Revert "Make transition to "postinstall" domain explicit."
This reverts commit 20e3960e245f6dfa57fa5c9124b0fd33e679f723.
Bug: 28008031
Change-Id: If5fcb949dee91779bea465793ec2b333d27a704e
diff --git a/Android.mk b/Android.mk
index 633baa2..afb14a6 100644
--- a/Android.mk
+++ b/Android.mk
@@ -149,7 +149,6 @@
ue_libpayload_consumer_exported_shared_libraries := \
libcrypto-host \
libcurl-host \
- libselinux \
libssl-host \
$(ue_update_metadata_protos_exported_shared_libraries)
diff --git a/common/subprocess.cc b/common/subprocess.cc
index 9473f10..9738b1d 100644
--- a/common/subprocess.cc
+++ b/common/subprocess.cc
@@ -32,9 +32,6 @@
#include <base/strings/stringprintf.h>
#include <brillo/process.h>
#include <brillo/secure_blob.h>
-#ifdef __ANDROID__
-#include <selinux/selinux.h>
-#endif // __ANDROID__
#include "update_engine/common/utils.h"
@@ -47,9 +44,7 @@
namespace {
-bool SetupChild(const std::map<string, string>& env,
- uint32_t flags,
- const char* se_domain) {
+bool SetupChild(const std::map<string, string>& env, uint32_t flags) {
// Setup the environment variables.
clearenv();
for (const auto& key_value : env) {
@@ -68,15 +63,6 @@
return false;
IGNORE_EINTR(close(fd));
-#ifdef __ANDROID__
- // setexeccon(3) accepts a nullptr to indicate the default context policy.
- if (setexeccon(se_domain) < 0) {
- PLOG(ERROR) << "Error setting the SELinux domain to "
- << (se_domain ? se_domain : "<nullptr>");
- return false;
- }
-#endif // __ANDROID__
-
return true;
}
@@ -88,7 +74,6 @@
bool LaunchProcess(const vector<string>& cmd,
uint32_t flags,
const vector<int>& output_pipes,
- const char* se_domain,
brillo::Process* proc) {
for (const string& arg : cmd)
proc->AddArg(arg);
@@ -107,7 +92,7 @@
}
proc->SetCloseUnusedFileDescriptors(true);
proc->RedirectUsingPipe(STDOUT_FILENO, false);
- proc->SetPreExecCallback(base::Bind(&SetupChild, env, flags, se_domain));
+ proc->SetPreExecCallback(base::Bind(&SetupChild, env, flags));
return proc->Start();
}
@@ -185,17 +170,16 @@
pid_t Subprocess::Exec(const vector<string>& cmd,
const ExecCallback& callback) {
- return ExecFlags(cmd, kRedirectStderrToStdout, {}, nullptr, callback);
+ return ExecFlags(cmd, kRedirectStderrToStdout, {}, callback);
}
pid_t Subprocess::ExecFlags(const vector<string>& cmd,
uint32_t flags,
const vector<int>& output_pipes,
- const char* se_domain,
const ExecCallback& callback) {
unique_ptr<SubprocessRecord> record(new SubprocessRecord(callback));
- if (!LaunchProcess(cmd, flags, output_pipes, se_domain, &record->proc)) {
+ if (!LaunchProcess(cmd, flags, output_pipes, &record->proc)) {
LOG(ERROR) << "Failed to launch subprocess";
return 0;
}
@@ -264,7 +248,7 @@
// It doesn't make sense to redirect some pipes in the synchronous case
// because we won't be reading on our end, so we don't expose the output_pipes
// in this case.
- if (!LaunchProcess(cmd, flags, {}, nullptr, &proc)) {
+ if (!LaunchProcess(cmd, flags, {}, &proc)) {
LOG(ERROR) << "Failed to launch subprocess";
return false;
}
diff --git a/common/subprocess.h b/common/subprocess.h
index 6c99c8d..b655fb7 100644
--- a/common/subprocess.h
+++ b/common/subprocess.h
@@ -73,7 +73,6 @@
pid_t ExecFlags(const std::vector<std::string>& cmd,
uint32_t flags,
const std::vector<int>& output_pipes,
- const char* se_domain,
const ExecCallback& callback);
// Kills the running process with SIGTERM and ignores the callback.
diff --git a/common/subprocess_unittest.cc b/common/subprocess_unittest.cc
index d5e33bb..5ca44e8 100644
--- a/common/subprocess_unittest.cc
+++ b/common/subprocess_unittest.cc
@@ -148,7 +148,6 @@
{kBinPath "/sh", "-c", "echo on stdout; echo on stderr >&2"},
0,
{},
- nullptr,
base::Bind(&ExpectedResults, 0, "on stdout\n")));
loop_.Run();
}
@@ -159,7 +158,6 @@
{kBinPath "/sh", "-c", "echo on pipe >&3"},
0,
{3},
- nullptr,
base::Bind(&ExpectedDataOnPipe, &subprocess_, &pid, 3, "on pipe\n", 0));
EXPECT_NE(0, pid);
@@ -176,7 +174,10 @@
const vector<string> cmd = {kBinPath "/sh", "-c",
base::StringPrintf("echo on pipe >/proc/self/fd/%d", pipe.writer)};
EXPECT_TRUE(subprocess_.ExecFlags(
- cmd, 0, {}, nullptr, base::Bind(&ExpectedResults, 1, "")));
+ cmd,
+ 0,
+ {},
+ base::Bind(&ExpectedResults, 1, "")));
loop_.Run();
}
diff --git a/p2p_manager.cc b/p2p_manager.cc
index bcfe156..127e5ff 100644
--- a/p2p_manager.cc
+++ b/p2p_manager.cc
@@ -396,10 +396,7 @@
// We expect to run just "p2p-client" and find it in the path.
child_pid_ = Subprocess::Get().ExecFlags(
- cmd,
- Subprocess::kSearchPath,
- {},
- nullptr,
+ cmd, Subprocess::kSearchPath, {},
Bind(&LookupData::OnLookupDone, base::Unretained(this)));
if (!child_pid_) {
diff --git a/payload_consumer/postinstall_runner_action.cc b/payload_consumer/postinstall_runner_action.cc
index dc4af71..db1ec3c 100644
--- a/payload_consumer/postinstall_runner_action.cc
+++ b/payload_consumer/postinstall_runner_action.cc
@@ -43,9 +43,6 @@
// sample_images.sh file.
const int kPostinstallStatusFd = 3;
-// The SELinux domain where the postinstall program runs.
-const char* kPostinstallDomain = "postinstall";
-
} // namespace
namespace chromeos_update_engine {
@@ -170,7 +167,6 @@
command,
Subprocess::kRedirectStderrToStdout,
{kPostinstallStatusFd},
- kPostinstallDomain,
base::Bind(&PostinstallRunnerAction::CompletePartitionPostinstall,
base::Unretained(this)));
// Subprocess::Exec should never return a negative process id.