Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

zygote: initialize selinux app contexts before fork()

Browse Source 
Initializing before zygote fork() results in only doing this once,
which appears to be the original intent of seapp_context_init().
However, since it was indirectly called after fork() it was
happening on during every app launch.

Bug: 129704390
Test: ps -AZ; verify that apps have correct context
Test: with "#define DEBUG 1" in libselinux to verify that
selinux_android_seapp_context_reload() is only called once
in zygote.

Change-Id: Ibd6f0dda065f35def99f39ad9d44829a6b60cdc9
This commit is contained in:
Jeff Vander Stoep
2019-04-02 11:56:09 -07:00
parent e465eb1be5
commit 4667b9946a
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/jni/com_android_internal_os_Zygote.cpp
View File

@@ -1634,6 +1634,8 @@ static void com_android_internal_os_Zygote_nativeSecurityInit(JNIEnv*, jclass) {
// security_getenforce is not allowed on app process. Initialize and cache
// the value before zygote forks.
g_is_security_enforced = security_getenforce();
selinux_android_seapp_context_init();
}
static void com_android_internal_os_Zygote_nativePreApplicationInit(JNIEnv*, jclass) {