diff options
| author | 2019-04-02 11:56:09 -0700 | |
|---|---|---|
| committer | 2019-04-02 13:55:33 -0700 | |
| commit | 4667b9946afe8cf3c49513fc82f54eb508946404 (patch) | |
| tree | bfafd6315b39fabbc52479f416a3b49d64b28ffe | |
| parent | e465eb1be5748a3bd577ec578512d56894571de0 (diff) | |
zygote: initialize selinux app contexts before fork()
Initializing before zygote fork() results in only doing this once,
which appears to be the original intent of seapp_context_init().
However, since it was indirectly called after fork() it was
happening on during every app launch.
Bug: 129704390
Test: ps -AZ; verify that apps have correct context
Test: with "#define DEBUG 1" in libselinux to verify that
selinux_android_seapp_context_reload() is only called once
in zygote.
Change-Id: Ibd6f0dda065f35def99f39ad9d44829a6b60cdc9
| -rw-r--r-- | core/jni/com_android_internal_os_Zygote.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 70b343624ea9..8dd7e8ea3b90 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -1634,6 +1634,8 @@ static void com_android_internal_os_Zygote_nativeSecurityInit(JNIEnv*, jclass) { // security_getenforce is not allowed on app process. Initialize and cache // the value before zygote forks. g_is_security_enforced = security_getenforce(); + + selinux_android_seapp_context_init(); } static void com_android_internal_os_Zygote_nativePreApplicationInit(JNIEnv*, jclass) { |