cryptfs: run e2fsck/fsck.f2fs in fsck domain
e2fsck and fsck.f2fs must run in the fsck domain. Add call to
setexeccon() to tell selinux to run in the fsck domain on exec.
Addresses:
avc: denied { execute_no_trans } for path="/system/bin/e2fsck" dev="mmcblk0p41" ino=241 scontext=u:r:vold:s0 tcontext=u:object_r:fsck_exec:s0 tclass=file
Bug: 26872236
Change-Id: Ib2a583aeefc667f8aa67532e0ac0ff9619b65461
diff --git a/Android.mk b/Android.mk
index d83e650..8c0771d 100644
--- a/Android.mk
+++ b/Android.mk
@@ -27,6 +27,7 @@
MoveTask.cpp \
Benchmark.cpp \
TrimTask.cpp \
+ secontext.cpp \
common_c_includes := \
system/extras/ext4_utils \
diff --git a/cryptfs.c b/cryptfs.c
index f5a065a..7ca05b0 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -43,7 +43,9 @@
#include <fs_mgr.h>
#include <time.h>
#include <math.h>
+#include <selinux/selinux.h>
#include "cryptfs.h"
+#include "secontext.h"
#define LOG_TAG "Cryptfs"
#include "cutils/log.h"
#include "cutils/properties.h"
@@ -1683,6 +1685,15 @@
/* If that succeeded, then mount the decrypted filesystem */
int retries = RETRY_MOUNT_ATTEMPTS;
int mount_rc;
+
+ /*
+ * fs_mgr_do_mount runs fsck. Use setexeccon to run trusted
+ * partitions in the fsck domain.
+ */
+ if (setexeccon(secontextFsck())){
+ SLOGE("Failed to setexeccon");
+ return -1;
+ }
while ((mount_rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT,
crypto_blkdev, 0))
!= 0) {
@@ -1704,9 +1715,16 @@
cryptfs_set_corrupt();
cryptfs_trigger_restart_min_framework();
SLOGI("Started framework to offer wipe");
+ if (setexeccon(NULL)) {
+ SLOGE("Failed to setexeccon");
+ }
return -1;
}
}
+ if (setexeccon(NULL)) {
+ SLOGE("Failed to setexeccon");
+ return -1;
+ }
property_set("vold.decrypt", "trigger_load_persist_props");
/* Create necessary paths on /data */
diff --git a/secontext.cpp b/secontext.cpp
new file mode 100644
index 0000000..0529a30
--- /dev/null
+++ b/secontext.cpp
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <Utils.h>
+#include "secontext.h"
+
+security_context_t secontextFsck()
+{
+ return android::vold::sFsckContext;
+}
diff --git a/secontext.h b/secontext.h
new file mode 100644
index 0000000..08ad48e
--- /dev/null
+++ b/secontext.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _SECONTEXT_H_
+#define _SECONTEXT_H_
+
+#include <selinux/selinux.h>
+
+__BEGIN_DECLS
+security_context_t secontextFsck();
+__END_DECLS
+
+#endif