Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / cb556e340b50d16e8fac41b0c69d8d35bd7915f9^! / . / cmds / installd / dexopt.cpp
commitcb556e340b50d16e8fac41b0c69d8d35bd7915f9[log] [tgz]
authorCalin Juravle <calin@google.com>Tue Apr 04 20:22:50 2017 -0700
committerCalin Juravle <calin@google.com>Thu Apr 06 14:55:19 2017 -0700
tree4702efeb86dafa7a8ab261aff3fb15750daf4a10
parentebc8a79bbc00759307bed9142b60cff1e35d79e0 [diff] [blame]
Restore selinux labels for secondary dex oat directory

Bug: 36896515
Test: adb shell cmd package compile -r bg-dexopt --secondary-dex com.google.android.gms
      adb shell ls
/data/user_de/0/com.google.android.gms/app_chimera/m/0000000c/oat/arm64/
-Z
      youtube loads gms modules without extracting from apk

Change-Id: I4e12a6f532a1442a840e3ed8d01b98dd9a328eb6

diff --git a/cmds/installd/dexopt.cpp b/cmds/installd/dexopt.cpp
index 5422331..63afdcd 100644
--- a/cmds/installd/dexopt.cpp
+++ b/cmds/installd/dexopt.cpp

@@ -36,6 +36,7 @@
 #include <cutils/sched_policy.h>
 #include <log/log.h>               // TODO: Move everything to base/logging.
 #include <private/android_filesystem_config.h>
+#include <selinux/android.h>
 #include <system/thread_defs.h>
 
 #include "dexopt.h"
@@ -1459,7 +1460,7 @@
 
 int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set,
         int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
-        const char* volume_uuid, const char* shared_libraries) {
+        const char* volume_uuid, const char* shared_libraries, const char* se_info) {
     CHECK(pkgname != nullptr);
     CHECK(pkgname[0] != 0);
     if ((dexopt_flags & ~DEXOPT_MASK) != 0) {
@@ -1518,6 +1519,19 @@
         return -1;
     }
 
+    // Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct
+    // selinux context (we generate them on the fly during the dexopt invocation and they don't
+    // fully inherit their parent context).
+    // Note that for primary apk the oat files are created before, in a separate installd
+    // call which also does the restorecon. TODO(calin): unify the paths.
+    if (is_secondary_dex) {
+        if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid,
+                SELINUX_ANDROID_RESTORECON_RECURSE)) {
+            LOG(ERROR) << "Failed to restorecon " << oat_dir;
+            return -1;
+        }
+    }
+
     // Create a swap file if necessary.
     unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path);
 
@@ -1859,8 +1873,9 @@
                   atoi(params[6]),              // dexopt_flags
                   params[7],                    // compiler_filter
                   parse_null(params[8]),        // volume_uuid
-                  parse_null(params[9]));       // shared_libraries
-    static_assert(DEXOPT_PARAM_COUNT == 10U, "Unexpected dexopt param count");
+                  parse_null(params[9]),        // shared_libraries
+                  parse_null(params[10]));       // se_info
+    static_assert(DEXOPT_PARAM_COUNT == 11U, "Unexpected dexopt param count");
 }
 
 }  // namespace installd