void ssh_selinux_change_context(const char *newname) { int len, newlen; char *oldctx, *newctx, *cx; if (!ssh_selinux_enabled()) return; if (getcon((security_context_t *)&oldctx) < 0) { logit("%s: getcon failed with %s", __func__, strerror (errno)); return; } if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == NULL) { logit ("%s: unparseable context %s", __func__, oldctx); return; } newlen = strlen(oldctx) + strlen(newname) + 1; newctx = xmalloc(newlen); len = cx - oldctx + 1; memcpy(newctx, oldctx, len); strlcpy(newctx + len, newname, newlen - len); if ((cx = index(cx + 1, ':'))) strlcat(newctx, cx, newlen); debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, newctx); if (setcon(newctx) < 0) logit("%s: setcon failed with %s", __func__, strerror (errno)); xfree(oldctx); xfree(newctx); }
static int mymain(void) { int ret = 0; if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) { virErrorPtr err = virGetLastError(); if (err->code == VIR_ERR_CONFIG_UNSUPPORTED) exit(EXIT_AM_SKIP); fprintf(stderr, "Unable to initialize security driver: %s\n", err->message); exit(EXIT_FAILURE); } if ((caps = testQemuCapsInit()) == NULL) exit(EXIT_FAILURE); #define DO_TEST_LABELING(name) \ if (virtTestRun("Labelling " # name, 1, testSELinuxLabeling, name) < 0) \ ret = -1; \ setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023"); DO_TEST_LABELING("disks"); DO_TEST_LABELING("kernel"); DO_TEST_LABELING("chardev"); return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE; }
int do_setcon(int nargs, char **args) { if (is_selinux_enabled() <= 0) return 0; if (setcon(args[1]) < 0) { return -errno; } return 0; }
int do_setcon(int nargs, char **args) { #ifdef HAVE_SELINUX if (is_selinux_enabled() <= 0) return 0; if (setcon(args[1]) < 0) { return -errno; } #endif return 0; }
void do_setcon(char *context) { #ifdef HAVE_SETCON if (-1 == setcon(context)) err(1, "%s", context); #else warnx("No SELinux support built in"); #endif }
int main(int argc, char **argv) { int rc; rc = setcon(argv[1]); if (rc < 0) { perror("setcon"); exit(1); } exit(0); }
static void *worker(void *datap) { security_context_t security_context = datap; int rc; rc = setcon(security_context); if (rc < 0) thread_status = errno; return NULL; }
/* setcon is only valid under the following circumstances: * - single threaded * - enforcing=0 */ int do_setcon (const char *context) { #if defined(HAVE_SETCON) if (setcon ((char *) context) == -1) { reply_with_perror ("setcon"); return -1; } return 0; #else reply_with_error ("function not available"); return -1; #endif }
int main(int argc, char **argv) { int rc; security_context_t context_s; context_t context; if (argc != 2) { fprintf(stderr, "usage: %s newdomain\n", argv[0]); exit(-1); } rc = getcon(&context_s); if (rc < 0) { fprintf(stderr, "%s: unable to get my context\n", argv[0]); exit(-1); } context = context_new(context_s); if (!context) { fprintf(stderr, "%s: unable to create context structure\n", argv[0]); exit(-1); } if (context_type_set(context, argv[1])) { fprintf(stderr, "%s: unable to set new type\n", argv[0]); exit(-1); } freecon(context_s); context_s = context_str(context); if (!context_s) { fprintf(stderr, "%s: unable to obtain new context string\n", argv[0]); exit(-1); } rc = setcon(context_s); if (rc < 0) { perror("setcon failed"); exit(-1); } printf("All systems go\n"); exit(0); }
