system/corennnnn
| 修訂 | 96f387e8c02bdfcd5ed53684b5563c208770f7ee (tree) |
|---|---|
| 時間 | 2016-07-19 00:58:42 |
| 作者 | Jeff Sharkey <jsharkey@goog...> |
| Commiter | Android (Google) Code Review |
Merge "Only restorecon CE storage after unlocked." into nyc-mr1-dev
init/builtins.cpp (diff) init/util.cpp (diff)
init/util.h (diff)| @@ -875,8 +875,12 @@ static int do_restorecon_recursive(const std::vector<std::string>& args) { | ||
| 875 | 875 | int ret = 0; |
| 876 | 876 | |
| 877 | 877 | for (auto it = std::next(args.begin()); it != args.end(); ++it) { |
| 878 | - if (restorecon_recursive(it->c_str()) < 0) | |
| 878 | + /* The contents of CE paths are encrypted on FBE devices until user | |
| 879 | + * credentials are presented (filenames inside are mangled), so we need | |
| 880 | + * to delay restorecon of those until vold explicitly requests it. */ | |
| 881 | + if (restorecon_recursive_skipce(it->c_str()) < 0) { | |
| 879 | 882 | ret = -errno; |
| 883 | + } | |
| 880 | 884 | } |
| 881 | 885 | return ret; |
| 882 | 886 | } |
| @@ -471,6 +471,12 @@ int restorecon_recursive(const char* pathname) | ||
| 471 | 471 | return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE); |
| 472 | 472 | } |
| 473 | 473 | |
| 474 | +int restorecon_recursive_skipce(const char* pathname) | |
| 475 | +{ | |
| 476 | + return selinux_android_restorecon(pathname, | |
| 477 | + SELINUX_ANDROID_RESTORECON_RECURSE | SELINUX_ANDROID_RESTORECON_SKIPCE); | |
| 478 | +} | |
| 479 | + | |
| 474 | 480 | /* |
| 475 | 481 | * Writes hex_len hex characters (1/2 byte) to hex from bytes. |
| 476 | 482 | */ |
| @@ -63,6 +63,7 @@ void import_kernel_cmdline(bool in_qemu, | ||
| 63 | 63 | int make_dir(const char *path, mode_t mode); |
| 64 | 64 | int restorecon(const char *pathname); |
| 65 | 65 | int restorecon_recursive(const char *pathname); |
| 66 | +int restorecon_recursive_skipce(const char *pathname); | |
| 66 | 67 | std::string bytes_to_hex(const uint8_t *bytes, size_t bytes_len); |
| 67 | 68 | bool is_dir(const char* pathname); |
| 68 | 69 | bool expand_props(const std::string& src, std::string* dst); |
Fork