Add is_credential_encrypted_path

Add an internal function to clarify the restorecon logic. Move the
function to android.c so it can be unit tested.

Test: build
Bug: 317296680
Change-Id: I972fca7509504ab50de41374c1f5d6ed878bf42f
This commit is contained in:
Thiébaud Weksteen 2024-05-02 10:32:15 +10:00
parent 0562394766
commit 5fd6afea62
3 changed files with 23 additions and 13 deletions

View file

@ -189,11 +189,18 @@ struct selabel_handle* selinux_android_keystore2_key_context_handle(void)
return context_handle(SELABEL_CTX_ANDROID_KEYSTORE2_KEY, &keystore2_context_paths, "keystore2"); return context_handle(SELABEL_CTX_ANDROID_KEYSTORE2_KEY, &keystore2_context_paths, "keystore2");
} }
/* The contents of these paths are encrypted on FBE devices until user
* credentials are presented (filenames inside are mangled), so we need
* to delay restorecon of those until vold explicitly requests it. */
// NOTE: these paths need to be kept in sync with vold
#define DATA_SYSTEM_CE_PATH "/data/system_ce"
#define DATA_VENDOR_CE_PATH "/data/vendor_ce"
#define DATA_MISC_CE_PATH "/data/misc_ce"
/* The path prefixes of package data directories. */ /* The path prefixes of package data directories. */
#define DATA_DATA_PATH "/data/data" #define DATA_DATA_PATH "/data/data"
#define DATA_USER_PATH "/data/user" #define DATA_USER_PATH "/data/user"
#define DATA_USER_DE_PATH "/data/user_de" #define DATA_USER_DE_PATH "/data/user_de"
#define DATA_MISC_CE_PATH "/data/misc_ce"
#define DATA_MISC_DE_PATH "/data/misc_de" #define DATA_MISC_DE_PATH "/data/misc_de"
#define DATA_STORAGE_AREA_PATH "/data/storage_area" #define DATA_STORAGE_AREA_PATH "/data/storage_area"
#define SDK_SANDBOX_DATA_CE_PATH "/data/misc_ce/*/sdksandbox" #define SDK_SANDBOX_DATA_CE_PATH "/data/misc_ce/*/sdksandbox"
@ -232,6 +239,12 @@ bool is_app_data_path(const char *pathname) {
!fnmatch(EXPAND_SDK_DE_PATH, pathname, flags)); !fnmatch(EXPAND_SDK_DE_PATH, pathname, flags));
} }
bool is_credential_encrypted_path(const char *pathname) {
return !strncmp(pathname, DATA_SYSTEM_CE_PATH, sizeof(DATA_SYSTEM_CE_PATH)-1) ||
!strncmp(pathname, DATA_MISC_CE_PATH, sizeof(DATA_MISC_CE_PATH)-1) ||
!strncmp(pathname, DATA_VENDOR_CE_PATH, sizeof(DATA_VENDOR_CE_PATH)-1);
}
/* /*
* Extract the userid from a path. * Extract the userid from a path.
* On success, pathname is updated past the userid. * On success, pathname is updated past the userid.

View file

@ -244,14 +244,6 @@ struct pkg_info *package_info_lookup(const char *name)
return NULL; return NULL;
} }
/* The contents of these paths are encrypted on FBE devices until user
* credentials are presented (filenames inside are mangled), so we need
* to delay restorecon of those until vold explicitly requests it. */
// NOTE: these paths need to be kept in sync with vold
#define DATA_SYSTEM_CE_PATH "/data/system_ce"
#define DATA_VENDOR_CE_PATH "/data/vendor_ce"
#define DATA_MISC_CE_PATH "/data/misc_ce"
#define USER_PROFILE_PATH "/data/misc/profiles/cur/*" #define USER_PROFILE_PATH "/data/misc/profiles/cur/*"
static int pkgdir_selabel_lookup(const char *pathname, static int pkgdir_selabel_lookup(const char *pathname,
@ -595,10 +587,7 @@ static int selinux_android_restorecon_common(const char* pathname_orig,
} }
} }
if (skipce && if (skipce && is_credential_encrypted_path(ftsent->fts_path)) {
(!strncmp(ftsent->fts_path, DATA_SYSTEM_CE_PATH, sizeof(DATA_SYSTEM_CE_PATH)-1) ||
!strncmp(ftsent->fts_path, DATA_MISC_CE_PATH, sizeof(DATA_MISC_CE_PATH)-1) ||
!strncmp(ftsent->fts_path, DATA_VENDOR_CE_PATH, sizeof(DATA_VENDOR_CE_PATH)-1))) {
// Don't label anything below this directory. // Don't label anything below this directory.
fts_set(fts, ftsent, FTS_SKIP); fts_set(fts, ftsent, FTS_SKIP);
// but fall through and make sure we label the directory itself // but fall through and make sure we label the directory itself

View file

@ -62,6 +62,14 @@ struct selabel_handle* context_handle(
*/ */
bool is_app_data_path(const char *pathname); bool is_app_data_path(const char *pathname);
/*
* Determines if a path is Credential Encrypted (CE).
* Some paths are not available when the device first boots (these are protected
* by a credential). They should not be processed by restorecon until decrypted.
* See also the --skip-ce option for restorecon.
*/
bool is_credential_encrypted_path(const char *pathname);
/* Extract the pkgname and userid from a path. /* Extract the pkgname and userid from a path.
* On success, the caller is responsible for free'ing pkgname. * On success, the caller is responsible for free'ing pkgname.
* Returns 0 on success, -1 on invalid path, -2 on error. * Returns 0 on success, -1 on invalid path, -2 on error.