diff options
| author | Kenny Root <kroot@android.com> | 2012-06-08 14:01:54 -0700 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2012-06-08 14:01:54 -0700 |
| commit | 3a3c7e7bc4f599c35f5ed4feeead15c6c5a4621f (patch) | |
| tree | 84d266d0090e6d85fcf469e686a40dd9b35fd91c /cmds | |
| parent | d26f7139a7ff42ca1be470657515767f7509955b (diff) | |
| parent | 63dd4c65c41187967ba0828d386117f90020840e (diff) | |
| download | frameworks_base-3a3c7e7bc4f599c35f5ed4feeead15c6c5a4621f.zip frameworks_base-3a3c7e7bc4f599c35f5ed4feeead15c6c5a4621f.tar.gz frameworks_base-3a3c7e7bc4f599c35f5ed4feeead15c6c5a4621f.tar.bz2 | |
am 63dd4c65: am 60b3d59d: Merge "Modify installd to set the SELinux security context on package directories."
* commit '63dd4c65c41187967ba0828d386117f90020840e':
Modify installd to set the SELinux security context on package directories.
Diffstat (limited to 'cmds')
| -rw-r--r-- | cmds/installd/Android.mk | 6 | ||||
| -rw-r--r-- | cmds/installd/commands.c | 40 |
2 files changed, 45 insertions, 1 deletions
diff --git a/cmds/installd/Android.mk b/cmds/installd/Android.mk index f277339..3e722ea 100644 --- a/cmds/installd/Android.mk +++ b/cmds/installd/Android.mk @@ -34,6 +34,12 @@ LOCAL_SHARED_LIBRARIES := \ LOCAL_STATIC_LIBRARIES := \ libdiskusage +ifeq ($(HAVE_SELINUX),true) +LOCAL_C_INCLUDES += external/libselinux/include +LOCAL_SHARED_LIBRARIES += libselinux +LOCAL_CFLAGS := -DHAVE_SELINUX +endif # HAVE_SELINUX + LOCAL_MODULE := installd LOCAL_MODULE_TAGS := optional diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c index 0bc7371..b8a78de 100644 --- a/cmds/installd/commands.c +++ b/cmds/installd/commands.c @@ -17,6 +17,10 @@ #include "installd.h" #include <diskusage/dirsize.h> +#ifdef HAVE_SELINUX +#include <selinux/android.h> +#endif + /* Directory records that are used in execution of commands. */ dir_rec_t android_data_dir; dir_rec_t android_asec_dir; @@ -58,6 +62,15 @@ int install(const char *pkgname, uid_t uid, gid_t gid) unlink(pkgdir); return -errno; } + +#ifdef HAVE_SELINUX + if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) { + LOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); + unlink(pkgdir); + return -errno; + } +#endif + if (mkdir(libdir, 0755) < 0) { ALOGE("cannot create dir '%s': %s\n", libdir, strerror(errno)); unlink(pkgdir); @@ -75,6 +88,16 @@ int install(const char *pkgname, uid_t uid, gid_t gid) unlink(pkgdir); return -errno; } + +#ifdef HAVE_SELINUX + if (selinux_android_setfilecon(libdir, pkgname, AID_SYSTEM) < 0) { + LOGE("cannot setfilecon dir '%s': %s\n", libdir, strerror(errno)); + unlink(libdir); + unlink(pkgdir); + return -errno; + } +#endif + return 0; } @@ -172,6 +195,15 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona) unlink(pkgdir); return -errno; } + +#ifdef HAVE_SELINUX + if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) { + LOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); + unlink(pkgdir); + return -errno; + } +#endif + return 0; } @@ -363,12 +395,18 @@ int protect(char *pkgname, gid_t gid) ALOGE("failed to chgrp '%s': %s\n", pkgpath, strerror(errno)); return -1; } - if (chmod(pkgpath, S_IRUSR|S_IWUSR|S_IRGRP) < 0) { ALOGE("failed to chmod '%s': %s\n", pkgpath, strerror(errno)); return -1; } +#ifdef HAVE_SELINUX + if (selinux_android_setfilecon(pkgpath, pkgname, s.st_uid) < 0) { + LOGE("cannot setfilecon dir '%s': %s\n", pkgpath, strerror(errno)); + return -1; + } +#endif + return 0; } |