Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BackupManagerService files need new security labeling.

Browse Source 
Use restorecon to label files and directories
specific to BMS.

 * /data/backup : provide default type labeling
    for all files/dirs used by BMS.

 * /data/secure/backup : provide default type
    labeling used by BMS when encrypted
    file system is enabled.

 * /cache/<package name>.{data|restore} :
    specifically target files opened and
    passed by BMS to apps that have backup
    capabilities.

 * /cache/backup : default labeling for the
    directory used by the LocalTransport
    that stores backup files for local testing.

Change-Id: Id4d46e82cd13abc2e395e0c30c515f0a33df93e7
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
This commit is contained in:
rpcraig
2012-12-04 09:37:23 -05:00
parent 568f923ba4
commit ebab0ae105
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
services/java/com/android/server/BackupManagerService.java
View File

@@ -63,6 +63,7 @@ import android.os.ParcelFileDescriptor;
import android.os.PowerManager;
import android.os.Process;
import android.os.RemoteException;
import android.os.SELinux;
import android.os.ServiceManager;
import android.os.SystemClock;
import android.os.UserHandle;
@@ -743,6 +744,9 @@ class BackupManagerService extends IBackupManager.Stub {
// correct directory.
mBaseStateDir = new File(Environment.getSecureDataDirectory(), "backup");
mBaseStateDir.mkdirs();
if (!SELinux.restorecon(mBaseStateDir)) {
Slog.e(TAG, "SELinux restorecon failed on " + mBaseStateDir);
}
mDataDir = Environment.getDownloadCacheDirectory();
mPasswordHashFile = new File(mBaseStateDir, "pwhash");
@@ -2133,6 +2137,10 @@ class BackupManagerService extends IBackupManager.Stub {
ParcelFileDescriptor.MODE_CREATE |
ParcelFileDescriptor.MODE_TRUNCATE);
if (!SELinux.restorecon(mBackupDataName)) {
Slog.e(TAG, "SELinux restorecon failed on " + mBackupDataName);
}
mNewState = ParcelFileDescriptor.open(mNewStateName,
ParcelFileDescriptor.MODE_READ_WRITE |
ParcelFileDescriptor.MODE_CREATE |
@@ -4572,6 +4580,10 @@ class BackupManagerService extends IBackupManager.Stub {
ParcelFileDescriptor.MODE_CREATE |
ParcelFileDescriptor.MODE_TRUNCATE);
if (!SELinux.restorecon(mBackupDataName)) {
Slog.e(TAG, "SElinux restorecon failed for " + mBackupDataName);
}
if (mTransport.getRestoreData(mBackupData) != BackupConstants.TRANSPORT_OK) {
// Transport-level failure, so we wind everything up and
// terminate the restore operation.