installd: Create "lib" symlink with the correct label.
When installing an application which has a 32 bit ABI, system_server
(via installd) creates a compatibility "lib" symlink in the application
home directory. See:
https://android.googlesource.com/platform/frameworks/base/+/d5d7492040c1730899cccef9916541176004635c/services/core/java/com/android/server/pm/PackageManagerService.java#22876
and
https://android.googlesource.com/platform/frameworks/native/+/6b8e52c805f124f8b1d7e511ae68d01d0769c32b/cmds/installd/InstalldNativeService.cpp#2077
When a process creates a filesystem object within a directory, in
inherits the directory type, but DOES NOT inherit the directory MLS
categories. See
* https://www.spinics.net/lists/selinux/msg21893.html
* https://www.spinics.net/lists/selinux/msg21897.html
for more details on this behavior.
Without subsequent fixup, an installd created symlink in an
application home directory will have incorrect SELinux MLS categories,
and as a result, may be unreadable to the application.
Modify installd to assign the "lib" label the same MLS categories as
the enclosing parent directory.
Steps to reproduce:
1) adb shell
2) su
3) ls -laZ /data/data/*/lib
Expected:
crosshatch:/ # ls -laZ /data/data/*/lib
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c177,c256,c512,c768 46 2019-01-30 12:46 /data/data/com.android.chrome/lib -> /system/product_services/app/Chrome/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 38 2019-01-30 12:46 /data/data/com.android.omadm.service/lib -> /system/priv-app/DMService/lib/arm
lrwxrwxrwx 1 root root u:object_r:privapp_data_file:s0:c512,c768 54 2019-01-30 12:46 /data/data/com.android.vending/lib -> /system/product_services/priv-app/Phonesky/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c141,c256,c512,c768 30 2019-01-30 12:46 /data/data/com.google.android.apps.tycho/lib -> /product/app/Tycho/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 46 2019-01-30 12:46 /data/data/com.google.android.videos/lib -> /system/product_services/app/Videos/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c180,c256,c512,c768 58 2019-01-30 12:46 /data/data/com.google.android.webview/lib -> /system/product_services/app/TrichromeWebView/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 34 2019-01-30 12:46 /data/data/com.qti.ltebc/lib -> /system/app/QAS_DVC_MSP/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 38 2019-01-30 12:46 /data/data/com.qualcomm.ltebc_vzw/lib -> /system/app/QAS_DVC_MSP_VZW/lib/arm
Actual:
crosshatch:/ # ls -laZ /data/data/*/lib
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 46 2019-01-30 12:36 /data/data/com.android.chrome/lib -> /system/product_services/app/Chrome/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 38 2019-01-30 12:36 /data/data/com.android.omadm.service/lib -> /system/priv-app/DMService/lib/arm
lrwxrwxrwx 1 root root u:object_r:privapp_data_file:s0 54 2019-01-30 12:36 /data/data/com.android.vending/lib -> /system/product_services/priv-app/Phonesky/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 30 2019-01-30 12:36 /data/data/com.google.android.apps.tycho/lib -> /product/app/Tycho/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 46 2019-01-30 12:36 /data/data/com.google.android.videos/lib -> /system/product_services/app/Videos/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 58 2019-01-30 12:36 /data/data/com.google.android.webview/lib -> /system/product_services/app/TrichromeWebView/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 34 2019-01-30 12:36 /data/data/com.qti.ltebc/lib -> /system/app/QAS_DVC_MSP/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 38 2019-01-30 12:36 /data/data/com.qualcomm.ltebc_vzw/lib -> /system/app/QAS_DVC_MSP_VZW/lib/arm
Bug: 123350324
Test: manual
Change-Id: Id09846556cb0ba7e39fbc57f9039f072d6a752a1
diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp
index 7da5642..8146cc6 100644
--- a/cmds/installd/InstalldNativeService.cpp
+++ b/cmds/installd/InstalldNativeService.cpp
@@ -2046,8 +2046,14 @@
return error("Failed to stat " + _pkgdir);
}
+ char *con = nullptr;
+ if (lgetfilecon(pkgdir, &con) < 0) {
+ return error("Failed to lgetfilecon " + _pkgdir);
+ }
+
if (chown(pkgdir, AID_INSTALL, AID_INSTALL) < 0) {
- return error("Failed to chown " + _pkgdir);
+ res = error("Failed to chown " + _pkgdir);
+ goto out;
}
if (chmod(pkgdir, 0700) < 0) {
@@ -2079,7 +2085,13 @@
goto out;
}
+ if (lsetfilecon(libsymlink, con) < 0) {
+ res = error("Failed to lsetfilecon " + _libsymlink);
+ goto out;
+ }
+
out:
+ free(con);
if (chmod(pkgdir, s.st_mode) < 0) {
auto msg = "Failed to cleanup chmod " + _pkgdir;
if (res.isOk()) {