void
ssh_selinux_change_context(const char *newname)
{
int len, newlen;
char *oldctx, *newctx, *cx;
if (!ssh_selinux_enabled())
return;
if (getcon((security_context_t *)&oldctx) < 0) {
logit("%s: getcon failed with %s", __func__, strerror (errno));
return;
}
if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
NULL) {
logit ("%s: unparseable context %s", __func__, oldctx);
return;
}
newlen = strlen(oldctx) + strlen(newname) + 1;
newctx = xmalloc(newlen);
len = cx - oldctx + 1;
memcpy(newctx, oldctx, len);
strlcpy(newctx + len, newname, newlen - len);
if ((cx = index(cx + 1, ':')))
strlcat(newctx, cx, newlen);
debug3("%s: setting context from '%s' to '%s'", __func__, oldctx,
newctx);
if (setcon(newctx) < 0)
logit("%s: setcon failed with %s", __func__, strerror (errno));
xfree(oldctx);
xfree(newctx);
}
static int
mymain(void)
{
int ret = 0;
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) {
virErrorPtr err = virGetLastError();
if (err->code == VIR_ERR_CONFIG_UNSUPPORTED)
exit(EXIT_AM_SKIP);
fprintf(stderr, "Unable to initialize security driver: %s\n",
err->message);
exit(EXIT_FAILURE);
}
if ((caps = testQemuCapsInit()) == NULL)
exit(EXIT_FAILURE);
#define DO_TEST_LABELING(name) \
if (virtTestRun("Labelling " # name, 1, testSELinuxLabeling, name) < 0) \
ret = -1; \
setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
DO_TEST_LABELING("disks");
DO_TEST_LABELING("kernel");
DO_TEST_LABELING("chardev");
return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
int do_setcon(int nargs, char **args) {
if (is_selinux_enabled() <= 0)
return 0;
if (setcon(args[1]) < 0) {
return -errno;
}
return 0;
}
int do_setcon(int nargs, char **args) {
#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0)
return 0;
if (setcon(args[1]) < 0) {
return -errno;
}
#endif
return 0;
}
void
do_setcon(char *context)
{
#ifdef HAVE_SETCON
if (-1 == setcon(context))
err(1, "%s", context);
#else
warnx("No SELinux support built in");
#endif
}
int main(int argc, char **argv)
{
int rc;
rc = setcon(argv[1]);
if (rc < 0) {
perror("setcon");
exit(1);
}
exit(0);
}
static void *worker(void *datap)
{
security_context_t security_context = datap;
int rc;
rc = setcon(security_context);
if (rc < 0)
thread_status = errno;
return NULL;
}
/* setcon is only valid under the following circumstances:
* - single threaded
* - enforcing=0
*/
int
do_setcon (const char *context)
{
#if defined(HAVE_SETCON)
if (setcon ((char *) context) == -1) {
reply_with_perror ("setcon");
return -1;
}
return 0;
#else
reply_with_error ("function not available");
return -1;
#endif
}
int main(int argc, char **argv)
{
int rc;
security_context_t context_s;
context_t context;
if (argc != 2) {
fprintf(stderr, "usage: %s newdomain\n", argv[0]);
exit(-1);
}
rc = getcon(&context_s);
if (rc < 0) {
fprintf(stderr, "%s: unable to get my context\n", argv[0]);
exit(-1);
}
context = context_new(context_s);
if (!context) {
fprintf(stderr, "%s: unable to create context structure\n", argv[0]);
exit(-1);
}
if (context_type_set(context, argv[1])) {
fprintf(stderr, "%s: unable to set new type\n", argv[0]);
exit(-1);
}
freecon(context_s);
context_s = context_str(context);
if (!context_s) {
fprintf(stderr, "%s: unable to obtain new context string\n", argv[0]);
exit(-1);
}
rc = setcon(context_s);
if (rc < 0) {
perror("setcon failed");
exit(-1);
}
printf("All systems go\n");
exit(0);
}
void
ssh_selinux_change_context(const char *newname)
{
int len, newlen;
char *oldctx, *newctx, *cx;
void (*switchlog) (const char *fmt,...) = logit;
if (!ssh_selinux_enabled())
return;
if (getcon((security_context_t *)&oldctx) < 0) {
logit("%s: getcon failed with %s", __func__, strerror(errno));
return;
}
if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
NULL) {
logit ("%s: unparseable context %s", __func__, oldctx);
return;
}
/*
* Check whether we are attempting to switch away from an unconfined
* security context.
