diff options
author | Robert Craig <rpcraig@tycho.ncsc.mil> | 2014-02-04 10:53:00 -0500 |
---|---|---|
committer | Steve Kondik <shade@chemlab.org> | 2014-03-21 01:00:21 -0700 |
commit | 83b686ea57da98573f3a36cc2f97c907ad060ea4 (patch) | |
tree | 7594b028ce549892e50efcdd164d278a62fe5b33 | |
parent | a0f2f898ad4da372597b82d0cbcb4af0cdc87bce (diff) | |
download | android_system_vold-83b686ea57da98573f3a36cc2f97c907ad060ea4.tar.gz android_system_vold-83b686ea57da98573f3a36cc2f97c907ad060ea4.tar.bz2 android_system_vold-83b686ea57da98573f3a36cc2f97c907ad060ea4.zip |
Add SELinux restorecon calls on ASEC containers.
This will allow fine-grained labeling of the
contents of ASEC containers. Some of the contents
need to be world readable and thus should be
distinguishable in policy.
Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
-rw-r--r-- | Android.mk | 3 | ||||
-rw-r--r-- | VolumeManager.cpp | 8 |
2 files changed, 10 insertions, 1 deletions
@@ -59,7 +59,8 @@ common_libraries := \ liblog \ libdiskconfig \ libext2_blkid \ - liblogwrap + liblogwrap \ + libselinux common_static_libraries := \ libfs_mgr \ diff --git a/VolumeManager.cpp b/VolumeManager.cpp index 6c94b65..4d718ef 100644 --- a/VolumeManager.cpp +++ b/VolumeManager.cpp @@ -36,6 +36,8 @@ #include <cutils/log.h> #include <cutils/properties.h> +#include <selinux/android.h> + #include <sysutils/NetlinkEvent.h> #include <private/android_filesystem_config.h> @@ -619,6 +621,12 @@ int VolumeManager::fixupAsecPermissions(const char *id, gid_t gid, const char* f } else if (ftsent->fts_info & FTS_F) { result |= fchmod(fd, privateFile ? 0640 : 0644); } + + if (selinux_android_restorecon(ftsent->fts_path) < 0) { + SLOGE("restorecon failed for %s: %s\n", ftsent->fts_path, strerror(errno)); + result |= -1; + } + close(fd); } fts_close(fts); |