Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ebbfda91 authored by Geremy Condra's avatar Geremy Condra Committed by Android (Google) Code Review
Browse files

Merge "Revert "Add logic to handle changes to file_contexts during update.""

parents 7ced4956 994add94

services/java/com/android/server/updates/ConfigUpdateInstallReceiver.java

+4 −4
Original line number Diff line number Diff line
@@ -56,9 +56,9 @@ public class ConfigUpdateInstallReceiver extends BroadcastReceiver { 


    private static final String UPDATE_CERTIFICATE_KEY = "config_update_certificate";



    protected final File updateDir;

    protected final File updateContent;

    protected final File updateVersion;

    private final File updateDir;

    private final File updateContent;

    private final File updateVersion;



    public ConfigUpdateInstallReceiver(String updateDir, String updateContentPath,

                                       String updateMetadataPath, String updateVersionPath) {
@@ -222,7 +222,7 @@ public class ConfigUpdateInstallReceiver extends BroadcastReceiver { 
        return signer.verify(Base64.decode(signature.getBytes(), Base64.DEFAULT));

    }



    protected void writeUpdate(File dir, File file, byte[] content) throws IOException {

    private void writeUpdate(File dir, File file, byte[] content) throws IOException {

        FileOutputStream out = null;

        File tmp = null;

        try {

services/java/com/android/server/updates/SELinuxPolicyInstallReceiver.java

+7 −76
Original line number Diff line number Diff line
@@ -18,97 +18,28 @@ package com.android.server.updates; 


import android.content.Context;

import android.content.Intent;

import android.os.FileUtils;

import android.os.SELinux;

import android.os.SystemProperties;

import android.provider.Settings;

import android.util.Base64;

import android.util.Slog;



import java.io.File;

import java.io.IOException;



import libcore.io.IoUtils;



public class SELinuxPolicyInstallReceiver extends ConfigUpdateInstallReceiver {



    private static final String TAG = "SELinuxPolicyInstallReceiver";



    private static final String sepolicyPath = "sepolicy";

    private static final String fileContextsPath = "file_contexts";

    private static final String propertyContextsPath = "property_contexts";

    private static final String seappContextsPath = "seapp_contexts";



    public SELinuxPolicyInstallReceiver() {

        super("/data/security/", "sepolicy_bundle", "metadata/", "version");

    }



    private void installFile(File destination, String content) throws IOException {

        backupFile(destination);

        writeUpdate(updateDir, destination, Base64.decode(content, Base64.DEFAULT));

    }



    private void rollBackFile(File replace) throws IOException {

        File backup = new File(replace.getCanonicalPath() + "_backup");

        FileUtils.copyFile(backup, replace);

    }



    private void backupFile(File state) throws IOException {

        File backup = new File(state.getCanonicalPath() + "_backup");

        FileUtils.copyFile(state, backup);

    }



    private void unpackBundle() throws IOException {

        // read the bundle

        String bundle = IoUtils.readFileAsString(updateContent.getCanonicalPath());

        // split it into newline-separated base64'd chunks

        String[] chunks = bundle.split("\n\n");

        // chunks are:

        //      1. sepolicy

        //      2. file_contexts

        //      3. property_contexts

        //      4. seapp_contexts

        if (chunks.length != 4) {

            throw new IOException("Invalid number of chunks");

        }

        // install each of these

        installFile(new File(updateDir, sepolicyPath), chunks[0]);

        installFile(new File(updateDir, fileContextsPath), chunks[1]);

        installFile(new File(updateDir, propertyContextsPath), chunks[2]);

        installFile(new File(updateDir, seappContextsPath), chunks[3]);

        super("/data/security/", "sepolicy", "metadata/", "version");

    }



    private void rollBackUpdate() {

        try {

            rollBackFile(new File(updateDir, sepolicyPath));

            rollBackFile(new File(updateDir, fileContextsPath));

            rollBackFile(new File(updateDir, propertyContextsPath));

            rollBackFile(new File(updateDir, seappContextsPath));

        } catch (IOException e) {

            Slog.e(TAG, "Could not roll back selinux policy update: ", e);

        }

    }



    private void applyUpdate() {

        Slog.i(TAG, "Reloading SELinux policy");

        SystemProperties.set("selinux.reload_policy", "1");

    @Override

    protected void install(byte[] encodedContent, int version) throws IOException {

        super.install(Base64.decode(encodedContent, Base64.DEFAULT), version);

    }



    private void setEnforcingMode(Context context) {

    @Override

    protected void postInstall(Context context, Intent intent) {

           boolean mode = Settings.Global.getInt(context.getContentResolver(),

                                                Settings.Global.SELINUX_STATUS, 0) == 1;

           SELinux.setSELinuxEnforce(mode);

    }



    @Override

    protected void postInstall(Context context, Intent intent) {

        try {

            unpackBundle();

            applyUpdate();

            setEnforcingMode(context);

        } catch (IOException e) {

            Slog.e(TAG, "Could not update selinux policy: ", e);

            rollBackUpdate();

        }

    }

}