int main(int argc, char **argv)
{
struct binder_state *bs;
bs = binder_open(128*1024);
if (!bs) {
ALOGE("failed to open binder driver\n");
return -1;
}
if (binder_become_context_manager(bs)) {
ALOGE("cannot become context manager (%s)\n", strerror(errno));
return -1;
}
selinux_enabled = is_selinux_enabled();
sehandle = selinux_android_service_context_handle();
selinux_status_open(true);
if (selinux_enabled > 0) {
if (sehandle == NULL) {
ALOGE("SELinux: Failed to acquire sehandle. Aborting.\n");
abort();
}
if (getcon(&service_manager_context) != 0) {
ALOGE("SELinux: Failed to acquire service_manager context. Aborting.\n");
abort();
}
}
union selinux_callback cb;
cb.func_audit = audit_callback;
selinux_set_callback(SELINUX_CB_AUDIT, cb);
cb.func_log = selinux_log_callback;
selinux_set_callback(SELINUX_CB_LOG, cb);
binder_loop(bs, svcmgr_handler);
return 0;
}
rpmRC rpmtsSELabelInit(rpmts ts, int open_status)
{
#if WITH_SELINUX
const char * path = selinux_file_context_path();
if (ts == NULL || path == NULL) {
return RPMRC_FAIL;
}
if (open_status) {
selinux_status_close();
if (selinux_status_open(0) < 0) {
return RPMRC_FAIL;
}
} else if (!selinux_status_updated() && ts->selabelHandle) {
return RPMRC_OK;
}
struct selinux_opt opts[] = {
{ .type = SELABEL_OPT_PATH, .value = path}
};
static int installd_main(const int argc ATTRIBUTE_UNUSED, char *argv[]) {
int ret;
int selinux_enabled = (is_selinux_enabled() > 0);
setenv("ANDROID_LOG_TAGS", "*:v", 1);
android::base::InitLogging(argv);
SLOGI("installd firing up");
union selinux_callback cb;
cb.func_log = log_callback;
selinux_set_callback(SELINUX_CB_LOG, cb);
if (!initialize_globals()) {
SLOGE("Could not initialize globals; exiting.\n");
exit(1);
}
if (initialize_directories() < 0) {
SLOGE("Could not create directories; exiting.\n");
exit(1);
}
if (selinux_enabled && selinux_status_open(true) < 0) {
SLOGE("Could not open selinux status; exiting.\n");
exit(1);
}
if ((ret = InstalldNativeService::start()) != android::OK) {
SLOGE("Unable to start InstalldNativeService: %d", ret);
exit(1);
}
IPCThreadState::self()->joinThreadPool();
LOG(INFO) << "installd shutting down";
return 0;
}
void
dpkg_selabel_load(void)
{
#ifdef WITH_LIBSELINUX
static int selinux_enabled = -1;
if (selinux_enabled < 0) {
int rc;
/* Set selinux_enabled if it is not already set (singleton). */
selinux_enabled = (in_force(FORCE_SECURITY_MAC) &&
is_selinux_enabled() > 0);
if (!selinux_enabled)
return;
/* Open the SELinux status notification channel, with fallback
* enabled for older kernels. */
rc = selinux_status_open(1);
if (rc < 0)
ohshit(_("cannot open security status notification channel"));
/* XXX: We could use selinux_set_callback() to redirect the
* errors from the other SELinux calls, but that does not seem
* worth it right now. */
} else if (selinux_enabled && selinux_status_updated()) {
/* The SELinux policy got updated in the kernel, usually after
* upgrading the package shipping it, we need to reload. */
selabel_close(sehandle);
} else {
/* SELinux is either disabled or it does not need a reload. */
return;
}
sehandle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
if (sehandle == NULL && security_getenforce() == 1)
ohshite(_("cannot get security labeling handle"));
#endif
}