ADHOC/replicant-frameworks_native
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ensure that app lib symlinks are correctly labeled when created.

Browse Source 
At present, the app lib symlinks are created before setting
the package directory security context, and therefore default
to system_data_file.  Upon a later restorecon_recursive,
they are relabeled to the same type as the package directory,
e.g. app_data_file.  Avoid this inconsistency by setting the
package directory security context before creating the symlink
so that it inherits the same security context.

Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2014-05-13 12:53:07 -04:00
parent bd20e551f6
commit 3a98389263
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cmds/installd/commands.c
View File

@ -85,13 +85,6 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo)
}
}
if (symlink(applibdir, libsymlink) < 0) {
ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir,
strerror(errno));
unlink(pkgdir);
return -1;
}
if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
unlink(libsymlink);
@ -99,6 +92,13 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo)
return -errno;
}
if (symlink(applibdir, libsymlink) < 0) {
ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir,
strerror(errno));
unlink(pkgdir);
return -1;
}
if (chown(pkgdir, uid, gid) < 0) {
ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
unlink(libsymlink);
@ -241,13 +241,6 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char*
}
}
if (symlink(applibdir, libsymlink) < 0) {
ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink,
applibdir, strerror(errno));
unlink(pkgdir);
return -1;
}
if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
unlink(libsymlink);
@ -255,6 +248,13 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char*
return -errno;
}
if (symlink(applibdir, libsymlink) < 0) {
ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink,
applibdir, strerror(errno));
unlink(pkgdir);
return -1;
}
if (chown(pkgdir, uid, uid) < 0) {
ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
unlink(libsymlink);