Exclude /mnt/vendor from vold's ownership.

Addresses this selinux denial: avc: denied { search } for name="vendor" dev="tmpfs" ino=11069 scontext=u:r:vold:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0 Bug: 64905218 Test: fixes above denial. Change-Id: I670b2148e65c7e0fcabd1e11f5bace0c4f4e18bd Merged-In: I670b2148e65c7e0fcabd1e11f5bace0c4f4e18bd (cherry picked from commit bca5cd78fe)
6 years ago · e98adee732
parent 17a93d5001
commit e98adee732
1 changed files with 6 additions and 3 deletions
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@ -39,6 +39,7 @@
 #include <android-base/logging.h>
 #include <android-base/parseint.h>
 #include <android-base/stringprintf.h>
+#include <android-base/strings.h>
 #include <cutils/fs.h>
 #include <cutils/log.h>

@ -751,9 +752,11 @@ int VolumeManager::unmountAll() {
    std::list<std::string> toUnmount;
    mntent* mentry;
    while ((mentry = getmntent(fp)) != NULL) {
-        if (strncmp(mentry->mnt_dir, "/mnt/", 5) == 0
-                || strncmp(mentry->mnt_dir, "/storage/", 9) == 0) {
-            toUnmount.push_front(std::string(mentry->mnt_dir));
+        auto test = std::string(mentry->mnt_dir);
+        if ((android::base::StartsWith(test, "/mnt/") &&
+             !android::base::StartsWith(test, "/mnt/vendor")) ||
+            android::base::StartsWith(test, "/storage/")) {
+            toUnmount.push_front(test);
        }
    }
    endmntent(fp);