diff options
| author | 2018-03-06 20:14:26 +0000 | |
|---|---|---|
| committer | 2018-03-06 20:14:26 +0000 | |
| commit | 1d03b9489e7d0c2f62f9e40e75ea781a1da82377 (patch) | |
| tree | 1085cde18f30b8a6f10543d2fa654063ed45090e | |
| parent | 0719d0790c31c24806b5beb9e31ca0c35c31fea0 (diff) | |
| parent | 85d1b5c414f094dae92a33b8c709be76aefe4f17 (diff) | |
Merge "Revert "pm: SharedUserId: Assign seinfo using actual targetSdkVersion"" into pi-dev
4 files changed, 34 insertions, 83 deletions
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java index efa90d308ee0..4a8f61c24a48 100644 --- a/core/java/android/content/pm/ApplicationInfo.java +++ b/core/java/android/content/pm/ApplicationInfo.java @@ -763,13 +763,15 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { public String[] resourceDirs; /** - * String retrieved from the seinfo tag found in selinux policy. This value can be set through - * the mac_permissions.xml policy construct. This value is used for setting an SELinux security - * context on the process as well as its data directory. + * String retrieved from the seinfo tag found in selinux policy. This value + * can be overridden with a value set through the mac_permissions.xml policy + * construct. This value is useful in setting an SELinux security context on + * the process as well as its data directory. The String default is being used + * here to represent a catchall label when no policy matches. * * {@hide} */ - public String seInfo; + public String seInfo = "default"; /** * The seinfo tag generated per-user. This value may change based upon the diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 0da7b01fc0b5..de9cd2a352ae 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -2980,9 +2980,6 @@ public class PackageManagerService extends IPackageManager.Stub } } } - // Adjust seInfo to ensure apps which share a sharedUserId are placed in the same - // SELinux domain. - setting.fixSeInfoLocked(); } // Now that we know all the packages we are keeping, @@ -10372,24 +10369,20 @@ public class PackageManagerService extends IPackageManager.Stub pkg.applicationInfo.flags |= ApplicationInfo.FLAG_UPDATED_SYSTEM_APP; } - // Apps which share a sharedUserId must be placed in the same selinux domain. If this - // package is the first app installed as this shared user, set seInfoTargetSdkVersion to its - // targetSdkVersion. These are later adjusted in PackageManagerService's constructor to be - // the lowest targetSdkVersion of all apps within the shared user, which corresponds to the - // least restrictive selinux domain. - // NOTE: As new packages are installed / updated, the shared user's seinfoTargetSdkVersion - // will NOT be modified until next boot, even if a lower targetSdkVersion is used. This - // ensures that all packages continue to run in the same selinux domain. - final int targetSdkVersion = - ((sharedUserSetting != null) && (sharedUserSetting.packages.size() != 0)) ? - sharedUserSetting.seInfoTargetSdkVersion : pkg.applicationInfo.targetSdkVersion; + // SELinux sandboxes become more restrictive as targetSdkVersion increases. + // To ensure that apps with sharedUserId are placed in the same selinux domain + // without breaking any assumptions about access, put them into the least + // restrictive targetSdkVersion=25 domain. + // TODO(b/72290969): Base this on the actual targetSdkVersion(s) of the apps within the + // sharedUserSetting, instead of defaulting to the least restrictive domain. + final int targetSdk = (sharedUserSetting != null) ? 25 + : pkg.applicationInfo.targetSdkVersion; // TODO(b/71593002): isPrivileged for sharedUser and appInfo should never be out of sync. // They currently can be if the sharedUser apps are signed with the platform key. final boolean isPrivileged = (sharedUserSetting != null) ? sharedUserSetting.isPrivileged() | pkg.isPrivileged() : pkg.isPrivileged(); - pkg.applicationInfo.seInfo = SELinuxMMAC.getSeInfo(pkg, isPrivileged, - pkg.applicationInfo.targetSandboxVersion, targetSdkVersion); + SELinuxMMAC.assignSeInfoValue(pkg, isPrivileged, targetSdk); pkg.mExtras = pkgSetting; pkg.applicationInfo.processName = fixProcessName( diff --git a/services/core/java/com/android/server/pm/SELinuxMMAC.java b/services/core/java/com/android/server/pm/SELinuxMMAC.java index b47d96622e96..a9f15282133f 100644 --- a/services/core/java/com/android/server/pm/SELinuxMMAC.java +++ b/services/core/java/com/android/server/pm/SELinuxMMAC.java @@ -64,8 +64,6 @@ public final class SELinuxMMAC { /** Required MAC permissions files */ private static List<File> sMacPermissions = new ArrayList<>(); - private static final String DEFAULT_SEINFO = "default"; - // Append privapp to existing seinfo label private static final String PRIVILEGED_APP_STR = ":privapp"; @@ -309,56 +307,45 @@ public final class SELinuxMMAC { } /** - * Selects