*/
if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE,
sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0)
switchlog = debug3;
newlen = strlen(oldctx) + strlen(newname) + 1;
newctx = xmalloc(newlen);
len = cx - oldctx + 1;
memcpy(newctx, oldctx, len);
strlcpy(newctx + len, newname, newlen - len);
if ((cx = index(cx + 1, ':')))
strlcat(newctx, cx, newlen);
debug3("%s: setting context from '%s' to '%s'", __func__,
oldctx, newctx);
if (setcon(newctx) < 0)
switchlog("%s: setcon %s from %s failed with %s", __func__,
newctx, oldctx, strerror(errno));
free(oldctx);
free(newctx);
}
static int
mymain(void)
{
int ret = 0;
int rc = testUserXattrEnabled();
if (rc < 0)
return EXIT_FAILURE;
if (!rc)
return EXIT_AM_SKIP;
if (!(mgr = virSecurityManagerNew("selinux", "QEMU",
VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
VIR_SECURITY_MANAGER_PRIVILEGED))) {
virErrorPtr err = virGetLastError();
VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n",
err->message);
return EXIT_FAILURE;
}
if ((caps = testQemuCapsInit()) == NULL)
return EXIT_FAILURE;
if (qemuTestDriverInit(&driver) < 0)
return EXIT_FAILURE;
#define DO_TEST_LABELING(name) \
if (virtTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
ret = -1;
setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
DO_TEST_LABELING("disks");
DO_TEST_LABELING("kernel");
DO_TEST_LABELING("chardev");
DO_TEST_LABELING("nfs");
qemuTestDriverFree(&driver);
return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
static JSBool
rpmsx_setprop(JSContext *cx, JSObject *obj, jsid id, JSBool strict, jsval *vp)
{
#if defined(WITH_SELINUX)
void * ptr = JS_GetInstancePrivate(cx, obj, &rpmsxClass, NULL);
jsint tiny = JSVAL_TO_INT(id);
security_context_t con = NULL;
int myint = 0xdeadbeef;
JSBool ok = JS_TRUE;
/* XXX the class has ptr == NULL, instances have ptr != NULL. */
if (ptr == NULL)
return JS_TRUE;
if (JSVAL_IS_STRING(*vp))
con = (security_context_t) JS_EncodeString(cx, JS_ValueToString(cx, *vp));
if (JSVAL_IS_INT(*vp))
myint = JSVAL_TO_INT(*vp);
switch (tiny) {
case _DEBUG:
if (!JS_ValueToInt32(cx, *vp, &_debug))
break;
break;
case _CURRENT: ok = _PUT_CON(setcon(con)); break;
case _EXEC: ok = _PUT_CON(setexeccon(con)); break;
case _FSCREATE: ok = _PUT_CON(setfscreatecon(con)); break;
case _KEYCREATE: ok = _PUT_CON(setkeycreatecon(con)); break;
case _SOCKCREATE: ok = _PUT_CON(setsockcreatecon(con)); break;
case _ENFORCE: ok = _PUT_INT(security_setenforce(myint)); break;
default:
break;
}
con = _free(con);
#endif
return JS_TRUE;
}
static int
mymain(void)
{
int ret = 0;
int rc = testUserXattrEnabled();
if (rc < 0)
return EXIT_FAILURE;
if (!rc)
return EXIT_AM_SKIP;
if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true))) {
virErrorPtr err = virGetLastError();
VIR_TEST_VERBOSE("Unable to initialize security driver: %s\n",
err->message);
return EXIT_FAILURE;
}
if ((caps = testQemuCapsInit()) == NULL)
return EXIT_FAILURE;
if (!(xmlopt = virQEMUDriverCreateXMLConf(NULL)))
return EXIT_FAILURE;
#define DO_TEST_LABELING(name) \
if (virtTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
ret = -1;
setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
DO_TEST_LABELING("disks");
DO_TEST_LABELING("kernel");
DO_TEST_LABELING("chardev");
DO_TEST_LABELING("nfs");
return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
}
void start_daemon(int client) {
// Launch the daemon, create new session, set proper context
if (getuid() != UID_ROOT || getgid() != UID_ROOT) {
