Remove FTS_COMFOLLOW from fts_open flags on restorecon_recursive.
When I converted restorecon_recursive from using nftw to using fts,
I followed bionic's nftw implementation
(bionic/libc/upstream-netbsd/lib/libc/gen/nftw.c)
and set FTS_COMFOLLOW in the flags for fts_open. However, this is
not needed for any legitimate purpose and could be dangerous if someone
were to add an explicit restorecon_recursive /data/local/tmp/foo command
to an init*.rc file. This should not be a problem with current policy,
but no point in risking it.
Change-Id: I7cec116d68ae60fe8e18fe4ecc9b6c8e564ac10f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed