summaryrefslogtreecommitdiffstats
path: root/cmds
diff options
context:
space:
mode:
authorKenny Root <kroot@android.com>2012-06-08 12:27:41 -0700
committerandroid code review <noreply-gerritcodereview@google.com>2012-06-08 12:27:42 -0700
commit60b3d59d7f788046a45a5fd4e97ec7235fb55787 (patch)
tree3a368d16fee045adf83a1a870b267b82ed5c6de8 /cmds
parent7b2d056342176b5e7ff19842fc9202f2f8d36b76 (diff)
parent0b58e6a1a97eded73cb9cbbe53cdde4c6595ddd6 (diff)
downloadframeworks_base-60b3d59d7f788046a45a5fd4e97ec7235fb55787.zip
frameworks_base-60b3d59d7f788046a45a5fd4e97ec7235fb55787.tar.gz
frameworks_base-60b3d59d7f788046a45a5fd4e97ec7235fb55787.tar.bz2
Merge "Modify installd to set the SELinux security context on package directories."
Diffstat (limited to 'cmds')
-rw-r--r--cmds/installd/Android.mk6
-rw-r--r--cmds/installd/commands.c40
2 files changed, 45 insertions, 1 deletions
diff --git a/cmds/installd/Android.mk b/cmds/installd/Android.mk
index f277339..3e722ea 100644
--- a/cmds/installd/Android.mk
+++ b/cmds/installd/Android.mk
@@ -34,6 +34,12 @@ LOCAL_SHARED_LIBRARIES := \
LOCAL_STATIC_LIBRARIES := \
libdiskusage
+ifeq ($(HAVE_SELINUX),true)
+LOCAL_C_INCLUDES += external/libselinux/include
+LOCAL_SHARED_LIBRARIES += libselinux
+LOCAL_CFLAGS := -DHAVE_SELINUX
+endif # HAVE_SELINUX
+
LOCAL_MODULE := installd
LOCAL_MODULE_TAGS := optional
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
index dd92bbe..0dd8156 100644
--- a/cmds/installd/commands.c
+++ b/cmds/installd/commands.c
@@ -17,6 +17,10 @@
#include "installd.h"
#include <diskusage/dirsize.h>
+#ifdef HAVE_SELINUX
+#include <selinux/android.h>
+#endif
+
/* Directory records that are used in execution of commands. */
dir_rec_t android_data_dir;
dir_rec_t android_asec_dir;
@@ -58,6 +62,15 @@ int install(const char *pkgname, uid_t uid, gid_t gid)
unlink(pkgdir);
return -errno;
}
+
+#ifdef HAVE_SELINUX
+ if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
+ LOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
+ unlink(pkgdir);
+ return -errno;
+ }
+#endif
+
if (mkdir(libdir, 0755) < 0) {
ALOGE("cannot create dir '%s': %s\n", libdir, strerror(errno));
unlink(pkgdir);
@@ -75,6 +88,16 @@ int install(const char *pkgname, uid_t uid, gid_t gid)
unlink(pkgdir);
return -errno;
}
+
+#ifdef HAVE_SELINUX
+ if (selinux_android_setfilecon(libdir, pkgname, AID_SYSTEM) < 0) {
+ LOGE("cannot setfilecon dir '%s': %s\n", libdir, strerror(errno));
+ unlink(libdir);
+ unlink(pkgdir);
+ return -errno;
+ }
+#endif
+
return 0;
}
@@ -135,6 +158,15 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
unlink(pkgdir);
return -errno;
}
+
+#ifdef HAVE_SELINUX
+ if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
+ LOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
+ unlink(pkgdir);
+ return -errno;
+ }
+#endif
+
return 0;
}
@@ -284,12 +316,18 @@ int protect(char *pkgname, gid_t gid)
ALOGE("failed to chgrp '%s': %s\n", pkgpath, strerror(errno));
return -1;
}
-
if (chmod(pkgpath, S_IRUSR|S_IWUSR|S_IRGRP) < 0) {
ALOGE("failed to chmod '%s': %s\n", pkgpath, strerror(errno));
return -1;
}
+#ifdef HAVE_SELINUX
+ if (selinux_android_setfilecon(pkgpath, pkgname, s.st_uid) < 0) {
+ LOGE("cannot setfilecon dir '%s': %s\n", pkgpath, strerror(errno));
+ return -1;
+ }
+#endif
+
return 0;
}