Loading cmds/servicemanager/Access.cpp +19 −6 Original line number Diff line number Diff line Loading @@ -61,15 +61,21 @@ static struct selabel_handle* getSehandle() { return gSehandle; } struct AuditCallbackData { const Access::CallingContext* context; const std::string* tname; }; static int auditCallback(void *data, security_class_t /*cls*/, char *buf, size_t len) { const Access::CallingContext* ad = reinterpret_cast<Access::CallingContext*>(data); const AuditCallbackData* ad = reinterpret_cast<AuditCallbackData*>(data); if (!ad) { LOG(ERROR) << "No service manager audit data"; return 0; } snprintf(buf, len, "pid=%d uid=%d", ad->debugPid, ad->uid); snprintf(buf, len, "pid=%d uid=%d name=%s", ad->context->debugPid, ad->context->uid, ad->tname->c_str()); return 0; } Loading Loading @@ -113,13 +119,20 @@ bool Access::canAdd(const CallingContext& ctx, const std::string& name) { } bool Access::canList(const CallingContext& ctx) { return actionAllowed(ctx, mThisProcessContext, "list"); return actionAllowed(ctx, mThisProcessContext, "list", "service_manager"); } bool Access::actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm) { bool Access::actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm, const std::string& tname) { const char* tclass = "service_manager"; return 0 == selinux_check_access(sctx.sid.c_str(), tctx, tclass, perm, reinterpret_cast<void*>(const_cast<CallingContext*>((&sctx)))); AuditCallbackData data = { .context = &sctx, .tname = &tname, }; return 0 == selinux_check_access(sctx.sid.c_str(), tctx, tclass, perm, reinterpret_cast<void*>(&data)); } bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm) { Loading @@ -129,7 +142,7 @@ bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::stri return false; } bool allowed = actionAllowed(sctx, tctx, perm); bool allowed = actionAllowed(sctx, tctx, perm, name); freecon(tctx); return allowed; } Loading cmds/servicemanager/Access.h +2 −1 Original line number Diff line number Diff line Loading @@ -45,7 +45,8 @@ public: virtual bool canList(const CallingContext& ctx); private: bool actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm); bool actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm, const std::string& tname); bool actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm); Loading Loading
cmds/servicemanager/Access.cpp +19 −6 Original line number Diff line number Diff line Loading @@ -61,15 +61,21 @@ static struct selabel_handle* getSehandle() { return gSehandle; } struct AuditCallbackData { const Access::CallingContext* context; const std::string* tname; }; static int auditCallback(void *data, security_class_t /*cls*/, char *buf, size_t len) { const Access::CallingContext* ad = reinterpret_cast<Access::CallingContext*>(data); const AuditCallbackData* ad = reinterpret_cast<AuditCallbackData*>(data); if (!ad) { LOG(ERROR) << "No service manager audit data"; return 0; } snprintf(buf, len, "pid=%d uid=%d", ad->debugPid, ad->uid); snprintf(buf, len, "pid=%d uid=%d name=%s", ad->context->debugPid, ad->context->uid, ad->tname->c_str()); return 0; } Loading Loading @@ -113,13 +119,20 @@ bool Access::canAdd(const CallingContext& ctx, const std::string& name) { } bool Access::canList(const CallingContext& ctx) { return actionAllowed(ctx, mThisProcessContext, "list"); return actionAllowed(ctx, mThisProcessContext, "list", "service_manager"); } bool Access::actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm) { bool Access::actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm, const std::string& tname) { const char* tclass = "service_manager"; return 0 == selinux_check_access(sctx.sid.c_str(), tctx, tclass, perm, reinterpret_cast<void*>(const_cast<CallingContext*>((&sctx)))); AuditCallbackData data = { .context = &sctx, .tname = &tname, }; return 0 == selinux_check_access(sctx.sid.c_str(), tctx, tclass, perm, reinterpret_cast<void*>(&data)); } bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm) { Loading @@ -129,7 +142,7 @@ bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::stri return false; } bool allowed = actionAllowed(sctx, tctx, perm); bool allowed = actionAllowed(sctx, tctx, perm, name); freecon(tctx); return allowed; } Loading
cmds/servicemanager/Access.h +2 −1 Original line number Diff line number Diff line Loading @@ -45,7 +45,8 @@ public: virtual bool canList(const CallingContext& ctx); private: bool actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm); bool actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm, const std::string& tname); bool actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm); Loading
