diff options
author | Mohammad Samiul Islam <samiul@google.com> | 2022-03-07 20:27:18 +0000 |
---|---|---|
committer | Samiul Islam <samiul@google.com> | 2022-03-18 11:10:30 +0000 |
commit | 1e9872d61c7c617808f9bc0d2cf75a00b3cb93a2 (patch) | |
tree | 13815097fd3a0f79f0a91fd583cb9270e3e33b3b | |
parent | 0ff24d85f1ec091c3cdda44e67b8e5d5c14c6d52 (diff) | |
download | selinux-1e9872d61c7c617808f9bc0d2cf75a00b3cb93a2.tar.gz |
Enable selinux detect sdk data on other volumes
App data can be found on `/mnt/expand/<volume-uuid>`. Similarly, we want
sdk data to be together with app data on other volumes. Such directories
should get their labeling from seapp_context just like app data.
Bug: 222034645
Test: atest SdkSandboxStorageHostTest (see ag/17120883)
Ignore-AOSP-First: End to end test added which exists in internal branch
only. Will cherry-pick this CL to aosp standalone once it is safely
merged to internal branch.
Change-Id: I10b53d4827495466521983067e2830486fbd080e
Merged-In: I10b53d4827495466521983067e2830486fbd080e
(cherry picked from commit a58a9091cd41ff4946050038f7aa382c1003e507)
-rw-r--r-- | libselinux/src/android/android_platform.c | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/libselinux/src/android/android_platform.c b/libselinux/src/android/android_platform.c index 2c54ce9a..05c923bc 100644 --- a/libselinux/src/android/android_platform.c +++ b/libselinux/src/android/android_platform.c @@ -1131,17 +1131,22 @@ struct pkg_info *package_info_lookup(const char *name) #define DATA_DATA_PATH "/data/data" #define DATA_USER_PATH "/data/user" #define DATA_USER_DE_PATH "/data/user_de" -#define EXPAND_USER_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user" -#define EXPAND_USER_DE_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user_de" #define USER_PROFILE_PATH "/data/misc/profiles/cur/*" #define SDK_SANDBOX_DATA_CE_PATH "/data/misc_ce/*/sdksandbox" #define SDK_SANDBOX_DATA_DE_PATH "/data/misc_de/*/sdksandbox" +#define EXPAND_MNT_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?" +#define EXPAND_USER_PATH EXPAND_MNT_PATH "/user" +#define EXPAND_USER_DE_PATH EXPAND_MNT_PATH "/user_de" +#define EXPAND_SDK_CE_PATH EXPAND_MNT_PATH "/misc_ce/*/sdksandbox" +#define EXPAND_SDK_DE_PATH EXPAND_MNT_PATH "/misc_de/*/sdksandbox" + #define DATA_DATA_PREFIX DATA_DATA_PATH "/" #define DATA_USER_PREFIX DATA_USER_PATH "/" #define DATA_USER_DE_PREFIX DATA_USER_DE_PATH "/" #define DATA_MISC_CE_PREFIX DATA_MISC_CE_PATH "/" #define DATA_MISC_DE_PREFIX DATA_MISC_DE_PATH "/" +#define EXPAND_MNT_PATH_PREFIX EXPAND_MNT_PATH "/" /* * This method helps in identifying paths that refer to users' app data. Labeling for app data is @@ -1149,13 +1154,16 @@ struct pkg_info *package_info_lookup(const char *name) * installd rather than by init. */ static bool is_app_data_path(const char *pathname) { + int flags = FNM_LEADING_DIR|FNM_PATHNAME; return (!strncmp(pathname, DATA_DATA_PREFIX, sizeof(DATA_DATA_PREFIX)-1) || !strncmp(pathname, DATA_USER_PREFIX, sizeof(DATA_USER_PREFIX)-1) || !strncmp(pathname, DATA_USER_DE_PREFIX, sizeof(DATA_USER_DE_PREFIX)-1) || - !fnmatch(EXPAND_USER_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) || - !fnmatch(EXPAND_USER_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) || - !fnmatch(SDK_SANDBOX_DATA_CE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME) || - !fnmatch(SDK_SANDBOX_DATA_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)); + !fnmatch(EXPAND_USER_PATH, pathname, flags) || + !fnmatch(EXPAND_USER_DE_PATH, pathname, flags) || + !fnmatch(SDK_SANDBOX_DATA_CE_PATH, pathname, flags) || + !fnmatch(SDK_SANDBOX_DATA_DE_PATH, pathname, flags) || + !fnmatch(EXPAND_SDK_CE_PATH, pathname, flags) || + !fnmatch(EXPAND_SDK_DE_PATH, pathname, flags)); } static int pkgdir_selabel_lookup(const char *pathname, @@ -1220,6 +1228,24 @@ static int pkgdir_selabel_lookup(const char *pathname, pathname += sizeof("/sdksandbox/") - 1; } else return 0; + } else if (!fnmatch(EXPAND_SDK_CE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) { + pathname += sizeof(EXPAND_MNT_PATH_PREFIX) - 1; + pathname += sizeof("misc_ce/") - 1; + while (isdigit(*pathname)) + pathname++; + if (!strncmp(pathname, "/sdksandbox/", sizeof("/sdksandbox/")-1)) { + pathname += sizeof("/sdksandbox/") - 1; + } else + return 0; + } else if (!fnmatch(EXPAND_SDK_DE_PATH, pathname, FNM_LEADING_DIR|FNM_PATHNAME)) { + pathname += sizeof(EXPAND_MNT_PATH_PREFIX) - 1; + pathname += sizeof("misc_de/") - 1; + while (isdigit(*pathname)) + pathname++; + if (!strncmp(pathname, "/sdksandbox/", sizeof("/sdksandbox/")-1)) { + pathname += sizeof("/sdksandbox/") - 1; + } else + return 0; } else return 0; |