Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / update_engine / 14dbd333439f34c648b9f783ffa656ef565de0cc^! / .
commit14dbd333439f34c648b9f783ffa656ef565de0cc[log] [tgz]
authorAlex Deymo <deymo@google.com>Tue Mar 01 18:55:54 2016 -0800
committerAlex Deymo <deymo@google.com>Tue Mar 01 18:55:54 2016 -0800
treea55f35b1d7231658201759cc51079e5b3be08acf
parent390efedcb7e17587da765b6d682077cb7fa46ee1 [diff]
Mount the new system as 'postinstall_file' in postinstall.

When mounting the new filesystem on /postinstall, we need to override
the file attributes from the new system (unknown to the current selinux
policies) with a consistent label that will be used only in the context
of postinstall. This patch passes an extra option to mount(2) in
Brillo and Android to achieve this.

Bug: 27177071
TEST=Deployed a postinstall script with `ls -laZ`, contents show "postinstall_file".

Change-Id: Ia43b45c92e4c4cd340a884818ac00f24a418f9e7

diff --git a/common/platform_constants.h b/common/platform_constants.h
index d1786ff..6eaa940 100644
--- a/common/platform_constants.h
+++ b/common/platform_constants.h

@@ -50,6 +50,10 @@
 // The stateful directory used by update_engine.
 extern const char kNonVolatileDirectory[];
 
+// Options passed to the filesystem when mounting the new partition during
+// postinstall.
+extern const char kPostinstallMountOptions[];
+
 }  // namespace constants
 }  // namespace chromeos_update_engine
 

diff --git a/common/platform_constants_android.cc b/common/platform_constants_android.cc
index 4f55106..371fe26 100644
--- a/common/platform_constants_android.cc
+++ b/common/platform_constants_android.cc

@@ -31,6 +31,8 @@
 // No deadline file API support on Android.
 const char kOmahaResponseDeadlineFile[] = "";
 const char kNonVolatileDirectory[] = "/data/misc/update_engine";
+const char kPostinstallMountOptions[] =
+  "context=u:object_r:postinstall_file:s0";
 
 }  // namespace constants
 }  // namespace chromeos_update_engine

diff --git a/common/platform_constants_chromeos.cc b/common/platform_constants_chromeos.cc
index d8587ca..7c1d627 100644
--- a/common/platform_constants_chromeos.cc
+++ b/common/platform_constants_chromeos.cc

@@ -32,6 +32,7 @@
     "/tmp/update-check-response-deadline";
 // This directory is wiped during powerwash.
 const char kNonVolatileDirectory[] = "/var/lib/update_engine";
+const char kPostinstallMountOptions[] = nullptr;
 
 }  // namespace constants
 }  // namespace chromeos_update_engine

diff --git a/common/test_utils.cc b/common/test_utils.cc
index a574863..77a9141 100644
--- a/common/test_utils.cc
+++ b/common/test_utils.cc

@@ -260,7 +260,7 @@
   string loop_dev;
   loop_binder_.reset(new ScopedLoopbackDeviceBinder(file_path, &loop_dev));
 
-  EXPECT_TRUE(utils::MountFilesystem(loop_dev, *mnt_path, flags, ""));
+  EXPECT_TRUE(utils::MountFilesystem(loop_dev, *mnt_path, flags, "", nullptr));
   unmounter_.reset(new ScopedFilesystemUnmounter(*mnt_path));
 }
 

diff --git a/common/utils.cc b/common/utils.cc
index b4956e7..912bc96 100644
--- a/common/utils.cc
+++ b/common/utils.cc

@@ -614,7 +614,8 @@
 bool MountFilesystem(const string& device,
                      const string& mountpoint,
                      unsigned long mountflags,  // NOLINT(runtime/int)
-                     const string& type) {
+                     const string& type,
+                     const string& fs_mount_options) {
   vector<const char*> fstypes;
   if (type.empty()) {
     fstypes = {"ext2", "ext3", "ext4", "squashfs"};
@@ -623,7 +624,7 @@
   }
   for (const char* fstype : fstypes) {
     int rc = mount(device.c_str(), mountpoint.c_str(), fstype, mountflags,
-                   nullptr);
+                   fs_mount_options.c_str());
     if (rc == 0)
       return true;
 

diff --git a/common/utils.h b/common/utils.h
index 8da0726..df06ef1 100644
--- a/common/utils.h
+++ b/common/utils.h

@@ -177,7 +177,8 @@
 bool MountFilesystem(const std::string& device,
                      const std::string& mountpoint,
                      unsigned long flags,  // NOLINT(runtime/int)
-                     const std::string& type);
+                     const std::string& type,
+                     const std::string& fs_mount_options);
 bool UnmountFilesystem(const std::string& mountpoint);
 
 // Returns the block count and the block byte size of the file system on

diff --git a/payload_consumer/postinstall_runner_action.cc b/payload_consumer/postinstall_runner_action.cc
index fe468cc..d57ef4e 100644
--- a/payload_consumer/postinstall_runner_action.cc
+++ b/payload_consumer/postinstall_runner_action.cc

@@ -27,6 +27,7 @@
 
 #include "update_engine/common/action_processor.h"
 #include "update_engine/common/boot_control_interface.h"
+#include "update_engine/common/platform_constants.h"
 #include "update_engine/common/subprocess.h"
 #include "update_engine/common/utils.h"
 
@@ -99,7 +100,8 @@
   if (!utils::MountFilesystem(mountable_device,
                               fs_mount_dir_,
                               MS_RDONLY,
-                              partition.filesystem_type)) {
+                              partition.filesystem_type,
+                              constants::kPostinstallMountOptions)) {
     return CompletePartitionPostinstall(
         1, "Error mounting the device " + mountable_device);
   }