Merge "ueventd: relabel block devices nodes when processing subsequent add events"

am: 94b0f37 * commit '94b0f3763f6dd4cfe2aaef9a4ce2ac7f029774c8': ueventd: relabel block devices nodes when processing subsequent add events Change-Id: I9cfab12e0844991bd875d049e3e6ed3c50a27084
2016-04-28 12:06:41 +00:00 · 2016-04-28 12:06:41 +00:00 · 51cdf140db
parent 499cfed160 94b0f3763f
commit 51cdf140db
1 changed files with 15 additions and 6 deletions
--- a/init/devices.cpp
+++ b/init/devices.cpp
@ -244,7 +244,11 @@ static void make_device(const char *path,

    mode = get_device_perm(path, links, &uid, &gid) | (block ? S_IFBLK : S_IFCHR);

-    selabel_lookup_best_match(sehandle, &secontext, path, links, mode);
+    if (selabel_lookup_best_match(sehandle, &secontext, path, links, mode)) {
+        ERROR("Device '%s' not created; cannot find SELinux label (%s)\n",
+                path, strerror(errno));
+        return;
+    }
    setfscreatecon(secontext);

    dev = makedev(major, minor);
@ -254,14 +258,19 @@ static void make_device(const char *path,
     * racy. Fixing the gid race at least fixed the issue with system_server
     * opening dynamic input devices under the AID_INPUT gid. */
    setegid(gid);
-    mknod(path, mode, dev);
+    /* If the node already exists update its SELinux label to handle cases when
+     * it was created with the wrong context during coldboot procedure. */
+    if (mknod(path, mode, dev) && (errno == EEXIST)) {
+        if (lsetfilecon(path, secontext)) {
+            ERROR("Cannot set '%s' SELinux label on '%s' device (%s)\n",
+                    secontext, path, strerror(errno));
+        }
+    }
    chown(path, uid, -1);
    setegid(AID_ROOT);

-    if (secontext) {
-        freecon(secontext);
-        setfscreatecon(NULL);
-    }
+    freecon(secontext);
+    setfscreatecon(NULL);
 }

 static void add_platform_device(const char *path)