Apply MMAC changes from master.

Change-Id: I01f2a9084dfe7886087b1497070b0d7f2ad8477e

1 files changed, 8 insertions, 2 deletions

diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index 0bf7be9..134619e 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -182,6 +182,8 @@ public class PackageManagerService extends IPackageManager.Stub {
     private static final boolean DEBUG_PREFERRED = false;
     static final boolean DEBUG_UPGRADE = false;
     private static final boolean DEBUG_INSTALL = false;
+    private static final boolean DEBUG_POLICY = true;
+    private static final boolean DEBUG_POLICY_INSTALL = DEBUG_POLICY || false;
     private static final boolean DEBUG_REMOVE = false;
     private static final boolean DEBUG_BROADCASTS = false;
     private static final boolean DEBUG_SHOW_INFO = false;
@@ -3657,8 +3659,12 @@ public class PackageManagerService extends IPackageManager.Stub {
         }
         mScanningPath = scanFile;
 
-        if (mFoundPolicyFile) {
-            SELinuxMMAC.assignSeinfoValue(pkg);
+        if (mFoundPolicyFile && !SELinuxMMAC.passInstallPolicyChecks(pkg) &&
+            SystemProperties.getBoolean("persist.mac_enforcing_mode", false)) {
+            Slog.w(TAG, "Installing application package " + pkg.packageName
+                   + " failed due to policy.");
+            mLastScanError = PackageManager.INSTALL_FAILED_POLICY_REJECTED_PERMISSION;
+            return null;
         }
 
         if ((parseFlags&PackageParser.PARSE_IS_SYSTEM) != 0) {