Commits

Stephen Smalley committed 7c58267

run-as: set the SELinux security context.

Before invoking the specified command or a shell, set the
SELinux security context.

Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Comments (0)

Files changed (2)

run-as/Android.mk

 
 LOCAL_SRC_FILES:= run-as.c package.c
 
+LOCAL_SHARED_LIBRARIES := libselinux
+
 LOCAL_MODULE:= run-as
 
 include $(BUILD_EXECUTABLE)
 #include <time.h>
 #include <stdarg.h>
 
+#include <selinux/android.h>
 #include <private/android_filesystem_config.h>
 #include "package.h"
 
         return 1;
     }
 
+    if (selinux_android_setcontext(uid, 0, NULL, pkgname) < 0) {
+        panic("Could not set SELinux security context:  %s\n", strerror(errno));
+        return 1;
+    }
+
     /* User specified command for exec. */
     if (argc >= 3 ) {
         if (execvp(argv[2], argv+2) < 0) {