From b9e3ba56cb4075f894a73b02ee70571456494ac1 Mon Sep 17 00:00:00 2001
From: Robert Craig <rpcraig@tycho.ncsc.mil>
Date: Tue, 4 Feb 2014 10:53:00 -0500
Subject: [PATCH] Add SELinux restorecon calls on ASEC containers.

This will allow fine-grained labeling of the
contents of ASEC containers. Some of the contents
need to be world readable and thus should be
distinguishable in policy.

Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 Android.mk        | 3 ++-
 VolumeManager.cpp | 8 ++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Android.mk b/Android.mk
index 0064cb4..9ad0edd 100644
--- a/Android.mk
+++ b/Android.mk
@@ -35,7 +35,8 @@ common_shared_libraries := \
 	libhardware_legacy \
 	liblogwrap \
 	libext4_utils \
-	libcrypto
+	libcrypto \
+	libselinux
 
 common_static_libraries := \
 	libfs_mgr \
diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index 117eee0..3c2dd33 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -35,6 +35,8 @@
 #include <cutils/fs.h>
 #include <cutils/log.h>
 
+#include <selinux/android.h>
+
 #include <sysutils/NetlinkEvent.h>
 
 #include <private/android_filesystem_config.h>
@@ -613,6 +615,12 @@ int VolumeManager::fixupAsecPermissions(const char *id, gid_t gid, const char* f
             } else if (ftsent->fts_info & FTS_F) {
                 result |= fchmod(fd, privateFile ? 0640 : 0644);
             }
+
+            if (selinux_android_restorecon(ftsent->fts_path) < 0) {
+                SLOGE("restorecon failed for %s: %s\n", ftsent->fts_path, strerror(errno));
+                result |= -1;
+            }
+
             close(fd);
         }
         fts_close(fts);