No description
721c9ce4a5
There is a race in ueventd's coldboot procedure that permits creation
of device block nodes before platform devices are registered. This happens
when the kernel sends events for adding block devices during ueventd's
coldboot /sys walk.
In this case the device node links used to compute the SELinux context
are not known and the node is created under the generic context:
u:object_r:block_device:s0.
A second add event for block device nodes is triggered after the platform
devices are handled by ueventd and the SELinux context is correctly computed
but the mknod call fails because the node already exists. This patch handles
this error case and updates the node's security context.
The race is introduced by the uevent sent from the sdcard device probe
function. The issue appears when this uevent is triggered during ueventd's
coldboot procedure but before the /sys/devices recursive walk reached the
corresponding sdcard platform device path.
The backtrace looks something like:
1. ueventd_main()
2. device_init()
3. coldboot("/sys/devices");
4. do_coldboot()
5. handle_device_fd()
6. handle_device_event()
6.1 handle_block_device_event()
6.2 handle_platform_device_event()
Because handle_device_fd() reads all events from the netlink socket it may
handle the add events for the sdcard partition nodes send occasionally by the
kernel during coldboot /sys walk procedure.
If handle_device_event() continues with handle_block_device_event()
before handle_platform_device_event() registers the sdcard platform device then
handle_block_device_event() will create device nodes without knowing all block
device symlinks (get_block_device_symlinks()):
1. handle_device(path=/dev/block/mmcblk0p3, links = NULL)
2. make_device(path=/dev/block/mmcblk0p3, links = NULL)
3. selabel_lookup_best_match(path=/dev/block/mmcblk0p3, links = NULL)
returns the default context (u:object_r:block_device:s0) for
/dev/block/mmcblk0p3 instead of more specific context like:
u:object_r:boot_block_device:s0
4. setfscreatecon(u:object_r:block_device:s0)
5. mknod(/dev/block/mmcblk0p3)
So the node is create with the wrong context. Afterwards the coldboot /sys walk
continues and make_device() will be called with correct path and links.
But even if the secontext is computed correctly this time it will not be
applied to the device node because mknod() fails.
I see this issue randomly appearing (one time in 10 reboots) on a Minnoboard
Turbot with external sdcard as the boot device.
BUG=28388946
Signed-off-by: Mihai Serban <mihai.serban@intel.com>
(cherry picked from commit
|
||
|---|---|---|
| adb | ||
| adf | ||
| base | ||
| bootstat | ||
| cpio | ||
| crash_reporter | ||
| debuggerd | ||
| fastboot | ||
| fingerprintd | ||
| fs_mgr | ||
| gatekeeperd | ||
| healthd | ||
| include | ||
| init | ||
| libbacktrace | ||
| libbinderwrapper | ||
| libcutils | ||
| libdiskconfig | ||
| libion | ||
| liblog | ||
| libmemtrack | ||
| libmemunreachable | ||
| libmincrypt | ||
| libnativebridge | ||
| libnativeloader | ||
| libnetutils | ||
| libpackagelistparser | ||
| libpixelflinger | ||
| libprocessgroup | ||
| libsparse | ||
| libsuspend | ||
| libsync | ||
| libsysutils | ||
| libusbhost | ||
| libutils | ||
| libziparchive | ||
| lmkd | ||
| logcat | ||
| logd | ||
| logwrapper | ||
| metricsd | ||
| mkbootimg | ||
| reboot | ||
| rootdir | ||
| run-as | ||
| sdcard | ||
| toolbox | ||
| trusty | ||
| tzdatacheck | ||
| .gitignore | ||
| Android.mk | ||
| CleanSpec.mk | ||
| MODULE_LICENSE_APACHE2 | ||
| NOTICE | ||