Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 97e3bb3a authored by Yabin Cui's avatar Yabin Cui
Browse files

run-as: add ":fromRunAs" selector in seinfo. 

It notifies libselinux that the setcontext request is from run-as.
And libselinux will set current process to runas_app domain, which
can execute app data files.

Bug: 118737210
Test: run CtsSimpleperfTestCases.
Change-Id: Ib94087f910786dd5d2a2b2e3b1bf76dfa7131ced
parent a97d6e36

run-as/run-as.cpp

+4 −1
Original line number Diff line number Diff line
@@ -25,6 +25,8 @@ 
#include <sys/types.h>

#include <unistd.h>



#include <string>



#include <libminijail.h>

#include <scoped_minijail.h>
@@ -214,7 +216,8 @@ int main(int argc, char* argv[]) { 
  minijail_keep_supplementary_gids(j.get());

  minijail_enter(j.get());



  if (selinux_android_setcontext(uid, 0, info.seinfo, pkgname) < 0) {

  std::string seinfo = std::string(info.seinfo) + ":fromRunAs";

  if (selinux_android_setcontext(uid, 0, seinfo.c_str(), pkgname) < 0) {

    error(1, errno, "couldn't set SELinux security context");

  }