Run restorecon over mounted private volumes.

This ensures that we have consistent SELinux policy in place before
going any further, and it mirrors the way we restorecon /data when
first mounted.

Bug: 21121357
Change-Id: I2a7e3584ade655fe1fae8916cf54f9eae3a0f99d

diff --git a/PrivateVolume.cpp b/PrivateVolume.cpp
index a1bbb3b..74b6b5b 100644 (file)
--- a/PrivateVolume.cpp
+++ b/PrivateVolume.cpp
@@ -137,6 +137,24 @@ status_t PrivateVolume::doMount() {
         return -EIO;
     }
 
+    LOG(VERBOSE) << "Starting restorecon of " << mPath;
+
+    // TODO: find a cleaner way of waiting for restorecon to finish
+    property_set("selinux.restorecon_recursive", "");
+    property_set("selinux.restorecon_recursive", mPath.c_str());
+
+    char value[PROPERTY_VALUE_MAX];
+    while (true) {
+        property_get("selinux.restorecon_recursive", value, "");
+        if (strcmp(mPath.c_str(), value) == 0) {
+            break;
+        }
+        sleep(1);
+        LOG(VERBOSE) << "Waiting for restorecon...";
+    }
+
+    LOG(VERBOSE) << "Finished restorecon of " << mPath;
+
     // Verify that common directories are ready to roll
     if (PrepareDir(mPath + "/app", 0771, AID_SYSTEM, AID_SYSTEM) ||
             PrepareDir(mPath + "/user", 0711, AID_SYSTEM, AID_SYSTEM) ||
@@ -147,8 +165,6 @@ status_t PrivateVolume::doMount() {
         return -EIO;
     }
 
-    // TODO: restorecon all the things!
-
     // Create a new emulated volume stacked above us, it will automatically
     // be destroyed during unmount
     std::string mediaPath(mPath + "/media");