diff options
author | Nick Kralevich <nnk@google.com> | 2019-05-14 09:23:26 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2019-05-14 09:23:26 -0700 |
commit | 2d3cc3b458831550a4a1caccd03c98a4a0def064 (patch) | |
tree | 2ecfaa19bf4dc146728098ded1660548910f9344 | |
parent | 4a792614521f82ffa73448483071925a2b77315b (diff) | |
download | selinux-android10-qpr2-s2-release.tar.gz |
Delay /data/vendor_ce restoreconandroid-mainline-10.0.0_r9android-mainline-10.0.0_r7android-mainline-10.0.0_r5android-mainline-10.0.0_r4android-mainline-10.0.0_r10android-10.0.0_r9android-10.0.0_r8android-10.0.0_r7android-10.0.0_r45android-10.0.0_r44android-10.0.0_r43android-10.0.0_r42android-10.0.0_r41android-10.0.0_r40android-10.0.0_r39android-10.0.0_r38android-10.0.0_r37android-10.0.0_r36android-10.0.0_r35android-10.0.0_r34android-10.0.0_r33android-10.0.0_r32android-10.0.0_r31android-10.0.0_r30android-10.0.0_r14android-10.0.0_r13android-10.0.0_r12android10-qpr3-s1-releaseandroid10-qpr3-releaseandroid10-qpr2-s4-releaseandroid10-qpr2-s3-releaseandroid10-qpr2-s2-releaseandroid10-qpr2-s1-releaseandroid10-qpr2-releaseandroid10-qpr1-mainline-releaseandroid10-mainline-media-releaseandroid10-devandroid10-d4-s1-releaseandroid10-d4-releaseandroid10-c2f2-s2-releaseandroid10-c2f2-s1-releaseandroid10-c2f2-release
When Android boots after file_contexts has changed, the boot process
walks the entire /data partition, updating any changed SELinux labels as
appropriate. However, credential encrypted ("ce") directories are
deliberately excluded from this early boot directory walk. Files within
ce directories have their filenames encrypted, and as a result, cannot
match the file_contexts entries. Only after the user has unlocked their
device are the unencrypted filenames available and a restorecon
appropriate.
Exclude /data/vendor_ce from the early boot restorecon, like we do for
/data/system_ce and /data/misc_ce. This prevents init from
inappropriately relabeling these files with encrypted filenames.
Bug: 132349934
Test: See bug 132349934 comment #12 for test procedure
Change-Id: I59171f11dc25d446fae3760c4aa538264944391d
-rw-r--r-- | libselinux/src/android/android_platform.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libselinux/src/android/android_platform.c b/libselinux/src/android/android_platform.c index c0e60440..83a795a7 100644 --- a/libselinux/src/android/android_platform.c +++ b/libselinux/src/android/android_platform.c @@ -1324,6 +1324,7 @@ struct pkg_info *package_info_lookup(const char *name) * to delay restorecon of those until vold explicitly requests it. */ // NOTE: these paths need to be kept in sync with vold #define DATA_SYSTEM_CE_PREFIX "/data/system_ce/" +#define DATA_VENDOR_CE_PREFIX "/data/vendor_ce/" #define DATA_MISC_CE_PREFIX "/data/misc_ce/" /* The path prefixes of package data directories. */ @@ -1713,7 +1714,8 @@ static int selinux_android_restorecon_common(const char* pathname_orig, if (skipce && (!strncmp(ftsent->fts_path, DATA_SYSTEM_CE_PREFIX, sizeof(DATA_SYSTEM_CE_PREFIX)-1) || - !strncmp(ftsent->fts_path, DATA_MISC_CE_PREFIX, sizeof(DATA_MISC_CE_PREFIX)-1))) { + !strncmp(ftsent->fts_path, DATA_MISC_CE_PREFIX, sizeof(DATA_MISC_CE_PREFIX)-1) || + !strncmp(ftsent->fts_path, DATA_VENDOR_CE_PREFIX, sizeof(DATA_VENDOR_CE_PREFIX)-1))) { // Don't label anything below this directory. fts_set(fts, ftsent, FTS_SKIP); // but fall through and make sure we label the directory itself |