diff options
| author | Tom Cherry <tomcherry@google.com> | 2017-09-12 15:58:47 -0700 |
|---|---|---|
| committer | Tom Cherry <tomcherry@google.com> | 2017-09-29 13:06:26 -0700 |
| commit | cb0f9bbc855097e0c8248643015b837255fd569a (patch) | |
| tree | cc42fe9dc7a6011c2b9e9ee0fd26f9f2454e1746 /trusty/coverage/coverage_test.cpp | |
| parent | 9c568d0fc0e290529180e3fc0452f0ac489e5053 (diff) | |
init: run vendor commands in a separate SELinux context
One of the major aspects of treble is the compartmentalization of system
and vendor components, however init leaves a huge gap here, as vendor
init scripts run in the same context as system init scripts and thus can
access and modify the same properties, files, etc as the system can.
This change is meant to close that gap. It forks a separate 'subcontext'
init that runs in a different SELinux context with permissions that match
what vendors should have access to. Commands get sent over a socket to
this 'subcontext' init that then runs them in this SELinux context and
returns the result.
Note that not all commands run in the subcontext; some commands such as
those dealing with services only make sense in the context of the main
init process.
Bug: 62875318
Test: init unit tests, boot bullhead, boot sailfish
Change-Id: Idf4a4ebf98842d27b8627f901f961ab9eb412aee
Diffstat (limited to 'trusty/coverage/coverage_test.cpp')
0 files changed, 0 insertions, 0 deletions