init: run vendor commands in a separate SELinux context (cb0f9bbc) · Commits · e / os / android_system_core

init/Android.bp

+21 −0

Original line number	Diff line number	Diff line
		@@ -78,6 +78,8 @@ cc_library_static {
		"security.cpp",
		"selinux.cpp",
		"service.cpp",
		"subcontext.cpp",
		"subcontext.proto",
		"rlimit_parser.cpp",
		"tokenizer.cpp",
		"uevent_listener.cpp",
		@@ -173,6 +175,7 @@ cc_test {
		"result_test.cpp",
		"rlimit_parser_test.cpp",
		"service_test.cpp",
		"subcontext_test.cpp",
		"ueventd_test.cpp",
		"util_test.cpp",
		],
		@@ -188,4 +191,22 @@ cc_test {
		],
		}

		cc_benchmark {
		name: "init_benchmarks",
		defaults: ["init_defaults"],
		srcs: [
		"subcontext_benchmark.cpp",
		],
		shared_libs: [
		"libbase",
		"libcutils",
		],
		static_libs: [
		"libinit",
		"libselinux",
		"libcrypto",
		"libprotobuf-cpp-lite",
		],
		}

		subdirs = ["*"]

init/action.cpp

+42 −18

Original line number	Diff line number	Diff line
		@@ -24,34 +24,48 @@
		#include "util.h"

		using android::base::Join;
		using android::base::StartsWith;

		namespace android {
		namespace init {

		Command::Command(BuiltinFunction f, const std::vector<std::string>& args, int line)
		: func_(f), args_(args), line_(line) {}
		Result<Success> RunBuiltinFunction(const BuiltinFunction& function,
		const std::vector<std::string>& args,
		const std::string& context) {
		auto builtin_arguments = BuiltinArguments(context);

		Result<Success> Command::InvokeFunc() const {
		std::vector<std::string> expanded_args;
		expanded_args.resize(args_.size());
		expanded_args[0] = args_[0];
		for (std::size_t i = 1; i < args_.size(); ++i) {
		if (!expand_props(args_[i], &expanded_args[i])) {
		return Error() << "cannot expand '" << args_[i] << "'";
		builtin_arguments.args.resize(args.size());
		builtin_arguments.args[0] = args[0];
		for (std::size_t i = 1; i < args.size(); ++i) {
		if (!expand_props(args[i], &builtin_arguments.args[i])) {
		return Error() << "cannot expand '" << args[i] << "'";
		}
		}

		return func_(expanded_args);
		return function(builtin_arguments);
		}

		Command::Command(BuiltinFunction f, bool execute_in_subcontext,
		const std::vector<std::string>& args, int line)
		: func_(std::move(f)), execute_in_subcontext_(execute_in_subcontext), args_(args), line_(line) {}

		Result<Success> Command::InvokeFunc(Subcontext* subcontext) const {
		if (execute_in_subcontext_ && subcontext) {
		return subcontext->Execute(args_);
		} else {
		const std::string& context = subcontext ? subcontext->context() : kInitContext;
		return RunBuiltinFunction(func_, args_, context);
		}
		}

		std::string Command::BuildCommandString() const {
		return Join(args_, ' ');
		}

		Action::Action(bool oneshot, const std::string& filename, int line)
		: oneshot_(oneshot), filename_(filename), line_(line) {}
		Action::Action(bool oneshot, Subcontext* subcontext, const std::string& filename, int line)
		: oneshot_(oneshot), subcontext_(subcontext), filename_(filename), line_(line) {}

		const KeywordMap<BuiltinFunction>* Action::function_map_ = nullptr;
		const KeywordFunctionMap* Action::function_map_ = nullptr;

		Result<Success> Action::AddCommand(const std::vector<std::string>& args, int line) {
		if (!function_map_) {
		@@ -61,12 +75,12 @@ Result<Success> Action::AddCommand(const std::vector<std::string>& args, int lin
		auto function = function_map_->FindFunction(args);
		if (!function) return Error() << function.error();

		AddCommand(*function, args, line);
		commands_.emplace_back(function->second, function->first, args, line);
		return Success();
		}

		void Action::AddCommand(BuiltinFunction f, const std::vector<std::string>& args, int line) {
		commands_.emplace_back(f, args, line);
		commands_.emplace_back(f, false, args, line);
		}

		std::size_t Action::NumCommands() const {
		@@ -88,7 +102,7 @@ void Action::ExecuteAllCommands() const {

		void Action::ExecuteCommand(const Command& command) const {
		android::base::Timer t;
		auto result = command.InvokeFunc();
		auto result = command.InvokeFunc(subcontext_);
		auto duration = t.duration();

