diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-05-13 12:53:07 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-05-13 12:59:40 -0400 |
| commit | 3a98389263ea0bf9656bcc6869855099194f498c (patch) | |
| tree | 46ba90a49b5ebd0cd544a86c141ab0481bd925a1 | |
| parent | bd20e551f64234142e1146f9fa4b2dcebbd72122 (diff) | |
| download | frameworks_native-3a98389263ea0bf9656bcc6869855099194f498c.zip frameworks_native-3a98389263ea0bf9656bcc6869855099194f498c.tar.gz frameworks_native-3a98389263ea0bf9656bcc6869855099194f498c.tar.bz2 | |
Ensure that app lib symlinks are correctly labeled when created.
At present, the app lib symlinks are created before setting
the package directory security context, and therefore default
to system_data_file. Upon a later restorecon_recursive,
they are relabeled to the same type as the package directory,
e.g. app_data_file. Avoid this inconsistency by setting the
package directory security context before creating the symlink
so that it inherits the same security context.
Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
| -rw-r--r-- | cmds/installd/commands.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c index cfb80e3..70510a5 100644 --- a/cmds/installd/commands.c +++ b/cmds/installd/commands.c @@ -85,13 +85,6 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) } } - if (symlink(applibdir, libsymlink) < 0) { - ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir, - strerror(errno)); - unlink(pkgdir); - return -1; - } - if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) { ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); @@ -99,6 +92,13 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) return -errno; } + if (symlink(applibdir, libsymlink) < 0) { + ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir, + strerror(errno)); + unlink(pkgdir); + return -1; + } + if (chown(pkgdir, uid, gid) < 0) { ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); @@ -241,13 +241,6 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* } } - if (symlink(applibdir, libsymlink) < 0) { - ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink, - applibdir, strerror(errno)); - unlink(pkgdir); - return -1; - } - if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) { ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); @@ -255,6 +248,13 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char* return -errno; } + if (symlink(applibdir, libsymlink) < 0) { + ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink, + applibdir, strerror(errno)); + unlink(pkgdir); + return -1; + } + if (chown(pkgdir, uid, uid) < 0) { ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); |