| /* |
| * Copyright (C) 2012 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.server.pm; |
| |
| import android.content.pm.ApplicationInfo; |
| import android.content.pm.PackageParser; |
| import android.content.pm.Signature; |
| import android.os.Environment; |
| import android.util.Slog; |
| import android.util.Xml; |
| |
| import com.android.internal.util.XmlUtils; |
| |
| import libcore.io.IoUtils; |
| |
| import java.io.File; |
| import java.io.FileNotFoundException; |
| import java.io.FileOutputStream; |
| import java.io.FileReader; |
| import java.io.IOException; |
| import java.security.MessageDigest; |
| import java.security.NoSuchAlgorithmException; |
| |
| import java.util.HashMap; |
| |
| import org.xmlpull.v1.XmlPullParser; |
| import org.xmlpull.v1.XmlPullParserException; |
| |
| /** |
| * Centralized access to SELinux MMAC (middleware MAC) implementation. |
| * {@hide} |
| */ |
| public final class SELinuxMMAC { |
| |
| private static final String TAG = "SELinuxMMAC"; |
| |
| private static final boolean DEBUG_POLICY = false; |
| private static final boolean DEBUG_POLICY_INSTALL = DEBUG_POLICY || false; |
| |
| // Signature seinfo values read from policy. |
| private static HashMap<Signature, Policy> sSigSeinfo = new HashMap<Signature, Policy>(); |
| |
| // Default seinfo read from policy. |
| private static String sDefaultSeinfo = null; |
| |
| // Data policy override version file. |
| private static final String DATA_VERSION_FILE = |
| Environment.getDataDirectory() + "/security/current/selinux_version"; |
| |
| // Base policy version file. |
| private static final String BASE_VERSION_FILE = "/selinux_version"; |
| |
| // Whether override security policies should be loaded. |
| private static final boolean USE_OVERRIDE_POLICY = useOverridePolicy(); |
| |
| // Data override mac_permissions.xml policy file. |
| private static final String DATA_MAC_PERMISSIONS = |
| Environment.getDataDirectory() + "/security/current/mac_permissions.xml"; |
| |
| // Base mac_permissions.xml policy file. |
| private static final String BASE_MAC_PERMISSIONS = |
| Environment.getRootDirectory() + "/etc/security/mac_permissions.xml"; |
| |
| // Determine which mac_permissions.xml file to use. |
| private static final String MAC_PERMISSIONS = USE_OVERRIDE_POLICY ? |
| DATA_MAC_PERMISSIONS : BASE_MAC_PERMISSIONS; |
| |
| // Data override seapp_contexts policy file. |
| private static final String DATA_SEAPP_CONTEXTS = |
| Environment.getDataDirectory() + "/security/current/seapp_contexts"; |
| |
| // Base seapp_contexts policy file. |
| private static final String BASE_SEAPP_CONTEXTS = "/seapp_contexts"; |
| |
| // Determine which seapp_contexts file to use. |
| private static final String SEAPP_CONTEXTS = USE_OVERRIDE_POLICY ? |
| DATA_SEAPP_CONTEXTS : BASE_SEAPP_CONTEXTS; |
| |
| // Stores the hash of the last used seapp_contexts file. |
| private static final String SEAPP_HASH_FILE = |
| Environment.getDataDirectory().toString() + "/system/seapp_hash"; |
| |
| |
| // Signature policy stanzas |
| static class Policy { |
| private String seinfo; |
| private final HashMap<String, String> pkgMap; |
| |
| Policy() { |
| seinfo = null; |
| pkgMap = new HashMap<String, String>(); |
| } |
| |
| void putSeinfo(String seinfoValue) { |
| seinfo = seinfoValue; |
| } |
| |
| void putPkg(String pkg, String seinfoValue) { |
| pkgMap.put(pkg, seinfoValue); |
| } |
| |
| // Valid policy stanza means there exists a global |
| // seinfo value or at least one package policy. |
| boolean isValid() { |
| return (seinfo != null) || (!pkgMap.isEmpty()); |
| } |
