am 59e06d3a: am 98fdff61: am 56fde9e7: Merge "SELinuxPolicyInstallReceiver: Prevent partial or mixed policy updates."

* commit '59e06d3ab479ab04df84b783cb119f032549f492': SELinuxPolicyInstallReceiver: Prevent partial or mixed policy updates.
author: Nick Kralevich <nnk@google.com> 2015-03-03 22:24:26 +0000
committer: Android Git Automerger <android-git-automerger@android.com> 2015-03-03 22:24:26 +0000
commit: 15036550075ffa46ffdf0d6816eb19d03f9027c1 (patch)
tree: c332cf92fa6fd7864f6b60c2eb9de729a19d8d86 /services
parent: a0e17fafa10463aa876240bf36d776335679add0 (diff)
parent: 59e06d3ab479ab04df84b783cb119f032549f492 (diff)
download: frameworks_base-15036550075ffa46ffdf0d6816eb19d03f9027c1.zip
frameworks_base-15036550075ffa46ffdf0d6816eb19d03f9027c1.tar.gz
frameworks_base-15036550075ffa46ffdf0d6816eb19d03f9027c1.tar.bz2
1 files changed, 29 insertions, 52 deletions
diff --git a/services/core/java/com/android/server/updates/SELinuxPolicyInstallReceiver.java b/services/core/java/com/android/server/updates/SELinuxPolicyInstallReceiver.java
index 3de1bba..4e53687 100644
--- a/services/core/java/com/android/server/updates/SELinuxPolicyInstallReceiver.java
+++ b/services/core/java/com/android/server/updates/SELinuxPolicyInstallReceiver.java
@@ -47,39 +47,6 @@ public class SELinuxPolicyInstallReceiver extends ConfigUpdateInstallReceiver {
         super("/data/security/bundle", "sepolicy_bundle", "metadata/", "version");
     }
 
-    private void backupContexts(File contexts) {
-        new File(contexts, versionPath).renameTo(
-                new File(contexts, versionPath + "_backup"));
-
-        new File(contexts, macPermissionsPath).renameTo(
-                new File(contexts, macPermissionsPath + "_backup"));
-
-        new File(contexts, seappContextsPath).renameTo(
-                new File(contexts, seappContextsPath + "_backup"));
-
-        new File(contexts, propertyContextsPath).renameTo(
-                new File(contexts, propertyContextsPath + "_backup"));
-
-        new File(contexts, fileContextsPath).renameTo(
-                new File(contexts, fileContextsPath + "_backup"));
-
-        new File(contexts, sepolicyPath).renameTo(
-                new File(contexts, sepolicyPath + "_backup"));
-
-        new File(contexts, serviceContextsPath).renameTo(
-                new File(contexts, serviceContextsPath + "_backup"));
-    }
-
-    private void copyUpdate(File contexts) {
-        new File(updateDir, versionPath).renameTo(new File(contexts, versionPath));
-        new File(updateDir, macPermissionsPath).renameTo(new File(contexts, macPermissionsPath));
-        new File(updateDir, seappContextsPath).renameTo(new File(contexts, seappContextsPath));
-        new File(updateDir, propertyContextsPath).renameTo(new File(contexts, propertyContextsPath));
-        new File(updateDir, fileContextsPath).renameTo(new File(contexts, fileContextsPath));
-        new File(updateDir, sepolicyPath).renameTo(new File(contexts, sepolicyPath));
-        new File(updateDir, serviceContextsPath).renameTo(new File(contexts, serviceContextsPath));
-    }
-
     private int readInt(BufferedInputStream reader) throws IOException {
         int value = 0;
         for (int i=0; i < 4; i++) {
@@ -107,17 +74,27 @@ public class SELinuxPolicyInstallReceiver extends ConfigUpdateInstallReceiver {
         writeUpdate(updateDir, destination, Base64.decode(chunk, Base64.DEFAULT));
     }
 
