are
mmap()'ed into a process's address space. setcon() does not revoke
access to such mmap()'ed regions, so we may leak access to property
files when moving to a more restrictive context.
This commit creates a new selinux_android_setcon() function that
explicitly reinitializes system properties after
calling setcon() to ensure that no leaks occur.
This new function is used in place of setcon() in
selinux_android_setcontext().
Bug 26114086
Change-Id: I631a8d6f3f474f62b2b4ecca3c842a0700486ddd
diff --git a/include/selinux/android.h b/include/selinux/android.h
index b2f1ae8..4971ff0 100644
--- a/include/selinux/android.h
+++ b/include/selinux/android.h
@@ -23,6 +23,8 @@
extern int selinux_android_reload_policy(void);
+extern int selinux_android_setcon(const char *con);
+
extern int selinux_android_setcontext(uid_t uid,
bool isSystemServer,
const char *seinfo,
diff --git a/src/android.c b/src/android.c
index eb58201..173adc1 100644
--- a/src/android.c
+++ b/src/android.c
@@ -34,6 +34,9 @@
#include <libgen.h>
#include <packagelistparser/packagelistparser.h>
+#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
+#include <sys/_system_properties.h>
+
/*
* XXX Where should this configuration file be located?
* Needs to be accessible by zygote and installd when
@@ -864,6 +867,19 @@
goto out;
}
+int selinux_android_setcon(const char *con)
+{
+ int ret = setcon(con);
+ if (ret)
+ return ret;
+ /*
+ System properties must be reinitialized after setcon() otherwise the
+ previous property files will be leaked since mmap()'ed regions are not
+ closed as a result of setcon().
+ */
+ return __system_properties_init();
+}
+
int selinux_android_setcontext(uid_t uid,
bool isSystemServer,
const char *seinfo,
@@ -900,7 +916,7 @@
goto err;
if (strcmp(ctx_str, orig_ctx_str)) {
- rc = setcon(ctx_str);
+ rc = selinux_android_setcon(ctx_str);
if (rc < 0)
goto err;
}