diff options
| author | Yi-Yo Chiang <yochiang@google.com> | 2021-03-29 03:42:34 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-03-29 03:42:34 +0000 |
| commit | e323e02ad4d1a5f71f3ce6daa82a4797d4fbab83 (patch) | |
| tree | 4481d6e1dbf9c0ba29f83a1829a3d20d4aac1df4 | |
| parent | 158693aca336df3ecdaf876667845679b6996161 (diff) | |
| parent | f72d88aedf164ef39e4af38a48d28dcfd5e51632 (diff) | |
| download | gsid-e323e02ad4d1a5f71f3ce6daa82a4797d4fbab83.tar.gz | |
Make DSU metadata files globally readable am: f72d88aedf
Original change: https://android-review.googlesource.com/c/platform/system/gsid/+/1623819
Change-Id: I94cbc8e573db4112c88bb6e506358f8478b5b1ac
| -rw-r--r-- | Android.bp | 1 | ||||
| -rw-r--r-- | daemon.cpp | 3 | ||||
| -rw-r--r-- | gsi_service.cpp | 13 | ||||
| -rw-r--r-- | gsid.rc | 3 | ||||
| -rw-r--r-- | include/libgsi/libgsi.h | 8 |
5 files changed, 28 insertions, 0 deletions
@@ -101,6 +101,7 @@ cc_binary { "libgsi", "libgsid", "liblp", + "libselinux", "libutils", "libc++fs", "libvold_binder", @@ -49,6 +49,9 @@ static int DumpDeviceMapper() { int main(int argc, char** argv) { android::base::InitLogging(argv, android::base::LogdLogger(android::base::SYSTEM)); + // Create globally readable files. + umask(0022); + if (argc > 1) { if (argv[1] == "run-startup-tasks"s) { android::gsi::GsiService::RunStartupTasks(); diff --git a/gsi_service.cpp b/gsi_service.cpp index 002c51f..939f603 100644 --- a/gsi_service.cpp +++ b/gsi_service.cpp @@ -43,6 +43,7 @@ #include <libfiemap/image_manager.h> #include <openssl/sha.h> #include <private/android_filesystem_config.h> +#include <selinux/android.h> #include <storage_literals/storage_literals.h> #include "file_paths.h" @@ -71,6 +72,16 @@ static constexpr int64_t kDefaultUserdataSize = int64_t(2) * 1024 * 1024 * 1024; static bool GetAvbPublicKeyFromFd(int fd, AvbPublicKey* dst); +// Fix the file contexts of dsu metadata files. +// By default, newly created files inherit the file contexts of their parent +// directory. Since globally readable public metadata files are labeled with a +// different context, gsi_public_metadata_file, we need to call this function to +// fix their contexts after creating them. +static void RestoreconMetadataFiles() { + auto flags = SELINUX_ANDROID_RESTORECON_RECURSE | SELINUX_ANDROID_RESTORECON_SKIP_SEHASH; + selinux_android_restorecon(DSU_METADATA_PREFIX, flags); +} + GsiService::GsiService() { progress_ = {}; } @@ -185,6 +196,7 @@ binder::Status GsiService::createPartition(const ::std::string& name, int64_t si *_aidl_return = INSTALL_ERROR_GENERIC; return binder::Status::ok(); } + RestoreconMetadataFiles(); } installer_ = std::make_unique<PartitionInstaller>(this, install_dir_, name, @@ -297,6 +309,7 @@ binder::Status GsiService::enableGsi(bool one_shot, const std::string& dsuSlot, *_aidl_return = INSTALL_ERROR_GENERIC; return binder::Status::ok(); } + RestoreconMetadataFiles(); if (installer_) { ENFORCE_SYSTEM; installer_ = {}; @@ -10,6 +10,9 @@ on post-fs mkdir /metadata/gsi/dsu 0771 root system mkdir /metadata/gsi/ota 0771 root system mkdir /metadata/gsi/remount 0771 root system + chmod 0664 /metadata/gsi/dsu/active + chmod 0664 /metadata/gsi/dsu/booted + chmod 0664 /metadata/gsi/dsu/lp_names on post-fs-data write /data/gsi_persistent_data 0 diff --git a/include/libgsi/libgsi.h b/include/libgsi/libgsi.h index 17066ff..41898df 100644 --- a/include/libgsi/libgsi.h +++ b/include/libgsi/libgsi.h @@ -28,6 +28,14 @@ static constexpr char kGsiServiceName[] = "gsiservice"; #define DSU_METADATA_PREFIX "/metadata/gsi/dsu/" +// These files need to be globally readable so that fs_mgr_fstab, which is +// statically linked into processes, can return consistent result for non-root +// processes: +// * kDsuActiveFile +// * kGsiBootedIndicatorFile +// * kGsiLpNamesFile +// * DsuMetadataKeyDirFile(slot) + static constexpr char kGsiBootedIndicatorFile[] = DSU_METADATA_PREFIX "booted"; static constexpr char kGsiLpNamesFile[] = DSU_METADATA_PREFIX "lp_names"; |