提交 e80f07af 编写于 作者: R renwei

set socket context

Signed-off-by: Nrenwei <renwei8@huawei.com>
Change-Id: If2cade70bf691b8d96a3e6df09ca59aba7b5c760
上级 aa62f182
......@@ -209,7 +209,9 @@ int CreateServiceSocket(Service *service)
int ret = 0;
ServiceSocket *tmpSock = service->socketCfg;
while (tmpSock != NULL) {
PluginExecCmdByName("setSockCreateCon", service->name);
int fd = CreateSocket(tmpSock);
PluginExecCmdByName("setSockCreateCon", NULL);
INIT_CHECK_RETURN_VALUE(fd >= 0, -1);
if (IsOnDemandService(service)) {
if (IsConnectionBasedSocket(tmpSock)) {
......
......@@ -23,7 +23,13 @@
#include <policycoreutils.h>
#include <selinux/selinux.h>
#define CMD_RESTORE_INDEX 2
enum {
CMD_LOAD_POLICY = 0,
CMD_SET_SERVICE_CONTEXTS = 1,
CMD_SET_SOCKET_CONTEXTS = 2,
CMD_RESTORE_INDEX = 3,
};
static int LoadSelinuxPolicy(int id, const char *name, int argc, const char **argv)
{
UNUSED(id);
......@@ -62,6 +68,25 @@ static int SetServiceContent(int id, const char *name, int argc, const char **ar
return 0;
}
static int SetSockCreateCon(int id, const char *name, int argc, const char **argv)
{
PLUGIN_CHECK(name != NULL && argc >= 1 && argv != NULL, return -1, "Invalid parameter");
if (argv[0] == NULL) {
setsockcreatecon(NULL);
return 0;
}
ServiceExtData *data = GetServiceExtData(argv[0], HOOK_ID_SELINUX);
if (data != NULL) {
if (setsockcreatecon((char *)data->data) < 0) {
PLUGIN_LOGE("failed to set socket context %s's secon (%s).", argv[0], (char *)data->data);
_exit(PROCESS_EXIT_CODE);
}
}
return 0;
}
static int RestoreContentRecurse(int id, const char *name, int argc, const char **argv)
{
PLUGIN_CHECK(name != NULL && argc >= 1 && argv != NULL, return -1, "Invalid parameter");
......@@ -72,21 +97,25 @@ static int RestoreContentRecurse(int id, const char *name, int argc, const char
return 0;
}
static int32_t selinuxAdpCmdIds[3] = {0}; // 3 cmd count
static int32_t selinuxAdpCmdIds[CMD_RESTORE_INDEX + 1] = {0}; // 4 cmd count
static void SelinuxAdpInit(void)
{
selinuxAdpCmdIds[0] = AddCmdExecutor("loadSelinuxPolicy", LoadSelinuxPolicy);
selinuxAdpCmdIds[1] = AddCmdExecutor("setServiceContent", SetServiceContent);
selinuxAdpCmdIds[CMD_LOAD_POLICY] = AddCmdExecutor("loadSelinuxPolicy", LoadSelinuxPolicy);
selinuxAdpCmdIds[CMD_SET_SERVICE_CONTEXTS] = AddCmdExecutor("setServiceContent", SetServiceContent);
selinuxAdpCmdIds[CMD_SET_SOCKET_CONTEXTS] = AddCmdExecutor("setSockCreateCon", SetSockCreateCon);
selinuxAdpCmdIds[CMD_RESTORE_INDEX] = AddCmdExecutor("restoreContentRecurse", RestoreContentRecurse);
}
static void SelinuxAdpExit(void)
{
if (selinuxAdpCmdIds[0] != -1) {
RemoveCmdExecutor("loadSelinuxPolicy", selinuxAdpCmdIds[0]);
if (selinuxAdpCmdIds[CMD_LOAD_POLICY] != -1) {
RemoveCmdExecutor("loadSelinuxPolicy", selinuxAdpCmdIds[CMD_LOAD_POLICY]);
}
if (selinuxAdpCmdIds[CMD_SET_SERVICE_CONTEXTS] != -1) {
RemoveCmdExecutor("setServiceContent", selinuxAdpCmdIds[CMD_SET_SERVICE_CONTEXTS]);
}
if (selinuxAdpCmdIds[1] != -1) {
RemoveCmdExecutor("setServiceContent", selinuxAdpCmdIds[1]);
if (selinuxAdpCmdIds[CMD_SET_SOCKET_CONTEXTS] != -1) {
RemoveCmdExecutor("setSockCreateCon", selinuxAdpCmdIds[CMD_SET_SOCKET_CONTEXTS]);
}
if (selinuxAdpCmdIds[CMD_RESTORE_INDEX] != -1) {
RemoveCmdExecutor("restoreContentRecurse", selinuxAdpCmdIds[CMD_RESTORE_INDEX]);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册