Loading cmds/installd/commands.cpp +14 −7 Original line number Original line Diff line number Diff line Loading @@ -104,7 +104,7 @@ static std::string create_primary_profile(const std::string& profile_dir) { * if the label of that top-level file actually changed. This can save us * if the label of that top-level file actually changed. This can save us * significant time by avoiding no-op traversals of large filesystem trees. * significant time by avoiding no-op traversals of large filesystem trees. */ */ static int restorecon_app_data_lazy(const char* path, const char* seinfo, uid_t uid) { static int restorecon_app_data_lazy(const std::string& path, const char* seinfo, uid_t uid) { int res = 0; int res = 0; char* before = nullptr; char* before = nullptr; char* after = nullptr; char* after = nullptr; Loading @@ -112,15 +112,15 @@ static int restorecon_app_data_lazy(const char* path, const char* seinfo, uid_t // Note that SELINUX_ANDROID_RESTORECON_DATADATA flag is set by // Note that SELINUX_ANDROID_RESTORECON_DATADATA flag is set by // libselinux. Not needed here. // libselinux. Not needed here. if (lgetfilecon(path, &before) < 0) { if (lgetfilecon(path.c_str(), &before) < 0) { PLOG(ERROR) << "Failed before getfilecon for " << path; PLOG(ERROR) << "Failed before getfilecon for " << path; goto fail; goto fail; } } if (selinux_android_restorecon_pkgdir(path, seinfo, uid, 0) < 0) { if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid, 0) < 0) { PLOG(ERROR) << "Failed top-level restorecon for " << path; PLOG(ERROR) << "Failed top-level restorecon for " << path; goto fail; goto fail; } } if (lgetfilecon(path, &after) < 0) { if (lgetfilecon(path.c_str(), &after) < 0) { PLOG(ERROR) << "Failed after getfilecon for " << path; PLOG(ERROR) << "Failed after getfilecon for " << path; goto fail; goto fail; } } Loading @@ -130,7 +130,7 @@ static int restorecon_app_data_lazy(const char* path, const char* seinfo, uid_t if (strcmp(before, after)) { if (strcmp(before, after)) { LOG(DEBUG) << "Detected label change from " << before << " to " << after << " at " << path LOG(DEBUG) << "Detected label change from " << before << " to " << after << " at " << path << "; running recursive restorecon"; << "; running recursive restorecon"; if (selinux_android_restorecon_pkgdir(path, seinfo, uid, if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid, SELINUX_ANDROID_RESTORECON_RECURSE) < 0) { SELINUX_ANDROID_RESTORECON_RECURSE) < 0) { PLOG(ERROR) << "Failed recursive restorecon for " << path; PLOG(ERROR) << "Failed recursive restorecon for " << path; goto fail; goto fail; Loading @@ -146,6 +146,11 @@ done: return res; return res; } } static int restorecon_app_data_lazy(const std::string& parent, const char* name, const char* seinfo, uid_t uid) { return restorecon_app_data_lazy(StringPrintf("%s/%s", parent.c_str(), name), seinfo, uid); } static int prepare_app_dir(const std::string& path, mode_t target_mode, uid_t uid) { static int prepare_app_dir(const std::string& path, mode_t target_mode, uid_t uid) { if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) { if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) { PLOG(ERROR) << "Failed to prepare " << path; PLOG(ERROR) << "Failed to prepare " << path; Loading @@ -172,7 +177,9 @@ int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int } } // Consider restorecon over contents if label changed // Consider restorecon over contents if label changed if (restorecon_app_data_lazy(path.c_str(), seinfo, uid)) { if (restorecon_app_data_lazy(path, seinfo, uid) || restorecon_app_data_lazy(path, "cache", seinfo, uid) || restorecon_app_data_lazy(path, "code_cache", seinfo, uid)) { return -1; return -1; } } Loading @@ -191,7 +198,7 @@ int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int } } // Consider restorecon over contents if label changed // Consider restorecon over contents if label changed if (restorecon_app_data_lazy(path.c_str(), seinfo, uid)) { if (restorecon_app_data_lazy(path, seinfo, uid)) { return -1; return -1; } } Loading Loading
