From 4a18a60a500ba27137c775f7bd0699b674c6cf98 Mon Sep 17 00:00:00 2001 From: Songchun Fan Date: Mon, 13 Jul 2020 15:43:58 -0700 Subject: [incfs] call restorecon on individual control files Test: install an incremental app, reboot and see the control files are properly labelled. BUG: 160990014 BUG: 160826412 Change-Id: I6450213f8c23e9581373f9941b7c5eaab4480e47 --- incfs/incfs.cpp | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/incfs/incfs.cpp b/incfs/incfs.cpp index c98acb2..7994c54 100644 --- a/incfs/incfs.cpp +++ b/incfs/incfs.cpp @@ -403,6 +403,22 @@ IncFsFileId IncFs_FileIdFromMetadata(IncFsSpan metadata) { return id; } +static bool restoreconControlFiles(std::string_view targetDir) { + const std::string controlFilePaths[] = {path::join(targetDir, INCFS_PENDING_READS_FILENAME), + path::join(targetDir, INCFS_LOG_FILENAME)}; + for (size_t i = 0; i < std::size(controlFilePaths); i++) { + if (const auto err = selinux_android_restorecon(controlFilePaths[i].c_str(), + SELINUX_ANDROID_RESTORECON_FORCE); + err != 0) { + PLOG(ERROR) << "[incfs] Failed to restorecon: " << controlFilePaths[i] + << " error code: " << err; + errno = -err; + return false; + } + } + return true; +} + IncFsControl* IncFs_Mount(const char* backingPath, const char* targetDir, IncFsMountOptions options) { if (!init().enabledAndReady()) { @@ -440,10 +456,7 @@ IncFsControl* IncFs_Mount(const char* backingPath, const char* targetDir, return nullptr; } - if (const auto err = selinux_android_restorecon(targetDir, SELINUX_ANDROID_RESTORECON_RECURSE); - err != 0) { - PLOG(ERROR) << "[incfs] Failed to restorecon: " << err; - errno = -err; + if (!restoreconControlFiles(targetDir)) { return nullptr; } -- cgit v1.2.3