installd: Create "lib" symlink with the correct label.
When installing an application which has a 32 bit ABI, system_server
(via installd) creates a compatibility "lib" symlink in the application
home directory. See:
https://android.googlesource.com/platform/frameworks/base/+/d5d7492040c1730899cccef9916541176004635c/services/core/java/com/android/server/pm/PackageManagerService.java#22876
and
https://android.googlesource.com/platform/frameworks/native/+/6b8e52c805f124f8b1d7e511ae68d01d0769c32b/cmds/installd/InstalldNativeService.cpp#2077
When a process creates a filesystem object within a directory, in
inherits the directory type, but DOES NOT inherit the directory MLS
categories. See
* https://www.spinics.net/lists/selinux/msg21893.html
* https://www.spinics.net/lists/selinux/msg21897.html
for more details on this behavior.
Without subsequent fixup, an installd created symlink in an
application home directory will have incorrect SELinux MLS categories,
and as a result, may be unreadable to the application.
Modify installd to assign the "lib" label the same MLS categories as
the enclosing parent directory.
Steps to reproduce:
1) adb shell
2) su
3) ls -laZ /data/data/*/lib
Expected:
crosshatch:/ # ls -laZ /data/data/*/lib
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c177,c256,c512,c768 46 2019-01-30 12:46 /data/data/com.android.chrome/lib -> /system/product_services/app/Chrome/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 38 2019-01-30 12:46 /data/data/com.android.omadm.service/lib -> /system/priv-app/DMService/lib/arm
lrwxrwxrwx 1 root root u:object_r:privapp_data_file:s0:c512,c768 54 2019-01-30 12:46 /data/data/com.android.vending/lib -> /system/product_services/priv-app/Phonesky/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c141,c256,c512,c768 30 2019-01-30 12:46 /data/data/com.google.android.apps.tycho/lib -> /product/app/Tycho/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 46 2019-01-30 12:46 /data/data/com.google.android.videos/lib -> /system/product_services/app/Videos/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c180,c256,c512,c768 58 2019-01-30 12:46 /data/data/com.google.android.webview/lib -> /system/product_services/app/TrichromeWebView/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 34 2019-01-30 12:46 /data/data/com.qti.ltebc/lib -> /system/app/QAS_DVC_MSP/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0:c512,c768 38 2019-01-30 12:46 /data/data/com.qualcomm.ltebc_vzw/lib -> /system/app/QAS_DVC_MSP_VZW/lib/arm
Actual:
crosshatch:/ # ls -laZ /data/data/*/lib
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 46 2019-01-30 12:36 /data/data/com.android.chrome/lib -> /system/product_services/app/Chrome/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 38 2019-01-30 12:36 /data/data/com.android.omadm.service/lib -> /system/priv-app/DMService/lib/arm
lrwxrwxrwx 1 root root u:object_r:privapp_data_file:s0 54 2019-01-30 12:36 /data/data/com.android.vending/lib -> /system/product_services/priv-app/Phonesky/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 30 2019-01-30 12:36 /data/data/com.google.android.apps.tycho/lib -> /product/app/Tycho/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 46 2019-01-30 12:36 /data/data/com.google.android.videos/lib -> /system/product_services/app/Videos/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 58 2019-01-30 12:36 /data/data/com.google.android.webview/lib -> /system/product_services/app/TrichromeWebView/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 34 2019-01-30 12:36 /data/data/com.qti.ltebc/lib -> /system/app/QAS_DVC_MSP/lib/arm
lrwxrwxrwx 1 root root u:object_r:app_data_file:s0 38 2019-01-30 12:36 /data/data/com.qualcomm.ltebc_vzw/lib -> /system/app/QAS_DVC_MSP_VZW/lib/arm
Bug: 123350324
Test: manual
Change-Id: Id09846556cb0ba7e39fbc57f9039f072d6a752a1
1 file changed
