From 880d1a957ebcb63fb9d3724e2f91c58b7ff0cd54 Mon Sep 17 00:00:00 2001
From: Robert Craig <rpcraig@tycho.ncsc.mil>
Date: Mon, 29 Jul 2013 09:18:09 -0400
Subject: [PATCH] Proper security labeling of multi-user data directories.

Add seinfo paramater to appropriate make directory
functions. This allows proper labeling for multi-user
scenarios.

Change-Id: Iaba7c40645bc7b6cc823d613da0c3782acf6ddd5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 cmds/installd/commands.c | 4 ++--
 cmds/installd/installd.c | 5 +++--
 cmds/installd/installd.h | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
index 8e14a2c08..f68d75816 100644
--- a/cmds/installd/commands.c
+++ b/cmds/installd/commands.c
@@ -184,7 +184,7 @@ int delete_user_data(const char *pkgname, uid_t persona)
     return delete_dir_contents(pkgdir, 0, "lib");
 }
 
-int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo)
 {
     char pkgdir[PKG_PATH_MAX];
     char applibdir[PKG_PATH_MAX];
@@ -245,7 +245,7 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
         return -1;
     }
 
-    if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
+    if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) {
         ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
         unlink(libsymlink);
         unlink(pkgdir);
diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c
index c918633f3..efbf61c12 100644
--- a/cmds/installd/installd.c
+++ b/cmds/installd/installd.c
@@ -103,7 +103,8 @@ static int do_rm_user_data(char **arg, char reply[REPLY_MAX])
 
 static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
 {
-    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */
+    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]);
+                             /* pkgname, uid, userid, seinfo */
 }
 
 static int do_rm_user(char **arg, char reply[REPLY_MAX])
@@ -142,7 +143,7 @@ struct cmdinfo cmds[] = {
     { "rmuserdata",           2, do_rm_user_data },
     { "movefiles",            0, do_movefiles },
     { "linklib",              3, do_linklib },
-    { "mkuserdata",           3, do_mk_user_data },
+    { "mkuserdata",           4, do_mk_user_data },
     { "rmuser",               1, do_rm_user },
 };
 
diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h
index fbfc87660..98e9f9f9c 100644
--- a/cmds/installd/installd.h
+++ b/cmds/installd/installd.h
@@ -197,7 +197,7 @@ int uninstall(const char *pkgname, uid_t persona);
 int renamepkg(const char *oldpkgname, const char *newpkgname);
 int fix_uid(const char *pkgname, uid_t uid, gid_t gid);
 int delete_user_data(const char *pkgname, uid_t persona);
-int make_user_data(const char *pkgname, uid_t uid, uid_t persona);
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo);
 int delete_persona(uid_t persona);
 int delete_cache(const char *pkgname, uid_t persona);
 int move_dex(const char *src, const char *dst);