Support for new file-based encryption paths.

am: c821cc2e19 * commit 'c821cc2e190607db18e1e1cbae126de57383fabd': Support for new file-based encryption paths.
author: Jeff Sharkey <jsharkey@android.com> 2015-11-11 19:00:16 +0000
committer: android-build-merger <android-build-merger@google.com> 2015-11-11 19:00:16 +0000
commit: c4efaf4c69cc7a917d12fb1ad4d38419ae6b1aa7 (patch)
tree: 4f14bf608b6e2775e871fd79c6d949033a9d0d68
parent: 3711d51a45da50d968d5a577ed6e9325a0fc5638 (diff)
parent: c821cc2e190607db18e1e1cbae126de57383fabd (diff)
download: libselinux-c4efaf4c69cc7a917d12fb1ad4d38419ae6b1aa7.tar.gz
1 files changed, 28 insertions, 3 deletions
diff --git a/src/android.c b/src/android.c
index a627b15..eb58201 100644
--- a/src/android.c
+++ b/src/android.c
@@ -1054,9 +1054,12 @@ struct pkg_info *package_info_lookup(const char *name)
 /* The path prefixes of package data directories. */
 #define DATA_DATA_PATH "/data/data"
 #define DATA_USER_PATH "/data/user"
+#define DATA_USER_DE_PATH "/data/user_de"
 #define EXPAND_USER_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user"
+#define EXPAND_USER_DE_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user_de"
 #define DATA_DATA_PREFIX DATA_DATA_PATH "/"
 #define DATA_USER_PREFIX DATA_USER_PATH "/"
+#define DATA_USER_DE_PREFIX DATA_USER_DE_PATH "/"
 
 static int pkgdir_selabel_lookup(const char *pathname,
                                  const char *seinfo,
@@ -1080,6 +1083,14 @@ static int pkgdir_selabel_lookup(const char *pathname,
             pathname++;
         else
             return 0;
+    } else if (!strncmp(pathname, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1)) {
+        pathname += sizeof(DATA_USER_DE_PREFIX) - 1;
+        while (isdigit(*pathname))
+            pathname++;
+        if (*pathname == '/')
+            pathname++;
+        else
+            return 0;
     } else if (!fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) {
         pathname += sizeof(EXPAND_USER_PATH);
         while (isdigit(*pathname))
@@ -1088,6 +1099,14 @@ static int pkgdir_selabel_lookup(const char *pathname,
             pathname++;
         else
             return 0;
+    } else if (!fnmatch(EXPAND_USER_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) {
+        pathname += sizeof(EXPAND_USER_DE_PATH);
+        while (isdigit(*pathname))
+            pathname++;
+        if (*pathname == '/')
+            pathname++;
+        else
+            return 0;
     } else
         return 0;
 
@@ -1177,7 +1196,9 @@ static int restorecon_sb(const char *pathname, const struct stat *sb,
      */
     if (!strncmp(pathname, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) ||
         !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) ||
-        !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) {
+        !strncmp(pathname, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1) ||
+        !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) ||
+        !fnmatch(EXPAND_USER_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) {
         if (pkgdir_selabel_lookup(pathname, seinfo, uid, &secontext) < 0)
             goto err;
     }
@@ -1285,7 +1306,9 @@ static int selinux_android_restorecon_common(const char* pathname_orig,
      */
     if (!strncmp(pathname, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) ||
         !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) ||
-        !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME))
+        !strncmp(pathname, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1) ||
+        !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) ||
+        !fnmatch(EXPAND_USER_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME))
         setrestoreconlast = false;
 
     /* Also ignore on /sys since it is regenerated on each boot regardless. */
@@ -1350,7 +1373,9 @@ static int selinux_android_restorecon_common(const char* pathname_orig,
             if (!datadata &&
                 (!strcmp(ftsent->fts_path, DATA_DATA_PATH) ||
                  !strncmp(ftsent->fts_path, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) ||
-                 !fnmatch(EXPAND_USER_PATH, ftsent->fts_path, FNM_LEADING_DIR|FNM_PATHNAME))) {
+                 !strncmp(ftsent->fts_path, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1) ||
+                 !fnmatch(EXPAND_USER_PATH, ftsent->fts_path, FNM_LEADING_DIR|FNM_PATHNAME) ||
+                 !fnmatch(EXPAND_USER_DE_PATH, ftsent->fts_path, FNM_LEADING_DIR|FNM_PATHNAME))) {
                 // Don't label anything below this directory.
                 fts_set(fts, ftsent, FTS_SKIP);
                 // but fall through and make sure we label the directory itself
author	Jeff Sharkey <jsharkey@android.com>	2015-11-11 19:00:16 +0000
committer	android-build-merger <android-build-merger@google.com>	2015-11-11 19:00:16 +0000
commit	c4efaf4c69cc7a917d12fb1ad4d38419ae6b1aa7 (patch)
tree	4f14bf608b6e2775e871fd79c6d949033a9d0d68
parent	3711d51a45da50d968d5a577ed6e9325a0fc5638 (diff)
parent	c821cc2e190607db18e1e1cbae126de57383fabd (diff)
download	libselinux-c4efaf4c69cc7a917d12fb1ad4d38419ae6b1aa7.tar.gz