Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 527a7fdf authored by William Bellavance's avatar William Bellavance Committed by Michael Bestas
Browse files

init: don't skip starting a service with no domain if permissive 

[Adrian DC] Preserve the log while permissive

Change-Id: I3f2887930e15d09014c2594141ba4acbbc8d6d9d
parent 74ba6b37

init/service.cpp

+10 −7
Original line number Diff line number Diff line
@@ -88,13 +88,16 @@ static Result<std::string> ComputeContextFromExecutable(const std::string& servi 
        free(new_con);

    }

    if (rc == 0 && computed_context == mycon.get()) {

        return Error() << "File " << service_path << "(labeled \"" << filecon.get()

                       << "\") has incorrect label or no domain transition from " << mycon.get()

                       << " to another SELinux domain defined. Have you configured your "

        std::string error = StringPrintf(

                "File %s (labeled \"%s\") has incorrect label or no domain transition from %s to "

                "another SELinux domain defined. Have you configured your "

                "service correctly? https://source.android.com/security/selinux/"

                          "device-policy#label_new_services_and_address_denials. Note: this "

                          "error shows up even in permissive mode in order to make auditing "

                          "denials possible.";

                "device-policy#label_new_services_and_address_denials",

                service_path.c_str(), filecon.get(), mycon.get());

        if (security_getenforce() != 0) {

            return Error() << error;

        }

        LOG(ERROR) << error;

    }

    if (rc < 0) {

        return Error() << "Could not get process context";