restorecon the profile directory.

This is required so that it will be assigned the correct SELinux
security context on first creation by installd.

Bug: 13927667
Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

diff --git a/cmds/installd/utils.c b/cmds/installd/utils.c
index 8f4da65..671d031 100644 (file)
--- a/cmds/installd/utils.c
+++ b/cmds/installd/utils.c
@@ -1022,7 +1022,13 @@ int create_profile_file(const char *pkgname, gid_t gid) {
         // Make the profile directory write-only for group and other. Owner can rwx it.
         if (chmod(profile_dir, 0711) < 0) {
             ALOGE("cannot chown profile dir '%s': %s\n", profile_dir, strerror(errno));
-            unlink(profile_dir);
+            rmdir(profile_dir);
+            return -1;
+        }
+
+        if (selinux_android_restorecon(profile_dir, 0) < 0) {
+            ALOGE("cannot restorecon profile dir '%s': %s\n", profile_dir, strerror(errno));
+            rmdir(profile_dir);
             return -1;
         }
     }