void ssh_selinux_change_context(const char *newname) { int len, newlen; char *oldctx, *newctx, *cx; void (*switchlog) (const char *fmt,...) = logit; if (!ssh_selinux_enabled()) return; if (getcon((security_context_t *)&oldctx) < 0) { logit("%s: getcon failed with %s", __func__, strerror(errno)); return; } if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == NULL) { logit ("%s: unparseable context %s", __func__, oldctx); return; } /* * Check whether we are attempting to switch away from an unconfined * security context. */ if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE, sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0) switchlog = debug3; newlen = strlen(oldctx) + strlen(newname) + 1; newctx = xmalloc(newlen); len = cx - oldctx + 1; memcpy(newctx, oldctx, len); strlcpy(newctx + len, newname, newlen - len); if ((cx = index(cx + 1, ':'))) strlcat(newctx, cx, newlen); debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, newctx); if (setcon(newctx) < 0) switchlog("%s: setcon %s from %s failed with %s", __func__, newctx, oldctx, strerror(errno)); free(oldctx); free(newctx); }
static int mymain(void) { int ret = 0; int rc = testUserXattrEnabled(); if (rc < 0) return EXIT_FAILURE; if (!rc) return EXIT_AM_SKIP; if (!(mgr = virSecurityManagerNew("selinux", "QEMU", VIR_SECURITY_MANAGER_DEFAULT_CONFINED | VIR_SECURITY_MANAGER_PRIVILEGED))) { virErrorPtr err = virGetLastError(); VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n", err->message); return EXIT_FAILURE; } if ((caps = testQemuCapsInit()) == NULL) return EXIT_FAILURE; if (qemuTestDriverInit(&driver) < 0) return EXIT_FAILURE; #define DO_TEST_LABELING(name) \ if (virtTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \ ret = -1; setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023"); DO_TEST_LABELING("disks"); DO_TEST_LABELING("kernel"); DO_TEST_LABELING("chardev"); DO_TEST_LABELING("nfs"); qemuTestDriverFree(&driver); return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE; }
static JSBool rpmsx_setprop(JSContext *cx, JSObject *obj, jsid id, JSBool strict, jsval *vp) { #if defined(WITH_SELINUX) void * ptr = JS_GetInstancePrivate(cx, obj, &rpmsxClass, NULL); jsint tiny = JSVAL_TO_INT(id); security_context_t con = NULL; int myint = 0xdeadbeef; JSBool ok = JS_TRUE; /* XXX the class has ptr == NULL, instances have ptr != NULL. */ if (ptr == NULL) return JS_TRUE; if (JSVAL_IS_STRING(*vp)) con = (security_context_t) JS_EncodeString(cx, JS_ValueToString(cx, *vp)); if (JSVAL_IS_INT(*vp)) myint = JSVAL_TO_INT(*vp); switch (tiny) { case _DEBUG: if (!JS_ValueToInt32(cx, *vp, &_debug)) break; break; case _CURRENT: ok = _PUT_CON(setcon(con)); break; case _EXEC: ok = _PUT_CON(setexeccon(con)); break; case _FSCREATE: ok = _PUT_CON(setfscreatecon(con)); break; case _KEYCREATE: ok = _PUT_CON(setkeycreatecon(con)); break; case _SOCKCREATE: ok = _PUT_CON(setsockcreatecon(con)); break; case _ENFORCE: ok = _PUT_INT(security_setenforce(myint)); break; default: break; } con = _free(con); #endif return JS_TRUE; }
static int mymain(void) { int ret = 0; int rc = testUserXattrEnabled(); if (rc < 0) return EXIT_FAILURE; if (!rc) return EXIT_AM_SKIP; if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))) { virErrorPtr err = virGetLastError(); VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n", err->message); return EXIT_FAILURE; } if ((caps = testQemuCapsInit()) == NULL) return EXIT_FAILURE; if (!(xmlopt = virQEMUDriverCreateXMLConf(NULL))) return EXIT_FAILURE; #define DO_TEST_LABELING(name) \ if (virtTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \ ret = -1; setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023"); DO_TEST_LABELING("disks"); DO_TEST_LABELING("kernel"); DO_TEST_LABELING("chardev"); DO_TEST_LABELING("nfs"); return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE; }
