int selinux_raw_to_trans_context(const security_context_t raw,
security_context_t * transp)
{
if (!raw) {
*transp = NULL;
return 0;
}
__selinux_once(once, init_context_translations);
if (!mls_enabled) {
*transp = strdup(raw);
goto out;
}
if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) {
*transp = strdup(prev_r2t_trans);
} else {
free(prev_r2t_raw);
prev_r2t_raw = NULL;
free(prev_r2t_trans);
prev_r2t_trans = NULL;
if (raw_to_trans_context(raw, transp))
*transp = strdup(raw);
if (*transp) {
prev_r2t_raw = strdup(raw);
if (!prev_r2t_raw)
goto out;
prev_r2t_trans = strdup(*transp);
if (!prev_r2t_trans) {
free(prev_r2t_raw);
prev_r2t_raw = NULL;
}
}
}
out:
return *transp ? 0 : -1;
}
int selinux_trans_to_raw_context(const security_context_t trans,
security_context_t * rawp)
{
if (!trans) {
*rawp = NULL;
return 0;
}
__selinux_once(once, init_context_translations);
if (!mls_enabled) {
*rawp = strdup(trans);
goto out;
}
if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) {
*rawp = strdup(prev_t2r_raw);
} else {
free(prev_t2r_trans);
prev_t2r_trans = NULL;
free(prev_t2r_raw);
prev_t2r_raw = NULL;
if (trans_to_raw_context(trans, rawp))
*rawp = strdup(trans);
if (*rawp) {
prev_t2r_trans = strdup(trans);
if (!prev_t2r_trans)
goto out;
prev_t2r_raw = strdup(*rawp);
if (!prev_t2r_raw) {
free(prev_t2r_trans);
prev_t2r_trans = NULL;
}
}
}
out:
return *rawp ? 0 : -1;
}
static int seapp_context_lookup(enum seapp_kind kind,
uid_t uid,
int isSystemServer,
const char *seinfo,
const char *pkgname,
const char *path,
context_t ctx)
{
const char *username = NULL;
struct seapp_context *cur = NULL;
int i;
size_t n;
uid_t userid;
uid_t appid;
__selinux_once(once, seapp_context_init);
userid = uid / AID_USER;
appid = uid % AID_USER;
if (appid < AID_APP) {
for (n = 0; n < android_id_count; n++) {
if (android_ids[n].aid == appid) {
username = android_ids[n].name;
break;
}
}
if (!username)
goto err;
} else if (appid < AID_ISOLATED_START) {
username = "******";
appid -= AID_APP;
} else {
username = "******";
appid -= AID_ISOLATED_START;
}
if (appid >= CAT_MAPPING_MAX_ID || userid >= CAT_MAPPING_MAX_ID)
goto err;
for (i = 0; i < nspec; i++) {
cur = seapp_contexts[i];
if (cur->isSystemServer != isSystemServer)
continue;
if (cur->user.str) {
if (cur->user.is_prefix) {
if (strncasecmp(username, cur->user.str, cur->user.len-1))
continue;
} else {
if (strcasecmp(username, cur->user.str))
continue;
}
}
if (cur->seinfo) {
if (!seinfo || strcasecmp(seinfo, cur->seinfo))
continue;
}
if (cur->name.str) {
if(!pkgname)
continue;
if (cur->name.is_prefix) {
if (strncasecmp(pkgname, cur->name.str, cur->name.len-1))
continue;
} else {
if (strcasecmp(pkgname, cur->name.str))
continue;
}
}
if (cur->path.str) {
if (!path)
continue;
if (cur->path.is_prefix) {
if (strncmp(path, cur->path.str, cur->path.len-1))
continue;
} else {
if (strcmp(path, cur->path.str))
continue;
}
}
if (kind == SEAPP_TYPE && !cur->type)
continue;
else if (kind == SEAPP_DOMAIN && !cur->domain)
continue;
if (cur->sebool) {
int value = security_get_boolean_active(cur->sebool);
if (value == 0)
continue;
else if (value == -1) {
selinux_log(SELINUX_ERROR, \
"Could not find boolean: %s ", cur->sebool);
goto err;
}
}
if (kind == SEAPP_TYPE) {
if (context_type_set(ctx, cur->type))
goto oom;
} else if (kind == SEAPP_DOMAIN) {
if (context_type_set(ctx, cur->domain))
goto oom;
}
if (cur->levelFrom != LEVELFROM_NONE) {
char level[255];
switch (cur->levelFrom) {
case LEVELFROM_APP:
snprintf(level, sizeof level, "s0:c%u,c%u",
appid & 0xff,
256 + (appid>>8 & 0xff));
break;
case LEVELFROM_USER:
snprintf(level, sizeof level, "s0:c%u,c%u",
512 + (userid & 0xff),
768 + (userid>>8 & 0xff));
break;
case LEVELFROM_ALL:
snprintf(level, sizeof level, "s0:c%u,c%u,c%u,c%u",
appid & 0xff,
256 + (appid>>8 & 0xff),
512 + (userid & 0xff),
768 + (userid>>8 & 0xff));
break;
default:
goto err;
}
if (context_range_set(ctx, level))
goto oom;
} else if (cur->level) {