fprintf(stderr, "Starting daemon requires root: %s\n", strerror(errno));
PLOGE("start daemon");
}
switch (fork()) {
case -1:
PLOGE("fork");
case 0:
break;
default:
return;
}
// First close the client, it's useless for us
close(client);
xsetsid();
setcon("u:r:su:s0");
umask(022);
int fd = xopen("/dev/null", O_RDWR | O_CLOEXEC);
xdup2(fd, STDIN_FILENO);
xdup2(fd, STDOUT_FILENO);
xdup2(fd, STDERR_FILENO);
close(fd);
// Patch selinux with medium patch before we do anything
load_policydb(SELINUX_POLICY);
sepol_med_rules();
dump_policydb(SELINUX_LOAD);
// Continue the larger patch in another thread, we will join later
pthread_create(&sepol_patch, NULL, large_sepol_patch, NULL);
struct sockaddr_un sun;
fd = setup_socket(&sun);
xbind(fd, (struct sockaddr*) &sun, sizeof(sun));
xlisten(fd, 10);
// Change process name
strcpy(argv0, "magisk_daemon");
// The root daemon should not do anything if an error occurs
// It should stay intact under any circumstances
err_handler = do_nothing;
LOGI("Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") daemon started\n");
// Unlock all blocks for rw
unlock_blocks();
// Setup links under /sbin
xmount(NULL, "/", NULL, MS_REMOUNT, NULL);
create_links(NULL, "/sbin");
xchmod("/sbin", 0755);
xmkdir("/magisk", 0755);
xchmod("/magisk", 0755);
xmount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);
// Loop forever to listen for requests
while(1) {
int *client = xmalloc(sizeof(int));
*client = xaccept4(fd, NULL, NULL, SOCK_CLOEXEC);
pthread_t thread;
xpthread_create(&thread, NULL, request_handler, client);
// Detach the thread, we will never join it
pthread_detach(thread);
}
}
rmove()
{
register struct node *p;
register int r;
register r1, flt;
for (p=first.forw; p!=0; p = p->forw) {
flt = 0;
switch (p->op) {
case MOVF:
case MOVFO:
case MOVOF:
flt = NREG;
case MOV:
if (p->subop==BYTE)
goto dble;
dualop(p);
if ((r = findrand(regs[RT1], flt)) >= 0) {
if (r == flt+isreg(regs[RT2]) && p->forw->op!=CBR
&& p->forw->op!=SXT
&& p->forw->op!=CFCC) {
p->forw->back = p->back;
p->back->forw = p->forw;
redunm++;
nchange++;
continue;
}
}
if (equstr(regs[RT1], "$0")) {
p->op = CLR;
strcpy(regs[RT1], regs[RT2]);
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
goto sngl;
}
repladdr(p, 0, flt);
r = isreg(regs[RT1]);
r1 = isreg(regs[RT2]);
dest(regs[RT2], flt);
if (r >= 0)
if (r1 >= 0)
savereg(r1+flt, regs[r+flt]);
else
savereg(r+flt, regs[RT2]);
else
if (r1 >= 0)
savereg(r1+flt, regs[RT1]);
else
setcon(regs[RT1], regs[RT2]);
source(regs[RT1]);
setcc(regs[RT2]);
continue;
case ADDF:
case SUBF:
case DIVF:
case MULF:
flt = NREG;
goto dble;
case ADD:
case SUB:
case BIC:
case BIS:
case MUL:
case DIV:
case ASH:
dble:
dualop(p);
if (p->op==BIC && (equstr(regs[RT1], "$-1") || equstr(regs[RT1], "$177777"))) {
p->op = CLR;
strcpy(regs[RT1], regs[RT2]);
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
goto sngl;
}
if ((p->op==BIC || p->op==BIS) && equstr(regs[RT1], "$0")) {
if (p->forw->op!=CBR) {
p->back->forw = p->forw;
p->forw->back = p->back;
nchange++;
continue;
}
}
/*
* the next block of code looks for the sequences (which extract the
* high byte of a word or the low byte respectively):
* ash $-10,r
* bic $-400,r
* or
* mov natural,r
* bic $-400,r
* and transforms them into:
* clrb r
* swab r
* or
* clr r
* bisb natural,r
* These constructs occur often enough in the kernel (dealing with major/minor
* device numbers, etc) it's worth a little extra work at compile time.
