Loading core/java/android/content/pm/ApplicationInfo.java +6 −4 Original line number Diff line number Diff line Loading @@ -763,13 +763,15 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { public String[] resourceDirs; /** * String retrieved from the seinfo tag found in selinux policy. This value can be set through * the mac_permissions.xml policy construct. This value is used for setting an SELinux security * context on the process as well as its data directory. * String retrieved from the seinfo tag found in selinux policy. This value * can be overridden with a value set through the mac_permissions.xml policy * construct. This value is useful in setting an SELinux security context on * the process as well as its data directory. The String default is being used * here to represent a catchall label when no policy matches. * * {@hide} */ public String seInfo; public String seInfo = "default"; /** * The seinfo tag generated per-user. This value may change based upon the Loading services/core/java/com/android/server/pm/PackageManagerService.java +9 −16 Original line number Diff line number Diff line Loading @@ -2980,9 +2980,6 @@ public class PackageManagerService extends IPackageManager.Stub } } } // Adjust seInfo to ensure apps which share a sharedUserId are placed in the same // SELinux domain. setting.fixSeInfoLocked(); } // Now that we know all the packages we are keeping, Loading Loading @@ -10372,24 +10369,20 @@ public class PackageManagerService extends IPackageManager.Stub pkg.applicationInfo.flags |= ApplicationInfo.FLAG_UPDATED_SYSTEM_APP; } // Apps which share a sharedUserId must be placed in the same selinux domain. If this // package is the first app installed as this shared user, set seInfoTargetSdkVersion to its // targetSdkVersion. These are later adjusted in PackageManagerService's constructor to be // the lowest targetSdkVersion of all apps within the shared user, which corresponds to the // least restrictive selinux domain. // NOTE: As new packages are installed / updated, the shared user's seinfoTargetSdkVersion // will NOT be modified until next boot, even if a lower targetSdkVersion is used. This // ensures that all packages continue to run in the same selinux domain. final int targetSdkVersion = ((sharedUserSetting != null) && (sharedUserSetting.packages.size() != 0)) ? sharedUserSetting.seInfoTargetSdkVersion : pkg.applicationInfo.targetSdkVersion; // SELinux sandboxes become more restrictive as targetSdkVersion increases. // To ensure that apps with sharedUserId are placed in the same selinux domain // without breaking any assumptions about access, put them into the least // restrictive targetSdkVersion=25 domain. // TODO(b/72290969): Base this on the actual targetSdkVersion(s) of the apps within the // sharedUserSetting, instead of defaulting to the least restrictive domain. final int targetSdk = (sharedUserSetting != null) ? 25 : pkg.applicationInfo.targetSdkVersion; // TODO(b/71593002): isPrivileged for sharedUser and appInfo should never be out of sync. // They currently can be if the sharedUser apps are signed with the platform key. final boolean isPrivileged = (sharedUserSetting != null) ? sharedUserSetting.isPrivileged() | pkg.isPrivileged() : pkg.isPrivileged(); pkg.applicationInfo.seInfo = SELinuxMMAC.getSeInfo(pkg, isPrivileged, pkg.applicationInfo.targetSandboxVersion, targetSdkVersion); SELinuxMMAC.assignSeInfoValue(pkg, isPrivileged, targetSdk); pkg.mExtras = pkgSetting; pkg.applicationInfo.processName = fixProcessName( services/core/java/com/android/server/pm/SELinuxMMAC.java +19 −32 Original line number Diff line number Diff line Loading @@ -64,8 +64,6 @@ public final class SELinuxMMAC { /** Required MAC permissions files */ private static List<File> sMacPermissions = new ArrayList<>(); private static final String DEFAULT_SEINFO = "default"; // Append privapp to existing seinfo label private static final String PRIVILEGED_APP_STR = ":privapp"; Loading Loading @@ -309,56 +307,45 @@ public final class SELinuxMMAC { } /** * Selects a security label to a package based on input parameters and the seinfo tag taken * from a matched policy. All signature based policy stanzas are consulted and, if no match * is found, the default