tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Only restorecon CE storage after unlocked.

Browse source 
On FBE devices, the filenames inside credential-encrypted directories
are mangled until the key is installed.  This means the initial
restorecon at boot needs to skip these directories until the keys
are installed.

This CL changes the implementation of the "restorecon_recursive"
built-in command to use the new SKIPCE flag to avoid labeling files
in CE directories.  vold will request a restorecon when the keys
are actually installed.

(cherrypicked from commit 1635afe83d)

Bug: 30126557
Test: Cherry-picked from master
Change-Id: I320584574a4d712c493b5bbd8a79b56c0c04aa58
This commit is contained in:
Jeff Sharkey 2016-07-15 16:21:34 -06:00 committed by Paul Lawrence
parent 0673412bb9
commit d1d3bdd16f
3 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
init/builtins.cpp
View file

@ -915,8 +915,12 @@ static int do_restorecon_recursive(const std::vector<std::string>& args) {
int ret = 0;
for (auto it = std::next(args.begin()); it != args.end(); ++it) {
if (restorecon_recursive(it->c_str()) < 0)
/* The contents of CE paths are encrypted on FBE devices until user
* credentials are presented (filenames inside are mangled), so we need
* to delay restorecon of those until vold explicitly requests it. */
if (restorecon_recursive_skipce(it->c_str()) < 0) {
ret = -errno;
}
}
return ret;
}

6
init/util.cpp
View file

@ -379,6 +379,12 @@ int restorecon_recursive(const char* pathname)
return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE);
}
int restorecon_recursive_skipce(const char* pathname)
{
return selinux_android_restorecon(pathname,
SELINUX_ANDROID_RESTORECON_RECURSE | SELINUX_ANDROID_RESTORECON_SKIPCE);
}
/*
* Writes hex_len hex characters (1/2 byte) to hex from bytes.
*/

1
init/util.h
View file

@ -70,6 +70,7 @@ void import_kernel_cmdline(bool in_qemu,
int make_dir(const char *path, mode_t mode);
int restorecon(const char *pathname);
int restorecon_recursive(const char *pathname);
int restorecon_recursive_skipce(const char *pathname);
std::string bytes_to_hex(const uint8_t *bytes, size_t bytes_len);
bool is_dir(const char* pathname);
bool expand_props(const std::string& src, std::string* dst);