moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ANDROID: selinux: add restricted vendor hook in selinux

Browse Source 
Add restricted vendor hook for selinux_state, so we can
know if the selinux_state is initialized

Bug: 186363840

Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: Ideed051a1d53ed1bce7d7915e38366264a7d77eb
This commit is contained in:
Kuan-Ying Lee
2021-10-05 17:24:09 +08:00
parent 5ebe162306
commit f2d4bb3c0e
3 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/android/vendor_hooks.c
View File

@@ -41,6 +41,7 @@
#include <trace/hooks/creds.h>
#include <trace/hooks/memory.h>
#include <trace/hooks/module.h>
#include <trace/hooks/selinux.h>
/*
* Export tracepoints that act as a bare tracehook (ie: have no trace event
@@ -190,3 +191,4 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_set_memory_nx);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_set_memory_rw);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_set_module_permit_before_init);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_set_module_permit_after_init);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_selinux_is_initialized);

21
include/trace/hooks/selinux.h Normal file
View File

@@ -0,0 +1,21 @@
/* SPDX-License-Identifier: GPL-2.0 */
#undef TRACE_SYSTEM
#define TRACE_SYSTEM selinux
#define TRACE_INCLUDE_PATH trace/hooks
#if !defined(_TRACE_HOOK_SELINUX_H) || defined(TRACE_HEADER_MULTI_READ)
#define _TRACE_HOOK_SELINUX_H
#include <linux/tracepoint.h>
#include <trace/hooks/vendor_hooks.h>
/*
* Following tracepoints are not exported in tracefs and provide a
* mechanism for vendor modules to hook and extend functionality
*/
struct selinux_state;
DECLARE_RESTRICTED_HOOK(android_rvh_selinux_is_initialized,
TP_PROTO(const struct selinux_state *state),
TP_ARGS(state), 1);
#endif /* _TRACE_HOOK_SELINUX_H */
/* This part must be outside protection */
#include <trace/define_trace.h>

3
security/selinux/ss/services.c
View File

@@ -68,6 +68,8 @@
#include "policycap_names.h"
#include "ima.h"
#include <trace/hooks/selinux.h>
struct convert_context_args {
struct selinux_state *state;
struct policydb *oldp;
@@ -2261,6 +2263,7 @@ void selinux_policy_commit(struct selinux_state *state,
*/
selinux_mark_initialized(state);
selinux_complete_init();
trace_android_rvh_selinux_is_initialized(state);
}
/* Free the old policy */