diff options
| author | Robert Craig <rpcraig@tycho.ncsc.mil> | 2013-03-28 06:22:12 -0400 |
|---|---|---|
| committer | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2013-07-18 21:03:12 +0100 |
| commit | 1c6f7a8d7b69a2ac5d830b471db4941f2eed8192 (patch) | |
| tree | 8b5f2239db369a289a642992fe8a9ef3d503af74 /services | |
| parent | 62d90c610fb01dba1b8c79b1de51c499a5244fbf (diff) | |
| download | frameworks_base-1c6f7a8d7b69a2ac5d830b471db4941f2eed8192.zip frameworks_base-1c6f7a8d7b69a2ac5d830b471db4941f2eed8192.tar.gz frameworks_base-1c6f7a8d7b69a2ac5d830b471db4941f2eed8192.tar.bz2 | |
Add data validation on seinfo labels.
Ensure that policy contains a clean seinfo
string. Where clean means no whitespace characters.
Change-Id: I814411cbc8d16eaed99a1389f5487529e36e617b
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Diffstat (limited to 'services')
| -rw-r--r-- | services/java/com/android/server/pm/SELinuxMMAC.java | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/services/java/com/android/server/pm/SELinuxMMAC.java b/services/java/com/android/server/pm/SELinuxMMAC.java index c4acd9b..65f9052 100644 --- a/services/java/com/android/server/pm/SELinuxMMAC.java +++ b/services/java/com/android/server/pm/SELinuxMMAC.java @@ -165,6 +165,7 @@ public final class SELinuxMMAC { XmlUtils.skipCurrentTag(parser); continue; } + if (signature == null) { Slog.w(TAG, "<signer> with null signature at " + parser.getPositionDescription()); @@ -257,10 +258,10 @@ public final class SELinuxMMAC { String tagName = parser.getName(); if ("seinfo".equals(tagName)) { String seinfoValue = parser.getAttributeValue(null, "value"); - if (seinfoValue != null) { + if (validateValue(seinfoValue)) { seinfo = seinfoValue; } else { - Slog.w(TAG, "<seinfo> without value at " + Slog.w(TAG, "<seinfo> without valid value at " + parser.getPositionDescription()); } } else if ("allow-permission".equals(tagName)) { @@ -453,6 +454,28 @@ public final class SELinuxMMAC { } /** + * General validation routine for tag values. + * Returns a boolean indicating if the passed string + * contains only letters or underscores. + */ + private static boolean validateValue(String name) { + if (name == null) + return false; + + final int N = name.length(); + if (N == 0) + return false; + + for (int i = 0; i < N; i++) { + final char c = name.charAt(i); + if ((c < 'a' || c > 'z') && (c < 'A' || c > 'Z') && (c != '_')) { + return false; + } + } + return true; + } + + /** * Detemines if the package passes policy. If the package does pass * policy checks then an seinfo label is also assigned to the package. * @param PackageParser.Package object representing the package |