*/
if (p->op == BIC && (equstr(regs[RT1],"$-400") ||
equstr(regs[RT1],"$-177400"))) {
if (p->back->op == ASH) {
r = isreg(regs[RT2]);
dualop(p->back);
if ((equstr(regs[RT1], "$-10") ||
equstr(regs[RT1], "$177770")) &&
r == isreg(regs[RT2])) {
strcpy(regs[RT1], regs[RT2]);
regs[RT2][0] = 0;
p->back->op = CLR;
p->back->subop = BYTE;
p->back->code = copy(1, regs[RT1]);
p->op = SWAB;
p->code = copy(1, regs[RT1]);
nchange++;
goto sngl;
}
}
else if (p->back->op == MOV && p->forw->op != CBR) {
char temp[50];
r = isreg(regs[RT2]);
if (r < 0 && !xnatural(regs[RT2]))
goto out;
strcpy(temp, regs[RT2]);
dualop(p->back);
if (isreg(regs[RT2]) == r && natural(regs[RT1])) {
if (r < 0 && (!xnatural(regs[RT2]) || !equstr(temp, regs[RT2])))
goto out;
/*
* XXX - the sequence "movb rN,rN; bic $-400,rN" can not be transformed
* because the 'clr' would lose all information about 'rN'. The best that can
* be done is to remove the 'movb' instruction and leave the 'bic'.
*/
if (isreg(regs[RT1]) == r && r >= 0) {
p = p->back;
p->forw->back = p->back;
p->back->forw = p->forw;
nchange++;
continue;
}
dest(regs[RT1], flt);
p->back->op = CLR;
p->back->subop = 0;
p->back->code = copy(1, regs[RT2]);
p->op = BIS;
p->subop = BYTE;
strcat(regs[RT1], ",");
p->code = copy(2, regs[RT1], regs[RT2]);
nchange++;
}
}
out: dualop(p); /* restore banged up parsed operands */
}
repladdr(p, 0, flt);
source(regs[RT1]);
dest(regs[RT2], flt);
if (p->op==DIV && (r = isreg(regs[RT2]))>=0)
regs[r|1][0] = 0;
switch (p->op)
{
case ADD:
case SUB:
case BIC:
case BIS:
case ASH:
setcc(regs[RT2]);
break;
default:
ccloc[0] = 0;
}
continue;
case SXT:
singop(p);
if (p->forw->op == CLR && p->forw->subop != BYTE &&
xnatural(regs[RT1]) && !strcmp(p->code, p->forw->code)){
p->forw->back = p->back;
p->back->forw = p->forw;
nchange++;
continue;
}
goto sngl;
case CLRF:
case NEGF:
flt = NREG;
case CLR:
case COM:
case INC:
case DEC:
case NEG:
case ASR:
case ASL:
case SWAB:
singop(p);
sngl:
dest(regs[RT1], flt);
if (p->op==CLR && flt==0)
{
if ((r = isreg(regs[RT1])) >= 0)
savereg(r, "$0");
else
setcon("$0", regs[RT1]);
ccloc[0] = 0;
}
else
setcc(regs[RT1]);
continue;
case TSTF:
flt = NREG;
case TST:
singop(p);
repladdr(p, 0, flt);
source(regs[RT1]);
if (p->back->op == TST && !flt && not_sp(regs[RT1])) {
char rt1[MAXCPS + 2];
strcpy(rt1, regs[RT1]);
singop(p->back);
if (!strcmp("(sp)+", regs[RT1])) {
p->back->subop = p->subop;
p->back->forw = p->forw;
p->forw->back = p->back;
p = p->back;
p->op = MOV;
p->code = copy(2, rt1, ",(sp)+");
nrtst++;
nchange++;
continue;
}
singop(p);
}
if (p->back->op == MOV && p->back->subop == BYTE) {
dualop(p->back);
setcc(regs[RT2]);
singop(p);
}
if (equstr(regs[RT1], ccloc) && p->subop == p->back->subop) {
p->back->forw = p->forw;
p->forw->back = p->back;
p = p->back;
nrtst++;
nchange++;
}
else
setcc(regs[RT1]); /* XXX - double TST in a row */
continue;
case CMPF:
flt = NREG;
case CMP:
case BIT:
dualop(p);
source(regs[RT1]);
source(regs[RT2]);
if(p->op==BIT) {
if (equstr(regs[RT1], "$-1") || equstr(regs[RT1], "$177777")) {
p->op = TST;
strcpy(regs[RT1], regs[RT2]);
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
nsaddr++;
} else if (equstr(regs[RT2], "$-1") || equstr(regs[RT2], "$177777")) {
p->op = TST;
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
nsaddr++;
}
if (equstr(regs[RT1], "$0")) {
p->op = TST;
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
nsaddr++;
} else if (equstr(regs[RT2], "$0")) {
