Merge "Fixed a discarded const qualifier warning"
diff --git a/debuggerd/Android.mk b/debuggerd/Android.mk
index 2a516fb..fe46706 100644
--- a/debuggerd/Android.mk
+++ b/debuggerd/Android.mk
@@ -25,6 +25,12 @@
LOCAL_SHARED_LIBRARIES := libcutils libc libcorkscrew
+ifeq ($(HAVE_SELINUX),true)
+LOCAL_SHARED_LIBRARIES += libselinux
+LOCAL_C_INCLUDES += external/libselinux/include
+LOCAL_CFLAGS += -DHAVE_SELINUX
+endif
+
include $(BUILD_EXECUTABLE)
include $(CLEAR_VARS)
diff --git a/debuggerd/tombstone.c b/debuggerd/tombstone.c
index 16b4943..27ab3fe 100644
--- a/debuggerd/tombstone.c
+++ b/debuggerd/tombstone.c
@@ -35,6 +35,10 @@
#include <corkscrew/demangle.h>
#include <corkscrew/backtrace.h>
+#ifdef HAVE_SELINUX
+#include <selinux/android.h>
+#endif
+
#include "machine.h"
#include "tombstone.h"
#include "utility.h"
@@ -680,6 +684,13 @@
mkdir(TOMBSTONE_DIR, 0755);
chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM);
+#ifdef HAVE_SELINUX
+ if (selinux_android_restorecon(TOMBSTONE_DIR) == -1) {
+ *detach_failed = false;
+ return NULL;
+ }
+#endif
+
int fd;
char* path = find_and_open_tombstone(&fd);
if (!path) {
diff --git a/init/builtins.c b/init/builtins.c
index ac9585e..5bda7a0 100644
--- a/init/builtins.c
+++ b/init/builtins.c
@@ -302,7 +302,7 @@
mode = strtoul(args[2], 0, 8);
}
- ret = mkdir(args[1], mode);
+ ret = make_dir(args[1], mode);
/* chmod in case the directory already exists */
if (ret == -1 && errno == EEXIST) {
ret = _chmod(args[1], mode);
@@ -736,26 +736,12 @@
}
int do_restorecon(int nargs, char **args) {
-#ifdef HAVE_SELINUX
- char *secontext = NULL;
- struct stat sb;
int i;
- if (is_selinux_enabled() <= 0 || !sehandle)
- return 0;
-
for (i = 1; i < nargs; i++) {
- if (lstat(args[i], &sb) < 0)
+ if (restorecon(args[i]) < 0)
return -errno;
- if (selabel_lookup(sehandle, &secontext, args[i], sb.st_mode) < 0)
- return -errno;
- if (lsetfilecon(args[i], secontext) < 0) {
- freecon(secontext);
- return -errno;
- }
- freecon(secontext);
}
-#endif
return 0;
}
diff --git a/init/devices.c b/init/devices.c
index 125f981..c367de8 100644
--- a/init/devices.c
+++ b/init/devices.c
@@ -52,7 +52,7 @@
#define FIRMWARE_DIR2 "/vendor/firmware"
#ifdef HAVE_SELINUX
-static struct selabel_handle *sehandle;
+extern struct selabel_handle *sehandle;
#endif
static int device_fd = -1;
@@ -220,32 +220,6 @@
#endif
}
-
-static int make_dir(const char *path, mode_t mode)
-{
- int rc;
-
-#ifdef HAVE_SELINUX
- char *secontext = NULL;
-
- if (sehandle) {
- selabel_lookup(sehandle, &secontext, path, mode);
- setfscreatecon(secontext);
- }
-#endif
-
- rc = mkdir(path, mode);
-
-#ifdef HAVE_SELINUX
- if (secontext) {
- freecon(secontext);
- setfscreatecon(NULL);
- }
-#endif
- return rc;
-}
-
-
static void add_platform_device(const char *name)
{
int name_len = strlen(name);
diff --git a/init/init.c b/init/init.c
index 4f57144..cc98afc 100755
--- a/init/init.c
+++ b/init/init.c
@@ -901,6 +901,12 @@
#ifdef HAVE_SELINUX
INFO("loading selinux policy\n");
selinux_load_policy();
+ /* These directories were necessarily created before policy load
+ * and therefore need their security context restored to the proper value.
