Create selinux_android_setcon()
System properties are backed by various property files that are
mmap()'ed into a process's address space. setcon() does not revoke
access to such mmap()'ed regions, so we may leak access to property
files when moving to a more restrictive context.
This commit creates a new selinux_android_setcon() function that
explicitly reinitializes system properties after
calling setcon() to ensure that no leaks occur.
This new function is used in place of setcon() in
selinux_android_setcontext().
Bug 26114086
Change-Id: I631a8d6f3f474f62b2b4ecca3c842a0700486ddd
2 files changed