Google Git
Sign in
android / platform / external / selinux / 4a792614521f82ffa73448483071925a2b77315b
commit4a792614521f82ffa73448483071925a2b77315b[log] [tgz]
authorNick Kralevich <[email protected]>Thu Apr 04 16:14:08 2019 -0700
committerNick Kralevich <[email protected]>Fri Apr 05 09:52:16 2019 -0700
treeb45e839df31d046e0f9262db2f799f9f633b4b2c
parent5e34461434e8724ddf0ff0de5178486777b4319c [diff]
add SELINUX_ANDROID_RESTORECON_SKIP_SEHASH

Allow callers to indicate that they don't want to compute the sehash
value. Callers may not have CAP_SYS_ADMIN, so attempting to write the
sehash value will result in the following (harmless) errors:

  SELinux:  setxattr failed: /data/app/com.andromeda.androbench2-z5oLVfPATqQF35yGDuMUeA==:  Operation not permitted

TODO: It would be better if the default for restorecon was to suppress
the hash computation, since otherwise it encourages programs to be
overprivileged with CAP_SYS_ADMIN. I'll plan on doing that in a followup
commit.

Bugs where this error message has been called out:
Bug: 129766333
Bug: 129271240
Bug: 128700692
Bug: 129925723

Test: install an APK and ensure that no "SELinux:  setxattr failed"
    error messages are generated.

(cherry picked from commit 3060b61d412fa30e91fb13dd29b82d994143aa30)

Change-Id: Iddfb221354ee6336c6ef99d7950b9d1a1a07d5ac
2 files changed
tree: b45e839df31d046e0f9262db2f799f9f633b4b2c
  1. checkpolicy/
  2. dbus/
  3. gui/
  4. libselinux/
  5. libsemanage/
  6. libsepol/
  7. mcstrans/
  8. policycoreutils/
  9. prebuilts/
  10. python/
  11. restorecond/
  12. sandbox/
  13. scripts/
  14. secilc/
  15. semodule-utils/
  16. .gitignore
  17. .travis.yml
  18. Android.bp
  19. CleanSpec.mk
  20. Makefile
  21. MODULE_LICENSE_GPL
  22. NOTICE
  23. OWNERS
  24. README
  25. README.android