Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8063d3ad authored by Yurii Zubrytskyi's avatar Yurii Zubrytskyi Committed by Automerger Merge Worker
Browse files

Merge "SELinux labels bug logging and workaround" into tm-dev am: a9cdc4a8 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/18281657



Change-Id: I4ae654f1bf8f7a30ea9e85de1553555e163b3cb8
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents e6415a9d a9cdc4a8

services/core/java/com/android/server/pm/FileInstallArgs.java

+16 −3
Original line number Original line Diff line number Diff line
@@ -172,10 +172,23 @@ class FileInstallArgs extends InstallArgs { 
            return false;

            return false;

        }

        }





        if (!onIncremental && !SELinux.restoreconRecursive(afterCodeFile)) {

        if (onIncremental) {

            Slog.i(TAG, PackageManagerServiceUtils.SELINUX_BUG

                    + ": Skipping restorecon for Incremental install of " + beforeCodeFile);

        } else {

            try {

                if (!SELinux.restoreconRecursive(afterCodeFile)) {

                    Slog.w(TAG, "Failed to restorecon");

                    Slog.w(TAG, "Failed to restorecon");

                    return false;

                    return false;

                }

                }

                PackageManagerServiceUtils.verifySelinuxLabels(afterCodeFile.getAbsolutePath());

            } catch (Exception e) {

                Slog.e(TAG,

                        PackageManagerServiceUtils.SELINUX_BUG + ": Exception from restorecon on "

                                + beforeCodeFile, e);

                throw e;

            }

        }





        // Reflect the rename internally

        // Reflect the rename internally

        mCodeFile = afterCodeFile;

        mCodeFile = afterCodeFile;

services/core/java/com/android/server/pm/InstallPackageHelper.java

+5 −0
Original line number Original line Diff line number Diff line
@@ -648,6 +648,10 @@ final class InstallPackageHelper { 
            Log.v(TAG, "restoreAndPostInstall userId=" + userId + " package=" + res.mPkg);

            Log.v(TAG, "restoreAndPostInstall userId=" + userId + " package=" + res.mPkg);

        }

        }





        if (res.mPkg != null) {

            PackageManagerServiceUtils.verifySelinuxLabels(res.mPkg.getPath());

        }



        // A restore should be requested at this point if (a) the install

        // A restore should be requested at this point if (a) the install

        // succeeded, (b) the operation is not an update.

        // succeeded, (b) the operation is not an update.

        final boolean update = res.mRemovedInfo != null

        final boolean update = res.mRemovedInfo != null
@@ -3566,6 +3570,7 @@ final class InstallPackageHelper { 
            @ParsingPackageUtils.ParseFlags int parseFlags,

            @ParsingPackageUtils.ParseFlags int parseFlags,

            @PackageManagerService.ScanFlags int scanFlags,

            @PackageManagerService.ScanFlags int scanFlags,

            @Nullable UserHandle user) throws PackageManagerException {

            @Nullable UserHandle user) throws PackageManagerException {

        PackageManagerServiceUtils.verifySelinuxLabels(parsedPackage.getPath());





        final Pair<ScanResult, Boolean> scanResultPair = scanSystemPackageLI(

        final Pair<ScanResult, Boolean> scanResultPair = scanSystemPackageLI(

                parsedPackage, parseFlags, scanFlags, user);

                parsedPackage, parseFlags, scanFlags, user);

services/core/java/com/android/server/pm/PackageManagerServiceUtils.java

+25 −0
Original line number Original line Diff line number Diff line
@@ -60,6 +60,7 @@ import android.os.Debug; 
import android.os.Environment;

import android.os.Environment;

import android.os.FileUtils;

import android.os.FileUtils;

import android.os.Process;

import android.os.Process;

import android.os.SELinux;

import android.os.SystemProperties;

import android.os.SystemProperties;

import android.os.incremental.IncrementalManager;

import android.os.incremental.IncrementalManager;

import android.os.incremental.IncrementalStorage;

import android.os.incremental.IncrementalStorage;
@@ -1388,4 +1389,28 @@ public class PackageManagerServiceUtils { 
            }

            }

        }

        }

    }

    }



    // TODO(b/231951809): remove this workaround after figuring out why apk_tmp_file labels stay

    // on the installed apps instead of the correct apk_data_file ones



    public static final String SELINUX_BUG = "b/231951809";



    /**

     * A workaround for b/231951809:

     * Verifies the SELinux labels of the passed path, and tries to correct them if detects them

     * wrong or missing.

     */

    public static void verifySelinuxLabels(String path) {

        final String expectedCon = SELinux.fileSelabelLookup(path);

        final String actualCon = SELinux.getFileContext(path);

        Slog.i(TAG, SELINUX_BUG + ": checking selinux labels for " + path + " expected / actual: "

                + expectedCon + " / " + actualCon);

        if (expectedCon == null || !expectedCon.equals(actualCon)) {

            Slog.w(TAG, SELINUX_BUG + ": labels don't match, reapplying for " + path);

            if (!SELinux.restoreconRecursive(new File(path))) {

                Slog.w(TAG, SELINUX_BUG + ": Failed to reapply restorecon");

            }

            // well, if it didn't work now after not working at first, not much else can be done

        }

    }

}
 
}