| |
| String checkPolicy(String pkgName) { |
| // Check for package name seinfo value first. |
| String seinfoValue = pkgMap.get(pkgName); |
| if (seinfoValue != null) { |
| return seinfoValue; |
| } |
| |
| // Return the global seinfo value. |
| return seinfo; |
| } |
| } |
| |
| private static void flushInstallPolicy() { |
| sSigSeinfo.clear(); |
| sDefaultSeinfo = null; |
| } |
| |
| public static boolean readInstallPolicy() { |
| // Temp structures to hold the rules while we parse the xml file. |
| // We add all the rules together once we know there's no structural problems. |
| HashMap<Signature, Policy> sigSeinfo = new HashMap<Signature, Policy>(); |
| String defaultSeinfo = null; |
| |
| FileReader policyFile = null; |
| try { |
| policyFile = new FileReader(MAC_PERMISSIONS); |
| Slog.d(TAG, "Using policy file " + MAC_PERMISSIONS); |
| |
| XmlPullParser parser = Xml.newPullParser(); |
| parser.setInput(policyFile); |
| |
| XmlUtils.beginDocument(parser, "policy"); |
| while (true) { |
| XmlUtils.nextElement(parser); |
| if (parser.getEventType() == XmlPullParser.END_DOCUMENT) { |
| break; |
| } |
| |
| String tagName = parser.getName(); |
| if ("signer".equals(tagName)) { |
| String cert = parser.getAttributeValue(null, "signature"); |
| if (cert == null) { |
| Slog.w(TAG, "<signer> without signature at " |
| + parser.getPositionDescription()); |
| XmlUtils.skipCurrentTag(parser); |
| continue; |
| } |
| Signature signature; |
| try { |
| signature = new Signature(cert); |
| } catch (IllegalArgumentException e) { |
| Slog.w(TAG, "<signer> with bad signature at " |
| + parser.getPositionDescription(), e); |
| XmlUtils.skipCurrentTag(parser); |
| continue; |
| } |
| Policy policy = readPolicyTags(parser); |
| if (policy.isValid()) { |
| sigSeinfo.put(signature, policy); |
| } |
| } else if ("default".equals(tagName)) { |
| // Value is null if default tag is absent or seinfo tag is malformed. |
| defaultSeinfo = readSeinfoTag(parser); |
| if (DEBUG_POLICY_INSTALL) |
| Slog.i(TAG, "<default> tag assigned seinfo=" + defaultSeinfo); |
| |
| } else { |
| XmlUtils.skipCurrentTag(parser); |
| } |
| } |
| } catch (XmlPullParserException xpe) { |
| Slog.w(TAG, "Got exception parsing " + MAC_PERMISSIONS, xpe); |
| return false; |
| } catch (IOException ioe) { |
| Slog.w(TAG, "Got exception parsing " + MAC_PERMISSIONS, ioe); |
| return false; |
| } finally { |
| IoUtils.closeQuietly(policyFile); |
| } |
| |
| flushInstallPolicy(); |
| sSigSeinfo = sigSeinfo; |
| sDefaultSeinfo = defaultSeinfo; |
| |
| return true; |
| } |
| |
| private static Policy readPolicyTags(XmlPullParser parser) throws |
| IOException, XmlPullParserException { |
| |
| int type; |
| int outerDepth = parser.getDepth(); |
| Policy policy = new Policy(); |
| while ((type=parser.next()) != XmlPullParser.END_DOCUMENT |
| && (type != XmlPullParser.END_TAG |
| || parser.getDepth() > outerDepth)) { |
| if (type == XmlPullParser.END_TAG |
| || type == XmlPullParser.TEXT) { |
| continue; |
| } |
| |
| String tagName = parser.getName(); |
| if ("seinfo".equals(tagName)) { |
| String seinfo = parseSeinfo(parser); |
| if (seinfo != null) { |
| policy.putSeinfo(seinfo); |
| } |
| XmlUtils.skipCurrentTag(parser); |
| } else if ("package".equals(tagName)) { |
| String pkg = parser.getAttributeValue(null, "name"); |
| if (!validatePackageName(pkg)) { |
| Slog.w(TAG, "<package> without valid name at " |
| + parser.getPositionDescription()); |
| XmlUtils.skipCurrentTag(parser); |
| continue; |
| } |
| |
| String seinfo = readSeinfoTag(parser); |
| if (seinfo != null) { |
| policy.putPkg(pkg, seinfo); |
