Skip to content
Commit 005f959c authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Use seInfo to label secondary dex files

There are, confusingly, two seInfo strings used to determine how
processes and files are labeled. "seInfo" was the original string, and
https://android.googlesource.com/platform/frameworks/base/+/be0b8896d1bc%5E%21/#F3
added "seInfoUser" to support instant apps (with a TODO to merge the two
fields).

"seInfoUser" is only intended to label instant app processes, not files.
So, when we need to label files, we should be using "seInfo", not
"seInfoUser". Otherwise, files will get labeled incorrectly.

Steps to reproduce:

  1) Revert system/sepolicy commit cdc6649acc43d3a38753e22790f372290c1189c1
  2) Rebuild and factory reset the device ("fastboot -w flashall")
  3) Wait for the device to boot.
  4) "adb root"
  5) "adb shell"
  6) "cmd package compile -r bg-dexopt --secondary-dex com.google.android.gms"
  7) Examine the files in /data/user_de/0/com.google.android.gms using
     "ls -laZR /data/user_de/0/com.google.android.gms"

Expected:

  All files in /data/user_de/0/com.google.android.gms should have the
  SELinux label "privapp_data_file"

Actual:

  Secondary dex files produced by installd have the incorrect label
  "app_data_file"

Bug: 112357170
Test: Verified labels of files in /data/user_de/0/com.google.android.gms
      are correct

Change-Id: If028dcb4742731acab2855d4eec8f314964bb09a
parent dccbfca1
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment