Gitiles
Code Review Sign In
gerrit.aospa.co / AOSPA / android_system_core / 8348d279c7ce1a2453965ba7f05a7b818d58886c
commit8348d279c7ce1a2453965ba7f05a7b818d58886c[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Mon May 13 12:37:04 2013 -0400
committerStephen Smalley <sds@tycho.nsa.gov>Fri Aug 23 08:35:43 2013 -0400
tree5bf50a8793a7ad5f6f0bd475c54a72f49c37f7a9
parent5d8554323caddfa3ca02f31625ea72634312521f [diff]
Add support for socket security context specification.

Add an optional argument to the socket option for specifying
a SELinux security context for the socket.  Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.

2) Situations where a service has multiple sockets and we want to
label them distinctly.

Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
7 files changed
tree: 5bf50a8793a7ad5f6f0bd475c54a72f49c37f7a9
  1. adb/
  2. charger/
  3. cpio/
  4. debuggerd/
  5. fastboot/
  6. fs_mgr/
  7. gpttool/
  8. include/
  9. init/
  10. libcorkscrew/
  11. libctest/
  12. libcutils/
  13. libdiskconfig/
  14. libion/
  15. liblinenoise/
  16. liblog/
  17. libmincrypt/
  18. libnetutils/
  19. libnl_2/
  20. libpixelflinger/
  21. libsparse/
  22. libsuspend/
  23. libsync/
  24. libsysutils/
  25. libusbhost/
  26. libzipfile/
  27. logcat/
  28. logwrapper/
  29. mkbootimg/
  30. netcfg/
  31. rootdir/
  32. run-as/
  33. sdcard/
  34. sh/
  35. toolbox/
  36. .gitignore
  37. Android.mk
  38. CleanSpec.mk
  39. README
  40. ThirdPartyProject.prop