seinfo label of 'default' is used. The security label is attached to * the ApplicationInfo instance of the package. * Applies a security label to a package based on an seinfo tag taken from a matched * policy. All signature based policy stanzas are consulted and, if no match is * found, the default seinfo label of 'default' (set in ApplicationInfo object) is * used. The security label is attached to the ApplicationInfo instance of the package * in the event that a matching policy was found. * * @param pkg object representing the package to be labeled. * @param isPrivileged boolean. * @param targetSandboxVersion int. * @param targetSdkVersion int. If this pkg runs as a sharedUser, targetSdkVersion is the * greater of: lowest targetSdk for all pkgs in the sharedUser, or * MINIMUM_TARGETSDKVERSION. * @return String representing the resulting seinfo. */ public static String getSeInfo(PackageParser.Package pkg, boolean isPrivileged, int targetSandboxVersion, int targetSdkVersion) { String seInfo = null; public static void assignSeInfoValue(PackageParser.Package pkg, boolean isPrivileged, int targetSdkVersion) { synchronized (sPolicies) { if (!sPolicyRead) { if (DEBUG_POLICY) { Slog.d(TAG, "Policy not read"); } } else { return; } for (Policy policy : sPolicies) { seInfo = policy.getMatchedSeInfo(pkg); String seInfo = policy.getMatchedSeInfo(pkg); if (seInfo != null) { pkg.applicationInfo.seInfo = seInfo; break; } } } } if (seInfo == null) { seInfo = DEFAULT_SEINFO; } if (targetSandboxVersion == 2) { seInfo += SANDBOX_V2_STR; } if (pkg.applicationInfo.targetSandboxVersion == 2) pkg.applicationInfo.seInfo += SANDBOX_V2_STR; if (isPrivileged) { seInfo += PRIVILEGED_APP_STR; pkg.applicationInfo.seInfo += PRIVILEGED_APP_STR; } seInfo += TARGETSDKVERSION_STR + targetSdkVersion; pkg.applicationInfo.seInfo += TARGETSDKVERSION_STR + targetSdkVersion; if (DEBUG_POLICY_INSTALL) { Slog.i(TAG, "package (" + pkg.packageName + ") labeled with " + "seinfo=" + seInfo); "seinfo=" + pkg.applicationInfo.seInfo); } return seInfo; } } Loading services/core/java/com/android/server/pm/SharedUserSetting.java +0 −31 Original line number Diff line number Diff line Loading @@ -39,10 +39,6 @@ public final class SharedUserSetting extends SettingBase { int uidFlags; int uidPrivateFlags; // The lowest targetSdkVersion of all apps in the sharedUserSetting, used to assign seinfo so // that all apps within the sharedUser run in the same selinux context. int seInfoTargetSdkVersion; final ArraySet<PackageSetting> packages = new ArraySet<PackageSetting>(); final PackageSignatures signatures = new PackageSignatures(); Loading Loading @@ -88,11 +84,6 @@ public final class SharedUserSetting extends SettingBase { } void addPackage(PackageSetting packageSetting) { // If this is the first package added to this shared user, temporarily (until next boot) use // its targetSdkVersion when assigning seInfo for the shared user. if ((packages.size() == 0) && (packageSetting.pkg != null)) { seInfoTargetSdkVersion = packageSetting.pkg.applicationInfo.targetSdkVersion; } if (packages.add(packageSetting)) { setFlags(this.pkgFlags | packageSetting.pkgFlags); setPrivateFlags(this.pkgPrivateFlags | packageSetting.pkgPrivateFlags); Loading @@ -116,26 +107,4 @@ public final class SharedUserSetting extends SettingBase { public boolean isPrivileged() { return (this.pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0; } /** * Determine the targetSdkVersion for a sharedUser and update pkg.applicationInfo.seInfo * to ensure that all apps within the sharedUser share an SELinux domain. Use the lowest * targetSdkVersion of all apps within the shared user, which corresponds to the least * restrictive selinux domain. */ public void fixSeInfoLocked() { final List<PackageParser.Package> pkgList = getPackages(); for (PackageParser.Package pkg : pkgList) { if (pkg.applicationInfo.targetSdkVersion < seInfoTargetSdkVersion) { seInfoTargetSdkVersion = pkg.applicationInfo.targetSdkVersion; } } for (PackageParser.Package pkg : pkgList) { final boolean isPrivileged = isPrivileged() | pkg.isPrivileged(); pkg.applicationInfo.seInfo = SELinuxMMAC.getSeInfo(pkg, isPrivileged, pkg.applicationInfo.targetSandboxVersion, seInfoTargetSdkVersion); } } } Loading
