Add SELinux restorecon calls on ASEC containers.
This will allow fine-grained labeling of the contents of ASEC containers. Some of the contents need to be world readable and thus should be distinguishable in policy. Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
This commit is contained in:
Robert Craig
parent
353b45f84f
commit
b9e3ba56cb
2 changed files with 10 additions and 1 deletions
|
|
@ -35,7 +35,8 @@ common_shared_libraries := \
|
|||
libhardware_legacy \
|
||||
liblogwrap \
|
||||
libext4_utils \
|
||||
libcrypto
|
||||
libcrypto \
|
||||
libselinux
|
||||
|
||||
common_static_libraries := \
|
||||
libfs_mgr \
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@
|
|||
#include <cutils/fs.h>
|
||||
#include <cutils/log.h>
|
||||
|
||||
#include <selinux/android.h>
|
||||
|
||||
#include <sysutils/NetlinkEvent.h>
|
||||
|
||||
#include <private/android_filesystem_config.h>
|
||||
|
|
@ -613,6 +615,12 @@ int VolumeManager::fixupAsecPermissions(const char *id, gid_t gid, const char* f
|
|||
} else if (ftsent->fts_info & FTS_F) {
|
||||
result |= fchmod(fd, privateFile ? 0640 : 0644);
|
||||
}
|
||||
|
||||
if (selinux_android_restorecon(ftsent->fts_path) < 0) {
|
||||
SLOGE("restorecon failed for %s: %s\n", ftsent->fts_path, strerror(errno));
|
||||
result |= -1;
|
||||
}
|
||||
|
||||
close(fd);
|
||||
}
|
||||
fts_close(fts);
|
||||
|
|
|
|||
Loading…
Reference in a new issue