Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1f7f1532 authored by Robert Craig's avatar Robert Craig Committed by Ricardo Cerqueira
Browse files

Bring install-time code inline with AOSP. 



Recent submissions to AOSP rework some of the
internal logic of SELinuxMMAC and the PMS.
Bring our maintained version inline with
those changes while still allowing policy
to dictate all seinfo values regardless
of location.

Change-Id: I11ff4c4089217e6a9d95ca2841c5bc29bfd763ad
Signed-off-by: default avatarrpcraig <rpcraig@tycho.ncsc.mil>
parent 7e092967

services/java/com/android/server/pm/PackageManagerService.java

+4 −2
Original line number Diff line number Diff line
@@ -3881,7 +3881,9 @@ public class PackageManagerService extends IPackageManager.Stub { 
            

            if (mSettings.isDisabledSystemPackageLPr(pkg.packageName)) {

                pkg.applicationInfo.flags |= ApplicationInfo.FLAG_UPDATED_SYSTEM_APP;

            } else if (mFoundPolicyFile && !SELinuxMMAC.passInstallPolicyChecks(pkg) &&

            }



            if (mFoundPolicyFile && !SELinuxMMAC.passInstallPolicyChecks(pkg) &&

                SELinuxMMAC.getEnforcingMode()) {

                Slog.w(TAG, "Installing application package " + pkg.packageName

                       + " failed due to policy.");

services/java/com/android/server/pm/SELinuxMMAC.java

+34 −23
Original line number Diff line number Diff line
@@ -461,11 +461,21 @@ public final class SELinuxMMAC { 
     */

    public static boolean passInstallPolicyChecks(PackageParser.Package pkg) {



        /*

         * Non system installed apps should be treated the same. This

         * means that any post-loaded apk will be assigned the default

         * tag, if one exists in the policy, else null, without respect

         * to the signing key.

         */

        /*

        if (((pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) ||

            ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0)) {

        */



            // We just want one of the signatures to match.

            for (Signature s : pkg.mSignatures) {

            if (s == null) {

                if (s == null)

                    continue;

            }



                // Check for a non default signature policy.

                if (SIG_POLICY.containsKey(s)) {
@@ -493,6 +503,7 @@ public final class SELinuxMMAC { 
                }

                return passed;

            }

        //}



        // Check for a default policy.

        if (SIG_POLICY.containsKey(null)) {