Add data validation on seinfo labels. (1c6f7a8d) · Commits · e / os / android_frameworks_base

services/java/com/android/server/pm/SELinuxMMAC.java

+25 −2

Original line number	Diff line number	Diff line
		@@ -165,6 +165,7 @@ public final class SELinuxMMAC {
		XmlUtils.skipCurrentTag(parser);
		continue;
		}

		if (signature == null) {
		Slog.w(TAG, "<signer> with null signature at "
		+ parser.getPositionDescription());
		@@ -257,10 +258,10 @@ public final class SELinuxMMAC {
		String tagName = parser.getName();
		if ("seinfo".equals(tagName)) {
		String seinfoValue = parser.getAttributeValue(null, "value");
		if (seinfoValue != null) {
		if (validateValue(seinfoValue)) {
		seinfo = seinfoValue;
		} else {
		Slog.w(TAG, "<seinfo> without value at "
		Slog.w(TAG, "<seinfo> without valid value at "
		+ parser.getPositionDescription());
		}
		} else if ("allow-permission".equals(tagName)) {
		@@ -452,6 +453,28 @@ public final class SELinuxMMAC {
		}
		}

		/**
		* General validation routine for tag values.
		* Returns a boolean indicating if the passed string
		* contains only letters or underscores.
		*/
		private static boolean validateValue(String name) {
		if (name == null)
		return false;

		final int N = name.length();
		if (N == 0)
		return false;

		for (int i = 0; i < N; i++) {
		final char c = name.charAt(i);
		if ((c < 'a' \|\| c > 'z') && (c < 'A' \|\| c > 'Z') && (c != '_')) {
		return false;
		}
		}
		return true;
		}

		/**
		* Detemines if the package passes policy. If the package does pass
		* policy checks then an seinfo label is also assigned to the package.