restorecon the profile directory.

This is required so that it will be assigned the correct SELinux security context on first creation by installd. Bug: 13927667 Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2014-04-09 14:23:43 -0400
committer: Nick Kralevich <nnk@google.com> 2014-04-09 19:08:20 +0000
commit: a240733137d1a0c006ca68415a0f8ed28cc4b11a (patch)
tree: b73ca6a7f738ce0c7942e3d4751997ae94a098d9
parent: 27f8840f228abfe5e2458a261ce5403871495a54 (diff)
download: native-a240733137d1a0c006ca68415a0f8ed28cc4b11a.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/cmds/installd/utils.c b/cmds/installd/utils.c
index 8f4da65313..671d031255 100644
--- a/cmds/installd/utils.c
+++ b/cmds/installd/utils.c
@@ -1022,7 +1022,13 @@ int create_profile_file(const char *pkgname, gid_t gid) {
         // Make the profile directory write-only for group and other. Owner can rwx it.
         if (chmod(profile_dir, 0711) < 0) {
             ALOGE("cannot chown profile dir '%s': %s\n", profile_dir, strerror(errno));
-            unlink(profile_dir);
+            rmdir(profile_dir);
+            return -1;
+        }
+
+        if (selinux_android_restorecon(profile_dir, 0) < 0) {
+            ALOGE("cannot restorecon profile dir '%s': %s\n", profile_dir, strerror(errno));
+            rmdir(profile_dir);
             return -1;
         }
     }
author	Stephen Smalley <sds@tycho.nsa.gov>	2014-04-09 14:23:43 -0400
committer	Nick Kralevich <nnk@google.com>	2014-04-09 19:08:20 +0000
commit	a240733137d1a0c006ca68415a0f8ed28cc4b11a (patch)
tree	b73ca6a7f738ce0c7942e3d4751997ae94a098d9
parent	27f8840f228abfe5e2458a261ce5403871495a54 (diff)
download	native-a240733137d1a0c006ca68415a0f8ed28cc4b11a.tar.gz