Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 81a56239 authored by rpcraig's avatar rpcraig Committed by Ricardo Cerqueira
Browse files

Proper security labeling of multi-user data directories.



This patch covers 2 cases. When an app is installed
and the resulting data directory is created for all
existing users. And when a new user is created and
all existing app data directories are created for
the new user.

Signed-off-by: default avatarrpcraig <rpcraig@tycho.ncsc.mil>

Change-Id: I01f2a9084dfe7886087b1497070b0d7f2ad8478e
parent 2a091b42
Loading
Loading
Loading
Loading
+8 −8
Original line number Diff line number Diff line
@@ -190,7 +190,7 @@ int delete_user_data(const char *pkgname, uid_t persona)
    return delete_dir_contents(pkgdir, 0, "lib");
}

int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo)
{
    char pkgdir[PKG_PATH_MAX];
    char applibdir[PKG_PATH_MAX];
@@ -251,21 +251,21 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
        return -1;
    }

    if (chown(pkgdir, uid, uid) < 0) {
        ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
#ifdef HAVE_SELINUX
    if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) {
        ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
        unlink(libsymlink);
        unlink(pkgdir);
        return -errno;
    }
#endif

#ifdef HAVE_SELINUX
    if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
        ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
    if (chown(pkgdir, uid, uid) < 0) {
        ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
        unlink(libsymlink);
        unlink(pkgdir);
        return -errno;
    }
#endif

    return 0;
}
@@ -325,7 +325,7 @@ int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy)
                uid = (uid_t) s.st_uid % PER_USER_RANGE;
                /* Create the directory for the target */
                make_user_data(name, uid + target_persona * PER_USER_RANGE,
                               target_persona);
                               target_persona, NULL);
            }
        }
        closedir(d);
+3 −2
Original line number Diff line number Diff line
@@ -103,7 +103,8 @@ static int do_rm_user_data(char **arg, char reply[REPLY_MAX])

static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
{
    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */
    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]);
                             /* pkgname, uid, userid, seinfo */
}

static int do_rm_user(char **arg, char reply[REPLY_MAX])
@@ -147,7 +148,7 @@ struct cmdinfo cmds[] = {
    { "rmuserdata",           2, do_rm_user_data },
    { "movefiles",            0, do_movefiles },
    { "linklib",              3, do_linklib },
    { "mkuserdata",           3, do_mk_user_data },
    { "mkuserdata",           4, do_mk_user_data },
    { "rmuser",               1, do_rm_user },
    { "cloneuserdata",        3, do_clone_user_data },
};
+1 −1
Original line number Diff line number Diff line
@@ -201,7 +201,7 @@ int uninstall(const char *pkgname, uid_t persona);
int renamepkg(const char *oldpkgname, const char *newpkgname);
int fix_uid(const char *pkgname, uid_t uid, gid_t gid);
int delete_user_data(const char *pkgname, uid_t persona);
int make_user_data(const char *pkgname, uid_t uid, uid_t persona);
int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo);
int delete_persona(uid_t persona);
int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy);
int delete_cache(const char *pkgname, uid_t persona);
+3 −1
Original line number Diff line number Diff line
@@ -265,7 +265,7 @@ public final class Installer {
        return execute(builder.toString());
    }

    public int createUserData(String name, int uid, int userId) {
    public int createUserData(String name, int uid, int userId, String seinfo) {
        StringBuilder builder = new StringBuilder("mkuserdata");
        builder.append(' ');
        builder.append(name);
@@ -273,6 +273,8 @@ public final class Installer {
        builder.append(uid);
        builder.append(' ');
        builder.append(userId);
        builder.append(' ');
        builder.append(seinfo != null ? seinfo : "!");
        return execute(builder.toString());
    }

+1 −1
Original line number Diff line number Diff line
@@ -3619,7 +3619,7 @@ public class PackageManagerService extends IPackageManager.Stub {
        for (int user : users) {
            if (user != 0) {
                res = mInstaller.createUserData(packageName,
                        UserHandle.getUid(user, uid), user);
                        UserHandle.getUid(user, uid), user, seinfo);
                if (res < 0) {
                    return res;
                }
Loading