Proper security labeling of multi-user data directories.

This patch covers 2 cases. When an app is installed and the resulting data directory is created for all existing users. And when a new user is created and all existing app data directories are created for the new user. Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> Change-Id: I01f2a9084dfe7886087b1497070b0d7f2ad8478e
author: rpcraig <rpcraig@tycho.ncsc.mil> 2012-11-28 09:23:18 -0500
committer: Ricardo Cerqueira <cyanogenmod@cerqueira.org> 2013-07-18 21:02:23 +0100
commit: 81a56239791c6d8d686171fb51438a82eaf8b9e1 (patch)
tree: 7d2bfc17b5c88010e904d091ccb0a865819dff84 /services
parent: 2a091b42566d4de5fd88e6e58f29f9b7feadc0b7 (diff)
download: frameworks_base-81a56239791c6d8d686171fb51438a82eaf8b9e1.zip
frameworks_base-81a56239791c6d8d686171fb51438a82eaf8b9e1.tar.gz
frameworks_base-81a56239791c6d8d686171fb51438a82eaf8b9e1.tar.bz2
3 files changed, 6 insertions, 3 deletions
diff --git a/services/java/com/android/server/pm/Installer.java b/services/java/com/android/server/pm/Installer.java
index ddb0d0b..6a071ef 100644
--- a/services/java/com/android/server/pm/Installer.java
+++ b/services/java/com/android/server/pm/Installer.java
@@ -265,7 +265,7 @@ public final class Installer {
         return execute(builder.toString());
     }
 
-    public int createUserData(String name, int uid, int userId) {
+    public int createUserData(String name, int uid, int userId, String seinfo) {
         StringBuilder builder = new StringBuilder("mkuserdata");
         builder.append(' ');
         builder.append(name);
@@ -273,6 +273,8 @@ public final class Installer {
         builder.append(uid);
         builder.append(' ');
         builder.append(userId);
+        builder.append(' ');
+        builder.append(seinfo != null ? seinfo : "!");
         return execute(builder.toString());
     }
 
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index 134619e..81ff2f3 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -3619,7 +3619,7 @@ public class PackageManagerService extends IPackageManager.Stub {
         for (int user : users) {
             if (user != 0) {
                 res = mInstaller.createUserData(packageName,
-                        UserHandle.getUid(user, uid), user);
+                        UserHandle.getUid(user, uid), user, seinfo);
                 if (res < 0) {
                     return res;
                 }
diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index 96533b0..47d6bb3 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -2356,7 +2356,8 @@ final class Settings {
             ps.setInstalled((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) != 0, userHandle);
             // Need to create a data directory for all apps under this user.
             installer.createUserData(ps.name,
-                    UserHandle.getUid(userHandle, ps.appId), userHandle);
+                    UserHandle.getUid(userHandle, ps.appId), userHandle,
+                    ps.pkg.applicationInfo.seinfo);
         }
         readDefaultPreferredAppsLPw(userHandle);
         writePackageRestrictionsLPr(userHandle);
author	rpcraig <rpcraig@tycho.ncsc.mil>	2012-11-28 09:23:18 -0500
committer	Ricardo Cerqueira <cyanogenmod@cerqueira.org>	2013-07-18 21:02:23 +0100
commit	81a56239791c6d8d686171fb51438a82eaf8b9e1 (patch)
tree	7d2bfc17b5c88010e904d091ccb0a865819dff84 /services
parent	2a091b42566d4de5fd88e6e58f29f9b7feadc0b7 (diff)
download	frameworks_base-81a56239791c6d8d686171fb51438a82eaf8b9e1.zip frameworks_base-81a56239791c6d8d686171fb51438a82eaf8b9e1.tar.gz frameworks_base-81a56239791c6d8d686171fb51438a82eaf8b9e1.tar.bz2