Merge "Revert "SELinux labels bug logging and workaround"" into tm-dev am: 1133947cd1
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/18699985
Change-Id: If5a025ef9f5b56a8e73747773a10652e0c8394b9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/services/core/java/com/android/server/pm/FileInstallArgs.java b/services/core/java/com/android/server/pm/FileInstallArgs.java
index e3ceccd..85c3cc9 100644
--- a/services/core/java/com/android/server/pm/FileInstallArgs.java
+++ b/services/core/java/com/android/server/pm/FileInstallArgs.java
@@ -172,22 +172,9 @@
return false;
}
- if (onIncremental) {
- Slog.i(TAG, PackageManagerServiceUtils.SELINUX_BUG
- + ": Skipping restorecon for Incremental install of " + beforeCodeFile);
- } else {
- try {
- if (!SELinux.restoreconRecursive(afterCodeFile)) {
- Slog.w(TAG, "Failed to restorecon");
- return false;
- }
- PackageManagerServiceUtils.verifySelinuxLabels(afterCodeFile.getAbsolutePath());
- } catch (Exception e) {
- Slog.e(TAG,
- PackageManagerServiceUtils.SELINUX_BUG + ": Exception from restorecon on "
- + beforeCodeFile, e);
- throw e;
- }
+ if (!onIncremental && !SELinux.restoreconRecursive(afterCodeFile)) {
+ Slog.w(TAG, "Failed to restorecon");
+ return false;
}
// Reflect the rename internally
diff --git a/services/core/java/com/android/server/pm/InstallPackageHelper.java b/services/core/java/com/android/server/pm/InstallPackageHelper.java
index c710120..e62f35d 100644
--- a/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -653,10 +653,6 @@
Log.v(TAG, "restoreAndPostInstall userId=" + userId + " package=" + res.mPkg);
}
- if (res.mPkg != null) {
- PackageManagerServiceUtils.verifySelinuxLabels(res.mPkg.getPath());
- }
-
// A restore should be requested at this point if (a) the install
// succeeded, (b) the operation is not an update.
final boolean update = res.mRemovedInfo != null
@@ -3580,7 +3576,6 @@
@ParsingPackageUtils.ParseFlags int parseFlags,
@PackageManagerService.ScanFlags int scanFlags,
@Nullable UserHandle user) throws PackageManagerException {
- PackageManagerServiceUtils.verifySelinuxLabels(parsedPackage.getPath());
final Pair<ScanResult, Boolean> scanResultPair = scanSystemPackageLI(
parsedPackage, parseFlags, scanFlags, user);
diff --git a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
index 6afc5890..3443d45 100644
--- a/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
+++ b/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
@@ -62,7 +62,6 @@
import android.os.Environment;
import android.os.FileUtils;
import android.os.Process;
-import android.os.SELinux;
import android.os.SystemProperties;
import android.os.incremental.IncrementalManager;
import android.os.incremental.IncrementalStorage;
@@ -1403,28 +1402,4 @@
}
}
}
-
- // TODO(b/231951809): remove this workaround after figuring out why apk_tmp_file labels stay
- // on the installed apps instead of the correct apk_data_file ones
-
- public static final String SELINUX_BUG = "b/231951809";
-
- /**
- * A workaround for b/231951809:
- * Verifies the SELinux labels of the passed path, and tries to correct them if detects them
- * wrong or missing.
- */
- public static void verifySelinuxLabels(String path) {
- final String expectedCon = SELinux.fileSelabelLookup(path);
- final String actualCon = SELinux.getFileContext(path);
- Slog.i(TAG, SELINUX_BUG + ": checking selinux labels for " + path + " expected / actual: "
- + expectedCon + " / " + actualCon);
- if (expectedCon == null || !expectedCon.equals(actualCon)) {
- Slog.w(TAG, SELINUX_BUG + ": labels don't match, reapplying for " + path);
- if (!SELinux.restoreconRecursive(new File(path))) {
- Slog.w(TAG, SELINUX_BUG + ": Failed to reapply restorecon");
- }
- // well, if it didn't work now after not working at first, not much else can be done
- }
- }
}