On 05/09/2013 10:30 AM, Tai Nguyen (tainguye) wrote:
Do we have similar issue if we use shell to run other system process in
init?
This issue only occurs if the service entry in the init.rc file defines
a socket that is to be created by init on behalf of the service, and the
pathname specified for the service does not correspond to the program
that will ultimately use that socket. In that case, init won't
correctly determine the security context for the socket (prior to this
patch). So if you had a service entry like so:
service myservice /system/bin/sh /system/bin/myscript.sh
class core
socket <socketname> ...
And you had a domain transition defined on /system/bin/myscript.sh, then
init wouldn't compute the socket context correctly.
However, in that case, you could have just directly invoked the shell
script (if executable bit is set on the script file), ala
service myservice /system/bin/myscript.sh
and then init would compute the context correctly.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with
the words "unsubscribe seandroid-list" without quotes as the message.
