Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 21a5771c authored by Stephen Smalley's avatar Stephen Smalley Committed by Ricardo Cerqueira
Browse files

Replace SEAndroid with SELinux. 



Change-Id: Ibbe544a9f025d71ad416bc01cee2145b62d7b2d4
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 1c6f7a8d

core/java/android/os/Process.java

+2 −2
Original line number Diff line number Diff line
@@ -379,7 +379,7 @@ public class Process { 
     * @param gids Additional group-ids associated with the process.

     * @param debugFlags Additional flags.

     * @param targetSdkVersion The target SDK version for the app.

     * @param seInfo null-ok SE Android information for the new process.

     * @param seInfo null-ok SELinux information for the new process.

     * @param zygoteArgs Additional arguments to supply to the zygote process.

     * 

     * @return An object that describes the result of the attempt to start the process.
@@ -559,7 +559,7 @@ public class Process { 
     * new process should setgroup() to.

     * @param debugFlags Additional flags.

     * @param targetSdkVersion The target SDK version for the app.

     * @param seInfo null-ok SE Android information for the new process.

     * @param seInfo null-ok SELinux information for the new process.

     * @param extraArgs Additional arguments to supply to the zygote process.

     * @return An object that describes the result of the attempt to start the process.

     * @throws ZygoteStartFailedEx if process start failed for any reason

core/java/com/android/internal/os/ZygoteConnection.java

+3 −3
Original line number Diff line number Diff line
@@ -825,7 +825,7 @@ class ZygoteConnection { 
    }



    /**

     * Applies zygote security policy for SEAndroid information.

     * Applies zygote security policy for SELinux information.

     *

     * @param args non-null; zygote spawner arguments

     * @param peer non-null; peer credentials
@@ -844,7 +844,7 @@ class ZygoteConnection { 
        if (!(peerUid == 0 || peerUid == Process.SYSTEM_UID)) {

            // All peers with UID other than root or SYSTEM_UID

            throw new ZygoteSecurityException(

                    "This UID may not specify SEAndroid info.");

                    "This UID may not specify SELinux info.");

        }



        boolean allowed = SELinux.checkSELinuxAccess(peerSecurityContext,
@@ -853,7 +853,7 @@ class ZygoteConnection { 
                                                     "specifyseinfo");

        if (!allowed) {

            throw new ZygoteSecurityException(

                    "Peer may not specify SEAndroid info");

                    "Peer may not specify SELinux info");

        }



        return;