cmds/installd/commands.cpp +14 −7 Original line number Original line Diff line number Diff line Loading @@ -104,7 +104,7 @@ static std::string create_primary_profile(const std::string& profile_dir) { * if the label of that top-level file actually changed. This can save us * if the label of that top-level file actually changed. This can save us * significant time by avoiding no-op traversals of large filesystem trees. * significant time by avoiding no-op traversals of large filesystem trees. */ */ static int restorecon_app_data_lazy(const char* path, const char* seinfo, uid_t uid) { static int restorecon_app_data_lazy(const std::string& path, const char* seinfo, uid_t uid) { int res = 0; int res = 0; char* before = nullptr; char* before = nullptr; char* after = nullptr; char* after = nullptr; Loading @@ -112,15 +112,15 @@ static int restorecon_app_data_lazy(const char* path, const char* seinfo, uid_t // Note that SELINUX_ANDROID_RESTORECON_DATADATA flag is set by // Note that SELINUX_ANDROID_RESTORECON_DATADATA flag is set by // libselinux. Not needed here. // libselinux. Not needed here. if (lgetfilecon(path, &before) < 0) { if (lgetfilecon(path.c_str(), &before) < 0) { PLOG(ERROR) << "Failed before getfilecon for " << path; PLOG(ERROR) << "Failed before getfilecon for " << path; goto fail; goto fail; } } if (selinux_android_restorecon_pkgdir(path, seinfo, uid, 0) < 0) { if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid, 0) < 0) { PLOG(ERROR) << "Failed top-level restorecon for " << path; PLOG(ERROR) << "Failed top-level restorecon for " << path; goto fail; goto fail; } } if (lgetfilecon(path, &after) < 0) { if (lgetfilecon(path.c_str(), &after) < 0) { PLOG(ERROR) << "Failed after getfilecon for " << path; PLOG(ERROR) << "Failed after getfilecon for " << path; goto fail; goto fail; } } Loading @@ -130,7 +130,7 @@ static int restorecon_app_data_lazy(const char* path, const char* seinfo, uid_t if (strcmp(before, after)) { if (strcmp(before, after)) { LOG(DEBUG) << "Detected label change from " << before << " to " << after << " at " << path LOG(DEBUG) << "Detected label change from " << before << " to " << after << " at " << path << "; running recursive restorecon"; << "; running recursive restorecon"; if (selinux_android_restorecon_pkgdir(path, seinfo, uid, if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid, SELINUX_ANDROID_RESTORECON_RECURSE) < 0) { SELINUX_ANDROID_RESTORECON_RECURSE) < 0) { PLOG(ERROR) << "Failed recursive restorecon for " << path; PLOG(ERROR) << "Failed recursive restorecon for " << path; goto fail; goto fail; Loading @@ -146,6 +146,11 @@ done: return res; return res; } } static int restorecon_app_data_lazy(const std::string& parent, const char* name, const char* seinfo, uid_t uid) { return restorecon_app_data_lazy(StringPrintf("%s/%s", parent.c_str(), name), seinfo, uid); } static int prepare_app_dir(const std::string& path, mode_t target_mode, uid_t uid) { static int prepare_app_dir(const std::string& path, mode_t target_mode, uid_t uid) { if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) { if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) { PLOG(ERROR) << "Failed to prepare " << path; PLOG(ERROR) << "Failed to prepare " << path; Loading @@ -172,7 +177,9 @@ int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int } } // Consider restorecon over contents if label changed // Consider restorecon over contents if label changed if (restorecon_app_data_lazy(path.c_str(), seinfo, uid)) { if (restorecon_app_data_lazy(path, seinfo, uid) || restorecon_app_data_lazy(path, "cache", seinfo, uid) || restorecon_app_data_lazy(path, "code_cache", seinfo, uid)) { return -1; return -1; } } Loading @@ -191,7 +198,7 @@ int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int } } // Consider restorecon over contents if label changed // Consider restorecon over contents if label changed if (restorecon_app_data_lazy(path.c_str(), seinfo, uid)) { if (restorecon_app_data_lazy(path, seinfo, uid)) { return -1; return -1; } } Loading
