Ensure that app lib symlinks are correctly labeled when created.
At present, the app lib symlinks are created before setting the package directory security context, and therefore default to system_data_file. Upon a later restorecon_recursive, they are relabeled to the same type as the package directory, e.g. app_data_file. Avoid this inconsistency by setting the package directory security context before creating the symlink so that it inherits the same security context. Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
bd20e551f6
commit
3a98389263
@ -85,13 +85,6 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (symlink(applibdir, libsymlink) < 0) {
|
|
||||||
ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir,
|
|
||||||
strerror(errno));
|
|
||||||
unlink(pkgdir);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
|
if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
|
||||||
ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
|
ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
|
||||||
unlink(libsymlink);
|
unlink(libsymlink);
|
||||||
@ -99,6 +92,13 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo)
|
|||||||
return -errno;
|
return -errno;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (symlink(applibdir, libsymlink) < 0) {
|
||||||
|
ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir,
|
||||||
|
strerror(errno));
|
||||||
|
unlink(pkgdir);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
if (chown(pkgdir, uid, gid) < 0) {
|
if (chown(pkgdir, uid, gid) < 0) {
|
||||||
ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
|
ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
|
||||||
unlink(libsymlink);
|
unlink(libsymlink);
|
||||||
@ -241,13 +241,6 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char*
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (symlink(applibdir, libsymlink) < 0) {
|
|
||||||
ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink,
|
|
||||||
applibdir, strerror(errno));
|
|
||||||
unlink(pkgdir);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
|
if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
|
||||||
ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
|
ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
|
||||||
unlink(libsymlink);
|
unlink(libsymlink);
|
||||||
@ -255,6 +248,13 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char*
|
|||||||
return -errno;
|
return -errno;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (symlink(applibdir, libsymlink) < 0) {
|
||||||
|
ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink,
|
||||||
|
applibdir, strerror(errno));
|
||||||
|
unlink(pkgdir);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
if (chown(pkgdir, uid, uid) < 0) {
|
if (chown(pkgdir, uid, uid) < 0) {
|
||||||
ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
|
ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
|
||||||
unlink(libsymlink);
|
unlink(libsymlink);
|
||||||
|
Loading…
Reference in New Issue
Block a user