update_engine: Transition to backuptool domain

* This way we can make backuptool permissive
  while leaving update_engine rules as clean as possible

Change-Id: Ied17f31f7d0258319371f3badc891c7a6ecee901

2 files changed, 14 insertions, 0 deletions

diff --git a/Android.bp b/Android.bp
index d5658024..a15335be 100644
--- a/Android.bp
+++ b/Android.bp
@@ -133,6 +133,7 @@ cc_defaults {
         "libcrypto",
         "libfec",
         "libprocessgroup",
+        "libselinux",
     ],
 }
 
diff --git a/payload_consumer/postinstall_runner_action.cc b/payload_consumer/postinstall_runner_action.cc
index 6e0c9665..f5756ab4 100644
--- a/payload_consumer/postinstall_runner_action.cc
+++ b/payload_consumer/postinstall_runner_action.cc
@@ -19,6 +19,7 @@
 #include <fcntl.h>
 #include <signal.h>
 #include <stdlib.h>
+#include <selinux/selinux.h>
 #include <sys/mount.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -193,11 +194,23 @@ void PostinstallRunnerAction::PerformPartitionPostinstall() {
     utils::MountFilesystem(mountable_device, fs_mount_dir_, MS_NOATIME | MS_NODEV | MS_NODIRATIME,
                            partition.filesystem_type, "seclabel");
 
+    // Switch to a permissive domain
+    if (setexeccon("u:r:backuptool:s0")) {
+      LOG(ERROR) << "Failed to set backuptool context";
+      return CompletePostinstall(ErrorCode::kPostinstallRunnerError);
+    }
+
     // Run backuptool script
     int ret = system("/postinstall/system/bin/backuptool_postinstall.sh");
     if (ret == -1 || WEXITSTATUS(ret) != 0) {
       LOG(ERROR) << "Backuptool postinstall step failed. ret=" << ret;
     }
+
+    // Switch back to update_engine domain
+    if (setexeccon(nullptr)) {
+      LOG(ERROR) << "Failed to set update_engine context";
+      return CompletePostinstall(ErrorCode::kPostinstallRunnerError);
+    }
   } else {
     LOG(INFO) << "Skipping backuptool scripts";
   }