tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Give priority to platform side seapp_contexts am: 51fde66c16

Browse source 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2671235

Change-Id: Ifebcd36ec4e164b2e65e4e4acd35e0f85140568f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Inseob Kim 2023-07-26 12:09:33 +00:00 committed by Automerger Merge Worker
commit 85561b366a
1 changed files with 17 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
libselinux/src/android/android_seapp.c
View file

@ -164,6 +164,15 @@ static void free_seapp_context(struct seapp_context *s)
free(s->level);
}
static bool is_platform(const char *partition) {
// system, system_ext, product are regarded as "platform", whereas vendor
// and odm are regarded as vendor.
if (strcmp(partition, "system") == 0) return true;
if (strcmp(partition, "system_ext") == 0) return true;
if (strcmp(partition, "product") == 0) return true;
return false;
}
/* Compare two seapp_context. Used to sort all the entries found. */
static int seapp_context_cmp(const void *A, const void *B)
{
@ -234,6 +243,12 @@ static int seapp_context_cmp(const void *A, const void *B)
if (s1->fromRunAs != s2->fromRunAs)
return (s1->fromRunAs ? -1 : 1);
/* Give precedence to platform side contexts */
bool isS1Platform = is_platform(s1->partition);
bool isS2Platform = is_platform(s2->partition);
if (isS1Platform != isS2Platform)
return (isS1Platform ? -1 : 1);
/* Anything else has equal precedence. */
return 0;
}
@ -574,6 +589,8 @@ int seapp_context_reload_internal(const path_alts_t *context_paths)
selinux_log(SELINUX_ERROR, " seinfo=%s\n", s1->seinfo);
if (s1->name.str)
selinux_log(SELINUX_ERROR, " name=%s\n", s1->name.str);
if (s1->partition)
selinux_log(SELINUX_ERROR, " partition=%s\n", s1->partition);
goto err_no_log;
}
}
@ -693,15 +710,6 @@ static bool get_partition(const char *seinfo, char partition[], size_t size)
return true;
}
static bool is_platform(const char *partition) {
// system, system_ext, product are regarded as "platform", whereas vendor
// and odm are regarded as vendor.
if (strcmp(partition, "system") == 0) return true;
if (strcmp(partition, "system_ext") == 0) return true;
if (strcmp(partition, "product") == 0) return true;
return false;
}
static bool is_preinstalled_app_partition_valid(const char *app_policy, const char *app_partition) {
// We forbid system/system_ext/product installed apps from being labeled with vendor sepolicy.
// So, either the app shouldn't be platform, or the spec should be platform.