Proper security labeling of multi-user data directories. (81a56239) · Commits · e / os / android_frameworks_base

cmds/installd/commands.c

+8 −8

Original line number	Diff line number	Diff line
		@@ -190,7 +190,7 @@ int delete_user_data(const char *pkgname, uid_t persona)
		return delete_dir_contents(pkgdir, 0, "lib");
		}

		int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
		int make_user_data(const char pkgname, uid_t uid, uid_t persona, const char seinfo)
		{
		char pkgdir[PKG_PATH_MAX];
		char applibdir[PKG_PATH_MAX];
		@@ -251,21 +251,21 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
		return -1;
		}

		if (chown(pkgdir, uid, uid) < 0) {
		ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
		#ifdef HAVE_SELINUX
		if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) {
		ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
		unlink(libsymlink);
		unlink(pkgdir);
		return -errno;
		}
		#endif

		#ifdef HAVE_SELINUX
		if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
		ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
		if (chown(pkgdir, uid, uid) < 0) {
		ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
		unlink(libsymlink);
		unlink(pkgdir);
		return -errno;
		}
		#endif

		return 0;
		}
		@@ -325,7 +325,7 @@ int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy)
		uid = (uid_t) s.st_uid % PER_USER_RANGE;
		/* Create the directory for the target */
		make_user_data(name, uid + target_persona * PER_USER_RANGE,
		target_persona);
		target_persona, NULL);
		}
		}
		closedir(d);

+3 −2

Original line number	Diff line number	Diff line
		@@ -103,7 +103,8 @@ static int do_rm_user_data(char **arg, char reply[REPLY_MAX])

		static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
		{
		return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */
		return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]);
		/* pkgname, uid, userid, seinfo */
		}

		static int do_rm_user(char **arg, char reply[REPLY_MAX])
		@@ -147,7 +148,7 @@ struct cmdinfo cmds[] = {
		{ "rmuserdata", 2, do_rm_user_data },
		{ "movefiles", 0, do_movefiles },
		{ "linklib", 3, do_linklib },
		{ "mkuserdata", 3, do_mk_user_data },
		{ "mkuserdata", 4, do_mk_user_data },
		{ "rmuser", 1, do_rm_user },
		{ "cloneuserdata", 3, do_clone_user_data },
		};

+1 −1

Original line number	Diff line number	Diff line
		@@ -201,7 +201,7 @@ int uninstall(const char *pkgname, uid_t persona);
		int renamepkg(const char oldpkgname, const char newpkgname);
		int fix_uid(const char *pkgname, uid_t uid, gid_t gid);
		int delete_user_data(const char *pkgname, uid_t persona);
		int make_user_data(const char *pkgname, uid_t uid, uid_t persona);
		int make_user_data(const char pkgname, uid_t uid, uid_t persona, const char seinfo);
		int delete_persona(uid_t persona);
		int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy);
		int delete_cache(const char *pkgname, uid_t persona);

+3 −1

Original line number	Diff line number	Diff line
		@@ -265,7 +265,7 @@ public final class Installer {
		return execute(builder.toString());
		}

		public int createUserData(String name, int uid, int userId) {
		public int createUserData(String name, int uid, int userId, String seinfo) {
		StringBuilder builder = new StringBuilder("mkuserdata");
		builder.append(' ');
		builder.append(name);
		@@ -273,6 +273,8 @@ public final class Installer {
		builder.append(uid);
		builder.append(' ');
		builder.append(userId);
		builder.append(' ');
		builder.append(seinfo != null ? seinfo : "!");
		return execute(builder.toString());
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -3619,7 +3619,7 @@ public class PackageManagerService extends IPackageManager.Stub {
		for (int user : users) {
		if (user != 0) {
		res = mInstaller.createUserData(packageName,
		UserHandle.getUid(user, uid), user);
		UserHandle.getUid(user, uid), user, seinfo);
		if (res < 0) {
		return res;
		}