Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8601ad81 authored by Eric Biggers's avatar Eric Biggers Committed by Automerger Merge Worker
Browse files

Merge changes from topic "deny-create-user-dirs" am: 350433ed 

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2077724



Change-Id: Idcba161a8ade26be5df817b7e77167ab45d1eb40
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents d5718c7c 350433ed

core/jni/com_android_internal_os_Zygote.cpp

+25 −16
Original line number Diff line number Diff line
@@ -1153,8 +1153,8 @@ static void relabelDir(const char* path, const char* context, fail_fn_t fail_fn) 
  }

}



// Relabel all directories under a path non-recursively.

static void relabelAllDirs(const char* path, const char* context, fail_fn_t fail_fn) {

// Relabel the subdirectories and symlinks in the given directory, non-recursively.

static void relabelSubdirs(const char* path, const char* context, fail_fn_t fail_fn) {

  DIR* dir = opendir(path);

  if (dir == nullptr) {

    fail_fn(CREATE_ERROR("Failed to opendir %s", path));
@@ -1231,11 +1231,19 @@ static void isolateAppData(JNIEnv* env, const std::vector<std::string>& merged_d 
  snprintf(internalDePath, PATH_MAX, "/data/user_de");

  snprintf(externalPrivateMountPath, PATH_MAX, "/mnt/expand");



  char* dataDataContext = nullptr;

  if (getfilecon(internalDePath, &dataDataContext) < 0) {

    fail_fn(CREATE_ERROR("Unable to getfilecon on %s %s", internalDePath,

  // Get the "u:object_r:system_userdir_file:s0" security context.  This can be

  // gotten from several different places; we use /data/user.

  char* dataUserdirContext = nullptr;

  if (getfilecon(internalCePath, &dataUserdirContext) < 0) {

    fail_fn(CREATE_ERROR("Unable to getfilecon on %s %s", internalCePath,

        strerror(errno)));

  }

  // Get the "u:object_r:system_data_file:s0" security context.  This can be

  // gotten from several different places; we use /data/misc.

  char* dataFileContext = nullptr;

  if (getfilecon("/data/misc", &dataFileContext) < 0) {

    fail_fn(CREATE_ERROR("Unable to getfilecon on /data/misc %s", strerror(errno)));

  }



  MountAppDataTmpFs(internalLegacyCePath, fail_fn);

  MountAppDataTmpFs(internalCePath, fail_fn);
@@ -1330,19 +1338,19 @@ static void isolateAppData(JNIEnv* env, const std::vector<std::string>& merged_d 
  // the file operations on tmpfs. If we set the label when we mount

  // tmpfs, SELinux will not happy as we are changing system_data_files.

  // Relabel dir under /data/user, including /data/user/0

  relabelAllDirs(internalCePath, dataDataContext, fail_fn);

  relabelSubdirs(internalCePath, dataFileContext, fail_fn);



  // Relabel /data/user

  relabelDir(internalCePath, dataDataContext, fail_fn);

  relabelDir(internalCePath, dataUserdirContext, fail_fn);



  // Relabel /data/data

  relabelDir(internalLegacyCePath, dataDataContext, fail_fn);

  relabelDir(internalLegacyCePath, dataFileContext, fail_fn);



  // Relabel dir under /data/user_de

  relabelAllDirs(internalDePath, dataDataContext, fail_fn);

  // Relabel subdirectories of /data/user_de

  relabelSubdirs(internalDePath, dataFileContext, fail_fn);



  // Relabel /data/user_de

  relabelDir(internalDePath, dataDataContext, fail_fn);

  relabelDir(internalDePath, dataUserdirContext, fail_fn);