core/java/android/content/pm/ApplicationInfo.java +6 −4 Original line number Diff line number Diff line Loading @@ -763,13 +763,15 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { public String[] resourceDirs; /** * String retrieved from the seinfo tag found in selinux policy. This value can be set through * the mac_permissions.xml policy construct. This value is used for setting an SELinux security * context on the process as well as its data directory. * String retrieved from the seinfo tag found in selinux policy. This value * can be overridden with a value set through the mac_permissions.xml policy * construct. This value is useful in setting an SELinux security context on * the process as well as its data directory. The String default is being used * here to represent a catchall label when no policy matches. * * {@hide} */ public String seInfo; public String seInfo = "default"; /** * The seinfo tag generated per-user. This value may change based upon the Loading
services/core/java/com/android/server/pm/PackageManagerService.java +9 −16 Original line number Diff line number Diff line Loading @@ -2980,9 +2980,6 @@ public class PackageManagerService extends IPackageManager.Stub } } } // Adjust seInfo to ensure apps which share a sharedUserId are placed in the same // SELinux domain. setting.fixSeInfoLocked(); } // Now that we know all the packages we are keeping, Loading Loading @@ -10372,24 +10369,20 @@ public class PackageManagerService extends IPackageManager.Stub pkg.applicationInfo.flags |= ApplicationInfo.FLAG_UPDATED_SYSTEM_APP; } // Apps which share a sharedUserId must be placed in the same selinux domain. If this // package is the first app installed as this shared user, set seInfoTargetSdkVersion to its // targetSdkVersion. These are later adjusted in PackageManagerService's constructor to be // the lowest targetSdkVersion of all apps within the shared user, which corresponds to the // least restrictive selinux domain. // NOTE: As new packages are installed / updated, the shared user's seinfoTargetSdkVersion // will NOT be modified until next boot, even if a lower targetSdkVersion is used. This // ensures that all packages continue to run in the same selinux domain. final int targetSdkVersion = ((sharedUserSetting != null) && (sharedUserSetting.packages.size() != 0)) ? sharedUserSetting.seInfoTargetSdkVersion : pkg.applicationInfo.targetSdkVersion; // SELinux sandboxes become more restrictive as targetSdkVersion increases. // To ensure that apps with sharedUserId are placed in the same selinux domain // without breaking any assumptions about access, put them into the least // restrictive targetSdkVersion=25 domain. // TODO(b/72290969): Base this on the actual targetSdkVersion(s) of the apps within the // sharedUserSetting, instead of defaulting to the least restrictive domain. final int targetSdk = (sharedUserSetting != null) ? 25 : pkg.applicationInfo.targetSdkVersion; // TODO(b/71593002): isPrivileged for sharedUser and appInfo should never be out of sync. // They currently can be if the sharedUser apps are signed with the platform key. final boolean isPrivileged = (sharedUserSetting != null) ? sharedUserSetting.isPrivileged() | pkg.isPrivileged() : pkg.isPrivileged(); pkg.applicationInfo.seInfo = SELinuxMMAC.getSeInfo(pkg, isPrivileged, pkg.applicationInfo.targetSandboxVersion, targetSdkVersion); SELinuxMMAC.assignSeInfoValue(pkg, isPrivileged, targetSdk); pkg.mExtras = pkgSetting; pkg.applicationInfo.processName = fixProcessName(
services/core/java/com/android/server/pm/SELinuxMMAC.java +19 −32 Original line number Diff line number Diff line Loading @@ -64,8 +64,6 @@ public final class SELinuxMMAC { /** Required MAC permissions files */ private static List<File> sMacPermissions = new ArrayList<>(); private static final String DEFAULT_SEINFO = "default"; // Append privapp to existing seinfo label private static final String PRIVILEGED_APP_STR = ":privapp"; Loading Loading @@ -309,56 +307,45 @@ public final class SELinuxMMAC { } /** * Selects a security label to a package based on input parameters and the seinfo tag taken * from a matched policy. All signature based policy stanzas are consulted and, if no match * is found, the default