p->op = TST;
strcpy(regs[RT1], regs[RT2]);
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
nsaddr++;
}
}
repladdr(p, 1, flt);
ccloc[0] = 0;
continue;
case CBR:
r = -1;
if (p->back->op==TST || p->back->op==CMP) {
if (p->back->op==TST) {
singop(p->back);
savereg(RT2, "$0");
} else
dualop(p->back);
if (equstr(regs[RT1], regs[RT2])
&& natural(regs[RT1]) && natural(regs[RT2]))
r = compare(p->subop, "$1", "$1");
else
r = compare(p->subop, findcon(RT1), findcon(RT2));
if (r==0) {
if (p->forw->op==CBR
|| p->forw->op==SXT
|| p->forw->op==CFCC) {
p->back->forw = p->forw;
p->forw->back = p->back;
} else {
p->back->back->forw = p->forw;
p->forw->back = p->back->back;
}
decref(p->ref);
p = p->back->back;
nchange++;
} else if (r>0) {
p->op = JBR;
p->subop = 0;
p->back->back->forw = p;
p->back = p->back->back;
p = p->back;
nchange++;
}
/*
* If the instruction prior to the conditional branch was a 'tst' then
* save the condition code status. The C construct:
* if (x)
* if (x > 0)
* generates "tst _x; jeq ...; tst _x; jmi ...;jeq ...". The code below removes
* the second "tst _x", leaving "tst _x; jeq ...;jmi ...; jeq ...".
*/
if (p->back->op == TST) {
singop(p->back);
setcc(regs[RT1]);
break;
}
}
/*
* If the previous instruction was also a conditional branch then
* attempt to merge the two into a single branch.
*/
if (p->back->op == CBR)
fixupbr(p);
case CFCC:
ccloc[0] = 0;
continue;
/*
* Unrecognized (unparsed) instructions, assignments (~foo=r2), and
* data arrive here. In order to prevent throwing away information
* about register contents just because a local assignment is done
* we check for the first character being a tilde.
*/
case 0:
if (p->code[0] != '~')
clearreg();
continue;
case JBR:
redunbr(p);
default:
clearreg();
}
}
}
rmove()
{
register struct node *p;
register char *cp;
register int r;
int r1, flt;
for (p=first.forw; p!=0; p = p->forw) {
if (debug) {
for (r=0; r<2*NREG; r++)
if (regs[r][0])
printf("%d: %s\n", r, regs[r]);
printf("-\n");
}
flt = 0;
switch (p->op) {
case MOVF:
case MOVFO:
case MOVOF:
flt = NREG;
case MOV:
dualop(p);
if ((r = findrand(regs[RT1], flt)) >= 0) {
if (r == flt+isreg(regs[RT2]) && p->forw->op!=CBR) {
p->forw->back = p->back;
p->back->forw = p->forw;
redunm++;
continue;
}
}
repladdr(p, 0, flt);
r = isreg(regs[RT1]);
r1 = isreg(regs[RT2]);
dest(regs[RT2], flt);
if (r >= 0)
if (r1 >= 0)
savereg(r1+flt, regs[r+flt]);
else
savereg(r+flt, regs[RT2]);
else
if (r1 >= 0)
savereg(r1+flt, regs[RT1]);
else
setcon(regs[RT1], regs[RT2]);
source(regs[RT1]);
setcc(regs[RT2]);
continue;
case ADDF:
case SUBF:
case DIVF:
case MULF:
flt = NREG;
case ADD:
case SUB:
case BIC:
case BIS:
case MUL:
case DIV:
case ASH:
dualop(p);
repladdr(p, 0, flt);
source(regs[RT1]);
dest(regs[RT2], flt);
if (p->op==DIV && (r = isreg(regs[RT2])>=0))
regs[r+1][0] = 0;
ccloc[0] = 0;
continue;
case CLRF:
case NEGF:
flt = NREG;
case CLR:
case COM:
case INC:
case DEC:
case NEG:
case ASR:
case ASL:
case SXT:
singop(p);
dest(regs[RT1], flt);
if (p->op==CLR && flt==0)
if ((r = isreg(regs[RT1])) >= 0)
savereg(r, "$0");
else
setcon("$0", regs[RT1]);
setcc(regs[RT1]);
continue;
case TSTF:
flt = NREG;
case TST:
singop(p);
repladdr(p, 0, flt);
source(regs[RT1]);
if (equstr(regs[RT1], ccloc)) {
p->back->forw = p->forw;
p->forw->back = p->back;
p = p->back;
nrtst++;
nchange++;
}
continue;
case CMPF:
flt = NREG;
case CMP:
case BIT:
dualop(p);
source(regs[RT1]);
source(regs[RT2]);
repladdr(p, 1, flt);
ccloc[0] = 0;