void start_daemon(int client) { // Launch the daemon, create new session, set proper context if (getuid() != UID_ROOT || getgid() != UID_ROOT) { fprintf(stderr, "Starting daemon requires root: %s\n", strerror(errno)); PLOGE("start daemon"); } switch (fork()) { case -1: PLOGE("fork"); case 0: break; default: return; } // First close the client, it's useless for us close(client); xsetsid(); setcon("u:r:su:s0"); umask(022); int fd = xopen("/dev/null", O_RDWR | O_CLOEXEC); xdup2(fd, STDIN_FILENO); xdup2(fd, STDOUT_FILENO); xdup2(fd, STDERR_FILENO); close(fd); // Patch selinux with medium patch before we do anything load_policydb(SELINUX_POLICY); sepol_med_rules(); dump_policydb(SELINUX_LOAD); // Continue the larger patch in another thread, we will join later pthread_create(&sepol_patch, NULL, large_sepol_patch, NULL); struct sockaddr_un sun; fd = setup_socket(&sun); xbind(fd, (struct sockaddr*) &sun, sizeof(sun)); xlisten(fd, 10); // Change process name strcpy(argv0, "magisk_daemon"); // The root daemon should not do anything if an error occurs // It should stay intact under any circumstances err_handler = do_nothing; LOGI("Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") daemon started\n"); // Unlock all blocks for rw unlock_blocks(); // Setup links under /sbin xmount(NULL, "/", NULL, MS_REMOUNT, NULL); create_links(NULL, "/sbin"); xchmod("/sbin", 0755); xmkdir("/magisk", 0755); xchmod("/magisk", 0755); xmount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL); // Loop forever to listen for requests while(1) { int *client = xmalloc(sizeof(int)); *client = xaccept4(fd, NULL, NULL, SOCK_CLOEXEC); pthread_t thread; xpthread_create(&thread, NULL, request_handler, client); // Detach the thread, we will never join it pthread_detach(thread); } }
rmove() { register struct node *p; register int r; register r1, flt; for (p=first.forw; p!=0; p = p->forw) { flt = 0; switch (p->op) { case MOVF: case MOVFO: case MOVOF: flt = NREG; case MOV: if (p->subop==BYTE) goto dble; dualop(p); if ((r = findrand(regs[RT1], flt)) >= 0) { if (r == flt+isreg(regs[RT2]) && p->forw->op!=CBR && p->forw->op!=SXT && p->forw->op!=CFCC) { p->forw->back = p->back; p->back->forw = p->forw; redunm++; nchange++; continue; } } if (equstr(regs[RT1], "$0")) { p->op = CLR; strcpy(regs[RT1], regs[RT2]); regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; goto sngl; } repladdr(p, 0, flt); r = isreg(regs[RT1]); r1 = isreg(regs[RT2]); dest(regs[RT2], flt); if (r >= 0) if (r1 >= 0) savereg(r1+flt, regs[r+flt]); else savereg(r+flt, regs[RT2]); else if (r1 >= 0) savereg(r1+flt, regs[RT1]); else setcon(regs[RT1], regs[RT2]); source(regs[RT1]); setcc(regs[RT2]); continue; case ADDF: case SUBF: case DIVF: case MULF: flt = NREG; goto dble; case ADD: case SUB: case BIC: case BIS: case MUL: case DIV: case ASH: dble: dualop(p); if (p->op==BIC && (equstr(regs[RT1], "$-1") || equstr(regs[RT1], "$177777"))) { p->op = CLR; strcpy(regs[RT1], regs[RT2]); regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; goto sngl; } if ((p->op==BIC || p->op==BIS) && equstr(regs[RT1], "$0")) { if (p->forw->op!