Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3a7d5f71 authored by Dianne Hackborn's avatar Dianne Hackborn Committed by Gerrit Code Review
Browse files

Merge "Replace SEAndroid with SELinux."

parents 9d8721f8 bd19b9ee

core/java/android/os/Process.java

+2 −2
Original line number Original line Diff line number Diff line
@@ -376,7 +376,7 @@ public class Process { 
     * @param gids Additional group-ids associated with the process.

     * @param gids Additional group-ids associated with the process.

     * @param debugFlags Additional flags.

     * @param debugFlags Additional flags.

     * @param targetSdkVersion The target SDK version for the app.

     * @param targetSdkVersion The target SDK version for the app.

     * @param seInfo null-ok SE Android information for the new process.

     * @param seInfo null-ok SELinux information for the new process.

     * @param zygoteArgs Additional arguments to supply to the zygote process.

     * @param zygoteArgs Additional arguments to supply to the zygote process.

     * 

     * 

     * @return An object that describes the result of the attempt to start the process.

     * @return An object that describes the result of the attempt to start the process.
@@ -556,7 +556,7 @@ public class Process { 
     * new process should setgroup() to.

     * new process should setgroup() to.

     * @param debugFlags Additional flags.

     * @param debugFlags Additional flags.

     * @param targetSdkVersion The target SDK version for the app.

     * @param targetSdkVersion The target SDK version for the app.

     * @param seInfo null-ok SE Android information for the new process.

     * @param seInfo null-ok SELinux information for the new process.

     * @param extraArgs Additional arguments to supply to the zygote process.

     * @param extraArgs Additional arguments to supply to the zygote process.

     * @return An object that describes the result of the attempt to start the process.

     * @return An object that describes the result of the attempt to start the process.

     * @throws ZygoteStartFailedEx if process start failed for any reason

     * @throws ZygoteStartFailedEx if process start failed for any reason

core/java/com/android/internal/os/ZygoteConnection.java

+3 −3
Original line number Original line Diff line number Diff line
@@ -803,7 +803,7 @@ class ZygoteConnection { 
    }

    }





    /**

    /**

     * Applies zygote security policy for SEAndroid information.

     * Applies zygote security policy for SELinux information.

     *

     *

     * @param args non-null; zygote spawner arguments

     * @param args non-null; zygote spawner arguments

     * @param peer non-null; peer credentials

     * @param peer non-null; peer credentials
@@ -822,7 +822,7 @@ class ZygoteConnection { 
        if (!(peerUid == 0 || peerUid == Process.SYSTEM_UID)) {

        if (!(peerUid == 0 || peerUid == Process.SYSTEM_UID)) {

            // All peers with UID other than root or SYSTEM_UID

            // All peers with UID other than root or SYSTEM_UID

            throw new ZygoteSecurityException(

            throw new ZygoteSecurityException(

                    "This UID may not specify SEAndroid info.");

                    "This UID may not specify SELinux info.");

        }

        }





        boolean allowed = SELinux.checkSELinuxAccess(peerSecurityContext,

        boolean allowed = SELinux.checkSELinuxAccess(peerSecurityContext,
@@ -831,7 +831,7 @@ class ZygoteConnection { 
                                                     "specifyseinfo");

                                                     "specifyseinfo");

        if (!allowed) {

        if (!allowed) {

            throw new ZygoteSecurityException(

            throw new ZygoteSecurityException(

                    "Peer may not specify SEAndroid info");

                    "Peer may not specify SELinux info");

        }

        }





        return;

        return;