continue;
case CBR:
case CFCC:
ccloc[0] = 0;
continue;
case JBR:
redunbr(p);
default:
clearreg();
}
}
}
rmove()
{
register struct node *p;
register int r;
register r1, flt;
for (p=first.forw; p!=0; p = p->forw) {
flt = 0;
switch (p->op) {
case MOVF:
case MOVFO:
case MOVOF:
flt = NREG;
case MOV:
if (p->subop==BYTE)
goto dble;
dualop(p);
if ((r = findrand(regs[RT1], flt)) >= 0) {
if (r == flt+isreg(regs[RT2]) && p->forw->op!=CBR
&& p->forw->op!=SXT
&& p->forw->op!=CFCC) {
p->forw->back = p->back;
p->back->forw = p->forw;
redunm++;
continue;
}
}
if (equstr(regs[RT1], "$0")) {
p->op = CLR;
strcpy(regs[RT1], regs[RT2]);
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
goto sngl;
}
repladdr(p, 0, flt);
r = isreg(regs[RT1]);
r1 = isreg(regs[RT2]);
dest(regs[RT2], flt);
if (r >= 0)
if (r1 >= 0)
savereg(r1+flt, regs[r+flt]);
else
savereg(r+flt, regs[RT2]);
else
if (r1 >= 0)
savereg(r1+flt, regs[RT1]);
else
setcon(regs[RT1], regs[RT2]);
source(regs[RT1]);
setcc(regs[RT2]);
continue;
case ADDF:
case SUBF:
case DIVF:
case MULF:
flt = NREG;
goto dble;
case ADD:
case SUB:
case BIC:
case BIS:
case MUL:
case DIV:
case ASH:
dble:
dualop(p);
if (p->op==BIC && (equstr(regs[RT1], "$-1") || equstr(regs[RT1], "$177777"))) {
p->op = CLR;
strcpy(regs[RT1], regs[RT2]);
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
goto sngl;
}
if ((p->op==BIC || p->op==BIS) && equstr(regs[RT1], "$0")) {
if (p->forw->op!=CBR) {
p->back->forw = p->forw;
p->forw->back = p->back;
continue;
}
}
repladdr(p, 0, flt);
source(regs[RT1]);
dest(regs[RT2], flt);
if (p->op==DIV && (r = isreg(regs[RT2])>=0))
regs[r+1][0] = 0;
ccloc[0] = 0;
continue;
case CLRF:
case NEGF:
flt = NREG;
case CLR:
case COM:
case INC:
case DEC:
case NEG:
case ASR:
case ASL:
case SXT:
singop(p);
sngl:
dest(regs[RT1], flt);
if (p->op==CLR && flt==0)
if ((r = isreg(regs[RT1])) >= 0)
savereg(r, "$0");
else
setcon("$0", regs[RT1]);
ccloc[0] = 0;
continue;
case TSTF:
flt = NREG;
case TST:
singop(p);
repladdr(p, 0, flt);
source(regs[RT1]);
if (equstr(regs[RT1], ccloc)) {
p->back->forw = p->forw;
p->forw->back = p->back;
p = p->back;
nrtst++;
nchange++;
}
continue;
case CMPF:
flt = NREG;
case CMP:
case BIT:
dualop(p);
source(regs[RT1]);
source(regs[RT2]);
if(p->op==BIT) {
if (equstr(regs[RT1], "$-1") || equstr(regs[RT1], "$177777")) {
p->op = TST;
strcpy(regs[RT1], regs[RT2]);
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
nsaddr++;
} else if (equstr(regs[RT2], "$-1") || equstr(regs[RT2], "$177777")) {
p->op = TST;
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
nsaddr++;
}
if (equstr(regs[RT1], "$0")) {
p->op = TST;
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
nsaddr++;
} else if (equstr(regs[RT2], "$0")) {
p->op = TST;
strcpy(regs[RT1], regs[RT2]);
regs[RT2][0] = 0;
p->code = copy(1, regs[RT1]);
nchange++;
nsaddr++;
}
}
repladdr(p, 1, flt);
ccloc[0] = 0;
continue;
case CBR:
if (p->back->op==TST || p->back->op==CMP) {
if (p->back->op==TST) {
singop(p->back);
savereg(RT2, "$0");
} else
dualop(p->back);
r = compare(p->subop, findcon(RT1), findcon(RT2));
if (r==0) {
p->back->back->forw = p->forw;
p->forw->back = p->back->back;
decref(p->ref);
p = p->back->back;
nchange++;
} else if (r>0) {
p->op = JBR;
p->subop = 0;
p->back->back->forw = p;
p->back = p->back->back;
p = p->back;
nchange++;
}
}
case CFCC:
ccloc[0] = 0;
continue;
case JBR:
redunbr(p);
default:
clearreg();
}
}
}
int adb_main(int is_daemon, int server_port)
{
