diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2015-04-09 20:40:09 -0700 |
|---|---|---|
| committer | Jeff Sharkey <jsharkey@android.com> | 2015-04-09 20:42:28 -0700 |
| commit | 4766bfa9ec477b245a9a863152839269a314f9d4 (patch) | |
| tree | f818c28004087a6f3b56c57ea9a954ef1f132621 | |
| parent | 1be58cb7c7ea5953424500800720d10da6bbdfcc (diff) | |
| download | libselinux-4766bfa9ec477b245a9a863152839269a314f9d4.tar.gz | |
Match app directories on expanded storage.
Expanded storage behaves mostly like the internal data storage,
including holding private app data. To correctly apply SELinux
labels, this change defines a pattern for matching these new paths
which follow the format:
/mnt/expand/<UUID>/user/<N>
The owner user (0) is not special cased like internal storage, and
lives under the /user/0 directory.
Bug: 19993667
Change-Id: Ia3eb28440ff3a119f0a3892e636640cf59c01244
| -rw-r--r-- | src/android.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/android.c b/src/android.c index 440b54d..c4f8512 100644 --- a/src/android.c +++ b/src/android.c @@ -27,6 +27,7 @@ #include "callbacks.h" #include "selinux_internal.h" #include "label_internal.h" +#include <fnmatch.h> /* * XXX Where should this configuration file be located? @@ -1055,6 +1056,7 @@ struct pkgInfo *package_info_lookup(const char *name) /* The path prefixes of package data directories. */ #define DATA_DATA_PATH "/data/data" #define DATA_USER_PATH "/data/user" +#define EXPAND_USER_PATH "/mnt/expand/????????-????-????-????-????????????/user" #define DATA_DATA_PREFIX DATA_DATA_PATH "/" #define DATA_USER_PREFIX DATA_USER_PATH "/" @@ -1080,6 +1082,14 @@ static int pkgdir_selabel_lookup(const char *pathname, pathname++; else return 0; + } else if (!fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) { + pathname += sizeof(EXPAND_USER_PATH); + while (isdigit(*pathname)) + pathname++; + if (*pathname == '/') + pathname++; + else + return 0; } else return 0; @@ -1168,7 +1178,8 @@ static int restorecon_sb(const char *pathname, const struct stat *sb, * installd is responsible for managing these labels instead of init. */ if (!strncmp(pathname, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) || - !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1)) { + !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) || + !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) { if (pkgdir_selabel_lookup(pathname, seinfo, uid, &secontext) < 0) goto err; } @@ -1244,7 +1255,8 @@ static int selinux_android_restorecon_common(const char* pathname, * installd rather than init. */ if (!strncmp(pathname, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) || - !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1)) + !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) || + !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) setrestoreconlast = false; /* Also ignore on /sys since it is regenerated on each boot regardless. */ @@ -1296,9 +1308,11 @@ static int selinux_android_restorecon_common(const char* pathname, fts_set(fts, ftsent, FTS_SKIP); continue; } + if (!datadata && - (!strcmp(ftsent->fts_path, DATA_DATA_PATH) || - !strncmp(ftsent->fts_path, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1))) { + (!strncmp(ftsent->fts_path, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) || + !strncmp(ftsent->fts_path, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) || + !fnmatch(EXPAND_USER_PATH, ftsent->fts_path, FNM_LEADING_DIR|FNM_PATHNAME))) { // Don't label anything below this directory. fts_set(fts, ftsent, FTS_SKIP); // but fall through and make sure we label the directory itself |