diff options
author | Inseob Kim <inseob@google.com> | 2023-07-26 14:20:30 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-07-26 14:20:30 +0000 |
commit | 94c0a1f5d355553f74de7b8f3e607a9f9d2ed93c (patch) | |
tree | 381134fa13c296aaf887c15d27f05fb1fa57b1d3 | |
parent | 55f05a5e4e2f865346e6751db865048db648f52f (diff) | |
parent | 8d73989eb3a5c4ad1c2c9b4455b9546d52cade42 (diff) | |
download | selinux-94c0a1f5d355553f74de7b8f3e607a9f9d2ed93c.tar.gz |
Give priority to platform side seapp_contexts am: 51fde66c16 am: 85561b366a am: fb13a306cd am: 8d73989eb3
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2671235
Change-Id: If8a49a082bb7af91f67e730f64008fb8efa8693b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | libselinux/src/android/android_seapp.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/libselinux/src/android/android_seapp.c b/libselinux/src/android/android_seapp.c index c0f6eb2d..7e847a8a 100644 --- a/libselinux/src/android/android_seapp.c +++ b/libselinux/src/android/android_seapp.c @@ -164,6 +164,15 @@ static void free_seapp_context(struct seapp_context *s) free(s->level); } +static bool is_platform(const char *partition) { + // system, system_ext, product are regarded as "platform", whereas vendor + // and odm are regarded as vendor. + if (strcmp(partition, "system") == 0) return true; + if (strcmp(partition, "system_ext") == 0) return true; + if (strcmp(partition, "product") == 0) return true; + return false; +} + /* Compare two seapp_context. Used to sort all the entries found. */ static int seapp_context_cmp(const void *A, const void *B) { @@ -234,6 +243,12 @@ static int seapp_context_cmp(const void *A, const void *B) if (s1->fromRunAs != s2->fromRunAs) return (s1->fromRunAs ? -1 : 1); + /* Give precedence to platform side contexts */ + bool isS1Platform = is_platform(s1->partition); + bool isS2Platform = is_platform(s2->partition); + if (isS1Platform != isS2Platform) + return (isS1Platform ? -1 : 1); + /* Anything else has equal precedence. */ return 0; } @@ -574,6 +589,8 @@ int seapp_context_reload_internal(const path_alts_t *context_paths) selinux_log(SELINUX_ERROR, " seinfo=%s\n", s1->seinfo); if (s1->name.str) selinux_log(SELINUX_ERROR, " name=%s\n", s1->name.str); + if (s1->partition) + selinux_log(SELINUX_ERROR, " partition=%s\n", s1->partition); goto err_no_log; } } @@ -693,15 +710,6 @@ static bool get_partition(const char *seinfo, char partition[], size_t size) return true; } -static bool is_platform(const char *partition) { - // system, system_ext, product are regarded as "platform", whereas vendor - // and odm are regarded as vendor. - if (strcmp(partition, "system") == 0) return true; - if (strcmp(partition, "system_ext") == 0) return true; - if (strcmp(partition, "product") == 0) return true; - return false; -} - static bool is_preinstalled_app_partition_valid(const char *app_policy, const char *app_partition) { // We forbid system/system_ext/product installed apps from being labeled with vendor sepolicy. // So, either the app shouldn't be platform, or the spec should be platform. |