#if !ADB_HOST
int port;
char value[PROPERTY_VALUE_MAX];
umask(000);
#endif
atexit(adb_cleanup);
#ifdef HAVE_WIN32_PROC
SetConsoleCtrlHandler( ctrlc_handler, TRUE );
#elif defined(HAVE_FORKEXEC)
// No SIGCHLD. Let the service subproc handle its children.
signal(SIGPIPE, SIG_IGN);
#endif
init_transport_registration();
#if ADB_HOST
HOST = 1;
#ifdef WORKAROUND_BUG6558362
if(is_daemon) adb_set_affinity();
#endif
usb_vendors_init();
usb_init();
local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
adb_auth_init();
char local_name[30];
build_local_name(local_name, sizeof(local_name), server_port);
if(install_listener(local_name, "*smartsocket*", NULL, 0)) {
exit(1);
}
#else
property_get("ro.adb.secure", value, "0");
auth_enabled = !strcmp(value, "1");
if (auth_enabled)
adb_auth_init();
// Our external storage path may be different than apps, since
// we aren't able to bind mount after dropping root.
const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");
if (NULL != adb_external_storage) {
setenv("EXTERNAL_STORAGE", adb_external_storage, 1);
} else {
D("Warning: ADB_EXTERNAL_STORAGE is not set. Leaving EXTERNAL_STORAGE"
" unchanged.\n");
}
/* don't listen on a port (default 5037) if running in secure mode */
/* don't run as root if we are running in secure mode */
if (should_drop_privileges()) {
drop_capabilities_bounding_set_if_needed();
/* add extra groups:
** AID_ADB to access the USB driver
** AID_LOG to read system logs (adb logcat)
** AID_INPUT to diagnose input issues (getevent)
** AID_INET to diagnose network issues (netcfg, ping)
** AID_GRAPHICS to access the frame buffer
** AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump)
** AID_SDCARD_R to allow reading from the SD card
** AID_SDCARD_RW to allow writing to the SD card
** AID_MOUNT to allow unmounting the SD card before rebooting
** AID_NET_BW_STATS to read out qtaguid statistics
*/
gid_t groups[] = { AID_ADB, AID_LOG, AID_INPUT, AID_INET, AID_GRAPHICS,
AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW,
AID_MOUNT, AID_NET_BW_STATS };
if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) {
exit(1);
}
/* then switch user and group to "shell" */
if (setgid(AID_SHELL) != 0) {
exit(1);
}
if (setuid(AID_SHELL) != 0) {
exit(1);
}
D("Local port disabled\n");
} else {
char local_name[30];
if ((root_seclabel != NULL) && (is_selinux_enabled() > 0)) {
// b/12587913: fix setcon to allow const pointers
if (setcon((char *)root_seclabel) < 0) {
exit(1);
}
}
build_local_name(local_name, sizeof(local_name), server_port);
if(install_listener(local_name, "*smartsocket*", NULL, 0)) {
exit(1);
}
}
int usb = 0;
if (access(USB_ADB_PATH, F_OK) == 0 || access(USB_FFS_ADB_EP0, F_OK) == 0) {
// listen on USB
usb_init();
usb = 1;
}
// If one of these properties is set, also listen on that port
// If one of the properties isn't set and we couldn't listen on usb,
// listen on the default port.
property_get("service.adb.tcp.port", value, "");
if (!value[0]) {
property_get("persist.adb.tcp.port", value, "");
}
if (sscanf(value, "%d", &port) == 1 && port > 0) {
printf("using port=%d\n", port);
// listen on TCP port specified by service.adb.tcp.port property
local_init(port);
} else if (!usb) {
// listen on default port
local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
}
D("adb_main(): pre init_jdwp()\n");
init_jdwp();
D("adb_main(): post init_jdwp()\n");
#endif
if (is_daemon)
{
// inform our parent that we are up and running.
