int main(int argc, char **argv) { struct binder_state *bs; bs = binder_open(128*1024); if (!bs) { ALOGE("failed to open binder driver\n"); return -1; } if (binder_become_context_manager(bs)) { ALOGE("cannot become context manager (%s)\n", strerror(errno)); return -1; } selinux_enabled = is_selinux_enabled(); sehandle = selinux_android_service_context_handle(); selinux_status_open(true); if (selinux_enabled > 0) { if (sehandle == NULL) { ALOGE("SELinux: Failed to acquire sehandle. Aborting.\n"); abort(); } if (getcon(&service_manager_context) != 0) { ALOGE("SELinux: Failed to acquire service_manager context. Aborting.\n"); abort(); } } union selinux_callback cb; cb.func_audit = audit_callback; selinux_set_callback(SELINUX_CB_AUDIT, cb); cb.func_log = selinux_log_callback; selinux_set_callback(SELINUX_CB_LOG, cb); binder_loop(bs, svcmgr_handler); return 0; }
rpmRC rpmtsSELabelInit(rpmts ts, int open_status) { #if WITH_SELINUX const char * path = selinux_file_context_path(); if (ts == NULL || path == NULL) { return RPMRC_FAIL; } if (open_status) { selinux_status_close(); if (selinux_status_open(0) < 0) { return RPMRC_FAIL; } } else if (!selinux_status_updated() && ts->selabelHandle) { return RPMRC_OK; } struct selinux_opt opts[] = { { .type = SELABEL_OPT_PATH, .value = path} };
static int installd_main(const int argc ATTRIBUTE_UNUSED, char *argv[]) { int ret; int selinux_enabled = (is_selinux_enabled() > 0); setenv("ANDROID_LOG_TAGS", "*:v", 1); android::base::InitLogging(argv); SLOGI("installd firing up"); union selinux_callback cb; cb.func_log = log_callback; selinux_set_callback(SELINUX_CB_LOG, cb); if (!initialize_globals()) { SLOGE("Could not initialize globals; exiting.\n"); exit(1); } if (initialize_directories() < 0) { SLOGE("Could not create directories; exiting.\n"); exit(1); } if (selinux_enabled && selinux_status_open(true) < 0) { SLOGE("Could not open selinux status; exiting.\n"); exit(1); } if ((ret = InstalldNativeService::start()) != android::OK) { SLOGE("Unable to start InstalldNativeService: %d", ret); exit(1); } IPCThreadState::self()->joinThreadPool(); LOG(INFO) << "installd shutting down"; return 0; }
void dpkg_selabel_load(void) { #ifdef WITH_LIBSELINUX static int selinux_enabled = -1; if (selinux_enabled < 0) { int rc; /* Set selinux_enabled if it is not already set (singleton). */ selinux_enabled = (in_force(FORCE_SECURITY_MAC) && is_selinux_enabled() > 0); if (!selinux_enabled) return; /* Open the SELinux status notification channel, with fallback * enabled for older kernels. */ rc = selinux_status_open(1); if (rc < 0) ohshit(_("cannot open security status notification channel")); /* XXX: We could use selinux_set_callback() to redirect the * errors from the other SELinux calls, but that does not seem * worth it right now. */ } else if (selinux_enabled && selinux_status_updated()) { /* The SELinux policy got updated in the kernel, usually after * upgrading the package shipping it, we need to reload. */ selabel_close(sehandle); } else { /* SELinux is either disabled or it does not need a reload. */ return; } sehandle = selabel_open(SELABEL_CTX_FILE, NULL, 0); if (sehandle == NULL && security_getenforce() == 1) ohshite(_("cannot get security labeling handle")); #endif }