=CBR) { p->back->forw = p->forw; p->forw->back = p->back; nchange++; continue; } } /* * the next block of code looks for the sequences (which extract the * high byte of a word or the low byte respectively): * ash $-10,r * bic $-400,r * or * mov natural,r * bic $-400,r * and transforms them into: * clrb r * swab r * or * clr r * bisb natural,r * These constructs occur often enough in the kernel (dealing with major/minor * device numbers, etc) it's worth a little extra work at compile time. */ if (p->op == BIC && (equstr(regs[RT1],"$-400") || equstr(regs[RT1],"$-177400"))) { if (p->back->op == ASH) { r = isreg(regs[RT2]); dualop(p->back); if ((equstr(regs[RT1], "$-10") || equstr(regs[RT1], "$177770")) && r == isreg(regs[RT2])) { strcpy(regs[RT1], regs[RT2]); regs[RT2][0] = 0; p->back->op = CLR; p->back->subop = BYTE; p->back->code = copy(1, regs[RT1]); p->op = SWAB; p->code = copy(1, regs[RT1]); nchange++; goto sngl; } } else if (p->back->op == MOV && p->forw->op != CBR) { char temp[50]; r = isreg(regs[RT2]); if (r < 0 && !xnatural(regs[RT2])) goto out; strcpy(temp, regs[RT2]); dualop(p->back); if (isreg(regs[RT2]) == r && natural(regs[RT1])) { if (r < 0 && (!xnatural(regs[RT2]) || !equstr(temp, regs[RT2]))) goto out; /* * XXX - the sequence "movb rN,rN; bic $-400,rN" can not be transformed * because the 'clr' would lose all information about 'rN'. The best that can * be done is to remove the 'movb' instruction and leave the 'bic'. */ if (isreg(regs[RT1]) == r && r >= 0) { p = p->back; p->forw->back = p->back; p->back->forw = p->forw; nchange++; continue; } dest(regs[RT1], flt); p->back->op = CLR; p->back->subop = 0; p->back->code = copy(1, regs[RT2]); p->op = BIS; p->subop = BYTE; strcat(regs[RT1], ","); p->code = copy(2, regs[RT1], regs[RT2]); nchange++; } } out: dualop(p); /* restore banged up parsed operands */ } repladdr(p, 0, flt); source(regs[RT1]); dest(regs[RT2], flt); if (p->op==DIV && (r = isreg(regs[RT2]))>=0) regs[r|1][0] = 0; switch (p->op) { case ADD: case SUB: case BIC: case BIS: case ASH: setcc(regs[RT2]); break; default: ccloc[0] = 0; } continue; case SXT: singop(p); if (p->forw->op == CLR && p->forw->subop != BYTE && xnatural(regs[RT1]) && !strcmp(p->code, p->forw->code)){ p->forw->back = p->back; p->back->forw = p->forw; nchange++; continue; } goto sngl; case CLRF: case NEGF: flt = NREG; case CLR: case COM: case INC: case DEC: case NEG: case ASR: case ASL: case SWAB: singop(p); sngl: dest(regs[RT1], flt); if (p->op==CLR && flt==0) { if ((r = isreg(regs[RT1])) >= 0) savereg(r, "$0"); else setcon("$0", regs[RT1]); ccloc[0] = 0; } else setcc(regs[RT1]); continue; case TSTF: flt = NREG; case TST: singop(p); repladdr(p, 0, flt); source(regs[RT1]); if (p->back->op == TST && !flt && not_sp(regs[RT1])) { char rt1[MAXCPS + 2]; strcpy(rt1, regs[RT1]); singop(p->back); if (!strcmp("(sp)+", regs[RT1])) { p->back->subop = p->subop; p->back->forw = p->forw; p->forw->back = p->back; p = p->back; p->op = MOV; p->code = copy(2, rt1, ",(sp)+"); nrtst++; nchange++; continue; } singop(p); } if (p->back->op == MOV && p->back->subop == BYTE) { dualop(p->back); setcc(regs[RT2]); singop(p); } if (equstr(regs[RT1], ccloc) && p->subop == p->back->subop) { p->back->forw = p->forw; p->forw->back = p->back; p = p->back; nrtst++; nchange++; } else setcc(regs[RT1]); /* XXX - double TST in a row */ continue; case CMPF: flt = NREG; case CMP: case BIT: dualop(p); source(regs[RT1]); source(regs[RT2]); if(p->op==BIT) { if (equstr(regs[RT1], "$-1") || equstr(regs[RT1], "$177777")) { p->op = TST; strcpy(regs[RT1], regs[RT2]); regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; nsaddr++; } else if (equstr(regs[RT2], "$-1") || equstr(regs[RT2], "$177777")) { p->op = TST; regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; nsaddr++; } if (equstr(regs[RT1], "$0")) { p->op = TST; regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; nsaddr++; } else if (equstr(regs[RT2], "$0")) { p->op = TST; strcpy(regs[RT1], regs[RT2]); regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; nsaddr++; } } repladdr(p, 1, flt); ccloc[0] = 0; continue; case CBR: r = -1; if (p->back->op==TST || p->back->op==CMP) { if (p->back->op==TST) { singop(p->back); savereg(RT2, "$0"); } else dualop(p->back); if (equstr(regs[RT1], regs[RT2]) && natural(regs[RT1]) && natural(regs[RT2])) r = compare(p->subop, "$1", "$1"); else r = compare(p->subop, findcon(RT1), findcon(RT2)); if (r==0) { if (p->forw->op==CBR || p->forw->op==SXT || p->forw->op==CFCC) { p->back->forw = p->forw; p->forw->back = p->back; } else { p->back->back->forw = p->forw; p->forw->back = p->back->back; } decref(p->ref); p = p->back->back; nchange++; } else if (r>0) { p->op = JBR; p->subop = 0; p->back->back->forw = p; p->back = p->back->back; p = p->back; nchange++; } /* * If the instruction prior to the conditional branch was a 'tst' then * save the condition code status. The C construct: * if (x) * if (x > 0) * generates "tst _x; jeq ...; tst _x; jmi ...;jeq ...". The code below removes * the second "tst _x", leaving "tst _x; jeq ...;jmi ...; jeq ...". */ if (p->back->op == TST) { singop(p->back); setcc(regs[RT1]); break; } } /* * If the previous instruction was also a conditional branch then * attempt to merge the two into a single branch. */ if (p->back->op == CBR) fixupbr(p); case CFCC: ccloc[0] = 0; continue; /* * Unrecognized (unparsed) instructions, assignments (~foo=r2), and * data arrive here. In order to prevent throwing away information * about register contents just because a local assignment is done * we check for the first character being a tilde. */ case 0: if (p->code[0] != '~') clearreg(); continue; case JBR: redunbr(p); default: clearreg(); } } }
rmove() { register struct node *p; register char *cp; register int r; int r1, flt; for (p=first.forw; p!=0; p = p->forw) { if (debug) { for (r=0; r<2*NREG; r++) if (regs[r][0]) printf("%d: %s\n", r, regs[r]); printf("-\n"); } flt = 0; switch (p->op) { case MOVF: case MOVFO: case MOVOF: flt = NREG; case MOV: dualop(p); if ((r = findrand(regs[RT1], flt)) >= 0) { if (r == flt+isreg(regs[RT2]) && p->forw->op!=CBR) { p->forw->back = p->back; p->back->forw = p->forw; redunm++; continue; } } repladdr(p, 0, flt); r = isreg(regs[RT1]); r1 = isreg(regs[RT2]); dest(regs[RT2], flt); if (r >= 0) if (r1 >= 0) savereg(r1+flt, regs[r+flt]); else savereg(r+flt, regs[RT2]); else if (r1 >= 0) savereg(r1+flt, regs[RT1]); else setcon(regs[RT1], regs[RT2]); source(regs[RT1]); setcc(regs[RT2]); continue; case ADDF: case SUBF: case DIVF: case MULF: flt = NREG; case ADD: case SUB: case BIC: case BIS: case MUL: case DIV: case ASH: dualop(p); repladdr(p, 0, flt); source(regs[RT1]); dest(regs[RT2], flt); if (p->op==DIV && (r = isreg(regs[RT2])>=0)) regs[r+1][0] = 0; ccloc[0] = 0; continue; case CLRF: case NEGF: flt = NREG; case CLR: case COM: case INC: case DEC: case NEG: case ASR: case ASL: case SXT: singop(p); dest(regs[RT1], flt); if (p->op==CLR && flt==0) if ((r = isreg(regs[RT1])) >= 0) savereg(r, "$0"); else setcon("$0", regs[RT1]); setcc(regs[RT1]); continue; case TSTF: flt = NREG; case TST: singop(p); repladdr(p, 0, flt); source(regs[RT1]); if (equstr(regs[RT1], ccloc)) { p->back->forw = p->forw; p->forw->back = p->back; p = p->back; nrtst++; nchange++; } continue; case CMPF: flt = NREG; case CMP: case BIT: dualop(p); source(regs[RT1]); source(regs[RT2]); repladdr(p, 1, flt); ccloc[0] = 0; continue; case CBR: case CFCC: ccloc[0] = 0; continue; case JBR: redunbr(p); default: clearreg(); } } }
