diff options
| author | Nick Kralevich <nnk@google.com> | 2014-10-23 20:36:42 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-10-23 20:46:33 -0700 |
| commit | 688024169df70336cc128ea8cc929174c53a501e (patch) | |
| tree | a0e4555e3d4d10e022cbeb6c1b86ff740ff2574a /updater | |
| parent | 168f77787700f0e9f66675beef33c593a777e64e (diff) | |
| download | bootable_recovery-688024169df70336cc128ea8cc929174c53a501e.zip bootable_recovery-688024169df70336cc128ea8cc929174c53a501e.tar.gz bootable_recovery-688024169df70336cc128ea8cc929174c53a501e.tar.bz2 | |
unconditionally apply SELinux labels to symlinks
At the end of the OTA script, we walk through /system, updating
all the permissions on the filesystem, including the UID, GID,
standard UNIX permissions, capabilities, and SELinux labels.
In the case of a symbolic link, however, we want to skip most of
those operations. The UID, GID, UNIX permissions, and capabilities
don't meaningfully apply to symbolic links.
However, that's not true with SELinux labels. The SELinux label on
a symbolic link is important. We need to make sure the label on the
symbolic link is always updated, even if none of the other attributes
are updated.
This change unconditionally updates the SELinux label on the symbolic
link itself. lsetfilecon() is used, so that the link itself is updated,
not what it's pointing to.
In addition, drop the ENOTSUP special case. SELinux has been a
requirement since Android 4.4. Running without filesystem extended
attributes is no longer supported, and we shouldn't even try to handle
non-SELinux updates anymore. (Note: this could be problematic if
these scripts are ever used to produce OTA images for 4.2 devices)
Bug: 18079773
Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
Diffstat (limited to 'updater')
| -rw-r--r-- | updater/install.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/updater/install.c b/updater/install.c index 282a618..db2bd32 100644 --- a/updater/install.c +++ b/updater/install.c @@ -770,9 +770,17 @@ static int ApplyParsedPerms( { int bad = 0; + if (parsed.has_selabel) { + if (lsetfilecon(filename, parsed.selabel) != 0) { + uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n", + filename, parsed.selabel, strerror(errno)); + bad++; + } + } + /* ignore symlinks */ if (S_ISLNK(statptr->st_mode)) { - return 0; + return bad; } if (parsed.has_uid) { @@ -815,15 +823,6 @@ static int ApplyParsedPerms( } } - if (parsed.has_selabel) { - // TODO: Don't silently ignore ENOTSUP - if (lsetfilecon(filename, parsed.selabel) && (errno != ENOTSUP)) { - uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n", - filename, parsed.selabel, strerror(errno)); - bad++; - } - } - if (parsed.has_capabilities && S_ISREG(statptr->st_mode)) { if (parsed.capabilities == 0) { if ((removexattr(filename, XATTR_NAME_CAPS) == -1) && (errno != ENODATA)) { |