Commit Graph

17 Commits

Author SHA1 Message Date
Stephen Smalley
bea0746b24 Call selinux_status_open() prior to use of selinux_status_updated().
The selinux_status_*() interfaces require calling selinux_status_open()
first.  Since this was not being called by servicemanager, the
selinux_status_updated() call was always failing and servicemanager
was not reloading service_contexts upon a policy reload.

Change-Id: I6ac62e114bbca99c5f0999feb918fcde15009274
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-06-03 09:27:08 -04:00
Elliott Hughes
0b41ad5d6e Remove useless 'svcmgr_handle' (which had wrong type).
Also use the 'ptr' union member rather than 'handle'.

Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
Change-Id: I68e5336cd3af3bc61dbddd2b33d7e1512c0c329c
2015-04-03 22:46:56 -07:00
Mark Salyzyn
13df5f5f8f servicemanager: service_manager missing include for string.h
service_manager.c gets string.h inherited from
private/android_filesystem_config.h it should
not rely on this in the future. The intent is
to move fs_config function into libcutils and
thus deprecate any need for string.h in this
include file.

Bug: 19908228
Change-Id: Icc95ee02bf02c596463868b1330d209d1bd5c58a
2015-04-01 11:11:11 -07:00
Nick Kralevich
b27bbd18bb service_manager: reorder permission checks for find
Reorder the find permission checks. This avoids generating misleading
SELinux denials when a service doesn't exist, or when a service is
prohibited to isolated apps.

The original reason for structuring the code this way is explained
in https://android-review.googlesource.com/#/c/100530/4/cmds/servicemanager/service_manager.c@172
The concern at the time was to avoid leaking a situation where
a caller could probe for the existance of a service. This turns out
to be unnecessary. The same return value is used for both a
permission denied and a service not found. The only side effect
is the generation of an SELinux audit log, which likely won't be
accessible to the calling application.

Change-Id: I9760e1821ed16102fa5f9bec07f8c34944565be9
2015-03-05 10:58:40 -08:00
Riley Spahn
c67e6307ca Add MAC for remaining service_manager functionality.
Add SELinux MAC for the list and find functionality
to service_manager. By default the list action uses
the service_manager_type attribute as its target
object.

Change-Id: I7630f21a9f3232ae3d6d8b9a1119230b40899aef
2014-07-14 12:35:23 -07:00
Nick Kralevich
7d42a3c31b service_manager: check binder passed lengths
1) Pass length through to str8 function.
2) Fix implicit function definition warning.
3) Check for NULL from bio_get_string16 functions.

Bug: 15886919
Bug: 15888753
Change-Id: I78a401d55b84f382ab83911be32b8d501998aa82
2014-07-12 16:34:01 -07:00
Riley Spahn
1244edcb85 Remove inline access control in service_manager.
Remove the hardcoded tuples of UIDs and the services that
each is allowed to register. We will rely only on permissions
from SELinux.

Change-Id: I1c44555a6e274814282398865b30ee938f40dabb
2014-06-26 15:48:21 -07:00
Riley Spahn
69154df9ef Add SELinux checks when adding a service.
Add a MAC check to the svc_can_register function in
service_manager. The types are defined in
external/sepolicy/service.te and the mapping from service
names is defined in external/sepolicy/service_contexts.
Currently uses the property context backend to parse the
contexts file.

Bug: 12909011
Change-Id: I5d90a614263c60571c7c70c2882e6fa929911ca5
2014-06-12 20:46:24 +00:00
Arve Hjønnevåg
e5245cbf5d ServiceManager: Implement PING_TRANSACTION
Stop printing "invalid id " to stderr every time a process tries to
connect to the servicemanager.

Change-Id: Ib0e5a0375bfa2dec2c2f9cd668bd5dda46ed6588
2014-01-31 17:22:30 -08:00
Serban Constantinescu
3a345f0df5 ServiceManager: Fix the binder interface
This patch adds support for binder transactions on 64bit systems
without breaking the existing 32bit ABI. It has been tested on
the Android emulator and ARMv8 Model.

Most of the changes in this patch just follow the binder ABI.

Change-Id: I8c37b847ea65008d56554d34d4696fe3d22f7533
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
2014-01-31 10:49:34 +00:00
Serban Constantinescu
5fb1b8836a ServiceManager: Store handles in uint32_t instead of void *
This patch corrects the types used for storing handles.

Change-Id: If9c10782345f1de9e12b4b3fd6be9e02e6b568cd
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
2014-01-31 10:49:30 +00:00
Serban Constantinescu
9b738bb411 ServiceManager: Generic Fixes
This patch fixes some of the ServiceManager issues. The following patches
of the series add fixes to the ABI.

Change-Id: Ib479234c8704e12592f1b149ddec67881bc50230
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
2014-01-31 10:49:25 +00:00
Serban Constantinescu
a44542ca74 ServiceManager: Add extra error handling
This patch extends the error handling. It also adds a check for a matching
binder version - kernel/userspace.

Change-Id: I43a262934b38c5711536aaa42754fed1ef04b39e
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
2014-01-31 10:49:20 +00:00
Serban Constantinescu
bcf38880c6 ServiceManager: Make use of kernel exported structures
This patch switches ServiceManager to use the structures exported in the
kernel headers rather then redefining its own.

struct binder_txn is replaced with struct binder_transaction_data and struct
binder_object with struct flat_binder_object, both defined in the binder driver
header <linux/binder.h>.

Change-Id: I3b3e97918173ea35a289e184774ae06193192da3
Signed-off-by: Serban Constantinescu <serban.constantinescu@arm.com>
2014-01-31 10:20:49 +00:00
Glenn Kasten
64c8be0787 Add media.log service
Change-Id: Ic17752fff30676fe692c80260ff68284543385dd
2013-01-16 12:07:03 -08:00
Kenny Root
244408786c Switch keystore to binder
Change-Id: Ie15781de079e8ecc9616cab9a5e392f5c814d9d8
2012-11-14 15:42:38 -08:00
Mike Lockwood
94afecf4b6 Move non-Java commands over from frameworks/base
Change-Id: I0571813c1cfcf66abd36eb9f178fc49b618e88a6
Signed-off-by: Mike Lockwood <lockwood@google.com>
2012-10-24 10:45:23 -07:00