Merge "virtmgr: check SELinux label of non-partition disk images" into main

commit: 60ce61eb6172a0e1a4f77b8cce60d82a424fb1df [log] [tgz]
author: Frederick Mayle <fmayle@google.com> Wed Feb 19 10:25:53 2025 -0800
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Feb 19 10:25:53 2025 -0800
tree: 3dfa49511598abc313ae8ff16d0fed971fb47f1c
parent: ed2f45194919cec3ee3e2bd7f0774c8c1006078d [diff]
parent: 9539fb5b0317c04c82eda48ba3de6abc22df7ce3 [diff]
diff --git a/android/virtmgr/src/aidl.rs b/android/virtmgr/src/aidl.rs
index b5cf643..1a263bd 100644
--- a/android/virtmgr/src/aidl.rs
+++ b/android/virtmgr/src/aidl.rs

@@ -707,6 +707,12 @@
             config
                 .disks
                 .iter()
+                .flat_map(|disk| disk.image.as_ref())
+                .try_for_each(|image| check_label_for_file(image, "disk image", calling_partition))
+                .or_service_specific_exception(-1)?;
+            config
+                .disks
+                .iter()
                 .flat_map(|disk| disk.partitions.iter())
                 .filter(|partition| {
                     if is_app_config {
@@ -1582,7 +1588,7 @@
     Ok(())
 }
 fn check_label_for_file(
-    file: &File,
+    file: &impl AsRawFd,
     name: &str,
     calling_partition: CallingPartition,
 ) -> Result<()> {
commit	60ce61eb6172a0e1a4f77b8cce60d82a424fb1df	[log] [tgz]
author	Frederick Mayle <fmayle@google.com>	Wed Feb 19 10:25:53 2025 -0800
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Feb 19 10:25:53 2025 -0800
tree	3dfa49511598abc313ae8ff16d0fed971fb47f1c
parent	ed2f45194919cec3ee3e2bd7f0774c8c1006078d [diff]
parent	9539fb5b0317c04c82eda48ba3de6abc22df7ce3 [diff]