Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_core / 875476d8edba3609e06ea5b08af5310b7a11a6ad^! / .
commit875476d8edba3609e06ea5b08af5310b7a11a6ad[log] [tgz]
authorWilliam Roberts <william.c.roberts@intel.com>Fri May 13 11:19:42 2016 -0700
committerWilliam Roberts <william.c.roberts@intel.com>Fri May 13 11:28:24 2016 -0700
treeae67e3e26d458883a14fed836d7fa16375f074d8
parentcb90562bcfb36a31fc5ced592bf321b370e67d15 [diff]
fs_mgr: pass sehandle to ext4 format routine

When fs_mgr_do_format() is executed, fs_mgr creates a new
blank data file system. However, that filesystem is not
labeled and causes some unlabeled denials on early boot.

Example Denial:
avc: denied { search } for pid=2535 comm="logd" name="/" dev="mmcblk0p9" ino=2 scontext=u:r:logd:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir permissive=1

To correct this, pass sehandle to the internal ext4 routine.
This way the ext4 filesystem will be labeled at creation and
the root inode will have a label.

Change-Id: Ieeecaa8bbc258e6d743d281dd956bdaca98b365f
Signed-off-by: William Roberts <william.c.roberts@intel.com>

diff --git a/fs_mgr/Android.mk b/fs_mgr/Android.mk
index d0d5630..7da3ca4 100644
--- a/fs_mgr/Android.mk
+++ b/fs_mgr/Android.mk

@@ -10,7 +10,8 @@
     libcrypto_utils_static \
     libcrypto_static \
     libext4_utils_static \
-    libsquashfs_utils
+    libsquashfs_utils \
+    libselinux
 
 include $(CLEAR_VARS)
 LOCAL_CLANG := true

diff --git a/fs_mgr/fs_mgr_format.c b/fs_mgr/fs_mgr_format.c
index c63ff67..6c5b1eb 100644
--- a/fs_mgr/fs_mgr_format.c
+++ b/fs_mgr/fs_mgr_format.c

@@ -23,6 +23,11 @@
 #include <errno.h>
 #include <cutils/partition_utils.h>
 #include <sys/mount.h>
+
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+#include <selinux/android.h>
+
 #include "ext4_utils.h"
 #include "ext4.h"
 #include "make_ext4fs.h"
@@ -47,17 +52,29 @@
         return -1;
     }
 
+    struct selabel_handle *sehandle = selinux_android_file_context_handle();
+    if (!sehandle) {
+        /* libselinux logs specific error */
+        ERROR("Cannot initialize android file_contexts");
+        close(fd);
+        return -1;
+    }
+
     /* Format the partition using the calculated length */
     reset_ext4fs_info();
     info.len = (off64_t)dev_sz;
 
     /* Use make_ext4fs_internal to avoid wiping an already-wiped partition. */
-    rc = make_ext4fs_internal(fd, NULL, NULL, fs_mnt_point, 0, 0, 0, 0, 0, 0, 0, 0, 0, NULL);
+    rc = make_ext4fs_internal(fd, NULL, NULL, fs_mnt_point, 0, 0, 0, 0, 0, 0, sehandle, 0, 0, NULL);
     if (rc) {
         ERROR("make_ext4fs returned %d.\n", rc);
     }
     close(fd);
 
+    if (sehandle) {
+        selabel_close(sehandle);
+    }
+
     return rc;
 }