Add SELinux restorecon calls on ASEC containers.

This will allow fine-grained labeling of the
contents of ASEC containers. Some of the contents
need to be world readable and thus should be
distinguishable in policy.

Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

(cherry picked from commit b9e3ba56cb)

Change-Id: I4614af139991aa086ac14a06c70fe425888a16a1
gugelfrei
Robert Craig 11 years ago committed by Nick Kralevich
parent e8e1d80c64
commit 837559720b

@ -35,7 +35,8 @@ common_shared_libraries := \
libhardware_legacy \
liblogwrap \
libext4_utils \
libcrypto
libcrypto \
libselinux
common_static_libraries := \
libfs_mgr \

@ -35,6 +35,8 @@
#include <cutils/fs.h>
#include <cutils/log.h>
#include <selinux/android.h>
#include <sysutils/NetlinkEvent.h>
#include <private/android_filesystem_config.h>
@ -643,6 +645,12 @@ int VolumeManager::fixupAsecPermissions(const char *id, gid_t gid, const char* f
} else if (ftsent->fts_info & FTS_F) {
result |= fchmod(fd, privateFile ? 0640 : 0644);
}
if (selinux_android_restorecon(ftsent->fts_path) < 0) {
SLOGE("restorecon failed for %s: %s\n", ftsent->fts_path, strerror(errno));
result |= -1;
}
close(fd);
}
fts_close(fts);

Loading…
Cancel
Save