aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorInseob Kim <inseob@google.com>2023-07-26 01:23:50 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2023-07-26 01:23:50 +0000
commit066e9c5d2a6752f767530ffe07d65235ce664242 (patch)
tree8aa999ae0b1031cc41d2ec516cb010e1651d6973
parent44b95e92a75d7b96322dd48cff4804a6bfb3f9cc (diff)
parente7d2d82bbb1202c34c0ae2491e9825436878bbcc (diff)
downloadselinux-066e9c5d2a6752f767530ffe07d65235ce664242.tar.gz
Fix preinstalled app partition check am: e7d2d82bbb
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2672475 Change-Id: I21f87747dd2d9aeb46d8e086c972570c52f7ff52 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Diffstat
-rw-r--r--libselinux/src/android/android_seapp.c21
1 files changed, 11 insertions, 10 deletions
diff --git a/libselinux/src/android/android_seapp.c b/libselinux/src/android/android_seapp.c
index db7bd0bf..c0f6eb2d 100644
--- a/libselinux/src/android/android_seapp.c
+++ b/libselinux/src/android/android_seapp.c
@@ -702,9 +702,10 @@ static bool is_platform(const char *partition) {
return false;
}
-static bool check_preinstalled_app_partition(const char *spec, const char *app) {
+static bool is_preinstalled_app_partition_valid(const char *app_policy, const char *app_partition) {
// We forbid system/system_ext/product installed apps from being labeled with vendor sepolicy.
- return !is_platform(spec) && is_platform(app);
+ // So, either the app shouldn't be platform, or the spec should be platform.
+ return !(is_platform(app_partition) && !is_platform(app_policy));
}
@@ -896,14 +897,6 @@ int seapp_context_lookup_internal(enum seapp_kind kind,
}
if (cur->levelFrom != LEVELFROM_NONE) {
- if (isPreinstalledApp
- && !check_preinstalled_app_partition(cur->partition, partition)) {
- // TODO(b/280547417): make this an error after fixing violations
- selinux_log(SELINUX_ERROR,
- "%s: App %s preinstalled to %s can't be labeled with %s sepolicy",
- __FUNCTION__, pkgname, partition, cur->partition);
- }
-
int res = set_range_from_level(ctx, cur->levelFrom, userid, appid);
if (res != 0) {
return res;
@@ -913,6 +906,14 @@ int seapp_context_lookup_internal(enum seapp_kind kind,
goto oom;
}
+ if (isPreinstalledApp
+ && !is_preinstalled_app_partition_valid(cur->partition, partition)) {
+ // TODO(b/280547417): make this an error after fixing violations
+ selinux_log(SELINUX_ERROR,
+ "%s: App %s preinstalled to %s can't be labeled with %s sepolicy",
+ __FUNCTION__, pkgname, partition, cur->partition);
+ }
+
break;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 14:31:52 +0000