From 3f11c0d79c897e16f190df8ca397ec8c1daf0aaa Mon Sep 17 00:00:00 2001 From: Evgeniy Stepanov Date: Mon, 29 Sep 2014 09:48:13 +0000 Subject: [PATCH] [asan] Fix SELinux setup on Android-K. On pre-L devices SELinux is set up in such a way that zygote wrapper has to be in system_file context, not zygote_exec. llvm-svn: 218599 --- .../lib/asan/scripts/asan_device_setup | 29 +++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/compiler-rt/lib/asan/scripts/asan_device_setup b/compiler-rt/lib/asan/scripts/asan_device_setup index 93e1c2836111..12eee990ec11 100755 --- a/compiler-rt/lib/asan/scripts/asan_device_setup +++ b/compiler-rt/lib/asan/scripts/asan_device_setup @@ -129,6 +129,12 @@ $ADB root $ADB wait-for-device $ADB remount +RELEASE=$($ADB shell getprop ro.build.version.release) +PRE_L=0 +if echo "$RELEASE" | grep '^4\.' >&/dev/null; then + PRE_L=1 +fi + if ! $ADB shell readlink /system/bin/app_process | grep 'app_process' >&/dev/null; then if $ADB pull /system/bin/app_process.real /dev/null >&/dev/null; then @@ -209,10 +215,29 @@ if ! ( cd "$TMPDIRBASE" && diff -qr old/ new/ ) ; then # Make SELinux happy by keeping app_process wrapper and the shell # it runs on in zygote domain. + ENFORCING=0 + if $ADB shell getenforce | grep Enforcing >/dev/null; then + # Sometimes shell is not allowed to change file contexts. + # Temporarily switch to permissive. + ENFORCING=1 + $ADB shell setenforce 0 + fi + $ADB shell cp /system/bin/sh /system/bin/sh-from-zygote - $ADB shell chcon u:object_r:zygote_exec:s0 \ + + if [[ PRE_L -eq 1 ]]; then + CTX=u:object_r:system_file:s0 + else + CTX=u:object_r:zygote_exec:s0 + fi + $ADB shell chcon $CTX \ /system/bin/sh-from-zygote \ - /system/bin/app_process.wrap + /system/bin/app_process.wrap \ + /system/bin/app_process32 + + if [ $ENFORCING == 1 ]; then + $ADB shell setenforce 1 + fi echo '>> Restarting shell (asynchronous)' $ADB shell stop