提交 e80f07af 编写于 作者: R renwei

set socket context

Signed-off-by: Nrenwei <renwei8@huawei.com>
Change-Id: If2cade70bf691b8d96a3e6df09ca59aba7b5c760
上级 aa62f182
...@@ -209,7 +209,9 @@ int CreateServiceSocket(Service *service) ...@@ -209,7 +209,9 @@ int CreateServiceSocket(Service *service)
int ret = 0; int ret = 0;
ServiceSocket *tmpSock = service->socketCfg; ServiceSocket *tmpSock = service->socketCfg;
while (tmpSock != NULL) { while (tmpSock != NULL) {
PluginExecCmdByName("setSockCreateCon", service->name);
int fd = CreateSocket(tmpSock); int fd = CreateSocket(tmpSock);
PluginExecCmdByName("setSockCreateCon", NULL);
INIT_CHECK_RETURN_VALUE(fd >= 0, -1); INIT_CHECK_RETURN_VALUE(fd >= 0, -1);
if (IsOnDemandService(service)) { if (IsOnDemandService(service)) {
if (IsConnectionBasedSocket(tmpSock)) { if (IsConnectionBasedSocket(tmpSock)) {
......
...@@ -23,7 +23,13 @@ ...@@ -23,7 +23,13 @@
#include <policycoreutils.h> #include <policycoreutils.h>
#include <selinux/selinux.h> #include <selinux/selinux.h>
#define CMD_RESTORE_INDEX 2 enum {
CMD_LOAD_POLICY = 0,
CMD_SET_SERVICE_CONTEXTS = 1,
CMD_SET_SOCKET_CONTEXTS = 2,
CMD_RESTORE_INDEX = 3,
};
static int LoadSelinuxPolicy(int id, const char *name, int argc, const char **argv) static int LoadSelinuxPolicy(int id, const char *name, int argc, const char **argv)
{ {
UNUSED(id); UNUSED(id);
...@@ -62,6 +68,25 @@ static int SetServiceContent(int id, const char *name, int argc, const char **ar ...@@ -62,6 +68,25 @@ static int SetServiceContent(int id, const char *name, int argc, const char **ar
return 0; return 0;
} }
static int SetSockCreateCon(int id, const char *name, int argc, const char **argv)
{
PLUGIN_CHECK(name != NULL && argc >= 1 && argv != NULL, return -1, "Invalid parameter");
if (argv[0] == NULL) {
setsockcreatecon(NULL);
return 0;
}
ServiceExtData *data = GetServiceExtData(argv[0], HOOK_ID_SELINUX);
if (data != NULL) {
if (setsockcreatecon((char *)data->data) < 0) {
PLUGIN_LOGE("failed to set socket context %s's secon (%s).", argv[0], (char *)data->data);
_exit(PROCESS_EXIT_CODE);
}
}
return 0;
}
static int RestoreContentRecurse(int id, const char *name, int argc, const char **argv) static int RestoreContentRecurse(int id, const char *name, int argc, const char **argv)
{ {
PLUGIN_CHECK(name != NULL && argc >= 1 && argv != NULL, return -1, "Invalid parameter"); PLUGIN_CHECK(name != NULL && argc >= 1 && argv != NULL, return -1, "Invalid parameter");
...@@ -72,21 +97,25 @@ static int RestoreContentRecurse(int id, const char *name, int argc, const char ...@@ -72,21 +97,25 @@ static int RestoreContentRecurse(int id, const char *name, int argc, const char
return 0; return 0;
} }
static int32_t selinuxAdpCmdIds[3] = {0}; // 3 cmd count static int32_t selinuxAdpCmdIds[CMD_RESTORE_INDEX + 1] = {0}; // 4 cmd count
static void SelinuxAdpInit(void) static void SelinuxAdpInit(void)
{ {
selinuxAdpCmdIds[0] = AddCmdExecutor("loadSelinuxPolicy", LoadSelinuxPolicy); selinuxAdpCmdIds[CMD_LOAD_POLICY] = AddCmdExecutor("loadSelinuxPolicy", LoadSelinuxPolicy);
selinuxAdpCmdIds[1] = AddCmdExecutor("setServiceContent", SetServiceContent); selinuxAdpCmdIds[CMD_SET_SERVICE_CONTEXTS] = AddCmdExecutor("setServiceContent", SetServiceContent);
selinuxAdpCmdIds[CMD_SET_SOCKET_CONTEXTS] = AddCmdExecutor("setSockCreateCon", SetSockCreateCon);
selinuxAdpCmdIds[CMD_RESTORE_INDEX] = AddCmdExecutor("restoreContentRecurse", RestoreContentRecurse); selinuxAdpCmdIds[CMD_RESTORE_INDEX] = AddCmdExecutor("restoreContentRecurse", RestoreContentRecurse);
} }
static void SelinuxAdpExit(void) static void SelinuxAdpExit(void)
{ {
if (selinuxAdpCmdIds[0] != -1) { if (selinuxAdpCmdIds[CMD_LOAD_POLICY] != -1) {
RemoveCmdExecutor("loadSelinuxPolicy", selinuxAdpCmdIds[0]); RemoveCmdExecutor("loadSelinuxPolicy", selinuxAdpCmdIds[CMD_LOAD_POLICY]);
} }
if (selinuxAdpCmdIds[1] != -1) { if (selinuxAdpCmdIds[CMD_SET_SERVICE_CONTEXTS] != -1) {
RemoveCmdExecutor("setServiceContent", selinuxAdpCmdIds[1]); RemoveCmdExecutor("setServiceContent", selinuxAdpCmdIds[CMD_SET_SERVICE_CONTEXTS]);
}
if (selinuxAdpCmdIds[CMD_SET_SOCKET_CONTEXTS] != -1) {
RemoveCmdExecutor("setSockCreateCon", selinuxAdpCmdIds[CMD_SET_SOCKET_CONTEXTS]);
} }
if (selinuxAdpCmdIds[CMD_RESTORE_INDEX] != -1) { if (selinuxAdpCmdIds[CMD_RESTORE_INDEX] != -1) {
RemoveCmdExecutor("restoreContentRecurse", selinuxAdpCmdIds[CMD_RESTORE_INDEX]); RemoveCmdExecutor("restoreContentRecurse", selinuxAdpCmdIds[CMD_RESTORE_INDEX]);
...@@ -103,4 +132,4 @@ MODULE_DESTRUCTOR(void) ...@@ -103,4 +132,4 @@ MODULE_DESTRUCTOR(void)
{ {
PLUGIN_LOGI("Selinux adapter plug-in exit now ..."); PLUGIN_LOGI("Selinux adapter plug-in exit now ...");
SelinuxAdpExit(); SelinuxAdpExit();
} }
\ No newline at end of file
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册