Can you use the seclabel option in the init.rc file instead of changing the code? service your service /your/exec/path seclabel yourlabel
Tai From: Jaejyn Shin <[email protected]<mailto:[email protected]>> Date: Monday, March 30, 2015 at 3:42 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: question about setexeccon Dear SEAndroid developer I always thank to your nice help. At this time, I have a question about setexeccon. I have a process that init process fork. init -> child_process The process starting code is in the init.c file. ---------------------------------------------------------------- #define FILE_PATH "/cache/aaa/aaa" chmod(FILE_PATH, 0700); execv(FILE_PATH, args); ---------------------------------------------------------------- I wanted to set the domain of the propcess as xxx domain, so I insert setexeccon function in front of the execv function like below. ---------------------------------------------------------------- #define FILE_PATH "/cache/aaa/aaa" chmod(FILE_PATH, 0700); if (is_selinux_enabled() > 0 && setexeccon("u:r:xxx:s0") < 0) { LOG_PRINT("cannot setexeccon('%s'): %s\n", "u:r:xxx:s0", strerror(errno)); } execv(FILE_PATH, args); ---------------------------------------------------------------- However the process was still in the init domain. Is there something more needed to run the setexeccon function well ? (My seandroid is always running in the permissive-mode) Thank you Best regards
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