+    private void deleteRecursive(File fileOrDirectory) {
+        if (fileOrDirectory.isDirectory())
+            for (File child : fileOrDirectory.listFiles())
+                deleteRecursive(child);
+        fileOrDirectory.delete();
+    }
+
     private void unpackBundle() throws IOException {
         BufferedInputStream stream = new BufferedInputStream(new FileInputStream(updateContent));
+        File tmp = new File(updateDir.getParentFile(), "tmp");
         try {
             int[] chunkLengths = readChunkLengths(stream);
-            installFile(new File(updateDir, versionPath), stream, chunkLengths[0]);
-            installFile(new File(updateDir, macPermissionsPath), stream, chunkLengths[1]);
-            installFile(new File(updateDir, seappContextsPath), stream, chunkLengths[2]);
-            installFile(new File(updateDir, propertyContextsPath), stream, chunkLengths[3]);
-            installFile(new File(updateDir, fileContextsPath), stream, chunkLengths[4]);
-            installFile(new File(updateDir, sepolicyPath), stream, chunkLengths[5]);
-            installFile(new File(updateDir, serviceContextsPath), stream, chunkLengths[6]);
+            deleteRecursive(tmp);
+            tmp.mkdirs();
+            installFile(new File(tmp, versionPath), stream, chunkLengths[0]);
+            installFile(new File(tmp, macPermissionsPath), stream, chunkLengths[1]);
+            installFile(new File(tmp, seappContextsPath), stream, chunkLengths[2]);
+            installFile(new File(tmp, propertyContextsPath), stream, chunkLengths[3]);
+            installFile(new File(tmp, fileContextsPath), stream, chunkLengths[4]);
+            installFile(new File(tmp, sepolicyPath), stream, chunkLengths[5]);
+            installFile(new File(tmp, serviceContextsPath), stream, chunkLengths[6]);
         } finally {
             IoUtils.closeQuietly(stream);
         }
@@ -125,22 +102,22 @@ public class SELinuxPolicyInstallReceiver extends ConfigUpdateInstallReceiver {
 
     private void applyUpdate() throws IOException, ErrnoException {
         Slog.i(TAG, "Applying SELinux policy");
-        File contexts = new File(updateDir.getParentFile(), "contexts");
+        File backup = new File(updateDir.getParentFile(), "backup");
         File current = new File(updateDir.getParentFile(), "current");
-        File update = new File(updateDir.getParentFile(), "update");
         File tmp = new File(updateDir.getParentFile(), "tmp");
         if (current.exists()) {
-            Os.symlink(updateDir.getPath(), update.getPath());
-            Os.rename(update.getPath(), current.getPath());
-        } else {
-            Os.symlink(updateDir.getPath(), current.getPath());
+            deleteRecursive(backup);
+            Os.rename(current.getPath(), backup.getPath());
+        }
+        try {
+            Os.rename(tmp.getPath(), current.getPath());
+            SystemProperties.set("selinux.reload_policy", "1");
+        } catch (ErrnoException e) {
+            Slog.e(TAG, "Could not update selinux policy: ", e);
+            if (backup.exists()) {
+                Os.rename(backup.getPath(), current.getPath());
+            }
         }
-        contexts.mkdirs();
-        backupContexts(contexts);
-        copyUpdate(contexts);
-        Os.symlink(contexts.getPath(), tmp.getPath());
-        Os.rename(tmp.getPath(), current.getPath());
-        SystemProperties.set("selinux.reload_policy", "1");
     }
 
     @Override
author	Nick Kralevich <nnk@google.com>	2015-03-03 22:24:26 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	2015-03-03 22:24:26 +0000
commit	15036550075ffa46ffdf0d6816eb19d03f9027c1 (patch)
tree	c332cf92fa6fd7864f6b60c2eb9de729a19d8d86 /services
parent	a0e17fafa10463aa876240bf36d776335679add0 (diff)
parent	59e06d3ab479ab04df84b783cb119f032549f492 (diff)
download	frameworks_base-15036550075ffa46ffdf0d6816eb19d03f9027c1.zip frameworks_base-15036550075ffa46ffdf0d6816eb19d03f9027c1.tar.gz frameworks_base-15036550075ffa46ffdf0d6816eb19d03f9027c1.tar.bz2