Mount the new system as 'postinstall_file' in postinstall.
When mounting the new filesystem on /postinstall, we need to override
the file attributes from the new system (unknown to the current selinux
policies) with a consistent label that will be used only in the context
of postinstall. This patch passes an extra option to mount(2) in
Brillo and Android to achieve this.
Bug: 27177071
TEST=Deployed a postinstall script with `ls -laZ`, contents show "postinstall_file".
Change-Id: Ia43b45c92e4c4cd340a884818ac00f24a418f9e7
diff --git a/payload_consumer/postinstall_runner_action.cc b/payload_consumer/postinstall_runner_action.cc
index fe468cc..d57ef4e 100644
--- a/payload_consumer/postinstall_runner_action.cc
+++ b/payload_consumer/postinstall_runner_action.cc
@@ -27,6 +27,7 @@
#include "update_engine/common/action_processor.h"
#include "update_engine/common/boot_control_interface.h"
+#include "update_engine/common/platform_constants.h"
#include "update_engine/common/subprocess.h"
#include "update_engine/common/utils.h"
@@ -99,7 +100,8 @@
if (!utils::MountFilesystem(mountable_device,
fs_mount_dir_,
MS_RDONLY,
- partition.filesystem_type)) {
+ partition.filesystem_type,
+ constants::kPostinstallMountOptions)) {
return CompletePartitionPostinstall(
1, "Error mounting the device " + mountable_device);
}