Add is_credential_encrypted_path am: 5fd6afea62

Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3071444

Change-Id: I2731d3b2fa045b73a4d1abfe803a38c8a332873c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

libselinux/src/android/android.c

@@ -189,11 +189,18 @@ struct selabel_handle* selinux_android_keystore2_key_context_handle(void)
 	return context_handle(SELABEL_CTX_ANDROID_KEYSTORE2_KEY, &keystore2_context_paths, "keystore2");
 }
 
+/* The contents of these paths are encrypted on FBE devices until user
+ * credentials are presented (filenames inside are mangled), so we need
+ * to delay restorecon of those until vold explicitly requests it. */
+// NOTE: these paths need to be kept in sync with vold
+#define DATA_SYSTEM_CE_PATH "/data/system_ce"
+#define DATA_VENDOR_CE_PATH "/data/vendor_ce"
+#define DATA_MISC_CE_PATH "/data/misc_ce"
+
 /* The path prefixes of package data directories. */
 #define DATA_DATA_PATH "/data/data"
 #define DATA_USER_PATH "/data/user"
 #define DATA_USER_DE_PATH "/data/user_de"
-#define DATA_MISC_CE_PATH "/data/misc_ce"
 #define DATA_MISC_DE_PATH "/data/misc_de"
 #define DATA_STORAGE_AREA_PATH "/data/storage_area"
 #define SDK_SANDBOX_DATA_CE_PATH "/data/misc_ce/*/sdksandbox"
@@ -232,6 +239,12 @@ bool is_app_data_path(const char *pathname) {
 		!fnmatch(EXPAND_SDK_DE_PATH, pathname, flags));
 }
 
+bool is_credential_encrypted_path(const char *pathname) {
+	return !strncmp(pathname, DATA_SYSTEM_CE_PATH, sizeof(DATA_SYSTEM_CE_PATH)-1) ||
+	       !strncmp(pathname, DATA_MISC_CE_PATH, sizeof(DATA_MISC_CE_PATH)-1) ||
+	       !strncmp(pathname, DATA_VENDOR_CE_PATH, sizeof(DATA_VENDOR_CE_PATH)-1);
+}
+
 /*
  * Extract the userid from a path.
  * On success, pathname is updated past the userid.

libselinux/src/android/android_device.c

@@ -244,14 +244,6 @@ struct pkg_info *package_info_lookup(const char *name)
 	return NULL;
 }
 
-/* The contents of these paths are encrypted on FBE devices until user
- * credentials are presented (filenames inside are mangled), so we need
- * to delay restorecon of those until vold explicitly requests it. */
-// NOTE: these paths need to be kept in sync with vold
-#define DATA_SYSTEM_CE_PATH "/data/system_ce"
-#define DATA_VENDOR_CE_PATH "/data/vendor_ce"
-#define DATA_MISC_CE_PATH "/data/misc_ce"
-
 #define USER_PROFILE_PATH "/data/misc/profiles/cur/*"
 
 static int pkgdir_selabel_lookup(const char *pathname,
@@ -595,10 +587,7 @@ static int selinux_android_restorecon_common(const char* pathname_orig,
 				}
 			}
 
-			if (skipce &&
-				(!strncmp(ftsent->fts_path, DATA_SYSTEM_CE_PATH, sizeof(DATA_SYSTEM_CE_PATH)-1) ||
-				 !strncmp(ftsent->fts_path, DATA_MISC_CE_PATH, sizeof(DATA_MISC_CE_PATH)-1) ||
-				 !strncmp(ftsent->fts_path, DATA_VENDOR_CE_PATH, sizeof(DATA_VENDOR_CE_PATH)-1))) {
+			if (skipce && is_credential_encrypted_path(ftsent->fts_path)) {
 				// Don't label anything below this directory.
 				fts_set(fts, ftsent, FTS_SKIP);
 				// but fall through and make sure we label the directory itself

libselinux/src/android/android_internal.h

@@ -62,6 +62,14 @@ struct selabel_handle* context_handle(
  */
 bool is_app_data_path(const char *pathname);
 
+/*
+ * Determines if a path is Credential Encrypted (CE).
+ * Some paths are not available when the device first boots (these are protected
+ * by a credential). They should not be processed by restorecon until decrypted.
+ * See also the --skip-ce option for restorecon.
+ */
+bool is_credential_encrypted_path(const char *pathname);
+
 /* Extract the pkgname and userid from a path.
  * On success, the caller is responsible for free'ing pkgname.
  * Returns 0 on success, -1 on invalid path, -2 on error.