Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8cf36ab3 authored by Steven Moreland's avatar Steven Moreland Committed by android-build-merger
Browse files

Merge "Expose service context name in denial." into stage-aosp-master am: 28347970 

am: b707b3e4

Change-Id: Ib5a00afcb3f0ad821f0b18bc29b47dcc4f08a42a
parents d844863a b707b3e4

cmds/servicemanager/Access.cpp

+19 −6
Original line number Original line Diff line number Diff line
@@ -61,15 +61,21 @@ static struct selabel_handle* getSehandle() { 
    return gSehandle;

    return gSehandle;

}

}





struct AuditCallbackData {

    const Access::CallingContext* context;

    const std::string* tname;

};



static int auditCallback(void *data, security_class_t /*cls*/, char *buf, size_t len) {

static int auditCallback(void *data, security_class_t /*cls*/, char *buf, size_t len) {

    const Access::CallingContext* ad = reinterpret_cast<Access::CallingContext*>(data);

    const AuditCallbackData* ad = reinterpret_cast<AuditCallbackData*>(data);





    if (!ad) {

    if (!ad) {

        LOG(ERROR) << "No service manager audit data";

        LOG(ERROR) << "No service manager audit data";

        return 0;

        return 0;

    }

    }





    snprintf(buf, len, "pid=%d uid=%d", ad->debugPid, ad->uid);

    snprintf(buf, len, "pid=%d uid=%d name=%s", ad->context->debugPid, ad->context->uid,

        ad->tname->c_str());

    return 0;

    return 0;

}

}
@@ -113,13 +119,20 @@ bool Access::canAdd(const CallingContext& ctx, const std::string& name) { 
}

}





bool Access::canList(const CallingContext& ctx) {

bool Access::canList(const CallingContext& ctx) {

    return actionAllowed(ctx, mThisProcessContext, "list");

    return actionAllowed(ctx, mThisProcessContext, "list", "service_manager");

}

}





bool Access::actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm) {

bool Access::actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm,

        const std::string& tname) {

    const char* tclass = "service_manager";

    const char* tclass = "service_manager";





    return 0 == selinux_check_access(sctx.sid.c_str(), tctx, tclass, perm, reinterpret_cast<void*>(const_cast<CallingContext*>((&sctx))));

    AuditCallbackData data = {

        .context = &sctx,

        .tname = &tname,

    };



    return 0 == selinux_check_access(sctx.sid.c_str(), tctx, tclass, perm,

        reinterpret_cast<void*>(&data));

}

}





bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm) {

bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm) {
@@ -129,7 +142,7 @@ bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::stri 
        return false;

        return false;

    }

    }





    bool allowed = actionAllowed(sctx, tctx, perm);

    bool allowed = actionAllowed(sctx, tctx, perm, name);

    freecon(tctx);

    freecon(tctx);

    return allowed;

    return allowed;

}

}

cmds/servicemanager/Access.h

+2 −1
Original line number Original line Diff line number Diff line
@@ -45,7 +45,8 @@ public: 
    virtual bool canList(const CallingContext& ctx);

    virtual bool canList(const CallingContext& ctx);





private:

private:

    bool actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm);

    bool actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm,

            const std::string& tname);

    bool actionAllowedFromLookup(const CallingContext& sctx, const std::string& name,

    bool actionAllowedFromLookup(const CallingContext& sctx, const std::string& name,

            const char *perm);

            const char *perm);