Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7fcf269b authored by William Bellavance's avatar William Bellavance Committed by Michael Bestas
Browse files

init: don't skip starting a service with no domain if permissive 

Requires external/libselinux change as well

[Adrian DC] Preserve the log while permissive

Change-Id: I3f2887930e15d09014c2594141ba4acbbc8d6d9d
parent b7bca4c4

init/service.cpp

+10 −5
Original line number Diff line number Diff line
@@ -94,11 +94,16 @@ static Result<std::string> ComputeContextFromExecutable(const std::string& servi 
        free(new_con);

    }

    if (rc == 0 && computed_context == mycon.get()) {

        return Error() << "File " << service_path << "(labeled \"" << filecon.get()

                       << "\") has incorrect label or no domain transition from " << mycon.get()

                       << " to another SELinux domain defined. Have you configured your "

        std::string error = StringPrintf(

                "File %s (labeled \"%s\") has incorrect label or no domain transition from %s to "

                "another SELinux domain defined. Have you configured your "

                "service correctly? https://source.android.com/security/selinux/"

                          "device-policy#label_new_services_and_address_denials";

                "device-policy#label_new_services_and_address_denials",

                service_path.c_str(), filecon.get(), mycon.get());

        if (selinux_status_getenforce() > 0) {

            return Error() << error;

        }

        LOG(ERROR) << error;

    }

    if (rc < 0) {

        return Error() << "Could not get process context";