Remove calls to is_selinux_enabled()
d34e407aeb5898f19d4f042b7558420bbb3a1817 removed support for
running with SELinux completely disabled. SELinux must either be
in permissive or enforcing mode now.
Remove unnecessary calls to is_selinux_enabled(). It always returns
true now.
Change-Id: Ife3156b74b13b2e590afe4accf716fc7776567e5
diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index 78ab3f6..d7fa362 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -171,7 +171,7 @@
D("Local port disabled\n");
} else {
- if ((root_seclabel != nullptr) && (is_selinux_enabled() > 0)) {
+ if (root_seclabel != nullptr) {
if (setcon(root_seclabel) < 0) {
LOG(FATAL) << "Could not set selinux context";
}
diff --git a/debuggerd/debuggerd.cpp b/debuggerd/debuggerd.cpp
index b84a4e5..26d6389 100644
--- a/debuggerd/debuggerd.cpp
+++ b/debuggerd/debuggerd.cpp
@@ -134,8 +134,6 @@
return fields == 7 ? 0 : -1;
}
-static int selinux_enabled;
-
/*
* Corresponds with debugger_action_t enum type in
* include/cutils/debugger.h.
@@ -153,9 +151,6 @@
const char *perm;
bool allowed = false;
- if (selinux_enabled <= 0)
- return true;
-
if (action <= 0 || action >= (sizeof(debuggerd_perms)/sizeof(debuggerd_perms[0]))) {
ALOGE("SELinux: No permission defined for debugger action %d", action);
return false;
@@ -589,7 +584,6 @@
int main(int argc, char** argv) {
union selinux_callback cb;
if (argc == 1) {
- selinux_enabled = is_selinux_enabled();
cb.func_log = selinux_log_callback;
selinux_set_callback(SELINUX_CB_LOG, cb);
return do_server();
diff --git a/init/devices.cpp b/init/devices.cpp
index 2c7f5a9..3652c57 100644
--- a/init/devices.cpp
+++ b/init/devices.cpp
@@ -241,10 +241,8 @@
mode = get_device_perm(path, links, &uid, &gid) | (block ? S_IFBLK : S_IFCHR);
- if (sehandle) {
- selabel_lookup_best_match(sehandle, &secontext, path, links, mode);
- setfscreatecon(secontext);
- }
+ selabel_lookup_best_match(sehandle, &secontext, path, links, mode);
+ setfscreatecon(secontext);
dev = makedev(major, minor);
/* Temporarily change egid to avoid race condition setting the gid of the
@@ -907,7 +905,7 @@
struct uevent uevent;
parse_event(msg, &uevent);
- if (sehandle && selinux_status_updated() > 0) {
+ if (selinux_status_updated() > 0) {
struct selabel_handle *sehandle2;
sehandle2 = selinux_android_file_context_handle();
if (sehandle2) {
@@ -974,11 +972,8 @@
}
void device_init() {
- sehandle = NULL;
- if (is_selinux_enabled() > 0) {
- sehandle = selinux_android_file_context_handle();
- selinux_status_open(true);
- }
+ sehandle = selinux_android_file_context_handle();
+ selinux_status_open(true);
/* is 256K enough? udev uses 16MB! */
device_fd = uevent_open_socket(256*1024, true);
diff --git a/init/init.cpp b/init/init.cpp
index 2500985..8ea60dd 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -220,40 +220,38 @@
}
char* scon = NULL;
- if (is_selinux_enabled() > 0) {
- if (svc->seclabel) {
- scon = strdup(svc->seclabel);
- if (!scon) {
- ERROR("Out of memory while starting '%s'\n", svc->name);
- return;
- }
- } else {
- char *mycon = NULL, *fcon = NULL;
+ if (svc->seclabel) {
+ scon = strdup(svc->seclabel);
+ if (!scon) {
+ ERROR("Out of memory while starting '%s'\n", svc->name);
+ return;
+ }
+ } else {
+ char *mycon = NULL, *fcon = NULL;
- INFO("computing context for service '%s'\n", svc->args[0]);
- int rc = getcon(&mycon);
- if (rc < 0) {
- ERROR("could not get context while starting '%s'\n", svc->name);
- return;
- }
+ INFO("computing context for service '%s'\n", svc->args[0]);
+ int rc = getcon(&mycon);
+ if (rc < 0) {
+ ERROR("could not get context while starting '%s'\n", svc->name);
+ return;
+ }
- rc = getfilecon(svc->args[0], &fcon);
- if (rc < 0) {
- ERROR("could not get context while starting '%s'\n", svc->name);
- freecon(mycon);
- return;
- }
-
- rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
- if (rc == 0 && !strcmp(scon, mycon)) {
- ERROR("Warning! Service %s needs a SELinux domain defined; please fix!\n", svc->name);
- }
+ rc = getfilecon(svc->args[0], &fcon);
+ if (rc < 0) {
+ ERROR("could not get context while starting '%s'\n", svc->name);
freecon(mycon);
- freecon(fcon);
- if (rc < 0) {
- ERROR("could not get context while starting '%s'\n", svc->name);
- return;
- }
+ return;
+ }
+
+ rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
+ if (rc == 0 && !strcmp(scon, mycon)) {
+ ERROR("Warning! Service %s needs a SELinux domain defined; please fix!\n", svc->name);
+ }
+ freecon(mycon);
+ freecon(fcon);
+ if (rc < 0) {
+ ERROR("could not get context while starting '%s'\n", svc->name);
+ return;
}
}
@@ -335,7 +333,7 @@
}
}
if (svc->seclabel) {
- if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) {
+ if (setexeccon(svc->seclabel) < 0) {
ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno));
_exit(127);
}
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 0ee0351..5b7a1cb 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -92,9 +92,6 @@
static int check_mac_perms(const char *name, char *sctx)
{
- if (is_selinux_enabled() <= 0)
- return 1;
-
char *tctx = NULL;
int result = 0;
