The easiest fix would be to add a file_contexts entry (which you can
do as part of your device policy without modifying
external/sepolicy/file_contexts directly) that will match even files
with embedded newlines. The current entries do not match because by
default, the dot (.) character does not match newline so even the
entries that end in (/.*)? won't match.
On Mon, Feb 23, 2015 at 6:54 PM, 심현용 <jonesn5...@gmail.com> wrote:
> Dear Stephen.
>
> I have some question restorecon api.
>
> When I create file like that
> $ touch "test<space enter>
> newline"
>
> that file doesn't work restorecon..
>
> For example, Google docs app (com.google.android.apps.docs) create these
> files(thumbnail file) like bellows.
>
> /data/data/com.google.android.apps.docs/cache/diskCache/fetching/accountCache_1$
> ls
> thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6Mw==
> _1404878698133
> thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6NA==
> _1402378046571
> thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6Ng==
> _1324189493087
> thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6Nw==
> _1320481847143
> thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6OA==
> _1320481776981
> thumbnail-510-384-d_downloaded_image_am9uZXNuNTUwOEBnbWFpbC5jb20tZGI6OQ==
> _1314508429262
>
> (new line involve)
>
> Before SELinux enable(Android JB version), these files would be unlabeled.
> That files doesn't change when upgrade (JB -> KK(SELinux Enable) -> L OS)
> because restorecon doesn't work these files(involve newline).
>
>
> Restorecon api doesn't work because of lookup_common() method (ret will
> return null!)
>
> external/libselinux/src/android.c
>
> static int restorecon_sb()
> ..
> if (selabel_lookup(sehandle, &secontext, pathname, sb->st_mode) < 0)
> return 0
>
> ..
>
>
> // if input file name include "new line", i will be -1 because rc would be
> PCRE_ERROR_NOMATCH!
>
> external/libselinux/src/label_file.c
> static spec_t *lookup_common()
> ..
> if (i < 0 || strcmp(spec_arr[i].lr.ctx_raw, "<<none>>") == 0) {
> /* No matching specification. */
> errno = ENOENT;
> goto finish;
> }
> ..
>
>
> What should I do?
> Please help this issue.
>
> Thanks.
>
> _______________________________________________
> Seandroid-list mailing list
> Seandroid-list@tycho.nsa.gov
> To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to
> seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
