From 6ea2698df4fd9247994d5a1c04c9d5940da2ff79 Mon Sep 17 00:00:00 2001 From: Tri Vo Date: Fri, 4 Oct 2019 12:34:53 -0700 Subject: servicemanager: lookup service labels using "service" backend Type 0 actually corresponds file_contexts backend. Use type SELABEL_CTX_ANDROID_SERVICE instead. https://android.googlesource.com/platform/external/libselinux/+/d4828b3ba449355aa2d1751026e5f1d1129cedcf/include/selinux/label.h#27 Test: boot cuttlefish; no denials to any service Change-Id: I1c33c31ecbd46168998606c3463837a9c6f39f3a --- cmds/servicemanager/Access.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmds') diff --git a/cmds/servicemanager/Access.cpp b/cmds/servicemanager/Access.cpp index 606477fee7..b7e520f2f1 100644 --- a/cmds/servicemanager/Access.cpp +++ b/cmds/servicemanager/Access.cpp @@ -137,7 +137,7 @@ bool Access::actionAllowed(const CallingContext& sctx, const char* tctx, const c bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm) { char *tctx = nullptr; - if (selabel_lookup(getSehandle(), &tctx, name.c_str(), 0) != 0) { + if (selabel_lookup(getSehandle(), &tctx, name.c_str(), SELABEL_CTX_ANDROID_SERVICE) != 0) { LOG(ERROR) << "SELinux: No match for " << name << " in service_contexts.\n"; return false; } -- cgit v1.2.3-59-g8ed1b