Mount the new system as 'postinstall_file' in postinstall.

When mounting the new filesystem on /postinstall, we need to override the file attributes from the new system (unknown to the current selinux policies) with a consistent label that will be used only in the context of postinstall. This patch passes an extra option to mount(2) in Brillo and Android to achieve this. Bug: 27177071 TEST=Deployed a postinstall script with `ls -laZ`, contents show "postinstall_file". Change-Id: Ia43b45c92e4c4cd340a884818ac00f24a418f9e7
author: Alex Deymo <deymo@google.com> 2016-03-01 18:55:54 -0800
committer: Alex Deymo <deymo@google.com> 2016-03-01 18:55:54 -0800
commit: 14dbd333439f34c648b9f783ffa656ef565de0cc (patch)
tree: a55f35b1d7231658201759cc51079e5b3be08acf /common/platform_constants_android.cc
parent: 390efedcb7e17587da765b6d682077cb7fa46ee1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/common/platform_constants_android.cc b/common/platform_constants_android.cc
index 4f55106b..371fe265 100644
--- a/common/platform_constants_android.cc
+++ b/common/platform_constants_android.cc
@@ -31,6 +31,8 @@ const char kCACertificatesPath[] = "/system/etc/security/cacerts_google";
 // No deadline file API support on Android.
 const char kOmahaResponseDeadlineFile[] = "";
 const char kNonVolatileDirectory[] = "/data/misc/update_engine";
+const char kPostinstallMountOptions[] =
+  "context=u:object_r:postinstall_file:s0";
 
 }  // namespace constants
 }  // namespace chromeos_update_engine
author	Alex Deymo <deymo@google.com>	2016-03-01 18:55:54 -0800
committer	Alex Deymo <deymo@google.com>	2016-03-01 18:55:54 -0800
commit	14dbd333439f34c648b9f783ffa656ef565de0cc (patch)
tree	a55f35b1d7231658201759cc51079e5b3be08acf /common/platform_constants_android.cc
parent	390efedcb7e17587da765b6d682077cb7fa46ee1 (diff)