commit 880d1a957ebcb63fb9d3724e2f91c58b7ff0cd54
author Robert Craig <rpcraig@tycho.ncsc.mil> Mon Jul 29 09:18:09 2013 -0400
committer Robert Craig <rpcraig@tycho.ncsc.mil> Wed Sep 18 13:21:12 2013 +0000
tree d8c7dcdbda0085656e2714850c38118b065b05c7
parent 1852eb4feba27e5ee080f44fd13a39938d511fc3

Proper security labeling of multi-user data directories.

Add seinfo paramater to appropriate make directory
functions. This allows proper labeling for multi-user
scenarios.

Change-Id: Iaba7c40645bc7b6cc823d613da0c3782acf6ddd5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

cmds/installd/commands.c

diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
index 8e14a2c..f68d758 100644
--- a/cmds/installd/commands.c
+++ b/cmds/installd/commands.c
@@ -184,7 +184,7 @@
     return delete_dir_contents(pkgdir, 0, "lib");
 }
 
-int make_user_data(const char *pkgname, uid_t uid, uid_t persona)
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo)
 {
     char pkgdir[PKG_PATH_MAX];
     char applibdir[PKG_PATH_MAX];
@@ -245,7 +245,7 @@
         return -1;
     }
 
-    if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) {
+    if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) {
         ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
         unlink(libsymlink);
         unlink(pkgdir);

cmds/installd/installd.c

diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c
index c918633..efbf61c 100644
--- a/cmds/installd/installd.c
+++ b/cmds/installd/installd.c
@@ -103,7 +103,8 @@
 
 static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
 {
-    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */
+    return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]);
+                             /* pkgname, uid, userid, seinfo */
 }
 
 static int do_rm_user(char **arg, char reply[REPLY_MAX])
@@ -142,7 +143,7 @@
     { "rmuserdata",           2, do_rm_user_data },
     { "movefiles",            0, do_movefiles },
     { "linklib",              3, do_linklib },
-    { "mkuserdata",           3, do_mk_user_data },
+    { "mkuserdata",           4, do_mk_user_data },
     { "rmuser",               1, do_rm_user },
 };
 

cmds/installd/installd.h

diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h
index fbfc876..98e9f9f 100644
--- a/cmds/installd/installd.h
+++ b/cmds/installd/installd.h
@@ -197,7 +197,7 @@
 int renamepkg(const char *oldpkgname, const char *newpkgname);
 int fix_uid(const char *pkgname, uid_t uid, gid_t gid);
 int delete_user_data(const char *pkgname, uid_t persona);
-int make_user_data(const char *pkgname, uid_t uid, uid_t persona);
+int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo);
 int delete_persona(uid_t persona);
 int delete_cache(const char *pkgname, uid_t persona);
 int move_dex(const char *src, const char *dst);