From d417ab0ea526cee036a71e67af4a8a898e35f564 Mon Sep 17 00:00:00 2001 From: Robert Craig Date: Thu, 28 Mar 2013 06:22:12 -0400 Subject: Add data validation on seinfo labels. Ensure that policy contains a clean seinfo string. Where clean means no whitespace characters. Change-Id: I814411cbc8d16eaed99a1389f5487529e36e617b Signed-off-by: rpcraig --- .../java/com/android/server/pm/SELinuxMMAC.java | 26 ++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/services/java/com/android/server/pm/SELinuxMMAC.java b/services/java/com/android/server/pm/SELinuxMMAC.java index 15d2a5aec0cf..4bbdb5e26668 100644 --- a/services/java/com/android/server/pm/SELinuxMMAC.java +++ b/services/java/com/android/server/pm/SELinuxMMAC.java @@ -206,10 +206,10 @@ public final class SELinuxMMAC { String tagName = parser.getName(); if ("seinfo".equals(tagName)) { String seinfoValue = parser.getAttributeValue(null, "value"); - if (seinfoValue != null) { + if (validateValue(seinfoValue)) { seinfo = seinfoValue; } else { - Slog.w(TAG, " without value at " + Slog.w(TAG, " without valid value at " + parser.getPositionDescription()); } } @@ -218,6 +218,28 @@ public final class SELinuxMMAC { return seinfo; } + /** + * General validation routine for tag values. + * Returns a boolean indicating if the passed string + * contains only letters or underscores. + */ + private static boolean validateValue(String name) { + if (name == null) + return false; + + final int N = name.length(); + if (N == 0) + return false; + + for (int i = 0; i < N; i++) { + final char c = name.charAt(i); + if ((c < 'a' || c > 'z') && (c < 'A' || c > 'Z') && (c != '_')) { + return false; + } + } + return true; + } + /** * Labels a package based on an seinfo tag from install policy. * The label is attached to the ApplicationInfo instance of the package. -- cgit v1.2.3-59-g8ed1b