Merge "Only restorecon CE storage after unlocked."
This commit is contained in:
commit
cfd12251bd
|
@ -915,8 +915,12 @@ static int do_restorecon_recursive(const std::vector<std::string>& args) {
|
|||
int ret = 0;
|
||||
|
||||
for (auto it = std::next(args.begin()); it != args.end(); ++it) {
|
||||
if (restorecon_recursive(it->c_str()) < 0)
|
||||
/* The contents of CE paths are encrypted on FBE devices until user
|
||||
* credentials are presented (filenames inside are mangled), so we need
|
||||
* to delay restorecon of those until vold explicitly requests it. */
|
||||
if (restorecon_recursive_skipce(it->c_str()) < 0) {
|
||||
ret = -errno;
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -379,6 +379,12 @@ int restorecon_recursive(const char* pathname)
|
|||
return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE);
|
||||
}
|
||||
|
||||
int restorecon_recursive_skipce(const char* pathname)
|
||||
{
|
||||
return selinux_android_restorecon(pathname,
|
||||
SELINUX_ANDROID_RESTORECON_RECURSE | SELINUX_ANDROID_RESTORECON_SKIPCE);
|
||||
}
|
||||
|
||||
/*
|
||||
* Writes hex_len hex characters (1/2 byte) to hex from bytes.
|
||||
*/
|
||||
|
|
|
@ -70,6 +70,7 @@ void import_kernel_cmdline(bool in_qemu,
|
|||
int make_dir(const char *path, mode_t mode);
|
||||
int restorecon(const char *pathname);
|
||||
int restorecon_recursive(const char *pathname);
|
||||
int restorecon_recursive_skipce(const char *pathname);
|
||||
std::string bytes_to_hex(const uint8_t *bytes, size_t bytes_len);
|
||||
bool is_dir(const char* pathname);
|
||||
bool expand_props(const std::string& src, std::string* dst);
|
||||
|
|
Loading…
Reference in New Issue