diff options
author | Jeff Sharkey <jsharkey@android.com> | 2015-11-11 19:00:16 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2015-11-11 19:00:16 +0000 |
commit | c4efaf4c69cc7a917d12fb1ad4d38419ae6b1aa7 (patch) | |
tree | 4f14bf608b6e2775e871fd79c6d949033a9d0d68 | |
parent | 3711d51a45da50d968d5a577ed6e9325a0fc5638 (diff) | |
parent | c821cc2e190607db18e1e1cbae126de57383fabd (diff) | |
download | libselinux-c4efaf4c69cc7a917d12fb1ad4d38419ae6b1aa7.tar.gz |
Support for new file-based encryption paths.
am: c821cc2e19
* commit 'c821cc2e190607db18e1e1cbae126de57383fabd':
Support for new file-based encryption paths.
-rw-r--r-- | src/android.c | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/src/android.c b/src/android.c index a627b15..eb58201 100644 --- a/src/android.c +++ b/src/android.c @@ -1054,9 +1054,12 @@ struct pkg_info *package_info_lookup(const char *name) /* The path prefixes of package data directories. */ #define DATA_DATA_PATH "/data/data" #define DATA_USER_PATH "/data/user" +#define DATA_USER_DE_PATH "/data/user_de" #define EXPAND_USER_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user" +#define EXPAND_USER_DE_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user_de" #define DATA_DATA_PREFIX DATA_DATA_PATH "/" #define DATA_USER_PREFIX DATA_USER_PATH "/" +#define DATA_USER_DE_PREFIX DATA_USER_DE_PATH "/" static int pkgdir_selabel_lookup(const char *pathname, const char *seinfo, @@ -1080,6 +1083,14 @@ static int pkgdir_selabel_lookup(const char *pathname, pathname++; else return 0; + } else if (!strncmp(pathname, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1)) { + pathname += sizeof(DATA_USER_DE_PREFIX) - 1; + while (isdigit(*pathname)) + pathname++; + if (*pathname == '/') + pathname++; + else + return 0; } else if (!fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) { pathname += sizeof(EXPAND_USER_PATH); while (isdigit(*pathname)) @@ -1088,6 +1099,14 @@ static int pkgdir_selabel_lookup(const char *pathname, pathname++; else return 0; + } else if (!fnmatch(EXPAND_USER_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) { + pathname += sizeof(EXPAND_USER_DE_PATH); + while (isdigit(*pathname)) + pathname++; + if (*pathname == '/') + pathname++; + else + return 0; } else return 0; @@ -1177,7 +1196,9 @@ static int restorecon_sb(const char *pathname, const struct stat *sb, */ if (!strncmp(pathname, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) || !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) || - !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) { + !strncmp(pathname, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1) || + !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) || + !fnmatch(EXPAND_USER_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) { if (pkgdir_selabel_lookup(pathname, seinfo, uid, &secontext) < 0) goto err; } @@ -1285,7 +1306,9 @@ static int selinux_android_restorecon_common(const char* pathname_orig, */ if (!strncmp(pathname, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) || !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) || - !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) + !strncmp(pathname, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1) || + !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) || + !fnmatch(EXPAND_USER_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) setrestoreconlast = false; /* Also ignore on /sys since it is regenerated on each boot regardless. */ @@ -1350,7 +1373,9 @@ static int selinux_android_restorecon_common(const char* pathname_orig, if (!datadata && (!strcmp(ftsent->fts_path, DATA_DATA_PATH) || !strncmp(ftsent->fts_path, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) || - !fnmatch(EXPAND_USER_PATH, ftsent->fts_path, FNM_LEADING_DIR|FNM_PATHNAME))) { + !strncmp(ftsent->fts_path, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1) || + !fnmatch(EXPAND_USER_PATH, ftsent->fts_path, FNM_LEADING_DIR|FNM_PATHNAME) || + !fnmatch(EXPAND_USER_DE_PATH, ftsent->fts_path, FNM_LEADING_DIR|FNM_PATHNAME))) { // Don't label anything below this directory. fts_set(fts, ftsent, FTS_SKIP); // but fall through and make sure we label the directory itself |