Allow /postinstall files to have custom contexts
We were mounting /postinstall with a 'context=...' option. This forces
all files within /postinstall to have a single selinux context,
limiting the possible granularity of our policies. Here we change it
to simply default to the 'postinstall_file' context for the 'system'
partition but allow individual files to have their own custom contexts
defined by /system/sepolicy. Other partitions retain the single
'postinstall_file' context.
The sample_images were updated to manually add a selinux label for
testing FS contexts.
Test: Manual OTA of blueline
Test: atest update_engine_unittests
Bug: 181182967
Change-Id: I0b8c2b2228fa08afecb64da9c276737eb9ae3631
diff --git a/cros/hardware_chromeos.cc b/cros/hardware_chromeos.cc
index a57cd78..ad0a64d 100644
--- a/cros/hardware_chromeos.cc
+++ b/cros/hardware_chromeos.cc
@@ -363,4 +363,9 @@
return ErrorCode::kSuccess;
}
+const char* HardwareChromeOS::GetPartitionMountOptions(
+ const std::string& partition_name) const {
+ return "";
+}
+
} // namespace chromeos_update_engine
diff --git a/cros/hardware_chromeos.h b/cros/hardware_chromeos.h
index 8a920ef..a64f804 100644
--- a/cros/hardware_chromeos.h
+++ b/cros/hardware_chromeos.h
@@ -68,6 +68,8 @@
ErrorCode IsPartitionUpdateValid(
const std::string& partition_name,
const std::string& new_version) const override;
+ const char* GetPartitionMountOptions(
+ const std::string& partition_name) const override;
private:
friend class HardwareChromeOSTest;
diff --git a/cros/platform_constants_chromeos.cc b/cros/platform_constants_chromeos.cc
index fe94a45..5a5a521 100644
--- a/cros/platform_constants_chromeos.cc
+++ b/cros/platform_constants_chromeos.cc
@@ -32,7 +32,6 @@
const char kOmahaResponseDeadlineFile[] = "/tmp/update-check-response-deadline";
// This directory is wiped during powerwash.
const char kNonVolatileDirectory[] = "/var/lib/update_engine";
-const char kPostinstallMountOptions[] = "";
} // namespace constants
} // namespace chromeos_update_engine