+ * This must happen before /dev is populated by ueventd.
+ */
+ restorecon("/dev");
+ restorecon("/dev/socket");
#endif
is_charger = !strcmp(bootmode, "charger");
diff --git a/init/util.c b/init/util.c
index 77e3c61..743748b 100755
--- a/init/util.c
+++ b/init/util.c
@@ -302,12 +302,12 @@
memcpy(buf, pathname, width);
buf[width] = 0;
if (stat(buf, &info) != 0) {
- ret = mkdir(buf, mode);
+ ret = make_dir(buf, mode);
if (ret && errno != EEXIST)
return ret;
}
}
- ret = mkdir(pathname, mode);
+ ret = make_dir(pathname, mode);
if (ret && errno != EEXIST)
return ret;
return 0;
@@ -463,3 +463,52 @@
ptr = x;
}
}
+
+int make_dir(const char *path, mode_t mode)
+{
+ int rc;
+
+#ifdef HAVE_SELINUX
+ char *secontext = NULL;
+
+ if (sehandle) {
+ selabel_lookup(sehandle, &secontext, path, mode);
+ setfscreatecon(secontext);
+ }
+#endif
+
+ rc = mkdir(path, mode);
+
+#ifdef HAVE_SELINUX
+ if (secontext) {
+ int save_errno = errno;
+ freecon(secontext);
+ setfscreatecon(NULL);
+ errno = save_errno;
+ }
+#endif
+ return rc;
+}
+
+int restorecon(const char *pathname)
+{
+#ifdef HAVE_SELINUX
+ char *secontext = NULL;
+ struct stat sb;
+ int i;
+
+ if (is_selinux_enabled() <= 0 || !sehandle)
+ return 0;
+
+ if (lstat(pathname, &sb) < 0)
+ return -errno;
+ if (selabel_lookup(sehandle, &secontext, pathname, sb.st_mode) < 0)
+ return -errno;
+ if (lsetfilecon(pathname, secontext) < 0) {
+ freecon(secontext);
+ return -errno;
+ }
+ freecon(secontext);
+#endif
+ return 0;
+}
diff --git a/init/util.h b/init/util.h
index 9247739..45905b6 100644
--- a/init/util.h
+++ b/init/util.h
@@ -39,4 +39,6 @@
void open_devnull_stdio(void);
void get_hardware_name(char *hardware, unsigned int *revision);
void import_kernel_cmdline(int in_qemu, void (*import_kernel_nv)(char *name, int in_qemu));
+int make_dir(const char *path, mode_t mode);
+int restorecon(const char *pathname);
#endif
diff --git a/libdiskconfig/config_mbr.c b/libdiskconfig/config_mbr.c
index 703484c..b89d382 100644
--- a/libdiskconfig/config_mbr.c
+++ b/libdiskconfig/config_mbr.c
@@ -152,7 +152,7 @@
/* we are going to write the ebr at the current LBA, and then bump the
* lba counter since that is where the logical data partition will start */
- item->offset = (*lba) * dinfo->sect_size;
+ item->offset = ((loff_t)(*lba)) * dinfo->sect_size;
(*lba)++;
ebr = (struct pc_boot_record *) &item->data;
diff --git a/toolbox/kill.c b/toolbox/kill.c
index b79805f..fa2f649 100644
--- a/toolbox/kill.c
+++ b/toolbox/kill.c
@@ -42,7 +42,9 @@
/* non-SUS signals */
_SIG(IO),
_SIG(PWR),
+#ifdef SIGSTKFLT
_SIG(STKFLT),
+#endif
_SIG(WINCH),
#undef _SIG
};