  // Relabel CE and DE dirs under /mnt/expand

  dir = opendir(externalPrivateMountPath);
@@ -1355,14 +1363,15 @@ static void isolateAppData(JNIEnv* env, const std::vector<std::string>& merged_d 
    auto cePath = StringPrintf("%s/user", volPath.c_str());

    auto dePath = StringPrintf("%s/user_de", volPath.c_str());



    relabelAllDirs(cePath.c_str(), dataDataContext, fail_fn);

    relabelDir(cePath.c_str(), dataDataContext, fail_fn);

    relabelAllDirs(dePath.c_str(), dataDataContext, fail_fn);

    relabelDir(dePath.c_str(), dataDataContext, fail_fn);

    relabelSubdirs(cePath.c_str(), dataFileContext, fail_fn);

    relabelDir(cePath.c_str(), dataUserdirContext, fail_fn);

    relabelSubdirs(dePath.c_str(), dataFileContext, fail_fn);

    relabelDir(dePath.c_str(), dataUserdirContext, fail_fn);

  }

  closedir(dir);



  freecon(dataDataContext);

  freecon(dataUserdirContext);

  freecon(dataFileContext);

}



static void insertPackagesToMergedList(JNIEnv* env,

services/core/java/com/android/server/display/BrightnessTracker.java

+30 −2
Original line number Diff line number Diff line
@@ -530,12 +530,36 @@ public class BrightnessTracker { 
        }

    }



    // Return the path to the given file, either the new path

    // /data/system/$filename, or the old path /data/system_de/$filename if the

    // file exists there but not at the new path.  Only use this for EVENTS_FILE

    // and AMBIENT_BRIGHTNESS_STATS_FILE.

    //

    // Explanation: this service previously incorrectly stored these two files

    // directly in /data/system_de, instead of in /data/system where they should

    // have been.  As system_server no longer has write access to

    // /data/system_de itself, these files were moved to /data/system.  To

    // lazily migrate the files, we simply read from the old path if it exists

    // and the new one doesn't, and always write to the new path.  Note that

    // system_server doesn't have permission to delete the old files.

    private AtomicFile getFileWithLegacyFallback(String filename) {

        AtomicFile file = mInjector.getFile(filename);

        if (file != null && !file.exists()) {

            AtomicFile legacyFile = mInjector.getLegacyFile(filename);

            if (legacyFile != null && legacyFile.exists()) {

                Slog.i(TAG, "Reading " + filename + " from old location");

                return legacyFile;

            }

        }

        return file;

    }



    private void readEvents() {

        synchronized (mEventsLock) {

            // Read might prune events so mark as dirty.

            mEventsDirty = true;

            mEvents.clear();

            final AtomicFile readFrom = mInjector.getFile(EVENTS_FILE);

            final AtomicFile readFrom = getFileWithLegacyFallback(EVENTS_FILE);

            if (readFrom != null && readFrom.exists()) {

                FileInputStream input = null;

                try {
@@ -553,7 +577,7 @@ public class BrightnessTracker { 


    private void readAmbientBrightnessStats() {

        mAmbientBrightnessStatsTracker = new AmbientBrightnessStatsTracker(mUserManager, null);

        final AtomicFile readFrom = mInjector.getFile(AMBIENT_BRIGHTNESS_STATS_FILE);

        final AtomicFile readFrom = getFileWithLegacyFallback(AMBIENT_BRIGHTNESS_STATS_FILE);

        if (readFrom != null && readFrom.exists()) {

            FileInputStream input = null;

            try {
@@ -1123,6 +1147,10 @@ public class BrightnessTracker { 
        }



        public AtomicFile getFile(String filename) {

            return new AtomicFile(new File(Environment.getDataSystemDirectory(), filename));

        }



        public AtomicFile getLegacyFile(String filename) {

            return new AtomicFile(new File(Environment.getDataSystemDeDirectory(), filename));

        }

services/tests/servicestests/src/com/android/server/display/BrightnessTrackerTest.java

+6 −0
Original line number Diff line number Diff line
@@ -1090,6 +1090,12 @@ public class BrightnessTrackerTest { 
            return null;

        }



        @Override

        public AtomicFile getLegacyFile(String filename) {

            // Don't have the test write / read from anywhere.

            return null;

        }



        @Override

        public long currentTimeMillis() {

            return mCurrentTimeMillis;