#ifdef HAVE_WIN32_PROC
DWORD count;
WriteFile( GetStdHandle( STD_OUTPUT_HANDLE ), "OK\n", 3, &count, NULL );
#elif defined(HAVE_FORKEXEC)
fprintf(stderr, "OK\n");
#endif
start_logging();
}
D("Event loop starting\n");
fdevent_loop();
usb_cleanup();
return 0;
}
int selinux_setup(bool *loaded_policy) {
#ifdef HAVE_SELINUX
int enforce = 0;
usec_t before_load, after_load;
security_context_t con;
int r;
union selinux_callback cb;
assert(loaded_policy);
/* Turn off all of SELinux' own logging, we want to do that */
cb.func_log = null_log;
selinux_set_callback(SELINUX_CB_LOG, cb);
/* Already initialized by somebody else? */
r = getcon_raw(&con);
if (r == 0) {
bool initialized;
initialized = !streq(con, "kernel");
freecon(con);
if (initialized)
return 0;
}
/* Make sure we have no fds open while loading the policy and
* transitioning */
log_close();
/* Now load the policy */
before_load = now(CLOCK_MONOTONIC);
r = selinux_init_load_policy(&enforce);
if (r == 0) {
char timespan[FORMAT_TIMESPAN_MAX];
char *label;
retest_selinux();
/* Transition to the new context */
r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
if (r < 0 || label == NULL) {
log_open();
log_error("Failed to compute init label, ignoring.");
} else {
r = setcon(label);
log_open();
if (r < 0)
log_error("Failed to transition into init label '%s', ignoring.", label);
label_free(label);
}
after_load = now(CLOCK_MONOTONIC);
log_info("Successfully loaded SELinux policy in %s.",
format_timespan(timespan, sizeof(timespan), after_load - before_load));
*loaded_policy = true;
} else {
log_open();
if (enforce > 0) {
log_error("Failed to load SELinux policy. Freezing.");
return -EIO;
} else
log_debug("Unable to load SELinux policy. Ignoring.");
}
#endif
return 0;
}
int mac_selinux_setup(bool *loaded_policy) {
#ifdef HAVE_SELINUX
int enforce = 0;
usec_t before_load, after_load;
security_context_t con;
int r;
union selinux_callback cb;
bool initialized = false;
assert(loaded_policy);
/* Turn off all of SELinux' own logging, we want to do that */
cb.func_log = null_log;
selinux_set_callback(SELINUX_CB_LOG, cb);
/* Don't load policy in the initrd if we don't appear to have
* it. For the real root, we check below if we've already
* loaded policy, and return gracefully.
*/
if (in_initrd() && access(selinux_path(), F_OK) < 0)
return 0;
/* Already initialized by somebody else? */
r = getcon_raw(&con);
if (r == 0) {
initialized = !streq(con, "kernel");
freecon(con);
}
/* Make sure we have no fds open while loading the policy and
* transitioning */
log_close();
/* Now load the policy */
before_load = now(CLOCK_MONOTONIC);
r = selinux_init_load_policy(&enforce);
if (r == 0) {
_cleanup_(mac_selinux_freep) char *label = NULL;
char timespan[FORMAT_TIMESPAN_MAX];
mac_selinux_retest();
/* Transition to the new context */
r = mac_selinux_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
if (r < 0 || !label) {
log_open();
log_error("Failed to compute init label, ignoring.");
} else {
r = setcon(label);
log_open();
if (r < 0)
log_error("Failed to transition into init label '%s', ignoring.", label);
}
after_load = now(CLOCK_MONOTONIC);
log_info("Successfully loaded SELinux policy in %s.",
format_timespan(timespan, sizeof(timespan), after_load - before_load, 0));
*loaded_policy = true;
} else {
