1. seandroid
  2. Untitled project
  3. system/vold

Commits

Robert Craig  committed b9e3ba5

Add SELinux restorecon calls on ASEC containers.

This will allow fine-grained labeling of the
contents of ASEC containers. Some of the contents
need to be world readable and thus should be
distinguishable in policy.

Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

  • Participants
  • Parent commits 353b45f
  • Branches master

Comments (0)

Files changed (2)

File Android.mk

View file
 	libhardware_legacy \
 	liblogwrap \
 	libext4_utils \
-	libcrypto
+	libcrypto \
+	libselinux
 
 common_static_libraries := \
 	libfs_mgr \

File VolumeManager.cpp

View file
 #include <cutils/fs.h>
 #include <cutils/log.h>
 
+#include <selinux/android.h>
+
 #include <sysutils/NetlinkEvent.h>
 
 #include <private/android_filesystem_config.h>
             } else if (ftsent->fts_info & FTS_F) {
                 result |= fchmod(fd, privateFile ? 0640 : 0644);
             }
+
+            if (selinux_android_restorecon(ftsent->fts_path) < 0) {
+                SLOGE("restorecon failed for %s: %s\n", ftsent->fts_path, strerror(errno));
+                result |= -1;
+            }
+
             close(fd);
         }
         fts_close(fts);