Add a new API for relabeling package directories.
Add a new selinux_android_restorecon_pkgdir() API for
relabeling package directories that explicitly takes the
seinfo and uid information from the caller. This is similar
to the selinux_android_setfilecon() API used by installd to
label newly created package directories but can be used to
recursively restorecon existing package directories. By
passing the seinfo and uid information directly, we avoid the
need to rely upon packages.list for this purpose and can
perform the relabeling on a per-directory basis before each app
is loaded.
Also if we are not provided with a seinfo value and we cannot
lookup the package name in packages.list, log a warning and
return an error condition rather than silently ignoring the failure.
This avoids mislabeling the file by restorecon and provides a warning
if any future bugs arise in this area.
Change-Id: Ie440cba2c96f0907458086348197e1506d31c1b6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2 files changed