installd: Create "lib" symlink with the correct label.
When installing an application which has a 32 bit ABI, system_server (via installd) creates a compatibility "lib" symlink in the application home directory. See: https://android.googlesource.com/platform/frameworks/base/+/d5d7492040c1730899cccef9916541176004635c/services/core/java/com/android/server/pm/PackageManagerService.java#22876 and https://android.googlesource.com/platform/frameworks/native/+/6b8e52c805f124f8b1d7e511ae68d01d0769c32b/cmds/installd/InstalldNativeService.cpp#2077 When a process creates a filesystem object within a directory, in inherits the directory type, but DOES NOT inherit the directory MLS categories. See * https://www.spinics.net/lists/selinux/msg21893.html * https://www.spinics.net/lists/selinux/msg21897.html for more details on this behavior. Without subsequent fixup, an installd created symlink in an application home directory will have incorrect SELinux MLS categories, and as a result, may be unreadable to the application. Modify installd to assign the "lib" label the same MLS categories as the enclosing parent directory. Steps to reproduce: 1) adb shell 2) su 3) ls -laZ /data/data/*/lib Expected: crosshatch:/ # ls -laZ /data/data/*/lib lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c177,c256,c512,c768 46 2019-01-30 12:46 /data/data/com.android.chrome/lib -> /system/product_services/app/Chrome/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 38 2019-01-30 12:46 /data/data/com.android.omadm.service/lib -> /system/priv-app/DMService/lib/arm lrwxrwxrwx 1 root root u:object_r:privapp_data_file:s0:c512,c768 54 2019-01-30 12:46 /data/data/com.android.vending/lib -> /system/product_services/priv-app/Phonesky/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c141,c256,c512,c768 30 2019-01-30 12:46 /data/data/com.google.android.apps.tycho/lib -> /product/app/Tycho/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 46 2019-01-30 12:46 /data/data/com.google.android.videos/lib -> /system/product_services/app/Videos/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c180,c256,c512,c768 58 2019-01-30 12:46 /data/data/com.google.android.webview/lib -> /system/product_services/app/TrichromeWebView/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 34 2019-01-30 12:46 /data/data/com.qti.ltebc/lib -> /system/app/QAS_DVC_MSP/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 38 2019-01-30 12:46 /data/data/com.qualcomm.ltebc_vzw/lib -> /system/app/QAS_DVC_MSP_VZW/lib/arm Actual: crosshatch:/ # ls -laZ /data/data/*/lib lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 46 2019-01-30 12:36 /data/data/com.android.chrome/lib -> /system/product_services/app/Chrome/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 38 2019-01-30 12:36 /data/data/com.android.omadm.service/lib -> /system/priv-app/DMService/lib/arm lrwxrwxrwx 1 root root u:object_r:privapp_data_file:s0 54 2019-01-30 12:36 /data/data/com.android.vending/lib -> /system/product_services/priv-app/Phonesky/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 30 2019-01-30 12:36 /data/data/com.google.android.apps.tycho/lib -> /product/app/Tycho/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 46 2019-01-30 12:36 /data/data/com.google.android.videos/lib -> /system/product_services/app/Videos/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 58 2019-01-30 12:36 /data/data/com.google.android.webview/lib -> /system/product_services/app/TrichromeWebView/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 34 2019-01-30 12:36 /data/data/com.qti.ltebc/lib -> /system/app/QAS_DVC_MSP/lib/arm lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 38 2019-01-30 12:36 /data/data/com.qualcomm.ltebc_vzw/lib -> /system/app/QAS_DVC_MSP_VZW/lib/arm Bug: 123350324 Test: manual Change-Id: Id09846556cb0ba7e39fbc57f9039f072d6a752a1
Loading
Please register or sign in to comment