diff options
| author | Nick Kralevich <nnk@google.com> | 2019-04-04 16:14:08 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2019-04-05 09:52:16 -0700 |
| commit | 4a792614521f82ffa73448483071925a2b77315b (patch) | |
| tree | b45e839df31d046e0f9262db2f799f9f633b4b2c /libselinux/src/compute_create.c | |
| parent | 5e34461434e8724ddf0ff0de5178486777b4319c (diff) | |
| download | android_external_selinux-4a792614521f82ffa73448483071925a2b77315b.tar.gz android_external_selinux-4a792614521f82ffa73448483071925a2b77315b.tar.bz2 android_external_selinux-4a792614521f82ffa73448483071925a2b77315b.zip | |
add SELINUX_ANDROID_RESTORECON_SKIP_SEHASH
Allow callers to indicate that they don't want to compute the sehash
value. Callers may not have CAP_SYS_ADMIN, so attempting to write the
sehash value will result in the following (harmless) errors:
SELinux: setxattr failed: /data/app/com.andromeda.androbench2-z5oLVfPATqQF35yGDuMUeA==: Operation not permitted
TODO: It would be better if the default for restorecon was to suppress
the hash computation, since otherwise it encourages programs to be
overprivileged with CAP_SYS_ADMIN. I'll plan on doing that in a followup
commit.
Bugs where this error message has been called out:
Bug: 129766333
Bug: 129271240
Bug: 128700692
Bug: 129925723
Test: install an APK and ensure that no "SELinux: setxattr failed"
error messages are generated.
(cherry picked from commit 3060b61d412fa30e91fb13dd29b82d994143aa30)
Change-Id: Iddfb221354ee6336c6ef99d7950b9d1a1a07d5ac
Diffstat (limited to 'libselinux/src/compute_create.c')
0 files changed, 0 insertions, 0 deletions