BackupManagerService files need new security labeling.

Use restorecon to label files and directories specific to BMS. * /data/backup : provide default type labeling for all files/dirs used by BMS. * /data/secure/backup : provide default type labeling used by BMS when encrypted file system is enabled. * /cache/<package name>.{data|restore} : specifically target files opened and passed by BMS to apps that have backup capabilities. * /cache/backup : default labeling for the directory used by the LocalTransport that stores backup files for local testing. Change-Id: Id4d46e82cd13abc2e395e0c30c515f0a33df93e7 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
author: rpcraig <rpcraig@tycho.ncsc.mil> 2012-12-04 09:37:23 -0500
committer: rpcraig <rpcraig@tycho.ncsc.mil> 2012-12-04 10:26:33 -0500
commit: ebab0ae105f1a6df593a4bc2549fae3ee8b2ade4 (patch)
tree: 8b04ee2c806ee78e3245a3251e377595fda7885e /services
parent: 568f923ba4cf522f699837bee0d8cba318343345 (diff)
download: frameworks_base-ebab0ae105f1a6df593a4bc2549fae3ee8b2ade4.zip
frameworks_base-ebab0ae105f1a6df593a4bc2549fae3ee8b2ade4.tar.gz
frameworks_base-ebab0ae105f1a6df593a4bc2549fae3ee8b2ade4.tar.bz2
1 files changed, 12 insertions, 0 deletions
diff --git a/services/java/com/android/server/BackupManagerService.java b/services/java/com/android/server/BackupManagerService.java
index 7ac314b..91e3330 100644
--- a/services/java/com/android/server/BackupManagerService.java
+++ b/services/java/com/android/server/BackupManagerService.java
@@ -63,6 +63,7 @@ import android.os.ParcelFileDescriptor;
 import android.os.PowerManager;
 import android.os.Process;
 import android.os.RemoteException;
+import android.os.SELinux;
 import android.os.ServiceManager;
 import android.os.SystemClock;
 import android.os.UserHandle;
@@ -743,6 +744,9 @@ class BackupManagerService extends IBackupManager.Stub {
         // correct directory.
         mBaseStateDir = new File(Environment.getSecureDataDirectory(), "backup");
         mBaseStateDir.mkdirs();
+        if (!SELinux.restorecon(mBaseStateDir)) {
+            Slog.e(TAG, "SELinux restorecon failed on " + mBaseStateDir);
+        }
         mDataDir = Environment.getDownloadCacheDirectory();
 
         mPasswordHashFile = new File(mBaseStateDir, "pwhash");
@@ -2133,6 +2137,10 @@ class BackupManagerService extends IBackupManager.Stub {
                         ParcelFileDescriptor.MODE_CREATE |
                         ParcelFileDescriptor.MODE_TRUNCATE);
 
+                if (!SELinux.restorecon(mBackupDataName)) {
+                    Slog.e(TAG, "SELinux restorecon failed on " + mBackupDataName);
+                }
+
                 mNewState = ParcelFileDescriptor.open(mNewStateName,
                         ParcelFileDescriptor.MODE_READ_WRITE |
                         ParcelFileDescriptor.MODE_CREATE |
@@ -4572,6 +4580,10 @@ class BackupManagerService extends IBackupManager.Stub {
                             ParcelFileDescriptor.MODE_CREATE |
                             ParcelFileDescriptor.MODE_TRUNCATE);
 
+                if (!SELinux.restorecon(mBackupDataName)) {
+                    Slog.e(TAG, "SElinux restorecon failed for " + mBackupDataName);
+                }
+
                 if (mTransport.getRestoreData(mBackupData) != BackupConstants.TRANSPORT_OK) {
                     // Transport-level failure, so we wind everything up and
                     // terminate the restore operation.
author	rpcraig <rpcraig@tycho.ncsc.mil>	2012-12-04 09:37:23 -0500
committer	rpcraig <rpcraig@tycho.ncsc.mil>	2012-12-04 10:26:33 -0500
commit	ebab0ae105f1a6df593a4bc2549fae3ee8b2ade4 (patch)
tree	8b04ee2c806ee78e3245a3251e377595fda7885e /services
parent	568f923ba4cf522f699837bee0d8cba318343345 (diff)
download	frameworks_base-ebab0ae105f1a6df593a4bc2549fae3ee8b2ade4.zip frameworks_base-ebab0ae105f1a6df593a4bc2549fae3ee8b2ade4.tar.gz frameworks_base-ebab0ae105f1a6df593a4bc2549fae3ee8b2ade4.tar.bz2