Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a7762af authored by Alex Vakulenko's avatar Alex Vakulenko
Browse files

Apply correct SELinux labels to PDX endpoint and channel sockets. 

Bug: 37646189
Test: Compiled for sailfish-eng
      Device booted, normal 2D UI works as before
      Was able to run Daydream app and CubeSea (before O1 VR rendering
      path was disabled by recent change in HW composer).

Change-Id: I1f7040324992d3c784f072ea6b64a65fa7ed0589
parent 5aab4176

libs/vr/libpdx_uds/Android.bp

+3 −0
Original line number Diff line number Diff line
@@ -24,6 +24,9 @@ cc_library_static { 
        "libbase",

        "libpdx",

    ],

    whole_static_libs: [

        "libselinux",

    ],

}



cc_test {

libs/vr/libpdx_uds/service_endpoint.cpp

+33 −0
Original line number Diff line number Diff line
@@ -11,6 +11,7 @@ 
#include <android-base/strings.h>

#include <cutils/sockets.h>

#include <pdx/service.h>

#include <selinux/selinux.h>

#include <uds/channel_manager.h>

#include <uds/client_channel_factory.h>

#include <uds/ipc_helper.h>
@@ -364,6 +365,36 @@ Status<void> Endpoint::ModifyChannelEvents(int channel_id, int clear_mask, 
Status<void> Endpoint::CreateChannelSocketPair(LocalHandle* local_socket,

                                               LocalHandle* remote_socket) {

  Status<void> status;

  char* endpoint_context = nullptr;

  // Make sure the channel socket has the correct SELinux label applied.

  // Here we get the label from the endpoint file descriptor, which should be

  // something like "u:object_r:pdx_service_endpoint_socket:s0" and replace

  // "endpoint" with "channel" to produce the channel label such as this:

  // "u:object_r:pdx_service_channel_socket:s0".

  if (fgetfilecon_raw(socket_fd_.Get(), &endpoint_context) > 0) {

    std::string channel_context = endpoint_context;

    freecon(endpoint_context);

    const std::string suffix = "_endpoint_socket";

    auto pos = channel_context.find(suffix);

    if (pos != std::string::npos) {

      channel_context.replace(pos, suffix.size(), "_channel_socket");

    } else {

      ALOGW(

          "Endpoint::CreateChannelSocketPair: Endpoint security context '%s' "

          "does not contain expected substring '%s'",

          channel_context.c_str(), suffix.c_str());

    }

    ALOGE_IF(setsockcreatecon_raw(channel_context.c_str()) == -1,

             "Endpoint::CreateChannelSocketPair: Failed to set channel socket "

             "security context: %s",

             strerror(errno));

  } else {

    ALOGE(

        "Endpoint::CreateChannelSocketPair: Failed to obtain the endpoint "

        "socket's security context: %s",

        strerror(errno));

  }



  int channel_pair[2] = {};

  if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, channel_pair) == -1) {

    ALOGE("Endpoint::CreateChannelSocketPair: Failed to create socket pair: %s",
@@ -372,6 +403,8 @@ Status<void> Endpoint::CreateChannelSocketPair(LocalHandle* local_socket, 
    return status;

  }



  setsockcreatecon_raw(nullptr);



  local_socket->Reset(channel_pair[0]);

  remote_socket->Reset(channel_pair[1]);

services/surfaceflinger/surfaceflinger.rc

+3 −3
Original line number Diff line number Diff line
@@ -4,6 +4,6 @@ service surfaceflinger /system/bin/surfaceflinger 
    group graphics drmrpc readproc

    onrestart restart zygote

    writepid /dev/stune/foreground/tasks

    socket pdx/system/vr/display/client stream 0666 system graphics

    socket pdx/system/vr/display/manager stream 0666 system graphics

    socket pdx/system/vr/display/vsync stream 0666 system graphics
 
    socket pdx/system/vr/display/client     stream 0666 system graphics u:object_r:pdx_display_client_endpoint_socket:s0

    socket pdx/system/vr/display/manager    stream 0666 system graphics u:object_r:pdx_display_manager_endpoint_socket:s0

    socket pdx/system/vr/display/vsync      stream 0666 system graphics u:object_r:pdx_display_vsync_endpoint_socket:s0

services/vr/bufferhubd/bufferhubd.rc

+1 −1
Original line number Diff line number Diff line
@@ -3,4 +3,4 @@ service bufferhubd /system/bin/bufferhubd 
  user system

  group system

  writepid /dev/cpuset/tasks

  socket pdx/system/buffer_hub/client stream 0660 system system
 
  socket pdx/system/buffer_hub/client stream 0660 system system u:object_r:pdx_bufferhub_client_endpoint_socket:s0

services/vr/performanced/performanced.rc

+1 −1
Original line number Diff line number Diff line
@@ -3,4 +3,4 @@ service performanced /system/bin/performanced 
  user root

  group system readproc

  writepid /dev/cpuset/tasks

  socket pdx/system/performance/client stream 0666 system system
 
  socket pdx/system/performance/client stream 0666 system system u:object_r:pdx_performance_client_endpoint_socket:s0