Add data validation on seinfo labels.

Ensure that policy contains a clean seinfo string. Where clean means no whitespace characters. Change-Id: I814411cbc8d16eaed99a1389f5487529e36e617b Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
author: Robert Craig <rpcraig@tycho.ncsc.mil> 2013-03-28 06:22:12 -0400
committer: Robert Craig <rpcraig@tycho.ncsc.mil> 2013-03-28 12:19:27 -0400
commit: d417ab0ea526cee036a71e67af4a8a898e35f564 (patch)
tree: ae374f1729bd3a8496078b429116f8341d62cf57 /services
parent: 3864aa3944254184ddcd61002cb9f1d7cb1d4c67 (diff)
download: frameworks_base-d417ab0ea526cee036a71e67af4a8a898e35f564.zip
frameworks_base-d417ab0ea526cee036a71e67af4a8a898e35f564.tar.gz
frameworks_base-d417ab0ea526cee036a71e67af4a8a898e35f564.tar.bz2
1 files changed, 24 insertions, 2 deletions
diff --git a/services/java/com/android/server/pm/SELinuxMMAC.java b/services/java/com/android/server/pm/SELinuxMMAC.java
index 15d2a5a..4bbdb5e 100644
--- a/services/java/com/android/server/pm/SELinuxMMAC.java
+++ b/services/java/com/android/server/pm/SELinuxMMAC.java
@@ -206,10 +206,10 @@ public final class SELinuxMMAC {
             String tagName = parser.getName();
             if ("seinfo".equals(tagName)) {
                 String seinfoValue = parser.getAttributeValue(null, "value");
-                if (seinfoValue != null) {
+                if (validateValue(seinfoValue)) {
                     seinfo = seinfoValue;
                 } else {
-                    Slog.w(TAG, "<seinfo> without value at "
+                    Slog.w(TAG, "<seinfo> without valid value at "
                            + parser.getPositionDescription());
                 }
             }
@@ -219,6 +219,28 @@ public final class SELinuxMMAC {
     }
 
     /**
+     * General validation routine for tag values.
+     * Returns a boolean indicating if the passed string
+     * contains only letters or underscores.
+     */
+    private static boolean validateValue(String name) {
+        if (name == null)
+            return false;
+
+        final int N = name.length();
+        if (N == 0)
+            return false;
+
+        for (int i = 0; i < N; i++) {
+            final char c = name.charAt(i);
+            if ((c < 'a' || c > 'z') && (c < 'A' || c > 'Z') && (c != '_')) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
      * Labels a package based on an seinfo tag from install policy.
      * The label is attached to the ApplicationInfo instance of the package.
      * @param PackageParser.Package object representing the package
author	Robert Craig <rpcraig@tycho.ncsc.mil>	2013-03-28 06:22:12 -0400
committer	Robert Craig <rpcraig@tycho.ncsc.mil>	2013-03-28 12:19:27 -0400
commit	d417ab0ea526cee036a71e67af4a8a898e35f564 (patch)
tree	ae374f1729bd3a8496078b429116f8341d62cf57 /services
parent	3864aa3944254184ddcd61002cb9f1d7cb1d4c67 (diff)
download	frameworks_base-d417ab0ea526cee036a71e67af4a8a898e35f564.zip frameworks_base-d417ab0ea526cee036a71e67af4a8a898e35f564.tar.gz frameworks_base-d417ab0ea526cee036a71e67af4a8a898e35f564.tar.bz2