		// There are many legacy paths in rootdir/init.rc that will virtually never exist on a new
		@@ -261,7 +275,7 @@ void ActionManager::QueueAllPropertyActions() {
		}

		void ActionManager::QueueBuiltinAction(BuiltinFunction func, const std::string& name) {
		auto action = std::make_unique<Action>(true, "<Builtin Action>", 0);
		auto action = std::make_unique<Action>(true, nullptr, "<Builtin Action>", 0);
		std::vector<std::string> name_vector{name};

		if (auto result = action->InitSingleTrigger(name); !result) {
		@@ -341,7 +355,17 @@ Result<Success> ActionParser::ParseSection(std::vector<std::string>&& args,
		return Error() << "Actions must have a trigger";
		}

		auto action = std::make_unique<Action>(false, filename, line);
		Subcontext* action_subcontext = nullptr;
		if (subcontexts_) {
		for (auto& subcontext : *subcontexts_) {
		if (StartsWith(filename, subcontext.path_prefix().c_str())) {
		action_subcontext = &subcontext;
		break;
		}
		}
		}

		auto action = std::make_unique<Action>(false, action_subcontext, filename, line);

		if (auto result = action->InitTriggers(triggers); !result) {
		return Error() << "InitTriggers() failed: " << result.error();

init/action.h

+16 −9

Original line number	Diff line number	Diff line
		@@ -27,21 +27,27 @@
		#include "keyword_map.h"
		#include "parser.h"
		#include "result.h"
		#include "subcontext.h"

		namespace android {
		namespace init {

		Result<Success> RunBuiltinFunction(const BuiltinFunction& function,
		const std::vector<std::string>& args, const std::string& context);

		class Command {
		public:
		Command(BuiltinFunction f, const std::vector<std::string>& args, int line);
		Command(BuiltinFunction f, bool execute_in_subcontext, const std::vector<std::string>& args,
		int line);

		Result<Success> InvokeFunc() const;
		Result<Success> InvokeFunc(Subcontext* subcontext) const;
		std::string BuildCommandString() const;

		int line() const { return line_; }

		private:
		BuiltinFunction func_;
		bool execute_in_subcontext_;
		std::vector<std::string> args_;
		int line_;
		};
		@@ -52,7 +58,7 @@ using BuiltinAction = class Action*;

		class Action {
		public:
		explicit Action(bool oneshot, const std::string& filename, int line);
		Action(bool oneshot, Subcontext* subcontext, const std::string& filename, int line);

		Result<Success> AddCommand(const std::vector<std::string>& args, int line);
		void AddCommand(BuiltinFunction f, const std::vector<std::string>& args, int line);
		@@ -70,11 +76,10 @@ class Action {
		bool oneshot() const { return oneshot_; }
		const std::string& filename() const { return filename_; }
		int line() const { return line_; }
		static void set_function_map(const KeywordMap<BuiltinFunction>* function_map) {
		static void set_function_map(const KeywordFunctionMap* function_map) {
		function_map_ = function_map;
		}


		private:
		void ExecuteCommand(const Command& command) const;
		bool CheckPropertyTriggers(const std::string& name = "",
		@@ -85,9 +90,10 @@ private:
		std::string event_trigger_;
		std::vector<Command> commands_;
		bool oneshot_;
		Subcontext* subcontext_;
		std::string filename_;
		int line_;
		static const KeywordMap<BuiltinFunction>* function_map_;
		static const KeywordFunctionMap* function_map_;
		};

		class ActionManager {
		@@ -119,8 +125,8 @@ class ActionManager {

		class ActionParser : public SectionParser {
		public:
		ActionParser(ActionManager* action_manager)
		: action_manager_(action_manager), action_(nullptr) {}
		ActionParser(ActionManager* action_manager, std::vector<Subcontext>* subcontexts)
		: action_manager_(action_manager), subcontexts_(subcontexts), action_(nullptr) {}
		Result<Success> ParseSection(std::vector<std::string>&& args, const std::string& filename,
		int line) override;
		Result<Success> ParseLineSection(std::vector<std::string>&& args, int line) override;
		@@ -128,6 +134,7 @@ class ActionParser : public SectionParser {

		private:
		ActionManager* action_manager_;
		std::vector<Subcontext>* subcontexts_;
		std::unique_ptr<Action> action_;
		};

init/bootchart.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -191,7 +191,7 @@ static Result<Success> do_bootchart_stop() {
		return Success();
		}

		Result<Success> do_bootchart(const std::vector<std::string>& args) {
		Result<Success> do_bootchart(const BuiltinArguments& args) {
		if (args[1] == "start") return do_bootchart_start();
		return do_bootchart_stop();
		}

init/bootchart.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -20,12 +20,13 @@
		#include <string>
		#include <vector>

		#include "builtin_arguments.h"
		#include "result.h"

		namespace android {
		namespace init {

		Result<Success> do_bootchart(const std::vector<std::string>& args);
		Result<Success> do_bootchart(const BuiltinArguments& args);

		} // namespace init
		} // namespace android