diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-02-19 19:55:48 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-02-19 19:55:48 +0000 |
commit | bd0d6e323c2c473fcca3b9e98c7363b17ba7e4a6 (patch) | |
tree | 7f2731251bfd7c8333a8b08849c77cf029850f3e | |
parent | ffe55fe6e576e880bcd48ebfbd0cd2da5245c59d (diff) | |
parent | 1e9d2765137f7623ea590efdbb8b521ca5d7e416 (diff) | |
download | libselinux-bd0d6e323c2c473fcca3b9e98c7363b17ba7e4a6.tar.gz |
am 1e9d2765: libselinux: Only use /data/security policy if all files are present.
* commit '1e9d2765137f7623ea590efdbb8b521ca5d7e416':
libselinux: Only use /data/security policy if all files are present.
-rw-r--r-- | src/android.c | 72 |
1 files changed, 38 insertions, 34 deletions
diff --git a/src/android.c b/src/android.c index 3ae2791..4f6a465 100644 --- a/src/android.c +++ b/src/android.c @@ -85,52 +85,56 @@ static void set_policy_index(void) if (fd_base < 0) return; - if (fstat(fd_base, &sb_base) < 0) { - close(fd_base); - return; - } + if (fstat(fd_base, &sb_base) < 0) + goto close_base; fd_override = open(POLICY_OVERRIDE_VERSION, O_RDONLY | O_NOFOLLOW); - if (fd_override < 0) { - close(fd_base); - return; - } + if (fd_override < 0) + goto close_base; - if (fstat(fd_override, &sb_override) < 0) { - close(fd_base); - close(fd_override); - return; - } + if (fstat(fd_override, &sb_override) < 0) + goto close_override; - if (sb_base.st_size != sb_override.st_size) { - close(fd_base); - close(fd_override); - return; - } + if (sb_base.st_size != sb_override.st_size) + goto close_override; map_base = mmap(NULL, sb_base.st_size, PROT_READ, MAP_PRIVATE, fd_base, 0); - if (map_base == MAP_FAILED) { - close(fd_base); - close(fd_override); - return; - } + if (map_base == MAP_FAILED) + goto close_override; map_override = mmap(NULL, sb_override.st_size, PROT_READ, MAP_PRIVATE, fd_override, 0); - if (map_override == MAP_FAILED) { - munmap(map_base, sb_base.st_size); - close(fd_base); - close(fd_override); - return; - } + if (map_override == MAP_FAILED) + goto unmap_base; - if (memcmp(map_base, map_override, sb_base.st_size) == 0) - policy_index = 1; + if (memcmp(map_base, map_override, sb_base.st_size) != 0) + goto unmap_override; + if (access(sepolicy_file[1], R_OK) != 0) + goto unmap_override; - close(fd_base); - close(fd_override); - munmap(map_base, sb_base.st_size); + if (access(seopts[1].value, R_OK) != 0) + goto unmap_override; + + if (access(seopts_prop[1].value, R_OK) != 0) + goto unmap_override; + + if (access(seopts_service[1].value, R_OK) != 0) + goto unmap_override; + + if (access(seapp_contexts_file[1], R_OK) != 0) + goto unmap_override; + + policy_index = 1; + +unmap_override: munmap(map_override, sb_override.st_size); +unmap_base: + munmap(map_base, sb_base.st_size); +close_override: + close(fd_override); +close_base: + close(fd_base); + return; } #if DEBUG |