int selinux_raw_to_trans_context(const security_context_t raw, security_context_t * transp) { if (!raw) { *transp = NULL; return 0; } __selinux_once(once, init_context_translations); if (!mls_enabled) { *transp = strdup(raw); goto out; } if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) { *transp = strdup(prev_r2t_trans); } else { free(prev_r2t_raw); prev_r2t_raw = NULL; free(prev_r2t_trans); prev_r2t_trans = NULL; if (raw_to_trans_context(raw, transp)) *transp = strdup(raw); if (*transp) { prev_r2t_raw = strdup(raw); if (!prev_r2t_raw) goto out; prev_r2t_trans = strdup(*transp); if (!prev_r2t_trans) { free(prev_r2t_raw); prev_r2t_raw = NULL; } } } out: return *transp ? 0 : -1; }
int selinux_trans_to_raw_context(const security_context_t trans, security_context_t * rawp) { if (!trans) { *rawp = NULL; return 0; } __selinux_once(once, init_context_translations); if (!mls_enabled) { *rawp = strdup(trans); goto out; } if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) { *rawp = strdup(prev_t2r_raw); } else { free(prev_t2r_trans); prev_t2r_trans = NULL; free(prev_t2r_raw); prev_t2r_raw = NULL; if (trans_to_raw_context(trans, rawp)) *rawp = strdup(trans); if (*rawp) { prev_t2r_trans = strdup(trans); if (!prev_t2r_trans) goto out; prev_t2r_raw = strdup(*rawp); if (!prev_t2r_raw) { free(prev_t2r_trans); prev_t2r_trans = NULL; } } } out: return *rawp ? 0 : -1; }
static int seapp_context_lookup(enum seapp_kind kind, uid_t uid, int isSystemServer, const char *seinfo, const char *pkgname, const char *path, context_t ctx) { const char *username = NULL; struct seapp_context *cur = NULL; int i; size_t n; uid_t userid; uid_t appid; __selinux_once(once, seapp_context_init); userid = uid / AID_USER; appid = uid % AID_USER; if (appid < AID_APP) { for (n = 0; n < android_id_count; n++) { if (android_ids[n].aid == appid) { username = android_ids[n].name; break; } } if (!username) goto err; } else if (appid < AID_ISOLATED_START) { username = "******"; appid -= AID_APP; } else { username = "******"; appid -= AID_ISOLATED_START; } if (appid >= CAT_MAPPING_MAX_ID || userid >= CAT_MAPPING_MAX_ID) goto err; for (i = 0; i < nspec; i++) { cur = seapp_contexts[i]; if (cur->isSystemServer != isSystemServer) continue; if (cur->user.str) { if (cur->user.is_prefix) { if (strncasecmp(username, cur->user.str, cur->user.len-1)) continue; } else { if (strcasecmp(username, cur->user.str)) continue; } } if (cur->seinfo) { if (!seinfo || strcasecmp(seinfo, cur->seinfo)) continue; } if (cur->name.str) { if(!pkgname) continue; if (cur->name.is_prefix) { if (strncasecmp(pkgname, cur->name.str, cur->name.len-1)) continue; } else { if (strcasecmp(pkgname, cur->name.str)) continue; } } if (cur->path.str) { if (!path) continue; if (cur->path.is_prefix) { if (strncmp(path, cur->path.str, cur->path.len-1)) continue; } else { if (strcmp(path, cur->path.str)) continue; } } if (kind == SEAPP_TYPE && !cur->type) continue; else if (kind == SEAPP_DOMAIN && !cur->domain) continue; if (cur->sebool) { int value = security_get_boolean_active(cur->sebool); if (value == 0) continue; else if (value == -1) { selinux_log(SELINUX_ERROR, \ "Could not find boolean: %s ", cur->sebool); goto err; } } if (kind == SEAPP_TYPE) { if (context_type_set(ctx, cur->type)) goto oom; } else if (kind == SEAPP_DOMAIN) { if (context_type_set(ctx, cur->domain)) goto oom; } if (cur->levelFrom != LEVELFROM_NONE) { char level[255]; switch (cur->levelFrom) { case LEVELFROM_APP: snprintf(level, sizeof level, "s0:c%u,c%u", appid & 0xff, 256 + (appid>>8 & 0xff)); break; case LEVELFROM_USER: snprintf(level, sizeof level, "s0:c%u,c%u", 512 + (userid & 0xff), 768 + (userid>>8 & 0xff)); break; case LEVELFROM_ALL: snprintf(level, sizeof level, "s0:c%u,c%u,c%u,c%u", appid & 0xff, 256 + (appid>>8 & 0xff), 512 + (userid & 0xff), 768 + (userid>>8 & 0xff)); break; default: goto err; } if (context_range_set(ctx, level)) goto oom; } else if (cur->level) {