Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Split mac_permissions.xml into plat and non-plat components.

Browse Source 
am: b1cc4f8ca4

Change-Id: I4c3d3a9c088c4cfc75f5503966390030e1375305
This commit is contained in:
dcashman
2016-12-15 20:27:27 +00:00
committed by android-build-merger
parent cdcc931d93 b1cc4f8ca4
commit 2a7ce100b7
1 changed files with 38 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
services/core/java/com/android/server/pm/SELinuxMMAC.java
View File

@@ -59,8 +59,9 @@ public final class SELinuxMMAC {
private static List<Policy> sPolicies = new ArrayList<>(); private static List<Policy> sPolicies = new ArrayList<>();
/** Path to MAC permissions on system image */ /** Path to MAC permissions on system image */
private static final File MAC_PERMISSIONS = new File(Environment.getRootDirectory(), private static final File[] MAC_PERMISSIONS =
"/etc/security/mac_permissions.xml"); { new File(Environment.getRootDirectory(), "/etc/security/plat_mac_permissions.xml"),
new File(Environment.getRootDirectory(), "/etc/security/nonplat_mac_permissions.xml") };
// Append privapp to existing seinfo label // Append privapp to existing seinfo label
private static final String PRIVILEGED_APP_STR = ":privapp"; private static final String PRIVILEGED_APP_STR = ":privapp";
@@ -87,49 +88,51 @@ public final class SELinuxMMAC {
FileReader policyFile = null; FileReader policyFile = null;
XmlPullParser parser = Xml.newPullParser(); XmlPullParser parser = Xml.newPullParser();
try { for (int i = 0; i < MAC_PERMISSIONS.length; i++) {
policyFile = new FileReader(MAC_PERMISSIONS); try {
Slog.d(TAG, "Using policy file " + MAC_PERMISSIONS); policyFile = new FileReader(MAC_PERMISSIONS[i]);
Slog.d(TAG, "Using policy file " + MAC_PERMISSIONS[i]);
parser.setInput(policyFile); parser.setInput(policyFile);
parser.nextTag(); parser.nextTag();
parser.require(XmlPullParser.START_TAG, null, "policy"); parser.require(XmlPullParser.START_TAG, null, "policy");
while (parser.next() != XmlPullParser.END_TAG) { while (parser.next() != XmlPullParser.END_TAG) {
if (parser.getEventType() != XmlPullParser.START_TAG) { if (parser.getEventType() != XmlPullParser.START_TAG) {
continue; continue;
} }
switch (parser.getName()) { switch (parser.getName()) {
case "signer": case "signer":
policies.add(readSignerOrThrow(parser)); policies.add(readSignerOrThrow(parser));
break; break;
default: default:
skip(parser); skip(parser);
}
} }
} catch (IllegalStateException | IllegalArgumentException |
XmlPullParserException ex) {
StringBuilder sb = new StringBuilder("Exception @");
sb.append(parser.getPositionDescription());
sb.append(" while parsing ");
sb.append(MAC_PERMISSIONS[i]);
sb.append(":");
sb.append(ex);
Slog.w(TAG, sb.toString());
return false;
} catch (IOException ioe) {
Slog.w(TAG, "Exception parsing " + MAC_PERMISSIONS[i], ioe);
return false;
} finally {
IoUtils.closeQuietly(policyFile);
} }
} catch (IllegalStateException | IllegalArgumentException |
XmlPullParserException ex) {
StringBuilder sb = new StringBuilder("Exception @");
sb.append(parser.getPositionDescription());
sb.append(" while parsing ");
sb.append(MAC_PERMISSIONS);
sb.append(":");
sb.append(ex);
Slog.w(TAG, sb.toString());
return false;
} catch (IOException ioe) {
Slog.w(TAG, "Exception parsing " + MAC_PERMISSIONS, ioe);
return false;
} finally {
IoUtils.closeQuietly(policyFile);
} }
// Now sort the policy stanzas // Now sort the policy stanzas
PolicyComparator policySort = new PolicyComparator(); PolicyComparator policySort = new PolicyComparator();
Collections.sort(policies, policySort); Collections.sort(policies, policySort);
if (policySort.foundDuplicate()) { if (policySort.foundDuplicate()) {
Slog.w(TAG, "ERROR! Duplicate entries found parsing " + MAC_PERMISSIONS); Slog.w(TAG, "ERROR! Duplicate entries found parsing mac_permissions.xml files");
return false; return false;
} }