ADHOC
/
replicant-frameworks_native
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Proper security labeling of multi-user data directories. 

Add seinfo paramater to appropriate make directory
functions. This allows proper labeling for multi-user
scenarios.

Change-Id: Iaba7c40645bc7b6cc823d613da0c3782acf6ddd5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
This commit is contained in:
Robert Craig 2013-07-29 09:18:09 -04:00
parent 1852eb4feb
commit 880d1a957e
3 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmds/installd/commands.c
View File

@ -184,7 +184,7 @@ int delete_user_data(const char *pkgname, uid_t persona)
return delete_dir_contents(pkgdir, 0, "lib"); return delete_dir_contents(pkgdir, 0, "lib");
} }
int make_user_data(const char *pkgname, uid_t uid, uid_t persona) int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo)
{ {
char pkgdir[PKG_PATH_MAX]; char pkgdir[PKG_PATH_MAX];
char applibdir[PKG_PATH_MAX]; char applibdir[PKG_PATH_MAX];
@ -245,7 +245,7 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
return -1; return -1;
} }
if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) { if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) {
ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
unlink(libsymlink); unlink(libsymlink);
unlink(pkgdir); unlink(pkgdir);

5
cmds/installd/installd.c
View File

@ -103,7 +103,8 @@ static int do_rm_user_data(char **arg, char reply[REPLY_MAX])
static int do_mk_user_data(char **arg, char reply[REPLY_MAX]) static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
{ {
return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */ return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]);
/* pkgname, uid, userid, seinfo */
} }
static int do_rm_user(char **arg, char reply[REPLY_MAX]) static int do_rm_user(char **arg, char reply[REPLY_MAX])
@ -142,7 +143,7 @@ struct cmdinfo cmds[] = {
{ "rmuserdata", 2, do_rm_user_data }, { "rmuserdata", 2, do_rm_user_data },
{ "movefiles", 0, do_movefiles }, { "movefiles", 0, do_movefiles },
{ "linklib", 3, do_linklib }, { "linklib", 3, do_linklib },
{ "mkuserdata", 3, do_mk_user_data }, { "mkuserdata", 4, do_mk_user_data },
{ "rmuser", 1, do_rm_user }, { "rmuser", 1, do_rm_user },
}; };

2
cmds/installd/installd.h
View File

@ -197,7 +197,7 @@ int uninstall(const char *pkgname, uid_t persona);
int renamepkg(const char *oldpkgname, const char *newpkgname); int renamepkg(const char *oldpkgname, const char *newpkgname);
int fix_uid(const char *pkgname, uid_t uid, gid_t gid); int fix_uid(const char *pkgname, uid_t uid, gid_t gid);
int delete_user_data(const char *pkgname, uid_t persona); int delete_user_data(const char *pkgname, uid_t persona);
int make_user_data(const char *pkgname, uid_t uid, uid_t persona); int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo);
int delete_persona(uid_t persona); int delete_persona(uid_t persona);
int delete_cache(const char *pkgname, uid_t persona); int delete_cache(const char *pkgname, uid_t persona);
int move_dex(const char *src, const char *dst); int move_dex(const char *src, const char *dst);