Merge "Only restorecon CE storage after unlocked."

This commit is contained in:
Treehugger Robot 2016-11-16 22:04:49 +00:00 committed by Gerrit Code Review
commit cfd12251bd
3 changed files with 12 additions and 1 deletions

View File

@ -915,8 +915,12 @@ static int do_restorecon_recursive(const std::vector<std::string>& args) {
int ret = 0;
for (auto it = std::next(args.begin()); it != args.end(); ++it) {
if (restorecon_recursive(it->c_str()) < 0)
/* The contents of CE paths are encrypted on FBE devices until user
* credentials are presented (filenames inside are mangled), so we need
* to delay restorecon of those until vold explicitly requests it. */
if (restorecon_recursive_skipce(it->c_str()) < 0) {
ret = -errno;
}
}
return ret;
}

View File

@ -379,6 +379,12 @@ int restorecon_recursive(const char* pathname)
return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE);
}
int restorecon_recursive_skipce(const char* pathname)
{
return selinux_android_restorecon(pathname,
SELINUX_ANDROID_RESTORECON_RECURSE | SELINUX_ANDROID_RESTORECON_SKIPCE);
}
/*
* Writes hex_len hex characters (1/2 byte) to hex from bytes.
*/

View File

@ -70,6 +70,7 @@ void import_kernel_cmdline(bool in_qemu,
int make_dir(const char *path, mode_t mode);
int restorecon(const char *pathname);
int restorecon_recursive(const char *pathname);
int restorecon_recursive_skipce(const char *pathname);
std::string bytes_to_hex(const uint8_t *bytes, size_t bytes_len);
bool is_dir(const char* pathname);
bool expand_props(const std::string& src, std::string* dst);