summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--libs/vr/libpdx_uds/Android.bp3
-rw-r--r--libs/vr/libpdx_uds/service_endpoint.cpp33
-rw-r--r--services/surfaceflinger/surfaceflinger.rc6
-rw-r--r--services/vr/bufferhubd/bufferhubd.rc2
-rw-r--r--services/vr/performanced/performanced.rc2
5 files changed, 41 insertions, 5 deletions
diff --git a/libs/vr/libpdx_uds/Android.bp b/libs/vr/libpdx_uds/Android.bp
index cfc202222..82a5ea752 100644
--- a/libs/vr/libpdx_uds/Android.bp
+++ b/libs/vr/libpdx_uds/Android.bp
@@ -24,6 +24,9 @@ cc_library_static {
24 "libbase", 24 "libbase",
25 "libpdx", 25 "libpdx",
26 ], 26 ],
27 whole_static_libs: [
28 "libselinux",
29 ],
27} 30}
28 31
29cc_test { 32cc_test {
diff --git a/libs/vr/libpdx_uds/service_endpoint.cpp b/libs/vr/libpdx_uds/service_endpoint.cpp
index d96eeff23..27a56f9fe 100644
--- a/libs/vr/libpdx_uds/service_endpoint.cpp
+++ b/libs/vr/libpdx_uds/service_endpoint.cpp
@@ -11,6 +11,7 @@
11#include <android-base/strings.h> 11#include <android-base/strings.h>
12#include <cutils/sockets.h> 12#include <cutils/sockets.h>
13#include <pdx/service.h> 13#include <pdx/service.h>
14#include <selinux/selinux.h>
14#include <uds/channel_manager.h> 15#include <uds/channel_manager.h>
15#include <uds/client_channel_factory.h> 16#include <uds/client_channel_factory.h>
16#include <uds/ipc_helper.h> 17#include <uds/ipc_helper.h>
@@ -364,6 +365,36 @@ Status<void> Endpoint::ModifyChannelEvents(int channel_id, int clear_mask,
364Status<void> Endpoint::CreateChannelSocketPair(LocalHandle* local_socket, 365Status<void> Endpoint::CreateChannelSocketPair(LocalHandle* local_socket,
365 LocalHandle* remote_socket) { 366 LocalHandle* remote_socket) {
366 Status<void> status; 367 Status<void> status;
368 char* endpoint_context = nullptr;
369 // Make sure the channel socket has the correct SELinux label applied.
370 // Here we get the label from the endpoint file descriptor, which should be
371 // something like "u:object_r:pdx_service_endpoint_socket:s0" and replace
372 // "endpoint" with "channel" to produce the channel label such as this:
373 // "u:object_r:pdx_service_channel_socket:s0".
374 if (fgetfilecon_raw(socket_fd_.Get(), &endpoint_context) > 0) {
375 std::string channel_context = endpoint_context;
376 freecon(endpoint_context);
377 const std::string suffix = "_endpoint_socket";
378 auto pos = channel_context.find(suffix);
379 if (pos != std::string::npos) {
380 channel_context.replace(pos, suffix.size(), "_channel_socket");
381 } else {
382 ALOGW(
383 "Endpoint::CreateChannelSocketPair: Endpoint security context '%s' "
384 "does not contain expected substring '%s'",
385 channel_context.c_str(), suffix.c_str());
386 }
387 ALOGE_IF(setsockcreatecon_raw(channel_context.c_str()) == -1,
388 "Endpoint::CreateChannelSocketPair: Failed to set channel socket "
389 "security context: %s",
390 strerror(errno));
391 } else {
392 ALOGE(
393 "Endpoint::CreateChannelSocketPair: Failed to obtain the endpoint "
394 "socket's security context: %s",
395 strerror(errno));
396 }
397
367 int channel_pair[2] = {}; 398 int channel_pair[2] = {};
368 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, channel_pair) == -1) { 399 if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, channel_pair) == -1) {
369 ALOGE("Endpoint::CreateChannelSocketPair: Failed to create socket pair: %s", 400 ALOGE("Endpoint::CreateChannelSocketPair: Failed to create socket pair: %s",
@@ -372,6 +403,8 @@ Status<void> Endpoint::CreateChannelSocketPair(LocalHandle* local_socket,
372 return status; 403 return status;
373 } 404 }
374 405
406 setsockcreatecon_raw(nullptr);
407
375 local_socket->Reset(channel_pair[0]); 408 local_socket->Reset(channel_pair[0]);
376 remote_socket->Reset(channel_pair[1]); 409 remote_socket->Reset(channel_pair[1]);
377 410
diff --git a/services/surfaceflinger/surfaceflinger.rc b/services/surfaceflinger/surfaceflinger.rc
index ff6be81e4..aea602bba 100644
--- a/services/surfaceflinger/surfaceflinger.rc
+++ b/services/surfaceflinger/surfaceflinger.rc
@@ -4,6 +4,6 @@ service surfaceflinger /system/bin/surfaceflinger
4 group graphics drmrpc readproc 4 group graphics drmrpc readproc
5 onrestart restart zygote 5 onrestart restart zygote
6 writepid /dev/stune/foreground/tasks 6 writepid /dev/stune/foreground/tasks
7 socket pdx/system/vr/display/client stream 0666 system graphics 7 socket pdx/system/vr/display/client stream 0666 system graphics u:object_r:pdx_display_client_endpoint_socket:s0
8 socket pdx/system/vr/display/manager stream 0666 system graphics 8 socket pdx/system/vr/display/manager stream 0666 system graphics u:object_r:pdx_display_manager_endpoint_socket:s0
9 socket pdx/system/vr/display/vsync stream 0666 system graphics 9 socket pdx/system/vr/display/vsync stream 0666 system graphics u:object_r:pdx_display_vsync_endpoint_socket:s0
diff --git a/services/vr/bufferhubd/bufferhubd.rc b/services/vr/bufferhubd/bufferhubd.rc
index 8d5772399..46fe5f95c 100644
--- a/services/vr/bufferhubd/bufferhubd.rc
+++ b/services/vr/bufferhubd/bufferhubd.rc
@@ -3,4 +3,4 @@ service bufferhubd /system/bin/bufferhubd
3 user system 3 user system
4 group system 4 group system
5 writepid /dev/cpuset/tasks 5 writepid /dev/cpuset/tasks
6 socket pdx/system/buffer_hub/client stream 0660 system system 6 socket pdx/system/buffer_hub/client stream 0660 system system u:object_r:pdx_bufferhub_client_endpoint_socket:s0
diff --git a/services/vr/performanced/performanced.rc b/services/vr/performanced/performanced.rc
index 6283f3717..2605a4758 100644
--- a/services/vr/performanced/performanced.rc
+++ b/services/vr/performanced/performanced.rc
@@ -3,4 +3,4 @@ service performanced /system/bin/performanced
3 user root 3 user root
4 group system readproc 4 group system readproc
5 writepid /dev/cpuset/tasks 5 writepid /dev/cpuset/tasks
6 socket pdx/system/performance/client stream 0666 system system 6 socket pdx/system/performance/client stream 0666 system system u:object_r:pdx_performance_client_endpoint_socket:s0