Run restorecon over mounted private volumes.

This ensures that we have consistent SELinux policy in place before going any further, and it mirrors the way we restorecon /data when first mounted. Bug: 21121357 Change-Id: I2a7e3584ade655fe1fae8916cf54f9eae3a0f99d
2015-06-09 10:59:17 -07:00 · 2015-06-09 10:59:17 -07:00 · 34824129de
commit 34824129de
parent d0640f6358
1 changed files with 18 additions and 2 deletions
--- a/PrivateVolume.cpp
+++ b/PrivateVolume.cpp
@ -137,6 +137,24 @@ status_t PrivateVolume::doMount() {
        return -EIO;
    }

+    LOG(VERBOSE) << "Starting restorecon of " << mPath;
+
+    // TODO: find a cleaner way of waiting for restorecon to finish
+    property_set("selinux.restorecon_recursive", "");
+    property_set("selinux.restorecon_recursive", mPath.c_str());
+
+    char value[PROPERTY_VALUE_MAX];
+    while (true) {
+        property_get("selinux.restorecon_recursive", value, "");
+        if (strcmp(mPath.c_str(), value) == 0) {
+            break;
+        }
+        sleep(1);
+        LOG(VERBOSE) << "Waiting for restorecon...";
+    }
+
+    LOG(VERBOSE) << "Finished restorecon of " << mPath;
+
    // Verify that common directories are ready to roll
    if (PrepareDir(mPath + "/app", 0771, AID_SYSTEM, AID_SYSTEM) ||
            PrepareDir(mPath + "/user", 0711, AID_SYSTEM, AID_SYSTEM) ||
@ -147,8 +165,6 @@ status_t PrivateVolume::doMount() {
        return -EIO;
    }

-    // TODO: restorecon all the things!
-
    // Create a new emulated volume stacked above us, it will automatically
    // be destroyed during unmount
    std::string mediaPath(mPath + "/media");