commit 15c83f1ee806db532dab7b90dbe298322e22d185
author Frederick Mayle <fmayle@google.com> Wed Feb 19 11:08:00 2025 -0800
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Feb 19 11:08:00 2025 -0800
tree d64de21529b0666eeef9648dac6ce4fedaebd335
parent 3e35b78fc40015f22789f3b68b7561d2c82be96b
parent 60ce61eb6172a0e1a4f77b8cce60d82a424fb1df

Merge "virtmgr: check SELinux label of non-partition disk images" into main am: 60ce61eb61

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/3495671

Change-Id: I66bdaa4abe1792325e10f00f98e4f48a24d45ef7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

android/virtmgr/src/aidl.rs

diff --git a/android/virtmgr/src/aidl.rs b/android/virtmgr/src/aidl.rs
index b5cf643..1a263bd 100644
--- a/android/virtmgr/src/aidl.rs
+++ b/android/virtmgr/src/aidl.rs
@@ -707,6 +707,12 @@
             config
                 .disks
                 .iter()
+                .flat_map(|disk| disk.image.as_ref())
+                .try_for_each(|image| check_label_for_file(image, "disk image", calling_partition))
+                .or_service_specific_exception(-1)?;
+            config
+                .disks
+                .iter()
                 .flat_map(|disk| disk.partitions.iter())
                 .filter(|partition| {
                     if is_app_config {
@@ -1582,7 +1588,7 @@
     Ok(())
 }
 fn check_label_for_file(
-    file: &File,
+    file: &impl AsRawFd,
     name: &str,
     calling_partition: CallingPartition,
 ) -> Result<()> {