seinfo label of 'default' is used. The security label is attached to * the ApplicationInfo instance of the package. * Applies a security label to a package based on an seinfo tag taken from a matched * policy. All signature based policy stanzas are consulted and, if no match is * found, the default seinfo label of 'default' (set in ApplicationInfo object) is * used. The security label is attached to the ApplicationInfo instance of the package * in the event that a matching policy was found. * * @param pkg object representing the package to be labeled. * @param isPrivileged boolean. * @param targetSandboxVersion int. * @param targetSdkVersion int. If this pkg runs as a sharedUser, targetSdkVersion is the * greater of: lowest targetSdk for all pkgs in the sharedUser, or * MINIMUM_TARGETSDKVERSION. * @return String representing the resulting seinfo. */ public static String getSeInfo(PackageParser.Package pkg, boolean isPrivileged, int targetSandboxVersion, int targetSdkVersion) { String seInfo = null; public static void assignSeInfoValue(PackageParser.Package pkg, boolean isPrivileged, int targetSdkVersion) { synchronized (sPolicies) { if (!sPolicyRead) { if (DEBUG_POLICY) { Slog.d(TAG, "Policy not read"); } } else { return; } for (Policy policy : sPolicies) { seInfo = policy.getMatchedSeInfo(pkg); String seInfo = policy.getMatchedSeInfo(pkg); if (seInfo != null) { pkg.applicationInfo.seInfo = seInfo; break; } } } } if (seInfo == null) { seInfo = DEFAULT_SEINFO; } if (targetSandboxVersion == 2) { seInfo += SANDBOX_V2_STR; } if (pkg.applicationInfo.targetSandboxVersion == 2) pkg.applicationInfo.seInfo += SANDBOX_V2_STR; if (isPrivileged) { seInfo += PRIVILEGED_APP_STR; pkg.applicationInfo.seInfo += PRIVILEGED_APP_STR; } seInfo += TARGETSDKVERSION_STR + targetSdkVersion; pkg.applicationInfo.seInfo += TARGETSDKVERSION_STR + targetSdkVersion; if (DEBUG_POLICY_INSTALL) { Slog.i(TAG, "package (" + pkg.packageName + ") labeled with " + "seinfo=" + seInfo); "seinfo=" + pkg.applicationInfo.seInfo); } return seInfo; } } Loading
services/core/java/com/android/server/pm/SharedUserSetting.java +0 −31 Original line number Diff line number Diff line Loading @@ -39,10 +39,6 @@ public final class SharedUserSetting extends SettingBase { int uidFlags; int uidPrivateFlags; // The lowest targetSdkVersion of all apps in the sharedUserSetting, used to assign seinfo so // that all apps within the sharedUser run in the same selinux context. int seInfoTargetSdkVersion; final ArraySet<PackageSetting> packages = new ArraySet<PackageSetting>(); final PackageSignatures signatures = new PackageSignatures(); Loading Loading @@ -88,11 +84,6 @@ public final class SharedUserSetting extends SettingBase { } void addPackage(PackageSetting packageSetting) { // If this is the first package added to this shared user, temporarily (until next boot) use // its targetSdkVersion when assigning seInfo for the shared user. if ((packages.size() == 0) && (packageSetting.pkg != null)) { seInfoTargetSdkVersion = packageSetting.pkg.applicationInfo.targetSdkVersion; } if (packages.add(packageSetting)) { setFlags(this.pkgFlags | packageSetting.pkgFlags); setPrivateFlags(this.pkgPrivateFlags | packageSetting.pkgPrivateFlags); Loading @@ -116,26 +107,4 @@ public final class SharedUserSetting extends SettingBase { public boolean isPrivileged() { return (this.pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0; } /** * Determine the targetSdkVersion for a sharedUser and update pkg.applicationInfo.seInfo * to ensure that all apps within the sharedUser share an SELinux domain. Use the lowest * targetSdkVersion of all apps within the shared user, which corresponds to the least * restrictive selinux domain. */ public void fixSeInfoLocked() { final List<PackageParser.Package> pkgList = getPackages(); for (PackageParser.Package pkg : pkgList) { if (pkg.applicationInfo.targetSdkVersion < seInfoTargetSdkVersion) { seInfoTargetSdkVersion = pkg.applicationInfo.targetSdkVersion; } } for (PackageParser.Package pkg : pkgList) { final boolean isPrivileged = isPrivileged() | pkg.isPrivileged(); pkg.applicationInfo.seInfo = SELinuxMMAC.getSeInfo(pkg, isPrivileged, pkg.applicationInfo.targetSandboxVersion, seInfoTargetSdkVersion); } } }
