Steve,
Thank for clarification. In that case, can we do something like
service wpa_supplicant /system/bin/logwrapper /system/bin/wpa_supplicant \
# after setting up the capabilities required for WEXT
# user wifi
# group wifi inet keystore
class main
socket wpa_wlan0 dgram 660 wifi wifi context=u:r:wpa:s0
disabled
On 5/9/13 10:40 AM, "Stephen Smalley" <[email protected]> wrote:
>On 05/09/2013 10:30 AM, Tai Nguyen (tainguye) wrote:
>> Do we have similar issue if we use shell to run other system process in
>> init?
>
>This issue only occurs if the service entry in the init.rc file defines
>a socket that is to be created by init on behalf of the service, and the
>pathname specified for the service does not correspond to the program
>that will ultimately use that socket. In that case, init won't
>correctly determine the security context for the socket (prior to this
>patch). So if you had a service entry like so:
>service myservice /system/bin/sh /system/bin/myscript.sh
> class core
> socket <socketname> ...
>
>And you had a domain transition defined on /system/bin/myscript.sh, then
>init wouldn't compute the socket context correctly.
>
>However, in that case, you could have just directly invoked the shell
>script (if executable bit is set on the script file), ala
>service myservice /system/bin/myscript.sh
>
>and then init would compute the context correctly.
>
>
>
>
>
>
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
