Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2407331 authored by Stephen Smalley's avatar Stephen Smalley Committed by Nick Kralevich
Browse files

restorecon the profile directory.



This is required so that it will be assigned the correct SELinux
security context on first creation by installd.

Bug: 13927667
Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 27f8840f
Loading
Loading
Loading
Loading
+7 −1
Original line number Diff line number Diff line
@@ -1022,7 +1022,13 @@ int create_profile_file(const char *pkgname, gid_t gid) {
        // Make the profile directory write-only for group and other. Owner can rwx it.
        if (chmod(profile_dir, 0711) < 0) {
            ALOGE("cannot chown profile dir '%s': %s\n", profile_dir, strerror(errno));
            unlink(profile_dir);
            rmdir(profile_dir);
            return -1;
        }

        if (selinux_android_restorecon(profile_dir, 0) < 0) {
            ALOGE("cannot restorecon profile dir '%s': %s\n", profile_dir, strerror(errno));
            rmdir(profile_dir);
            return -1;
        }
    }