a security label to a package based on input parameters and the seinfo tag taken - * from a matched policy. All signature based policy stanzas are consulted and, if no match - * is found, the default seinfo label of 'default' is used. The security label is attached to - * the ApplicationInfo instance of the package. + * Applies a security label to a package based on an seinfo tag taken from a matched + * policy. All signature based policy stanzas are consulted and, if no match is + * found, the default seinfo label of 'default' (set in ApplicationInfo object) is + * used. The security label is attached to the ApplicationInfo instance of the package + * in the event that a matching policy was found. * * @param pkg object representing the package to be labeled. - * @param isPrivileged boolean. - * @param targetSandboxVersion int. - * @param targetSdkVersion int. If this pkg runs as a sharedUser, targetSdkVersion is the - * greater of: lowest targetSdk for all pkgs in the sharedUser, or - * MINIMUM_TARGETSDKVERSION. - * @return String representing the resulting seinfo. */ - public static String getSeInfo(PackageParser.Package pkg, boolean isPrivileged, - int targetSandboxVersion, int targetSdkVersion) { - String seInfo = null; + public static void assignSeInfoValue(PackageParser.Package pkg, boolean isPrivileged, + int targetSdkVersion) { synchronized (sPolicies) { if (!sPolicyRead) { if (DEBUG_POLICY) { Slog.d(TAG, "Policy not read"); } - } else { - for (Policy policy : sPolicies) { - seInfo = policy.getMatchedSeInfo(pkg); - if (seInfo != null) { - break; - } + return; + } + for (Policy policy : sPolicies) { + String seInfo = policy.getMatchedSeInfo(pkg); + if (seInfo != null) { + pkg.applicationInfo.seInfo = seInfo; + break; } } } - if (seInfo == null) { - seInfo = DEFAULT_SEINFO; - } - - if (targetSandboxVersion == 2) { - seInfo += SANDBOX_V2_STR; - } + if (pkg.applicationInfo.targetSandboxVersion == 2) + pkg.applicationInfo.seInfo += SANDBOX_V2_STR; if (isPrivileged) { - seInfo += PRIVILEGED_APP_STR; + pkg.applicationInfo.seInfo += PRIVILEGED_APP_STR; } - seInfo += TARGETSDKVERSION_STR + targetSdkVersion; + pkg.applicationInfo.seInfo += TARGETSDKVERSION_STR + targetSdkVersion; if (DEBUG_POLICY_INSTALL) { Slog.i(TAG, "package (" + pkg.packageName + ") labeled with " + - "seinfo=" + seInfo); + "seinfo=" + pkg.applicationInfo.seInfo); } - return seInfo; } } diff --git a/services/core/java/com/android/server/pm/SharedUserSetting.java b/services/core/java/com/android/server/pm/SharedUserSetting.java index 1d9afd9895b4..244613180d00 100644 --- a/services/core/java/com/android/server/pm/SharedUserSetting.java +++ b/services/core/java/com/android/server/pm/SharedUserSetting.java @@ -39,10 +39,6 @@ public final class SharedUserSetting extends SettingBase { int uidFlags; int uidPrivateFlags; - // The lowest targetSdkVersion of all apps in the sharedUserSetting, used to assign seinfo so - // that all apps within the sharedUser run in the same selinux context. - int seInfoTargetSdkVersion; - final ArraySet<PackageSetting> packages = new ArraySet<PackageSetting>(); final PackageSignatures signatures = new PackageSignatures(); @@ -88,11 +84,6 @@ public final class SharedUserSetting extends SettingBase { } void addPackage(PackageSetting packageSetting) { - // If this is the first package added to this shared user, temporarily (until next boot) use - // its targetSdkVersion when assigning seInfo for the shared user. - if ((packages.size() == 0) && (packageSetting.pkg != null)) { - seInfoTargetSdkVersion = packageSetting.pkg.applicationInfo.targetSdkVersion; - } if (packages.add(packageSetting)) { setFlags(this.pkgFlags | packageSetting.pkgFlags); setPrivateFlags(this.pkgPrivateFlags | packageSetting.pkgPrivateFlags); @@ -116,26 +107,4 @@ public final class SharedUserSetting extends SettingBase { public boolean isPrivileged() { return (this.pkgPrivateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0; } - - /** - * Determine the targetSdkVersion for a sharedUser and update pkg.applicationInfo.seInfo - * to ensure that all apps within the sharedUser share an SELinux domain. Use the lowest - * targetSdkVersion of all apps within the shared user, which corresponds to the least - * restrictive selinux domain. - */ - public void fixSeInfoLocked() { - final List<PackageParser.Package> pkgList = getPackages(); - - for (PackageParser.Package pkg : pkgList) { - if (pkg.applicationInfo.targetSdkVersion < seInfoTargetSdkVersion) { - seInfoTargetSdkVersion = pkg.applicationInfo.targetSdkVersion; - } - } - for (PackageParser.Package pkg : pkgList) { - final boolean isPrivileged = isPrivileged() | pkg.isPrivileged(); - pkg.applicationInfo.seInfo = SELinuxMMAC.getSeInfo(pkg, isPrivileged, - pkg.applicationInfo.targetSandboxVersion, seInfoTargetSdkVersion); - } - } - } |