diff options
-rw-r--r-- | Android.bp | 24 | ||||
-rw-r--r-- | src/android.c | 34 |
2 files changed, 40 insertions, 18 deletions
@@ -1,16 +1,16 @@ -common_LIBRARIES = ["libpcre2"] -common_CFLAGS = [ - "-DUSE_PCRE2", +// uncomment to build libselinux and related artifacts against PCRE2 +//common_LIBRARIES = ["libpcre2"] +//common_CFLAGS = [ +// "-DUSE_PCRE2", +// +// // Persistently stored patterns (pcre2) are architecture dependent. +// // In particular paterns built on amd64 can not run on devices with armv7 +// // (32bit). Therefore, this feature stays off for now. +// "-DNO_PERSISTENTLY_STORED_PATTERNS", +//] - // Persistently stored patterns (pcre2) are architecture dependent. - // In particular paterns built on amd64 can not run on devices with armv7 - // (32bit). Therefore, this feature stays off for now. - "-DNO_PERSISTENTLY_STORED_PATTERNS", -] - -// uncomment to build libselinux and related artifacts against PCRE -// common_LIBRARIES = ["libpcre"] -// common_CFLAGS = [] +common_LIBRARIES = ["libpcre"] +common_CFLAGS = [] cc_defaults { name: "libselinux_flags", diff --git a/src/android.c b/src/android.c index b748ca5..7769c06 100644 --- a/src/android.c +++ b/src/android.c @@ -88,6 +88,8 @@ static void free_prefix_str(struct prefix_str *p) struct seapp_context { /* input selectors */ bool isSystemServer; + bool isAutoPlayAppSet; + bool isAutoPlayApp; bool isOwnerSet; bool isOwner; struct prefix_str user; @@ -130,6 +132,12 @@ static int seapp_context_cmp(const void *A, const void *B) if (s1->isSystemServer != s2->isSystemServer) return (s1->isSystemServer ? -1 : 1); + /* Give precedence to a specified isAutoPlayApp= over an + * unspecified isAutoPlayApp=. */ + if (s1->isAutoPlayAppSet != s2->isAutoPlayAppSet) + return (s1->isAutoPlayAppSet ? -1 : 1); + + /* Give precedence to a specified isOwner= over an unspecified isOwner=. */ if (s1->isOwnerSet != s2->isOwnerSet) return (s1->isOwnerSet ? -1 : 1); @@ -311,6 +319,16 @@ int selinux_android_seapp_context_reload(void) free_seapp_context(cur); goto err; } + } else if (!strcasecmp(name, "isAutoPlayApp")) { + cur->isAutoPlayAppSet = true; + if (!strcasecmp(value, "true")) + cur->isAutoPlayApp = true; + else if (!strcasecmp(value, "false")) + cur->isAutoPlayApp = false; + else { + free_seapp_context(cur); + goto err; + } } else if (!strcasecmp(name, "isOwner")) { cur->isOwnerSet = true; if (!strcasecmp(value, "true")) @@ -478,9 +496,11 @@ int selinux_android_seapp_context_reload(void) int i; for (i = 0; i < nspec; i++) { cur = seapp_contexts[i]; - selinux_log(SELINUX_INFO, "%s: isSystemServer=%s isOwner=%s user=%s seinfo=%s name=%s path=%s isPrivApp=%s -> domain=%s type=%s level=%s levelFrom=%s", + selinux_log(SELINUX_INFO, "%s: isSystemServer=%s isAutoPlayApp=%s isOwner=%s user=%s seinfo=%s " + "name=%s path=%s isPrivApp=%s -> domain=%s type=%s level=%s levelFrom=%s", __FUNCTION__, cur->isSystemServer ? "true" : "false", + cur->isAutoPlayAppSet ? (cur->isAutoPlayApp ? "true" : "false") : "null", cur->isOwnerSet ? (cur->isOwner ? "true" : "false") : "null", cur->user.str, cur->seinfo, cur->name.str, cur->path.str, @@ -531,10 +551,7 @@ enum seapp_kind { }; #define PRIVILEGED_APP_STR ":privapp" -static bool is_app_privileged(const char *seinfo) -{ - return strstr(seinfo, PRIVILEGED_APP_STR) != NULL; -} +#define AUTOPLAY_APP_STR ":autoplayapp" static int seinfo_parse(char *dest, const char *src, size_t size) { @@ -572,6 +589,7 @@ static int seapp_context_lookup(enum seapp_kind kind, uid_t userid; uid_t appid; bool isPrivApp = false; + bool isAutoPlayApp = false; char parsedseinfo[BUFSIZ]; __selinux_once(once, seapp_context_init); @@ -579,7 +597,8 @@ static int seapp_context_lookup(enum seapp_kind kind, if (seinfo) { if (seinfo_parse(parsedseinfo, seinfo, BUFSIZ)) goto err; - isPrivApp = is_app_privileged(seinfo); + isPrivApp = strstr(seinfo, PRIVILEGED_APP_STR) ? true : false; + isAutoPlayApp = strstr(seinfo, AUTOPLAY_APP_STR) ? true : false; seinfo = parsedseinfo; } @@ -617,6 +636,9 @@ static int seapp_context_lookup(enum seapp_kind kind, if (cur->isSystemServer != isSystemServer) continue; + if (cur->isAutoPlayAppSet && cur->isAutoPlayApp != isAutoPlayApp) + continue; + if (cur->isOwnerSet && cur->isOwner != isOwner) continue; |