am 48718c85: Merge "Proper security labeling of multi-user data directories."

* commit '48718c85b41b785cf6f6ae72beb4c5d46559b735': Proper security labeling of multi-user data directories.
2013-03-25 14:49:28 -07:00
parent 40a85bbc84 48718c85b4
commit a9af6c3786
6 changed files with 13 additions and 9 deletions
--- a/cmds/installd/commands.c
+++ b/cmds/installd/commands.c
@ -184,7 +184,7 @@ int delete_user_data(const char *pkgname, uid_t persona)
    return delete_dir_contents(pkgdir, 0, "lib");
 }

-int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo)
 {
    char pkgdir[PKG_PATH_MAX];
    char applibdir[PKG_PATH_MAX];
@ -245,7 +245,7 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
        return -1;
    }

-    if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
+    if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) {
        ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
        unlink(libsymlink);
        unlink(pkgdir);
@ -317,7 +317,7 @@ int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy)
                uid = (uid_t) s.st_uid % PER_USER_RANGE;
                /* Create the directory for the target */
                make_user_data(name, uid + target_persona * PER_USER_RANGE,
-                               target_persona);
+                               target_persona, NULL);
            }
        }
        closedir(d);
--- a/cmds/installd/installd.c
+++ b/cmds/installd/installd.c
@ -103,7 +103,8 @@ static int do_rm_user_data(char **arg, char reply[REPLY_MAX])

 static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
 {
-    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */
+    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]);
+                             /* pkgname, uid, userid, seinfo */
 }

 static int do_rm_user(char **arg, char reply[REPLY_MAX])
@ -147,7 +148,7 @@ struct cmdinfo cmds[] = {
    { "rmuserdata",           2, do_rm_user_data },
    { "movefiles",            0, do_movefiles },
    { "linklib",              3, do_linklib },
-    { "mkuserdata",           3, do_mk_user_data },
+    { "mkuserdata",           4, do_mk_user_data },
    { "rmuser",               1, do_rm_user },
    { "cloneuserdata",        3, do_clone_user_data },
 };
--- a/cmds/installd/installd.h
+++ b/cmds/installd/installd.h
@ -197,7 +197,7 @@ int uninstall(const char *pkgname, uid_t persona);
 int renamepkg(const char *oldpkgname, const char *newpkgname);
 int fix_uid(const char *pkgname, uid_t uid, gid_t gid);
 int delete_user_data(const char *pkgname, uid_t persona);
-int make_user_data(const char *pkgname, uid_t uid, uid_t persona);
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo);
 int delete_persona(uid_t persona);
 int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy);
 int delete_cache(const char *pkgname, uid_t persona);
--- a/services/java/com/android/server/pm/Installer.java
+++ b/services/java/com/android/server/pm/Installer.java
@ -265,7 +265,7 @@ public final class Installer {
        return execute(builder.toString());
    }

-    public int createUserData(String name, int uid, int userId) {
+    public int createUserData(String name, int uid, int userId, String seinfo) {
        StringBuilder builder = new StringBuilder("mkuserdata");
        builder.append(' ');
        builder.append(name);
@ -273,6 +273,8 @@ public final class Installer {
        builder.append(uid);
        builder.append(' ');
        builder.append(userId);
+        builder.append(' ');
+        builder.append(seinfo != null ? seinfo : "!");
        return execute(builder.toString());
    }

--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@ -3596,7 +3596,7 @@ public class PackageManagerService extends IPackageManager.Stub {
        for (int user : users) {
            if (user != 0) {
                res = mInstaller.createUserData(packageName,
-                        UserHandle.getUid(user, uid), user);
+                        UserHandle.getUid(user, uid), user, seinfo);
                if (res < 0) {
                    return res;
                }
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@ -2337,7 +2337,8 @@ final class Settings {
            ps.setInstalled((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) != 0, userHandle);
            // Need to create a data directory for all apps under this user.
            installer.createUserData(ps.name,
-                    UserHandle.getUid(userHandle, ps.appId), userHandle);
+                    UserHandle.getUid(userHandle, ps.appId), userHandle,
+                    ps.pkg.applicationInfo.seinfo);
        }
        readDefaultPreferredAppsLPw(userHandle);
        writePackageRestrictionsLPr(userHandle);