Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d417ab0e authored by Robert Craig's avatar Robert Craig
Browse files

Add data validation on seinfo labels. 



Ensure that policy contains a clean seinfo
string. Where clean means no whitespace characters.

Change-Id: I814411cbc8d16eaed99a1389f5487529e36e617b
Signed-off-by: default avatarrpcraig <rpcraig@tycho.ncsc.mil>
parent 3864aa39

services/java/com/android/server/pm/SELinuxMMAC.java

+24 −2
Original line number Diff line number Diff line
@@ -206,10 +206,10 @@ public final class SELinuxMMAC { 
            String tagName = parser.getName();

            if ("seinfo".equals(tagName)) {

                String seinfoValue = parser.getAttributeValue(null, "value");

                if (seinfoValue != null) {

                if (validateValue(seinfoValue)) {

                    seinfo = seinfoValue;

                } else {

                    Slog.w(TAG, "<seinfo> without value at "

                    Slog.w(TAG, "<seinfo> without valid value at "

                           + parser.getPositionDescription());

                }

            }
@@ -218,6 +218,28 @@ public final class SELinuxMMAC { 
        return seinfo;

    }



    /**

     * General validation routine for tag values.

     * Returns a boolean indicating if the passed string

     * contains only letters or underscores.

     */

    private static boolean validateValue(String name) {

        if (name == null)

            return false;



        final int N = name.length();

        if (N == 0)

            return false;



        for (int i = 0; i < N; i++) {

            final char c = name.charAt(i);

            if ((c < 'a' || c > 'z') && (c < 'A' || c > 'Z') && (c != '_')) {

                return false;

            }

        }

        return true;

    }



    /**

     * Labels a package based on an seinfo tag from install policy.

     * The label is attached to the ApplicationInfo instance of the package.