tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enable selinux detect sdk data on other volumes

Browse source 
App data can be found on `/mnt/expand/<volume-uuid>`. Similarly, we want
sdk data to be together with app data on other volumes. Such directories
should get their labeling from seapp_context just like app data.

Bug: 222034645
Test: atest SdkSandboxStorageHostTest (see ag/17120883)
Ignore-AOSP-First: End to end test added which exists in internal branch
    only. Will cherry-pick this CL to aosp standalone once it is safely
    merged to internal branch.
Change-Id: I10b53d4827495466521983067e2830486fbd080e
Merged-In: I10b53d4827495466521983067e2830486fbd080e
(cherry picked from commit a58a9091cd)
This commit is contained in:
Mohammad Samiul Islam 2022-03-07 20:27:18 +00:00 committed by Samiul Islam
parent 0ff24d85f1
commit 1e9872d61c
1 changed files with 32 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
libselinux/src/android/android_platform.c
View file

@ -1131,17 +1131,22 @@ struct pkg_info *package_info_lookup(const char *name)
#define DATA_DATA_PATH "/data/data"
#define DATA_USER_PATH "/data/user"
#define DATA_USER_DE_PATH "/data/user_de"
#define EXPAND_USER_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user"
#define EXPAND_USER_DE_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user_de"
#define USER_PROFILE_PATH "/data/misc/profiles/cur/*"
#define SDK_SANDBOX_DATA_CE_PATH "/data/misc_ce/*/sdksandbox"
#define SDK_SANDBOX_DATA_DE_PATH "/data/misc_de/*/sdksandbox"
#define EXPAND_MNT_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?"
#define EXPAND_USER_PATH EXPAND_MNT_PATH "/user"
#define EXPAND_USER_DE_PATH EXPAND_MNT_PATH "/user_de"
#define EXPAND_SDK_CE_PATH EXPAND_MNT_PATH "/misc_ce/*/sdksandbox"
#define EXPAND_SDK_DE_PATH EXPAND_MNT_PATH "/misc_de/*/sdksandbox"
#define DATA_DATA_PREFIX DATA_DATA_PATH "/"
#define DATA_USER_PREFIX DATA_USER_PATH "/"
#define DATA_USER_DE_PREFIX DATA_USER_DE_PATH "/"
#define DATA_MISC_CE_PREFIX DATA_MISC_CE_PATH "/"
#define DATA_MISC_DE_PREFIX DATA_MISC_DE_PATH "/"
#define EXPAND_MNT_PATH_PREFIX EXPAND_MNT_PATH "/"
/*
* This method helps in identifying paths that refer to users' app data. Labeling for app data is
@ -1149,13 +1154,16 @@ struct pkg_info *package_info_lookup(const char *name)
* installd rather than by init.
*/
static bool is_app_data_path(const char *pathname) {
int flags = FNM_LEADING_DIR|FNM_PATHNAME;
return (!strncmp(pathname, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) ||
!strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) ||
!strncmp(pathname, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1) ||
!fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) ||
!fnmatch(EXPAND_USER_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) ||
!fnmatch(SDK_SANDBOX_DATA_CE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) ||
!fnmatch(SDK_SANDBOX_DATA_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME));
!fnmatch(EXPAND_USER_PATH, pathname, flags) ||
!fnmatch(EXPAND_USER_DE_PATH, pathname, flags) ||
!fnmatch(SDK_SANDBOX_DATA_CE_PATH, pathname, flags) ||
!fnmatch(SDK_SANDBOX_DATA_DE_PATH, pathname, flags) ||
!fnmatch(EXPAND_SDK_CE_PATH, pathname, flags) ||
!fnmatch(EXPAND_SDK_DE_PATH, pathname, flags));
}
static int pkgdir_selabel_lookup(const char *pathname,
@ -1220,6 +1228,24 @@ static int pkgdir_selabel_lookup(const char *pathname,
pathname += sizeof("/sdksandbox/") - 1;
} else
return 0;
} else if (!fnmatch(EXPAND_SDK_CE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) {
pathname += sizeof(EXPAND_MNT_PATH_PREFIX) - 1;
pathname += sizeof("misc_ce/") - 1;
while (isdigit(*pathname))
pathname++;
if (!strncmp(pathname, "/sdksandbox/", sizeof("/sdksandbox/")-1)) {
pathname += sizeof("/sdksandbox/") - 1;
} else
return 0;
} else if (!fnmatch(EXPAND_SDK_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) {
pathname += sizeof(EXPAND_MNT_PATH_PREFIX) - 1;
pathname += sizeof("misc_de/") - 1;
while (isdigit(*pathname))
pathname++;
if (!strncmp(pathname, "/sdksandbox/", sizeof("/sdksandbox/")-1)) {
pathname += sizeof("/sdksandbox/") - 1;
} else
return 0;
} else
return 0;