From dbea3cd118fe4eeb9b43ea50727987fa790a2edd Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Mon, 24 Nov 2014 14:45:40 -0800 Subject: Better am error when SELinux blocking access. Bug: 18479882 Change-Id: I0732e54838c4e04d9d727e7c5fd9d7e7bacbaa1f --- cmds/am/src/com/android/commands/am/Am.java | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'cmds/am') diff --git a/cmds/am/src/com/android/commands/am/Am.java b/cmds/am/src/com/android/commands/am/Am.java index 475d540..2ea1d4d 100644 --- a/cmds/am/src/com/android/commands/am/Am.java +++ b/cmds/am/src/com/android/commands/am/Am.java @@ -47,6 +47,7 @@ import android.os.Bundle; import android.os.IBinder; import android.os.ParcelFileDescriptor; import android.os.RemoteException; +import android.os.SELinux; import android.os.ServiceManager; import android.os.SystemClock; import android.os.SystemProperties; @@ -741,13 +742,14 @@ public class Am extends BaseCommand { if (mProfileFile != null) { try { - fd = ParcelFileDescriptor.open( + fd = openForSystemServer( new File(mProfileFile), ParcelFileDescriptor.MODE_CREATE | ParcelFileDescriptor.MODE_TRUNCATE | ParcelFileDescriptor.MODE_READ_WRITE); } catch (FileNotFoundException e) { System.err.println("Error: Unable to open file: " + mProfileFile); + System.err.println("Consider using a file under /data/local/tmp/"); return; } profilerInfo = new ProfilerInfo(mProfileFile, fd, mSamplingInterval, mAutoStop); @@ -1053,13 +1055,14 @@ public class Am extends BaseCommand { if (start) { profileFile = nextArgRequired(); try { - fd = ParcelFileDescriptor.open( + fd = openForSystemServer( new File(profileFile), ParcelFileDescriptor.MODE_CREATE | ParcelFileDescriptor.MODE_TRUNCATE | ParcelFileDescriptor.MODE_READ_WRITE); } catch (FileNotFoundException e) { System.err.println("Error: Unable to open file: " + profileFile); + System.err.println("Consider using a file under /data/local/tmp/"); return; } profilerInfo = new ProfilerInfo(profileFile, fd, 0, false); @@ -1113,12 +1116,13 @@ public class Am extends BaseCommand { try { File file = new File(heapFile); file.delete(); - fd = ParcelFileDescriptor.open(file, + fd = openForSystemServer(file, ParcelFileDescriptor.MODE_CREATE | ParcelFileDescriptor.MODE_TRUNCATE | ParcelFileDescriptor.MODE_READ_WRITE); } catch (FileNotFoundException e) { System.err.println("Error: Unable to open file: " + heapFile); + System.err.println("Consider using a file under /data/local/tmp/"); return; } @@ -1855,4 +1859,18 @@ public class Am extends BaseCommand { } catch (RemoteException e) { } } + + /** + * Open the given file for sending into the system process. This verifies + * with SELinux that the system will have access to the file. + */ + private static ParcelFileDescriptor openForSystemServer(File file, int mode) + throws FileNotFoundException { + final ParcelFileDescriptor fd = ParcelFileDescriptor.open(file, mode); + final String tcon = SELinux.getFileContext(file.getAbsolutePath()); + if (!SELinux.checkSELinuxAccess("u:r:system_server:s0", tcon, "file", "read")) { + throw new FileNotFoundException("System server has no access to file context " + tcon); + } + return fd; + } } -- cgit v1.1