commit 109c28d570e1259c3d58e711826f8f22afc9e2f4
author Alex Deymo <deymo@google.com> Tue Apr 05 23:00:52 2016 +0000
committer Alex Deymo <deymo@google.com> Tue Apr 05 23:01:20 2016 +0000
tree 323b0577ca6767d0e39fec74067bb2f32d5d1ea1
parent 20e3960e245f6dfa57fa5c9124b0fd33e679f723

Revert "Make transition to "postinstall" domain explicit."

This reverts commit 20e3960e245f6dfa57fa5c9124b0fd33e679f723.

Bug: 28008031

Change-Id: If5fcb949dee91779bea465793ec2b333d27a704e

common/subprocess.cc

diff --git a/common/subprocess.cc b/common/subprocess.cc
index 9473f10..9738b1d 100644
--- a/common/subprocess.cc
+++ b/common/subprocess.cc
@@ -32,9 +32,6 @@
 #include <base/strings/stringprintf.h>
 #include <brillo/process.h>
 #include <brillo/secure_blob.h>
-#ifdef __ANDROID__
-#include <selinux/selinux.h>
-#endif  // __ANDROID__
 
 #include "update_engine/common/utils.h"
 
@@ -47,9 +44,7 @@
 
 namespace {
 
-bool SetupChild(const std::map<string, string>& env,
-                uint32_t flags,
-                const char* se_domain) {
+bool SetupChild(const std::map<string, string>& env, uint32_t flags) {
   // Setup the environment variables.
   clearenv();
   for (const auto& key_value : env) {
@@ -68,15 +63,6 @@
     return false;
   IGNORE_EINTR(close(fd));
 
-#ifdef __ANDROID__
-  // setexeccon(3) accepts a nullptr to indicate the default context policy.
-  if (setexeccon(se_domain) < 0) {
-    PLOG(ERROR) << "Error setting the SELinux domain to "
-                << (se_domain ? se_domain : "<nullptr>");
-    return false;
-  }
-#endif  // __ANDROID__
-
   return true;
 }
 
@@ -88,7 +74,6 @@
 bool LaunchProcess(const vector<string>& cmd,
                    uint32_t flags,
                    const vector<int>& output_pipes,
-                   const char* se_domain,
                    brillo::Process* proc) {
   for (const string& arg : cmd)
     proc->AddArg(arg);
@@ -107,7 +92,7 @@
   }
   proc->SetCloseUnusedFileDescriptors(true);
   proc->RedirectUsingPipe(STDOUT_FILENO, false);
-  proc->SetPreExecCallback(base::Bind(&SetupChild, env, flags, se_domain));
+  proc->SetPreExecCallback(base::Bind(&SetupChild, env, flags));
 
   return proc->Start();
 }
@@ -185,17 +170,16 @@
 
 pid_t Subprocess::Exec(const vector<string>& cmd,
                        const ExecCallback& callback) {
-  return ExecFlags(cmd, kRedirectStderrToStdout, {}, nullptr, callback);
+  return ExecFlags(cmd, kRedirectStderrToStdout, {}, callback);
 }
 
 pid_t Subprocess::ExecFlags(const vector<string>& cmd,
                             uint32_t flags,
                             const vector<int>& output_pipes,
-                            const char* se_domain,
                             const ExecCallback& callback) {
   unique_ptr<SubprocessRecord> record(new SubprocessRecord(callback));
 
-  if (!LaunchProcess(cmd, flags, output_pipes, se_domain, &record->proc)) {
+  if (!LaunchProcess(cmd, flags, output_pipes, &record->proc)) {
     LOG(ERROR) << "Failed to launch subprocess";
     return 0;
   }
@@ -264,7 +248,7 @@
   // It doesn't make sense to redirect some pipes in the synchronous case
   // because we won't be reading on our end, so we don't expose the output_pipes
   // in this case.
-  if (!LaunchProcess(cmd, flags, {}, nullptr, &proc)) {
+  if (!LaunchProcess(cmd, flags, {}, &proc)) {
     LOG(ERROR) << "Failed to launch subprocess";
     return false;
   }