diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-09-30 10:29:24 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-09-30 15:35:28 -0400 |
| commit | 684e662502a310868da052192b80604234b66711 (patch) | |
| tree | 9e635248d15b9e0ddfc61c659577b406c7334707 /main.cpp | |
| parent | 6efa9351a257edc53ce07eb8c544ccf08efb64ae (diff) | |
Set SELinux contexts on device nodes created by vold.
Extend vold to look up and set SELinux contexts on the
device nodes it creates for extra loop devices and for volumes.
Prior to this change, these device nodes simply inherited the type
of their parent directory /dev/block, i.e. block_device, and vold
therefore required create_file perms to block_device:blk_file.
With this change we can scope vold down to accessing specific
block device types.
This depends on change Id3bea28f5958086716cd3db055bea309b3b5fa5a
to allow vold to use setfscreatecon().
Change-Id: Ib9e8294abb1da94d92503947603ec12e802ff08c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'main.cpp')
| -rw-r--r-- | main.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -36,6 +36,7 @@ #include "NetlinkManager.h" #include "DirectVolume.h" #include "cryptfs.h" +#include "sehandle.h" static int process_config(VolumeManager *vm); static void coldboot(const char *path); @@ -43,6 +44,8 @@ static void coldboot(const char *path); #define FSTAB_PREFIX "/fstab." struct fstab *fstab; +struct selabel_handle *sehandle; + int main() { VolumeManager *vm; @@ -51,6 +54,10 @@ int main() { SLOGI("Vold 2.1 (the revenge) firing up"); + sehandle = selinux_android_file_context_handle(); + if (sehandle) + selinux_android_set_sehandle(sehandle); + mkdir("/dev/block/vold", 0755); /* For when cryptfs checks and mounts an encrypted filesystem */ |