diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-02-27 13:08:40 -0500 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-02-28 09:40:51 -0500 |
commit | 833cbd68ac546067fe2810163a70f77ab598a2ab (patch) | |
tree | b6d0720f7575bf85e70ff9570f37d4fa7e100344 | |
parent | 274e0f649df4684f94d1ec3374d1d106fe233901 (diff) | |
download | libselinux-833cbd68ac546067fe2810163a70f77ab598a2ab.tar.gz |
Disable restorecon_last usage for restorecon /data/data.
Since /data/data and /data/user labeling is based on seapp_contexts and seinfo
assignments rather than file_contexts, we do not want to get or set
the security.restorecon_last attribute on these directories as that will
incorrectly skip subsequent recursive restorecon calls on these directories.
Also, setting a security. attribute other than selinux or capability
requires CAP_SYS_ADMIN and thus attempting to do this would trigger
denials for installd, which handles relabeling of these directories.
Ensuring that /data/data and /data/user are only relabeled when
necessary is the responsibility of the caller of restorecon, in
this case the system_server and installd.
Change-Id: I33476236c493f9749a3da068afd83d9f279409a9
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
-rw-r--r-- | src/android.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/android.c b/src/android.c index 051f255..617f1a4 100644 --- a/src/android.c +++ b/src/android.c @@ -977,8 +977,20 @@ static int restorecon_sb(const char *pathname, const struct stat *sb, bool setre if (lgetfilecon(pathname, &oldsecontext) < 0) goto err; + /* + * Disable setting restorecon_last on /data/data or /data/user + * since their labeling is based on seapp_contexts and seinfo + * assignments rather than file_contexts and is managed by + * installd rather than init. + */ + if (!strcmp(pathname, DATA_DATA_PATH) || !strcmp(pathname, DATA_USER_PATH)) + setrestoreconlast = false; + if (!strncmp(pathname, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) || !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1)) { + /* Same as above for all children of /data/data and /data/user. */ + setrestoreconlast = false; + if (pkgdir_selabel_lookup(pathname, &secontext) < 0) goto err; } @@ -1042,6 +1054,15 @@ int selinux_android_restorecon(const char* pathname, unsigned int flags) return restorecon_sb(pathname, &sb, false, nochange, verbose); } + /* + * Ignore restorecon_last on /data/data or /data/user + * since their labeling is based on seapp_contexts and seinfo + * assignments rather than file_contexts and is managed by + * installd rather than init. + */ + if (!strcmp(pathname, DATA_DATA_PATH) || !strcmp(pathname, DATA_USER_PATH)) + force = true; + size = getxattr(pathname, RESTORECON_LAST, xattr_value, sizeof fc_digest); if (!force && size == sizeof fc_digest && memcmp(fc_digest, xattr_value, sizeof fc_digest) == 0) { selinux_log(SELINUX_INFO, |