Commit 83b54eca authored Jul 01, 2014 by Robert Craig Committed by Nick Kralevich Jul 01, 2014

Allow different SELinux policies for third party apps.



Prior support forced all third party apps
to be resolved against the default stanza
of the mac_permissions.xml file when assigning
seinfo labels. This meant that all third party
apps, in effect, were untrusted regardless of
cert and therefore received the same selinux domain.
This also had the unfortunate side effect of forcing
certain third party apps into the wrong domains
because of shared userid requests among apps.

This patch removes that restriction and instead
allows all apps, regardless of location, to be
matched against the full mac_permissions.xml
policy file. This then allows all apps signed
with known good certs to receive the same selinux
domains of other apps with whom they share trust.

Change-Id: Iba569c046135c0e81140faf6296c5da26a243037
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

parent db816cef

services/java/com/android/server/pm/SELinuxMMAC.java

+13 −23

Original line number	Diff line number	Diff line
		@@ -346,15 +346,6 @@ public final class SELinuxMMAC {
		*/
		public static boolean assignSeinfoValue(PackageParser.Package pkg) {

		/*
		* Non system installed apps should be treated the same. This
		* means that any post-loaded apk will be assigned the default
		* tag, if one exists in the policy, else null, without respect
		* to the signing key.
		*/
		if (((pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) \|\|
		((pkg.applicationInfo.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0)) {

		// We just want one of the signatures to match.
		for (Signature s : pkg.mSignatures) {
		if (s == null)
		@@ -373,7 +364,6 @@ public final class SELinuxMMAC {
		}
		}
		}
		}

		// If we have a default seinfo value then great, otherwise
		// we set a null object and that is what we started with.