diff options
| author | Christopher R. Palmer <crpalmer@gmail.com> | 2014-12-03 16:48:04 -0500 |
|---|---|---|
| committer | Steve Kondik <steve@cyngn.com> | 2015-10-18 02:03:32 -0700 |
| commit | 6edfdb55b2d0ed701774134be7cebf45f015c2f2 (patch) | |
| tree | 661d294221527604e1f3e39f02612060eac8c52b | |
| parent | c403730ac3fabbe5a12b1604538e754f828c41e4 (diff) | |
| download | system_core-6edfdb55b2d0ed701774134be7cebf45f015c2f2.zip system_core-6edfdb55b2d0ed701774134be7cebf45f015c2f2.tar.gz system_core-6edfdb55b2d0ed701774134be7cebf45f015c2f2.tar.bz2 | |
init: Make restorecon_recursive work for /data/
In the following commit:
commit f2b7ee765516c84a9995e3acdc8fbcd7dc1b33cc
Author: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu Feb 6 13:52:52 2014 -0500
Apply restorecon_recursive to all of /data.
they removed all the adhoc restorecon_recursive of subdirectories
of /data/ and replaced it with:
# Set SELinux security contexts on upgrade or policy update.
restorecon_recursive /data
Unfortunately, that is a no-op because restorecon doesn't recurse
through /data/ unless you add a FORCE flag.
Since the expectation seems to be that the recursive restorecon
in init will actually work, update the built-in to add the force
flag and a flag to allow /data/data to also be recursed through.
[RC: Removed the DATADATA flag. It throws a ton of errors, and it's
supposed to be handled by seapp_contexts, not file_contexts. The actual
root paths, however, now get their individual restorecon calls so that
installd can deal with them]
Change-Id: I435c505188e924b27ef2e6a2e0ee0a6951e43f0e
| -rw-r--r-- | init/util.cpp | 6 | ||||
| -rw-r--r-- | rootdir/init.rc | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/init/util.cpp b/init/util.cpp index a5392c6..b006e0b 100644 --- a/init/util.cpp +++ b/init/util.cpp @@ -458,9 +458,13 @@ int restorecon(const char* pathname) return selinux_android_restorecon(pathname, 0); } +#define RESTORECON_RECURSIVE_FLAGS \ + (SELINUX_ANDROID_RESTORECON_FORCE | \ + SELINUX_ANDROID_RESTORECON_RECURSE) + int restorecon_recursive(const char* pathname) { - return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE); + return selinux_android_restorecon(pathname, RESTORECON_RECURSIVE_FLAGS); } /* diff --git a/rootdir/init.rc b/rootdir/init.rc index 4d68b7c..1ca2e95 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -360,6 +360,9 @@ on post-fs-data # Set SELinux security contexts on upgrade or policy update. restorecon_recursive /data + restorecon /data/data + restorecon /data/user + restorecon /data/user/0 # Check any timezone data in /data is newer than the copy in /system, delete if not. exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo |