Use seInfo to label secondary dex files (005f959c) · Commits · Android-smartphones / realme / realme 5pro / kaderbava / evolution_frameworks_base

Commit 005f959c authored Aug 14, 2018 by Nick Kralevich

Use seInfo to label secondary dex files

There are, confusingly, two seInfo strings used to determine how
processes and files are labeled. "seInfo" was the original string, and
https://android.googlesource.com/platform/frameworks/base/+/be0b8896d1bc%5E%21/#F3
added "seInfoUser" to support instant apps (with a TODO to merge the two
fields).

"seInfoUser" is only intended to label instant app processes, not files.
So, when we need to label files, we should be using "seInfo", not
"seInfoUser". Otherwise, files will get labeled incorrectly.

Steps to reproduce:

  1) Revert system/sepolicy commit cdc6649acc43d3a38753e22790f372290c1189c1
  2) Rebuild and factory reset the device ("fastboot -w flashall")
  3) Wait for the device to boot.
  4) "adb root"
  5) "adb shell"
  6) "cmd package compile -r bg-dexopt --secondary-dex com.google.android.gms"
  7) Examine the files in /data/user_de/0/com.google.android.gms using
     "ls -laZR /data/user_de/0/com.google.android.gms"

Expected:

  All files in /data/user_de/0/com.google.android.gms should have the
  SELinux label "privapp_data_file"

Actual:

  Secondary dex files produced by installd have the incorrect label
  "app_data_file"

Bug: 112357170
Test: Verified labels of files in /data/user_de/0/com.google.android.gms
      are correct

Change-Id: If028dcb4742731acab2855d4eec8f314964bb09a

parent dccbfca1

Hide whitespace changes

Inline Side-by-side

Please register or to comment