From e6a337246ee3736727f43ed21a2287a59ed4491c Mon Sep 17 00:00:00 2001 From: rpcraig Date: Wed, 14 Nov 2012 10:07:28 -0500 Subject: Add seinfo parsing to PackageManagerService. This patch set allows the PMS to parse the mac_permissions.xml file which contains the seinfo values. Each package that is installed on the device will be assigned an seinfo value based on policy. This seinfo value will help label the app process and data directory. Modifications also include, adjustments to ApplicationInfo.java to store the seinfo tag per package, adjustments to installd to communicate the seinfo tag to libselinux, and finally a set of unit tests. Signed-off-by: rpcraig Change-Id: I61ad1ea12fb6a9a6d0b108ec163bc4bf4c954b58 --- .../android/server/pm/PackageManagerService.java | 25 ++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'services/java/com/android/server/pm/PackageManagerService.java') diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java index f134854..0bf7be9 100644 --- a/services/java/com/android/server/pm/PackageManagerService.java +++ b/services/java/com/android/server/pm/PackageManagerService.java @@ -85,6 +85,7 @@ import android.content.pm.PermissionGroupInfo; import android.content.pm.PermissionInfo; import android.content.pm.ProviderInfo; import android.content.pm.ResolveInfo; +import android.content.pm.SELinuxMMAC; import android.content.pm.ServiceInfo; import android.content.pm.Signature; import android.content.pm.ManifestDigest; @@ -360,6 +361,9 @@ public class PackageManagerService extends IPackageManager.Stub { final HashMap mAvailableFeatures = new HashMap(); + // If mac_permissions.xml was found for seinfo labeling. + boolean mFoundPolicyFile; + // All available activities, for your resolving pleasure. final ActivityIntentResolver mActivities = new ActivityIntentResolver(); @@ -1158,6 +1162,13 @@ public class PackageManagerService extends IPackageManager.Stub { } } + // Find potential SELinux install policy + long startPolicyTime = SystemClock.uptimeMillis(); + mFoundPolicyFile = SELinuxMMAC.readInstallPolicy(); + Slog.i(TAG, "Time to scan SELinux install policy: " + + ((SystemClock.uptimeMillis()-startPolicyTime)/1000f) + + " seconds"); + // Find base frameworks (resource packages without code). mFrameworkInstallObserver = new AppDirObserver( mFrameworkDir.getPath(), OBSERVER_EVENTS, true); @@ -3597,9 +3608,9 @@ public class PackageManagerService extends IPackageManager.Stub { } } - private int createDataDirsLI(String packageName, int uid) { + private int createDataDirsLI(String packageName, int uid, String seinfo) { int[] users = sUserManager.getUserIds(); - int res = mInstaller.install(packageName, uid, uid); + int res = mInstaller.install(packageName, uid, uid, seinfo); if (res < 0) { return res; } @@ -3646,6 +3657,10 @@ public class PackageManagerService extends IPackageManager.Stub { } mScanningPath = scanFile; + if (mFoundPolicyFile) { + SELinuxMMAC.assignSeinfoValue(pkg); + } + if ((parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0) { pkg.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM; } @@ -4014,7 +4029,8 @@ public class PackageManagerService extends IPackageManager.Stub { recovered = true; // And now re-install the app. - ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid); + ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid, + pkg.applicationInfo.seinfo); if (ret == -1) { // Ack should not happen! msg = prefix + pkg.packageName @@ -4060,7 +4076,8 @@ public class PackageManagerService extends IPackageManager.Stub { Log.v(TAG, "Want this data dir: " + dataPath); } //invoke installer to do the actual installation - int ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid); + int ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid, + pkg.applicationInfo.seinfo); if (ret < 0) { // Error from installer mLastScanError = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; -- cgit v1.1