rmove() { register struct node *p; register int r; register r1, flt; for (p=first.forw; p!=0; p = p->forw) { flt = 0; switch (p->op) { case MOVF: case MOVFO: case MOVOF: flt = NREG; case MOV: if (p->subop==BYTE) goto dble; dualop(p); if ((r = findrand(regs[RT1], flt)) >= 0) { if (r == flt+isreg(regs[RT2]) && p->forw->op!=CBR && p->forw->op!=SXT && p->forw->op!=CFCC) { p->forw->back = p->back; p->back->forw = p->forw; redunm++; continue; } } if (equstr(regs[RT1], "$0")) { p->op = CLR; strcpy(regs[RT1], regs[RT2]); regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); goto sngl; } repladdr(p, 0, flt); r = isreg(regs[RT1]); r1 = isreg(regs[RT2]); dest(regs[RT2], flt); if (r >= 0) if (r1 >= 0) savereg(r1+flt, regs[r+flt]); else savereg(r+flt, regs[RT2]); else if (r1 >= 0) savereg(r1+flt, regs[RT1]); else setcon(regs[RT1], regs[RT2]); source(regs[RT1]); setcc(regs[RT2]); continue; case ADDF: case SUBF: case DIVF: case MULF: flt = NREG; goto dble; case ADD: case SUB: case BIC: case BIS: case MUL: case DIV: case ASH: dble: dualop(p); if (p->op==BIC && (equstr(regs[RT1], "$-1") || equstr(regs[RT1], "$177777"))) { p->op = CLR; strcpy(regs[RT1], regs[RT2]); regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); goto sngl; } if ((p->op==BIC || p->op==BIS) && equstr(regs[RT1], "$0")) { if (p->forw->op!=CBR) { p->back->forw = p->forw; p->forw->back = p->back; continue; } } repladdr(p, 0, flt); source(regs[RT1]); dest(regs[RT2], flt); if (p->op==DIV && (r = isreg(regs[RT2])>=0)) regs[r+1][0] = 0; ccloc[0] = 0; continue; case CLRF: case NEGF: flt = NREG; case CLR: case COM: case INC: case DEC: case NEG: case ASR: case ASL: case SXT: singop(p); sngl: dest(regs[RT1], flt); if (p->op==CLR && flt==0) if ((r = isreg(regs[RT1])) >= 0) savereg(r, "$0"); else setcon("$0", regs[RT1]); ccloc[0] = 0; continue; case TSTF: flt = NREG; case TST: singop(p); repladdr(p, 0, flt); source(regs[RT1]); if (equstr(regs[RT1], ccloc)) { p->back->forw = p->forw; p->forw->back = p->back; p = p->back; nrtst++; nchange++; } continue; case CMPF: flt = NREG; case CMP: case BIT: dualop(p); source(regs[RT1]); source(regs[RT2]); if(p->op==BIT) { if (equstr(regs[RT1], "$-1") || equstr(regs[RT1], "$177777")) { p->op = TST; strcpy(regs[RT1], regs[RT2]); regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; nsaddr++; } else if (equstr(regs[RT2], "$-1") || equstr(regs[RT2], "$177777")) { p->op = TST; regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; nsaddr++; } if (equstr(regs[RT1], "$0")) { p->op = TST; regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; nsaddr++; } else if (equstr(regs[RT2], "$0")) { p->op = TST; strcpy(regs[RT1], regs[RT2]); regs[RT2][0] = 0; p->code = copy(1, regs[RT1]); nchange++; nsaddr++; } } repladdr(p, 1, flt); ccloc[0] = 0; continue; case CBR: if (p->back->op==TST || p->back->op==CMP) { if (p->back->op==TST) { singop(p->back); savereg(RT2, "$0"); } else dualop(p->back); r = compare(p->subop, findcon(RT1), findcon(RT2)); if (r==0) { p->back->back->forw = p->forw; p->forw->back = p->back->back; decref(p->ref); p = p->back->back; nchange++; } else if (r>0) { p->op = JBR; p->subop = 0; p->back->back->forw = p; p->back = p->back->back; p = p->back; nchange++; } } case CFCC: ccloc[0] = 0; continue; case JBR: redunbr(p); default: clearreg(); } } }
