Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4667b994 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

zygote: initialize selinux app contexts before fork() 

Initializing before zygote fork() results in only doing this once,
which appears to be the original intent of seapp_context_init().
However, since it was indirectly called after fork() it was
happening on during every app launch.

Bug: 129704390
Test: ps -AZ; verify that apps have correct context
Test: with "#define DEBUG 1" in libselinux to verify that
selinux_android_seapp_context_reload() is only called once
in zygote.

Change-Id: Ibd6f0dda065f35def99f39ad9d44829a6b60cdc9
parent e465eb1b

core/jni/com_android_internal_os_Zygote.cpp

+2 −0
Original line number Original line Diff line number Diff line
@@ -1634,6 +1634,8 @@ static void com_android_internal_os_Zygote_nativeSecurityInit(JNIEnv*, jclass) { 
  // security_getenforce is not allowed on app process. Initialize and cache

  // security_getenforce is not allowed on app process. Initialize and cache

  // the value before zygote forks.

  // the value before zygote forks.

  g_is_security_enforced = security_getenforce();

  g_is_security_enforced = security_getenforce();



  selinux_android_seapp_context_init();

}

}





static void com_android_internal_os_Zygote_nativePreApplicationInit(JNIEnv*, jclass) {

static void com_android_internal_os_Zygote_nativePreApplicationInit(JNIEnv*, jclass) {