diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2014-11-24 14:45:40 -0800 |
|---|---|---|
| committer | Jeff Sharkey <jsharkey@android.com> | 2014-11-24 14:51:34 -0800 |
| commit | dbea3cd118fe4eeb9b43ea50727987fa790a2edd (patch) | |
| tree | 48c62fd389ed91bbcfdfc844f0e4316b6ac8e0af /cmds/am | |
| parent | 962bd4a69175077a95bc04bcdcc80ee6cb1034f8 (diff) | |
| download | frameworks_base-dbea3cd118fe4eeb9b43ea50727987fa790a2edd.zip frameworks_base-dbea3cd118fe4eeb9b43ea50727987fa790a2edd.tar.gz frameworks_base-dbea3cd118fe4eeb9b43ea50727987fa790a2edd.tar.bz2 | |
Better am error when SELinux blocking access.
Bug: 18479882
Change-Id: I0732e54838c4e04d9d727e7c5fd9d7e7bacbaa1f
Diffstat (limited to 'cmds/am')
| -rw-r--r-- | cmds/am/src/com/android/commands/am/Am.java | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/cmds/am/src/com/android/commands/am/Am.java b/cmds/am/src/com/android/commands/am/Am.java index 475d540..2ea1d4d 100644 --- a/cmds/am/src/com/android/commands/am/Am.java +++ b/cmds/am/src/com/android/commands/am/Am.java @@ -47,6 +47,7 @@ import android.os.Bundle; import android.os.IBinder; import android.os.ParcelFileDescriptor; import android.os.RemoteException; +import android.os.SELinux; import android.os.ServiceManager; import android.os.SystemClock; import android.os.SystemProperties; @@ -741,13 +742,14 @@ public class Am extends BaseCommand { if (mProfileFile != null) { try { - fd = ParcelFileDescriptor.open( + fd = openForSystemServer( new File(mProfileFile), ParcelFileDescriptor.MODE_CREATE | ParcelFileDescriptor.MODE_TRUNCATE | ParcelFileDescriptor.MODE_READ_WRITE); } catch (FileNotFoundException e) { System.err.println("Error: Unable to open file: " + mProfileFile); + System.err.println("Consider using a file under /data/local/tmp/"); return; } profilerInfo = new ProfilerInfo(mProfileFile, fd, mSamplingInterval, mAutoStop); @@ -1053,13 +1055,14 @@ public class Am extends BaseCommand { if (start) { profileFile = nextArgRequired(); try { - fd = ParcelFileDescriptor.open( + fd = openForSystemServer( new File(profileFile), ParcelFileDescriptor.MODE_CREATE | ParcelFileDescriptor.MODE_TRUNCATE | ParcelFileDescriptor.MODE_READ_WRITE); } catch (FileNotFoundException e) { System.err.println("Error: Unable to open file: " + profileFile); + System.err.println("Consider using a file under /data/local/tmp/"); return; } profilerInfo = new ProfilerInfo(profileFile, fd, 0, false); @@ -1113,12 +1116,13 @@ public class Am extends BaseCommand { try { File file = new File(heapFile); file.delete(); - fd = ParcelFileDescriptor.open(file, + fd = openForSystemServer(file, ParcelFileDescriptor.MODE_CREATE | ParcelFileDescriptor.MODE_TRUNCATE | ParcelFileDescriptor.MODE_READ_WRITE); } catch (FileNotFoundException e) { System.err.println("Error: Unable to open file: " + heapFile); + System.err.println("Consider using a file under /data/local/tmp/"); return; } @@ -1855,4 +1859,18 @@ public class Am extends BaseCommand { } catch (RemoteException e) { } } + + /** + * Open the given file for sending into the system process. This verifies + * with SELinux that the system will have access to the file. + */ + private static ParcelFileDescriptor openForSystemServer(File file, int mode) + throws FileNotFoundException { + final ParcelFileDescriptor fd = ParcelFileDescriptor.open(file, mode); + final String tcon = SELinux.getFileContext(file.getAbsolutePath()); + if (!SELinux.checkSELinuxAccess("u:r:system_server:s0", tcon, "file", "read")) { + throw new FileNotFoundException("System server has no access to file context " + tcon); + } + return fd; + } } |