int adb_main(int is_daemon, int server_port) { #if !ADB_HOST int port; char value[PROPERTY_VALUE_MAX]; umask(000); #endif atexit(adb_cleanup); #ifdef HAVE_WIN32_PROC SetConsoleCtrlHandler( ctrlc_handler, TRUE ); #elif defined(HAVE_FORKEXEC) // No SIGCHLD. Let the service subproc handle its children. signal(SIGPIPE, SIG_IGN); #endif init_transport_registration(); #if ADB_HOST HOST = 1; #ifdef WORKAROUND_BUG6558362 if(is_daemon) adb_set_affinity(); #endif usb_vendors_init(); usb_init(); local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT); adb_auth_init(); char local_name[30]; build_local_name(local_name, sizeof(local_name), server_port); if(install_listener(local_name, "*smartsocket*", NULL, 0)) { exit(1); } #else property_get("ro.adb.secure", value, "0"); auth_enabled = !strcmp(value, "1"); if (auth_enabled) adb_auth_init(); // Our external storage path may be different than apps, since // we aren't able to bind mount after dropping root. const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE"); if (NULL != adb_external_storage) { setenv("EXTERNAL_STORAGE", adb_external_storage, 1); } else { D("Warning: ADB_EXTERNAL_STORAGE is not set. Leaving EXTERNAL_STORAGE" " unchanged.\n"); } /* don't listen on a port (default 5037) if running in secure mode */ /* don't run as root if we are running in secure mode */ if (should_drop_privileges()) { drop_capabilities_bounding_set_if_needed(); /* add extra groups: ** AID_ADB to access the USB driver ** AID_LOG to read system logs (adb logcat) ** AID_INPUT to diagnose input issues (getevent) ** AID_INET to diagnose network issues (netcfg, ping) ** AID_GRAPHICS to access the frame buffer ** AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump) ** AID_SDCARD_R to allow reading from the SD card ** AID_SDCARD_RW to allow writing to the SD card ** AID_MOUNT to allow unmounting the SD card before rebooting ** AID_NET_BW_STATS to read out qtaguid statistics */ gid_t groups[] = { AID_ADB, AID_LOG, AID_INPUT, AID_INET, AID_GRAPHICS, AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW, AID_MOUNT, AID_NET_BW_STATS }; if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) { exit(1); } /* then switch user and group to "shell" */ if (setgid(AID_SHELL) != 0) { exit(1); } if (setuid(AID_SHELL) != 0) { exit(1); } D("Local port disabled\n"); } else { char local_name[30]; if ((root_seclabel != NULL) && (is_selinux_enabled() > 0)) { // b/12587913: fix setcon to allow const pointers if (setcon((char *)root_seclabel) < 0) { exit(1); } } build_local_name(local_name, sizeof(local_name), server_port); if(install_listener(local_name, "*smartsocket*", NULL, 0)) { exit(1); } } int usb = 0; if (access(USB_ADB_PATH, F_OK) == 0 || access(USB_FFS_ADB_EP0, F_OK) == 0) { // listen on USB usb_init(); usb = 1; } // If one of these properties is set, also listen on that port // If one of the properties isn't set and we couldn't listen on usb, // listen on the default port. property_get("service.adb.tcp.port", value, ""); if (!value[0]) { property_get("persist.adb.tcp.port", value, ""); } if (sscanf(value, "%d", &port) == 1 && port > 0) { printf("using port=%d\n", port); // listen on TCP port specified by service.adb.tcp.port property local_init(port); } else if (!usb) { // listen on default port local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT); } D("adb_main(): pre init_jdwp()\n"); init_jdwp(); D("adb_main(): post init_jdwp()\n"); #endif if (is_daemon) { // inform our parent that we are up and running. #ifdef HAVE_WIN32_PROC DWORD count; WriteFile( GetStdHandle( STD_OUTPUT_HANDLE ), "OK\n", 3, &count, NULL ); #elif defined(HAVE_FORKEXEC) fprintf(stderr, "OK\n"); #endif start_logging(); } D("Event loop starting\n"); fdevent_loop(); usb_cleanup(); return 0; }
