summaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
authorRobert Craig <rpcraig@tycho.ncsc.mil>2013-03-28 06:22:12 -0400
committerRicardo Cerqueira <cyanogenmod@cerqueira.org>2013-07-18 21:03:12 +0100
commit1c6f7a8d7b69a2ac5d830b471db4941f2eed8192 (patch)
tree8b5f2239db369a289a642992fe8a9ef3d503af74 /services
parent62d90c610fb01dba1b8c79b1de51c499a5244fbf (diff)
downloadframeworks_base-1c6f7a8d7b69a2ac5d830b471db4941f2eed8192.zip
frameworks_base-1c6f7a8d7b69a2ac5d830b471db4941f2eed8192.tar.gz
frameworks_base-1c6f7a8d7b69a2ac5d830b471db4941f2eed8192.tar.bz2
Add data validation on seinfo labels.
Ensure that policy contains a clean seinfo string. Where clean means no whitespace characters. Change-Id: I814411cbc8d16eaed99a1389f5487529e36e617b Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Diffstat (limited to 'services')
-rw-r--r--services/java/com/android/server/pm/SELinuxMMAC.java27
1 files changed, 25 insertions, 2 deletions
diff --git a/services/java/com/android/server/pm/SELinuxMMAC.java b/services/java/com/android/server/pm/SELinuxMMAC.java
index c4acd9b..65f9052 100644
--- a/services/java/com/android/server/pm/SELinuxMMAC.java
+++ b/services/java/com/android/server/pm/SELinuxMMAC.java
@@ -165,6 +165,7 @@ public final class SELinuxMMAC {
XmlUtils.skipCurrentTag(parser);
continue;
}
+
if (signature == null) {
Slog.w(TAG, "<signer> with null signature at "
+ parser.getPositionDescription());
@@ -257,10 +258,10 @@ public final class SELinuxMMAC {
String tagName = parser.getName();
if ("seinfo".equals(tagName)) {
String seinfoValue = parser.getAttributeValue(null, "value");
- if (seinfoValue != null) {
+ if (validateValue(seinfoValue)) {
seinfo = seinfoValue;
} else {
- Slog.w(TAG, "<seinfo> without value at "
+ Slog.w(TAG, "<seinfo> without valid value at "
+ parser.getPositionDescription());
}
} else if ("allow-permission".equals(tagName)) {
@@ -453,6 +454,28 @@ public final class SELinuxMMAC {
}
/**
+ * General validation routine for tag values.
+ * Returns a boolean indicating if the passed string
+ * contains only letters or underscores.
+ */
+ private static boolean validateValue(String name) {
+ if (name == null)
+ return false;
+
+ final int N = name.length();
+ if (N == 0)
+ return false;
+
+ for (int i = 0; i < N; i++) {
+ final char c = name.charAt(i);
+ if ((c < 'a' || c > 'z') && (c < 'A' || c > 'Z') && (c != '_')) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ /**
* Detemines if the package passes policy. If the package does pass
* policy checks then an seinfo label is also assigned to the package.
* @param PackageParser.Package object representing the package