| } |
| } else { |
| XmlUtils.skipCurrentTag(parser); |
| } |
| } |
| return policy; |
| } |
| |
| private static String readSeinfoTag(XmlPullParser parser) throws |
| IOException, XmlPullParserException { |
| |
| int type; |
| int outerDepth = parser.getDepth(); |
| String seinfo = null; |
| while ((type=parser.next()) != XmlPullParser.END_DOCUMENT |
| && (type != XmlPullParser.END_TAG |
| || parser.getDepth() > outerDepth)) { |
| if (type == XmlPullParser.END_TAG |
| || type == XmlPullParser.TEXT) { |
| continue; |
| } |
| |
| String tagName = parser.getName(); |
| if ("seinfo".equals(tagName)) { |
| seinfo = parseSeinfo(parser); |
| } |
| XmlUtils.skipCurrentTag(parser); |
| } |
| return seinfo; |
| } |
| |
| private static String parseSeinfo(XmlPullParser parser) { |
| |
| String seinfoValue = parser.getAttributeValue(null, "value"); |
| if (!validateValue(seinfoValue)) { |
| Slog.w(TAG, "<seinfo> without valid value at " |
| + parser.getPositionDescription()); |
| seinfoValue = null; |
| } |
| return seinfoValue; |
| } |
| |
| /** |
| * General validation routine for package names. |
| * Returns a boolean indicating if the passed string |
| * is a valid android package name. |
| */ |
| private static boolean validatePackageName(String name) { |
| if (name == null) |
| return false; |
| |
| final int N = name.length(); |
| boolean hasSep = false; |
| boolean front = true; |
| for (int i=0; i<N; i++) { |
| final char c = name.charAt(i); |
| if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) { |
| front = false; |
| continue; |
| } |
| if (!front) { |
| if ((c >= '0' && c <= '9') || c == '_') { |
| continue; |
| } |
| } |
| if (c == '.') { |
| hasSep = true; |
| front = true; |
| continue; |
| } |
| return false; |
| } |
| return hasSep; |
| } |
| |
| /** |
| * General validation routine for tag values. |
| * Returns a boolean indicating if the passed string |
| * contains only letters or underscores. |
| */ |
| private static boolean validateValue(String name) { |
| if (name == null) |
| return false; |
| |
| final int N = name.length(); |
| if (N == 0) |
| return false; |
| |
| for (int i = 0; i < N; i++) { |
| final char c = name.charAt(i); |
| if ((c < 'a' || c > 'z') && (c < 'A' || c > 'Z') && (c != '_')) { |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| /** |
| * Labels a package based on an seinfo tag from install policy. |
| * The label is attached to the ApplicationInfo instance of the package. |
| * @param pkg object representing the package to be labeled. |
| * @return boolean which determines whether a non null seinfo label |
| * was assigned to the package. A null value simply meaning that |
| * no policy matched. |
| */ |
| public static boolean assignSeinfoValue(PackageParser.Package pkg) { |
| |
| // We just want one of the signatures to match. |
| for (Signature s : pkg.mSignatures) { |
| if (s == null) |
| continue; |
| |
| Policy policy = sSigSeinfo.get(s); |
| if (policy != null) { |
| String seinfo = policy.checkPolicy(pkg.packageName); |
| if (seinfo != null) { |
| pkg.applicationInfo.seinfo = seinfo; |
| if (DEBUG_POLICY_INSTALL) |
| Slog.i(TAG, "package (" + pkg.packageName + |
| ") labeled with seinfo=" + seinfo); |
| |
| return true; |
| } |
| } |
| } |
| |
| // If we have a default seinfo value then great, otherwise |
| // we set a null object and that is what we started with. |
| pkg.applicationInfo.seinfo = sDefaultSeinfo; |
| if (DEBUG_POLICY_INSTALL) |
| Slog.i(TAG, "package (" + pkg.packageName + ") labeled with seinfo=" |
| + (sDefaultSeinfo == null ? "null" : sDefaultSeinfo)); |
| |
| return (sDefaultSeinfo != null); |
| } |
| |
| /** |
| * Determines if a recursive restorecon on /data/data and /data/user is needed. |
| * It does this by comparing the SHA-1 of the seapp_contexts file against the |
| * stored hash at /data/system/seapp_hash. |
| * |
| * @return Returns true if the restorecon should occur or false otherwise. |
| */ |
| public static boolean shouldRestorecon() { |
| // Any error with the seapp_contexts file should be fatal |
| byte[] currentHash = null; |
| try { |
| currentHash = returnHash(SEAPP_CONTEXTS); |
| } catch (IOException ioe) { |
| Slog.e(TAG, "Error with hashing seapp_contexts.", ioe); |
| return false; |
| } |
| |
| // Push past any error with the stored hash file |
| byte[] storedHash = null; |
| try { |
| storedHash = IoUtils.readFileAsByteArray(SEAPP_HASH_FILE); |
| } catch (IOException ioe) { |
| Slog.w(TAG, "Error opening " + SEAPP_HASH_FILE + ". Assuming first boot."); |
| } |
| |
| return (storedHash == null || !MessageDigest.isEqual(storedHash, currentHash)); |
| } |
| |
| /** |
| * Stores the SHA-1 of the seapp_contexts to /data/system/seapp_hash. |
| */ |
| public static void setRestoreconDone() { |
| try { |
| final byte[] currentHash = returnHash(SEAPP_CONTEXTS); |
| dumpHash(new File(SEAPP_HASH_FILE), currentHash); |
| } catch (IOException ioe) { |
| Slog.e(TAG, "Error with saving hash to " + SEAPP_HASH_FILE, ioe); |
| } |
| } |
| |
| /** |
| * Dump the contents of a byte array to a specified file. |
| * |
| * @param file The file that receives the byte array content. |
| * @param content A byte array that will be written to the specified file. |
| * @throws IOException if any failed I/O operation occured. |
| * Included is the failure to atomically rename the tmp |
| * file used in the process. |
| */ |
| private static void dumpHash(File file, byte[] content) throws IOException { |
| FileOutputStream fos = null; |
| File tmp = null; |
| try { |
| tmp = File.createTempFile("seapp_hash", ".journal", file.getParentFile()); |
| tmp.setReadable(true); |
| fos = new FileOutputStream(tmp); |
| fos.write(content); |
| fos.getFD().sync(); |
| if (!tmp.renameTo(file)) { |
| throw new IOException("Failure renaming " + file.getCanonicalPath()); |
| } |
| } finally { |
| if (tmp != null) { |
| tmp.delete(); |
| } |
| IoUtils.closeQuietly(fos); |
| } |
| } |
| |
| /** |
| * Return the SHA-1 of a file. |
| * |
| * @param file The path to the file given as a string. |
| * @return Returns the SHA-1 of the file as a byte array. |
| * @throws IOException if any failed I/O operations occured. |
| */ |
| private static byte[] returnHash(String file) throws IOException { |
| try { |
| final byte[] contents = IoUtils.readFileAsByteArray(file); |
| return MessageDigest.getInstance("SHA-1").digest(contents); |
| } catch (NoSuchAlgorithmException nsae) { |
| throw new RuntimeException(nsae); // impossible |
| } |
| } |
| |
| private static boolean useOverridePolicy() { |
| try { |
| final String overrideVersion = IoUtils.readFileAsString(DATA_VERSION_FILE); |
| final String baseVersion = IoUtils.readFileAsString(BASE_VERSION_FILE); |
| if (overrideVersion.equals(baseVersion)) { |
| return true; |
| } |
| Slog.e(TAG, "Override policy version '" + overrideVersion + "' doesn't match " + |
| "base version '" + baseVersion + "'. Skipping override policy files."); |
| } catch (FileNotFoundException fnfe) { |
| // Override version file doesn't have to exist so silently ignore. |
| } catch (IOException ioe) { |
| Slog.w(TAG, "Skipping override policy files.", ioe); |
| } |
| return false; |
| } |
| } |