int selinux_setup(bool *loaded_policy) { #ifdef HAVE_SELINUX int enforce = 0; usec_t before_load, after_load; security_context_t con; int r; union selinux_callback cb; assert(loaded_policy); /* Turn off all of SELinux' own logging, we want to do that */ cb.func_log = null_log; selinux_set_callback(SELINUX_CB_LOG, cb); /* Already initialized by somebody else? */ r = getcon_raw(&con); if (r == 0) { bool initialized; initialized = !streq(con, "kernel"); freecon(con); if (initialized) return 0; } /* Make sure we have no fds open while loading the policy and * transitioning */ log_close(); /* Now load the policy */ before_load = now(CLOCK_MONOTONIC); r = selinux_init_load_policy(&enforce); if (r == 0) { char timespan[FORMAT_TIMESPAN_MAX]; char *label; retest_selinux(); /* Transition to the new context */ r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label); if (r < 0 || label == NULL) { log_open(); log_error("Failed to compute init label, ignoring."); } else { r = setcon(label); log_open(); if (r < 0) log_error("Failed to transition into init label '%s', ignoring.", label); label_free(label); } after_load = now(CLOCK_MONOTONIC); log_info("Successfully loaded SELinux policy in %s.", format_timespan(timespan, sizeof(timespan), after_load - before_load)); *loaded_policy = true; } else { log_open(); if (enforce > 0) { log_error("Failed to load SELinux policy. Freezing."); return -EIO; } else log_debug("Unable to load SELinux policy. Ignoring."); } #endif return 0; }
int mac_selinux_setup(bool *loaded_policy) { #ifdef HAVE_SELINUX int enforce = 0; usec_t before_load, after_load; security_context_t con; int r; union selinux_callback cb; bool initialized = false; assert(loaded_policy); /* Turn off all of SELinux' own logging, we want to do that */ cb.func_log = null_log; selinux_set_callback(SELINUX_CB_LOG, cb); /* Don't load policy in the initrd if we don't appear to have * it. For the real root, we check below if we've already * loaded policy, and return gracefully. */ if (in_initrd() && access(selinux_path(), F_OK) < 0) return 0; /* Already initialized by somebody else? */ r = getcon_raw(&con); if (r == 0) { initialized = !streq(con, "kernel"); freecon(con); } /* Make sure we have no fds open while loading the policy and * transitioning */ log_close(); /* Now load the policy */ before_load = now(CLOCK_MONOTONIC); r = selinux_init_load_policy(&enforce); if (r == 0) { _cleanup_(mac_selinux_freep) char *label = NULL; char timespan[FORMAT_TIMESPAN_MAX]; mac_selinux_retest(); /* Transition to the new context */ r = mac_selinux_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label); if (r < 0 || !label) { log_open(); log_error("Failed to compute init label, ignoring."); } else { r = setcon(label); log_open(); if (r < 0) log_error("Failed to transition into init label '%s', ignoring.", label); } after_load = now(CLOCK_MONOTONIC); log_info("Successfully loaded SELinux policy in %s.", format_timespan(timespan, sizeof(timespan), after_load - before_load, 0)); *loaded_policy = true; } else {