summaryrefslogtreecommitdiffstats
path: root/updater
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2014-10-23 20:36:42 -0700
committerNick Kralevich <nnk@google.com>2014-10-23 20:46:33 -0700
commit688024169df70336cc128ea8cc929174c53a501e (patch)
treea0e4555e3d4d10e022cbeb6c1b86ff740ff2574a /updater
parent168f77787700f0e9f66675beef33c593a777e64e (diff)
downloadbootable_recovery-688024169df70336cc128ea8cc929174c53a501e.zip
bootable_recovery-688024169df70336cc128ea8cc929174c53a501e.tar.gz
bootable_recovery-688024169df70336cc128ea8cc929174c53a501e.tar.bz2
unconditionally apply SELinux labels to symlinks
At the end of the OTA script, we walk through /system, updating all the permissions on the filesystem, including the UID, GID, standard UNIX permissions, capabilities, and SELinux labels. In the case of a symbolic link, however, we want to skip most of those operations. The UID, GID, UNIX permissions, and capabilities don't meaningfully apply to symbolic links. However, that's not true with SELinux labels. The SELinux label on a symbolic link is important. We need to make sure the label on the symbolic link is always updated, even if none of the other attributes are updated. This change unconditionally updates the SELinux label on the symbolic link itself. lsetfilecon() is used, so that the link itself is updated, not what it's pointing to. In addition, drop the ENOTSUP special case. SELinux has been a requirement since Android 4.4. Running without filesystem extended attributes is no longer supported, and we shouldn't even try to handle non-SELinux updates anymore. (Note: this could be problematic if these scripts are ever used to produce OTA images for 4.2 devices) Bug: 18079773 Change-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91
Diffstat (limited to 'updater')
-rw-r--r--updater/install.c19
1 files changed, 9 insertions, 10 deletions
diff --git a/updater/install.c b/updater/install.c
index 282a618..db2bd32 100644
--- a/updater/install.c
+++ b/updater/install.c
@@ -770,9 +770,17 @@ static int ApplyParsedPerms(
{
int bad = 0;
+ if (parsed.has_selabel) {
+ if (lsetfilecon(filename, parsed.selabel) != 0) {
+ uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n",
+ filename, parsed.selabel, strerror(errno));
+ bad++;
+ }
+ }
+
/* ignore symlinks */
if (S_ISLNK(statptr->st_mode)) {
- return 0;
+ return bad;
}
if (parsed.has_uid) {
@@ -815,15 +823,6 @@ static int ApplyParsedPerms(
}
}
- if (parsed.has_selabel) {
- // TODO: Don't silently ignore ENOTSUP
- if (lsetfilecon(filename, parsed.selabel) && (errno != ENOTSUP)) {
- uiPrintf(state, "ApplyParsedPerms: lsetfilecon of %s to %s failed: %s\n",
- filename, parsed.selabel, strerror(errno));
- bad++;
- }
- }
-
if (parsed.has_capabilities && S_ISREG(statptr->st_mode)) {
if (parsed.capabilities == 0) {
if ((removexattr(filename, XATTR_NAME_CAPS) == -1) && (errno != ENODATA)) {