Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 97e3bb3a authored by Yabin Cui's avatar Yabin Cui
Browse files

run-as: add ":fromRunAs" selector in seinfo.

It notifies libselinux that the setcontext request is from run-as.
And libselinux will set current process to runas_app domain, which
can execute app data files.

Bug: 118737210
Test: run CtsSimpleperfTestCases.
Change-Id: Ib94087f910786dd5d2a2b2e3b1bf76dfa7131ced
parent a97d6e36
Loading
Loading
Loading
Loading
+4 −1
Original line number Diff line number Diff line
@@ -25,6 +25,8 @@
#include <sys/types.h>
#include <unistd.h>

#include <string>

#include <libminijail.h>
#include <scoped_minijail.h>

@@ -214,7 +216,8 @@ int main(int argc, char* argv[]) {
  minijail_keep_supplementary_gids(j.get());
  minijail_enter(j.get());

  if (selinux_android_setcontext(uid, 0, info.seinfo, pkgname) < 0) {
  std::string seinfo = std::string(info.seinfo) + ":fromRunAs";
  if (selinux_android_setcontext(uid, 0, seinfo.c_str(), pkgname) < 0) {
    error(1, errno, "couldn't set SELinux security context");
  }