Ensure that app lib symlinks are correctly labeled when created.

At present, the app lib symlinks are created before setting the package directory security context, and therefore default to system_data_file. Upon a later restorecon_recursive, they are relabeled to the same type as the package directory, e.g. app_data_file. Avoid this inconsistency by setting the package directory security context before creating the symlink so that it inherits the same security context. Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
OpenSEMC · May 14, 2014 · 5732bf1 · 5732bf1
1 parent 3fda6ef
commit 5732bf1
Showing 1 changed file with 14 additions and 14 deletions.
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
@@ -86,20 +86,20 @@ int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo)
         }
     }
 
-    if (symlink(applibdir, libsymlink) < 0) {
-        ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir,
-                strerror(errno));
-        unlink(pkgdir);
-        return -1;
-    }
-
     if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
         ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
         unlink(libsymlink);
         unlink(pkgdir);
         return -errno;
     }
 
+    if (symlink(applibdir, libsymlink) < 0) {
+        ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, applibdir,
+                strerror(errno));
+        unlink(pkgdir);
+        return -1;
+    }
+
     if (chown(pkgdir, uid, gid) < 0) {
         ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
         unlink(libsymlink);
@@ -240,20 +240,20 @@ int make_user_data(const char *pkgname, uid_t uid, userid_t userid, const char*
         }
     }
 
-    if (symlink(applibdir, libsymlink) < 0) {
-        ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink,
-                applibdir, strerror(errno));
-        unlink(pkgdir);
-        return -1;
-    }
-
     if (selinux_android_setfilecon(pkgdir, pkgname, seinfo, uid) < 0) {
         ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno));
         unlink(libsymlink);
         unlink(pkgdir);
         return -errno;
     }
 
+    if (symlink(applibdir, libsymlink) < 0) {
+        ALOGE("couldn't symlink directory for non-primary '%s' -> '%s': %s\n", libsymlink,
+                applibdir, strerror(errno));
+        unlink(pkgdir);
+        return -1;
+    }
+
     if (chown(pkgdir, uid, uid) < 0) {
         ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno));
         unlink(libsymlink);