On 06/16/2014 04:23 AM, Pankaj Kushwaha wrote: > thanks.. > I am traversing file by file in each directory and call setfilecon2 for > each file. I was wondering that when a new app is installed, then > packagemanager service also calls the same api from install method in > command.c, so do we give some permission or something for that ? > > I fail at "rc = setfilecon(pkgdir, ctx_str);" in > libselinux/src/android.c and return value which I get is -1.
Why do you need to do this at all, given that we already perform a recursive restorecon of the rest of /data from init.rc and of each /data/data/<pkgdir> from installd on first boot or upgrade? What errno do you get when setfilecon() returns -1? EPERM or EACCES? As I said, setfilecon -> setxattr of security.selinux requires CAP_FOWNER if the file is not owned by the caller. Neither apps nor the system_server have CAP_FOWNER. installd does. _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
