Ensure that app lib symlinks are correctly labeled when created.

At present, the app lib symlinks are created before setting
the package directory security context, and therefore default
to system_data_file.  Upon a later restorecon_recursive,
they are relabeled to the same type as the package directory,
e.g. app_data_file.  Avoid this inconsistency by setting the
package directory security context before creating the symlink
so that it inherits the same security context.

Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2014-05-13 12:53:07 -04:00
parent bd20e551f6
commit 3a98389263

View File

@ -85,13 +85,6 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo)
} }
} }
if (symlink(applibdir, libsymlink) < 0) {
ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir,
strerror(errno));
unlink(pkgdir);
return -1;
}
if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) { if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
unlink(libsymlink); unlink(libsymlink);
@ -99,6 +92,13 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo)
return -errno; return -errno;
} }
if (symlink(applibdir, libsymlink) < 0) {
ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir,
strerror(errno));
unlink(pkgdir);
return -1;
}
if (chown(pkgdir, uid, gid) < 0) { if (chown(pkgdir, uid, gid) < 0) {
ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
unlink(libsymlink); unlink(libsymlink);
@ -241,13 +241,6 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char*
} }
} }
if (symlink(applibdir, libsymlink) < 0) {
ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink,
applibdir, strerror(errno));
unlink(pkgdir);
return -1;
}
if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) { if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
unlink(libsymlink); unlink(libsymlink);
@ -255,6 +248,13 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char*
return -errno; return -errno;
} }
if (symlink(applibdir, libsymlink) < 0) {
ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink,
applibdir, strerror(errno));
unlink(pkgdir);
return -1;
}
if (chown(pkgdir, uid, uid) < 0) { if (chown(pkgdir, uid, uid) < 0) {
ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
unlink(libsymlink); unlink(libsymlink);