Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / a9fe474392e0d45e06c4995df66e6bb6be6264fe^! / . / cmds / servicemanager / Access.cpp
commita9fe474392e0d45e06c4995df66e6bb6be6264fe[log] [tgz]
authorSteven Moreland <smoreland@google.com>Thu Jul 18 14:45:20 2019 -0700
committerSteven Moreland <smoreland@google.com>Thu Jul 18 14:45:20 2019 -0700
tree8246b9ed9253f81a1ea1b98aff69c7ad2d83e39f
parent8f4c72d3dec2a2c66b4fb842e9e68f6cdf5e951e [diff] [blame]
CallingContext doesn't have a name in it.

This makes checking multiple things in the policy painful (which we may
need to do in the future). Also, it makes the APIs around listing
services somewhat bad.

Bug: 135768100
Test: servicemanager_test
Change-Id: I29cac39f6b63934740aa07a192e06b74ce8580ed

diff --git a/cmds/servicemanager/Access.cpp b/cmds/servicemanager/Access.cpp
index f4005c4..d936dbe 100644
--- a/cmds/servicemanager/Access.cpp
+++ b/cmds/servicemanager/Access.cpp

@@ -69,7 +69,7 @@
         return 0;
     }
 
-    snprintf(buf, len, "service=%s pid=%d uid=%d", ad->name.c_str(), ad->debugPid, ad->uid);
+    snprintf(buf, len, "pid=%d uid=%d", ad->debugPid, ad->uid);
     return 0;
 }
 
@@ -91,7 +91,7 @@
     freecon(mThisProcessContext);
 }
 
-Access::CallingContext Access::getCallingContext(const std::string& name) {
+Access::CallingContext Access::getCallingContext() {
     IPCThreadState* ipc = IPCThreadState::self();
 
     const char* callingSid = ipc->getCallingSid();
@@ -101,21 +101,18 @@
         .debugPid = callingPid,
         .uid = ipc->getCallingUid(),
         .sid = callingSid ? std::string(callingSid) : getPidcon(callingPid),
-        .name = name,
     };
 }
 
-bool Access::canFind(const CallingContext& ctx) {
-    return actionAllowedFromLookup(ctx, "find");
+bool Access::canFind(const CallingContext& ctx,const std::string& name) {
+    return actionAllowedFromLookup(ctx, name, "find");
 }
 
-bool Access::canAdd(const CallingContext& ctx) {
-    return actionAllowedFromLookup(ctx, "add");
+bool Access::canAdd(const CallingContext& ctx, const std::string& name) {
+    return actionAllowedFromLookup(ctx, name, "add");
 }
 
 bool Access::canList(const CallingContext& ctx) {
-    CHECK(ctx.name == "");
-
     return actionAllowed(ctx, mThisProcessContext, "list");
 }
 
@@ -125,10 +122,10 @@
     return 0 == selinux_check_access(sctx.sid.c_str(), tctx, tclass, perm, reinterpret_cast<void*>(const_cast<CallingContext*>((&sctx))));
 }
 
-bool Access::actionAllowedFromLookup(const CallingContext& sctx, const char *perm) {
+bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm) {
     char *tctx = nullptr;
-    if (selabel_lookup(getSehandle(), &tctx, sctx.name.c_str(), 0) != 0) {
-        LOG(ERROR) << "SELinux: No match for " << sctx.name << " in service_contexts.\n";
+    if (selabel_lookup(getSehandle(), &tctx, name.c_str(), 0) != 0) {
+        LOG(ERROR) << "SELinux: No match for " << name << " in service_contexts.\n";
         return false;
     }