diff options
| author | rpcraig <rpcraig@tycho.ncsc.mil> | 2012-11-28 08:37:06 -0500 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2013-03-25 14:35:00 +0000 |
| commit | 1e0c8e69891c89a86b2d9879e3c1985563a56f49 (patch) | |
| tree | f3d2c545746860a3d38c0156a62626e24deb5f64 /cmds | |
| parent | d3f8d0333cf4d9d2e47b5b082a6f70460adcf5ff (diff) | |
| download | frameworks_base-1e0c8e69891c89a86b2d9879e3c1985563a56f49.zip frameworks_base-1e0c8e69891c89a86b2d9879e3c1985563a56f49.tar.gz frameworks_base-1e0c8e69891c89a86b2d9879e3c1985563a56f49.tar.bz2 | |
Proper security labeling of multi-user data directories.
This patch covers 2 cases. When an app is installed
and the resulting data directory is created for all
existing users. And when a new user is created and
all existing app data directories are created for
the new user.
Change-Id: Iacaba6d9d18d5337e65713960d14efe32006b330
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Diffstat (limited to 'cmds')
| -rw-r--r-- | cmds/installd/commands.c | 6 | ||||
| -rw-r--r-- | cmds/installd/installd.c | 5 | ||||
| -rw-r--r-- | cmds/installd/installd.h | 2 |
3 files changed, 7 insertions, 6 deletions
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c index ec8a319..09d6f89 100644 --- a/cmds/installd/commands.c +++ b/cmds/installd/commands.c @@ -184,7 +184,7 @@ int delete_user_data(const char *pkgname, uid_t persona) return delete_dir_contents(pkgdir, 0, "lib"); } -int make_user_data(const char *pkgname, uid_t uid, uid_t persona) +int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo) { char pkgdir[PKG_PATH_MAX]; char applibdir[PKG_PATH_MAX]; @@ -245,7 +245,7 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona) return -1; } - if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) { + if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) { ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); unlink(pkgdir); @@ -317,7 +317,7 @@ int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy) uid = (uid_t) s.st_uid % PER_USER_RANGE; /* Create the directory for the target */ make_user_data(name, uid + target_persona * PER_USER_RANGE, - target_persona); + target_persona, NULL); } } closedir(d); diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c index 66a8e75..281aaab 100644 --- a/cmds/installd/installd.c +++ b/cmds/installd/installd.c @@ -103,7 +103,8 @@ static int do_rm_user_data(char **arg, char reply[REPLY_MAX]) static int do_mk_user_data(char **arg, char reply[REPLY_MAX]) { - return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */ + return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]); + /* pkgname, uid, userid, seinfo */ } static int do_rm_user(char **arg, char reply[REPLY_MAX]) @@ -147,7 +148,7 @@ struct cmdinfo cmds[] = { { "rmuserdata", 2, do_rm_user_data }, { "movefiles", 0, do_movefiles }, { "linklib", 3, do_linklib }, - { "mkuserdata", 3, do_mk_user_data }, + { "mkuserdata", 4, do_mk_user_data }, { "rmuser", 1, do_rm_user }, { "cloneuserdata", 3, do_clone_user_data }, }; diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h index 618f97b..04498ef 100644 --- a/cmds/installd/installd.h +++ b/cmds/installd/installd.h @@ -197,7 +197,7 @@ int uninstall(const char *pkgname, uid_t persona); int renamepkg(const char *oldpkgname, const char *newpkgname); int fix_uid(const char *pkgname, uid_t uid, gid_t gid); int delete_user_data(const char *pkgname, uid_t persona); -int make_user_data(const char *pkgname, uid_t uid, uid_t persona); +int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo); int delete_persona(uid_t persona); int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy); int delete_cache(const char *pkgname, uid_t persona); |