From 4667b9946afe8cf3c49513fc82f54eb508946404 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Tue, 2 Apr 2019 11:56:09 -0700 Subject: [PATCH] zygote: initialize selinux app contexts before fork() Initializing before zygote fork() results in only doing this once, which appears to be the original intent of seapp_context_init(). However, since it was indirectly called after fork() it was happening on during every app launch. Bug: 129704390 Test: ps -AZ; verify that apps have correct context Test: with "#define DEBUG 1" in libselinux to verify that selinux_android_seapp_context_reload() is only called once in zygote. Change-Id: Ibd6f0dda065f35def99f39ad9d44829a6b60cdc9 --- core/jni/com_android_internal_os_Zygote.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 70b343624ea97..8dd7e8ea3b90f 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -1634,6 +1634,8 @@ static void com_android_internal_os_Zygote_nativeSecurityInit(JNIEnv*, jclass) { // security_getenforce is not allowed on app process. Initialize and cache // the value before zygote forks. g_is_security_enforced = security_getenforce(); + + selinux_android_seapp_context_init(); } static void com_android_internal_os_Zygote_nativePreApplicationInit(JNIEnv*, jclass) {