Run restorecon over mounted private volumes.
This ensures that we have consistent SELinux policy in place before
going any further, and it mirrors the way we restorecon /data when
first mounted.
Bug: 21121357
Change-Id: I2a7e3584ade655fe1fae8916cf54f9eae3a0f99d
diff --git a/PrivateVolume.cpp b/PrivateVolume.cpp
index a1bbb3b..74b6b5b 100644
--- a/PrivateVolume.cpp
+++ b/PrivateVolume.cpp
@@ -137,6 +137,24 @@
return -EIO;
}
+ LOG(VERBOSE) << "Starting restorecon of " << mPath;
+
+ // TODO: find a cleaner way of waiting for restorecon to finish
+ property_set("selinux.restorecon_recursive", "");
+ property_set("selinux.restorecon_recursive", mPath.c_str());
+
+ char value[PROPERTY_VALUE_MAX];
+ while (true) {
+ property_get("selinux.restorecon_recursive", value, "");
+ if (strcmp(mPath.c_str(), value) == 0) {
+ break;
+ }
+ sleep(1);
+ LOG(VERBOSE) << "Waiting for restorecon...";
+ }
+
+ LOG(VERBOSE) << "Finished restorecon of " << mPath;
+
// Verify that common directories are ready to roll
if (PrepareDir(mPath + "/app", 0771, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/user", 0711, AID_SYSTEM, AID_SYSTEM) ||
@@ -147,8 +165,6 @@
return -EIO;
}
- // TODO: restorecon all the things!
-
// Create a new emulated volume stacked above us, it will automatically
// be destroyed during unmount
std::string mediaPath(mPath + "/media");