What's the problem with running a recursive restorecon on first boot? The volume should be mostly empty at the time, so it can't be performance...
-- Nick On Fri, Jun 20, 2014 at 12:33 PM, Pankaj Kushwaha < pankaj.kushwaha.4...@gmail.com> wrote: > Hi, > > I have a question regarding restorecon recursive method. > Do we have a need to call this on first boot ? We call it after every OTA > which is fine, but I didn't understand the need of running it on first boot. > > Thanks > Pankaj Kushwaha > > > On Mon, Jun 16, 2014 at 11:24 PM, Pankaj Kushwaha < > pankaj.kushwaha.4...@gmail.com> wrote: > >> Thanks... >> On 16-Jun-2014 11:22 PM, "Stephen Smalley" <s...@tycho.nsa.gov> wrote: >> >>> On 06/16/2014 01:25 PM, Pankaj Kushwaha wrote: >>> > Actually m working on aosp 4.4.2, and taking all the changes from 4.4.3 >>> > master is becoming a complex task for me. So was thinking to write a >>> > small api to perform setfilecon2 on each file inside pkgdir from >>> > installd in a similar way in which new app is installed and calls >>> method >>> > in installd. >>> > >>> > But I guess I will have to merge required patches from 4.4.3 , as I am >>> > being stopped at dac level. >>> > Error which I get is 'operation not permitted' >>> >>> Yes, that's a capability check, like CAP_FOWNER. >>> >>> Also, we have a seandroid-4.4.2 branch that has most of our patches >>> applied, including our restorecon recursive support. But we stopped >>> maintaining it when we switched to 4.4.3. So you can use it but don't >>> expect any further updates on it. >>> >>> >>> > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov. > -- Nick Kralevich | Android Security | n...@google.com | 650.214.4037
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
