From 3a98389263ea0bf9656bcc6869855099194f498c Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Tue, 13 May 2014 12:53:07 -0400 Subject: [PATCH] Ensure that app lib symlinks are correctly labeled when created. At present, the app lib symlinks are created before setting the package directory security context, and therefore default to system_data_file. Upon a later restorecon_recursive, they are relabeled to the same type as the package directory, e.g. app_data_file. Avoid this inconsistency by setting the package directory security context before creating the symlink so that it inherits the same security context. Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911 Signed-off-by: Stephen Smalley --- cmds/installd/commands.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c index cfb80e3ce..70510a525 100644 --- a/cmds/installd/commands.c +++ b/cmds/installd/commands.c @@ -85,13 +85,6 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) } } - if (symlink(applibdir, libsymlink) < 0) { - ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir, - strerror(errno)); - unlink(pkgdir); - return -1; - } - if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) { ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); @@ -99,6 +92,13 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) return -errno; } + if (symlink(applibdir, libsymlink) < 0) { + ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir, + strerror(errno)); + unlink(pkgdir); + return -1; + } + if (chown(pkgdir, uid, gid) < 0) { ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); @@ -241,13 +241,6 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* } } - if (symlink(applibdir, libsymlink) < 0) { - ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink, - applibdir, strerror(errno)); - unlink(pkgdir); - return -1; - } - if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) { ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); @@ -255,6 +248,13 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* return -errno; } + if (symlink(applibdir, libsymlink) < 0) { + ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink, + applibdir, strerror(errno)); + unlink(pkgdir); + return -1; + } + if (chown(pkgdir, uid, uid) < 0) { ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink);