Android 4.4.2 SELinux 与系统关系详解二: mac_permissions.xml 加载及seinfo 提取过程分析
PackageManager 调用mac_permissions.xml内容:
mac_permissions.xml 加载文件位置:/frameworks/base/services/java/com/android/server/pm/SELinuxMMAC.java
执行加载的函数: private static boolean readInstallPolicy(File[] policyFiles)
根据policyFiles 文件所在路径加载mac_permissions.xml 文件。
[code=java]
// Locations of potential install policy files.
private static final File[] INSTALL_POLICY_FILE = {
new File(Environment.getDataDirectory(), "security/mac_permissions.xml"),
new File(Environment.getRootDirectory(), "etc/security/mac_permissions.xml"),
null};
[/code]
加载mac_permissions.xml 函数 readInstallPolicy代码:
[code=java]
private static boolean readInstallPolicy(File[] policyFiles) {
FileReader policyFile = null;
int i = 0;
while (policyFile == null && policyFiles != null && policyFiles[i] != null) {
try {
policyFile = new FileReader(policyFiles[i]);
break;
} catch (FileNotFoundException e) {
Slog.d(TAG,"Couldn't find install policy " + policyFiles[i].getPath());
}
i++;
}
if (policyFile == null) {
Slog.d(TAG, "No policy file found. All seinfo values will be null.");
return false;
}
Slog.d(TAG, "Using install policy file " + policyFiles[i].getPath());
flushInstallPolicy();
try {
XmlPullParser parser = Xml.newPullParser();
parser.setInput(policyFile);
XmlUtils.beginDocument(parser, "policy");
while (true) {
XmlUtils.nextElement(parser);
if (parser.getEventType() == XmlPullParser.END_DOCUMENT) {
break;
}
String tagName = parser.getName();
if ("signer".equals(tagName)) {
String cert = parser.getAttributeValue(null, "signature");
if (cert == null) {
Slog.w(TAG, "<signer> without signature at "
+ parser.getPositionDescription());
XmlUtils.skipCurrentTag(parser);
continue;
}
Signature signature;
try {
signature = new Signature(cert);
} catch (IllegalArgumentException e) {
Slog.w(TAG, "<signer> with bad signature at "
+ parser.getPositionDescription(), e);
XmlUtils.skipCurrentTag(parser);
continue;
}
String seinfo = readSeinfoTag(parser);
if (seinfo != null) {
if (DEBUG_POLICY_INSTALL)
Slog.i(TAG, "<signer> tag: (" + cert + ") assigned seinfo="
+ seinfo);
sSigSeinfo.put(signature, seinfo);
}
} else if ("default".equals(tagName)) {
String seinfo = readSeinfoTag(parser);
if (seinfo != null) {
if (DEBUG_POLICY_INSTALL)
Slog.i(TAG, "<default> tag assigned seinfo=" + seinfo);
// The 'null' signature is the default seinfo value
sSigSeinfo.put(null, seinfo);
}
} else if ("package".equals(tagName)) {
String pkgName = parser.getAttributeValue(null, "name");
if (pkgName == null) {
Slog.w(TAG, "<package> without name at "
+ parser.getPositionDescription());
XmlUtils.skipCurrentTag(parser);
continue;
}
String seinfo = readSeinfoTag(parser);
if (seinfo != null) {
if (DEBUG_POLICY_INSTALL)
Slog.i(TAG, "<package> tag: (" + pkgName +
") assigned seinfo=" + seinfo);
sPackageSeinfo.put(pkgName, seinfo);
}
} else {
XmlUtils.skipCurrentTag(parser);
continue;
}
}
} catch (XmlPullParserException e) {
Slog.w(TAG, "Got execption parsing ", e);
} catch (IOException e) {
Slog.w(TAG, "Got execption parsing ", e);
}
try {
policyFile.close();
} catch (IOException e) {
//omit
}
return true;
}
[/code]