On 05/21/2015 06:37 PM, Tai Nguyen (tainguye) wrote:
> I¹d like to resurface this email thread.
>
> Summary: When we upgrade from JB to KK load, the /data/data/<app> dirs are
> not relabeled.
> We use patches from SEAndroid 4.4.2 branch and verified that
> selinux_android_restorecon_pkgdir()
> is invoked. However, the call fails because inode_owner_or_capable()
> returns false.
>
> We believe that installd should have FOWNER capability so the function
> inode_owner_or_capable() should return true.
> Is our understanding correct? Do we need any patch to make it work?
That sounds correct. In 5.0, installd retains CAP_FOWNER in
frameworks/native/cmds/installd/installd.c:drop_privileges(); it has:
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].permitted |=
CAP_TO_MASK(CAP_DAC_OVERRIDE);
capdata[CAP_TO_INDEX(CAP_CHOWN)].permitted |=
CAP_TO_MASK(CAP_CHOWN);
capdata[CAP_TO_INDEX(CAP_SETUID)].permitted |=
CAP_TO_MASK(CAP_SETUID);
capdata[CAP_TO_INDEX(CAP_SETGID)].permitted |=
CAP_TO_MASK(CAP_SETGID);
capdata[CAP_TO_INDEX(CAP_FOWNER)].permitted |=
CAP_TO_MASK(CAP_FOWNER);
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
