restorecon the profile directory.

This is required so that it will be assigned the correct SELinux
security context on first creation by installd.

Bug: 13927667
Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2014-04-09 14:23:43 -04:00 committed by Nick Kralevich
parent 27f8840f22
commit a240733137

View File

@ -1022,7 +1022,13 @@ int create_profile_file(const char *pkgname, gid_t gid) {
// Make the profile directory write-only for group and other. Owner can rwx it.
if (chmod(profile_dir, 0711) < 0) {
ALOGE("cannot chown profile dir '%s': %s\n", profile_dir, strerror(errno));
unlink(profile_dir);
rmdir(profile_dir);
return -1;
}
if (selinux_android_restorecon(profile_dir, 0) < 0) {
ALOGE("cannot restorecon profile dir '%s': %s\n", profile_dir, strerror(errno));
rmdir(profile_dir);
return -1;
}
}