executor: fixed fuzzing with System account in Android sandbox (#3275)

author: Andrey Artemiev <artemiev@google.com> 2022-08-05 00:32:20 -0700
committer: GitHub <noreply@github.com> 2022-08-05 09:32:20 +0200
commit: 1a3e21dec3d08a5326aa5f4f39a8f9cff54d24f6 (patch)
tree: c8bf8f2c0105a20178788046d5f43abc1da09f41
parent: 1c9013acc70de325dbb554c8c40c17ed02eff33f (diff)
2 files changed, 4 insertions, 2 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h
index 6e9f6a7d4..24f553848 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -4228,7 +4228,8 @@ static int do_sandbox_android(int sandbox_arg)
 	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
 
 	setfilecon(".", SELINUX_LABEL_APP_DATA_FILE);
-	setcon(SELINUX_CONTEXT_UNTRUSTED_APP);
+	if (uid == UNTRUSTED_APP_UID)
+		setcon(SELINUX_CONTEXT_UNTRUSTED_APP);
 
 	loop();
 	doexit(1);
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index 77dfcc630..82799a0c3 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -9854,7 +9854,8 @@ static int do_sandbox_android(int sandbox_arg)
 	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
 
 	setfilecon(".", SELINUX_LABEL_APP_DATA_FILE);
-	setcon(SELINUX_CONTEXT_UNTRUSTED_APP);
+	if (uid == UNTRUSTED_APP_UID)
+		setcon(SELINUX_CONTEXT_UNTRUSTED_APP);
 
 	loop();
 	doexit(1);
author	Andrey Artemiev <artemiev@google.com>	2022-08-05 00:32:20 -0700
committer	GitHub <noreply@github.com>	2022-08-05 09:32:20 +0200
commit	1a3e21dec3d08a5326aa5f4f39a8f9cff54d24f6 (patch)
tree	c8bf8f2c0105a20178788046d5f43abc1da09f41
parent	1c9013acc70de325dbb554c8c40c17ed02eff33f (diff)