Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4ead8bea authored by Stephen Smalley's avatar Stephen Smalley
Browse files

run-as: set the SELinux security context. 



Before invoking the specified command or a shell, set the
SELinux security context.

Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent ee854b07

run-as/Android.mk

+2 −0
Original line number Diff line number Diff line
@@ -3,6 +3,8 @@ include $(CLEAR_VARS) 


LOCAL_SRC_FILES:= run-as.c package.c



LOCAL_SHARED_LIBRARIES := libselinux



LOCAL_MODULE:= run-as



include $(BUILD_EXECUTABLE)

run-as/run-as.c

+6 −0
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ 
#include <time.h>

#include <stdarg.h>



#include <selinux/android.h>

#include <private/android_filesystem_config.h>

#include "package.h"
@@ -162,6 +163,11 @@ int main(int argc, char **argv) 
        return 1;

    }



    if (selinux_android_setcontext(uid, 0, NULL, pkgname) < 0) {

        panic("Could not set SELinux security context:  %s\n", strerror(errno));

        return 1;

    }



    /* User specified command for exec. */

    if (argc >= 3 ) {

        if (execvp(argv[2], argv+2) < 0) {