Restore selinux labels for secondary dex oat directory (cb556e34) · Commits · e / os / android_frameworks_native

cmds/installd/InstalldNativeService.cpp

+4 −3

Original line number	Diff line number	Diff line
		@@ -1729,7 +1729,8 @@ binder::Status InstalldNativeService::dexopt(const std::string& apkPath, int32_t
		const std::unique_ptr<std::string>& packageName, const std::string& instructionSet,
		int32_t dexoptNeeded, const std::unique_ptr<std::string>& outputPath, int32_t dexFlags,
		const std::string& compilerFilter, const std::unique_ptr<std::string>& uuid,
		const std::unique_ptr<std::string>& sharedLibraries) {
		const std::unique_ptr<std::string>& sharedLibraries,
		const std::unique_ptr<std::string>& seInfo) {
		ENFORCE_UID(AID_SYSTEM);
		CHECK_ARGUMENT_UUID(uuid);
		if (packageName && packageName != "") {
		@@ -1744,9 +1745,9 @@ binder::Status InstalldNativeService::dexopt(const std::string& apkPath, int32_t
		const char* compiler_filter = compilerFilter.c_str();
		const char* volume_uuid = uuid ? uuid->c_str() : nullptr;
		const char* shared_libraries = sharedLibraries ? sharedLibraries->c_str() : nullptr;

		const char* se_info = seInfo ? seInfo->c_str() : nullptr;
		int res = android::installd::dexopt(apk_path, uid, pkgname, instruction_set, dexoptNeeded,
		oat_dir, dexFlags, compiler_filter, volume_uuid, shared_libraries);
		oat_dir, dexFlags, compiler_filter, volume_uuid, shared_libraries, se_info);
		return res ? error(res, "Failed to dexopt") : ok();
		}

cmds/installd/InstalldNativeService.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -82,7 +82,8 @@ public:
		const std::unique_ptr<std::string>& packageName, const std::string& instructionSet,
		int32_t dexoptNeeded, const std::unique_ptr<std::string>& outputPath, int32_t dexFlags,
		const std::string& compilerFilter, const std::unique_ptr<std::string>& uuid,
		const std::unique_ptr<std::string>& sharedLibraries);
		const std::unique_ptr<std::string>& sharedLibraries,
		const std::unique_ptr<std::string>& seInfo);

		binder::Status rmdex(const std::string& codePath, const std::string& instructionSet);

cmds/installd/binder/android/os/IInstalld.aidl

+2 −1

Original line number	Diff line number	Diff line
		@@ -50,7 +50,8 @@ interface IInstalld {
		@utf8InCpp String instructionSet, int dexoptNeeded,
		@nullable @utf8InCpp String outputPath, int dexFlags,
		@utf8InCpp String compilerFilter, @nullable @utf8InCpp String uuid,
		@nullable @utf8InCpp String sharedLibraries);
		@nullable @utf8InCpp String sharedLibraries,
		@nullable @utf8InCpp String seInfo);

		void rmdex(@utf8InCpp String codePath, @utf8InCpp String instructionSet);

cmds/installd/dexopt.cpp

+18 −3

Original line number	Diff line number	Diff line
		@@ -36,6 +36,7 @@
		#include <cutils/sched_policy.h>
		#include <log/log.h> // TODO: Move everything to base/logging.
		#include <private/android_filesystem_config.h>
		#include <selinux/android.h>
		#include <system/thread_defs.h>

		#include "dexopt.h"
		@@ -1459,7 +1460,7 @@ static bool process_secondary_dex_dexopt(const char* original_dex_path, const ch

		int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set,
		int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
		const char* volume_uuid, const char* shared_libraries) {
		const char* volume_uuid, const char* shared_libraries, const char* se_info) {
		CHECK(pkgname != nullptr);
		CHECK(pkgname[0] != 0);
		if ((dexopt_flags & ~DEXOPT_MASK) != 0) {
		@@ -1518,6 +1519,19 @@ int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* ins
		return -1;
		}

		// Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct
		// selinux context (we generate them on the fly during the dexopt invocation and they don't
		// fully inherit their parent context).
		// Note that for primary apk the oat files are created before, in a separate installd
		// call which also does the restorecon. TODO(calin): unify the paths.
		if (is_secondary_dex) {
		if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid,
		SELINUX_ANDROID_RESTORECON_RECURSE)) {
		LOG(ERROR) << "Failed to restorecon " << oat_dir;
		return -1;
		}
		}

		// Create a swap file if necessary.
		unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path);

		@@ -1859,8 +1873,9 @@ int dexopt(const char* const params[DEXOPT_PARAM_COUNT]) {
		atoi(params[6]), // dexopt_flags
		params[7], // compiler_filter
		parse_null(params[8]), // volume_uuid
		parse_null(params[9])); // shared_libraries
		static_assert(DEXOPT_PARAM_COUNT == 10U, "Unexpected dexopt param count");
		parse_null(params[9]), // shared_libraries
		parse_null(params[10])); // se_info
		static_assert(DEXOPT_PARAM_COUNT == 11U, "Unexpected dexopt param count");
		}

		} // namespace installd

cmds/installd/dexopt.h

+3 −3

Original line number	Diff line number	Diff line
		@@ -60,10 +60,10 @@ bool reconcile_secondary_dex_file(const std::string& dex_path,

		int dexopt(const char apk_path, uid_t uid, const char pkgName, const char *instruction_set,
		int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
		const char* volume_uuid, const char* shared_libraries);
		const char* volume_uuid, const char* shared_libraries, const char* se_info);

		static constexpr size_t DEXOPT_PARAM_COUNT = 10U;
		static_assert(DEXOPT_PARAM_COUNT == 10U, "Unexpected dexopt param size");
		static constexpr size_t DEXOPT_PARAM_COUNT = 11U;
		static_assert(DEXOPT_PARAM_COUNT == 11U, "Unexpected dexopt param size");

		// Helper for the above, converting arguments.
		int dexopt(const char* const params[DEXOPT_PARAM_COUNT]);