Exclude /mnt/vendor from vold's ownership.
Addresses this selinux denial:
avc: denied { search } for name="vendor" dev="tmpfs" ino=11069
scontext=u:r:vold:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir
permissive=0
Bug: 64905218
Test: fixes above denial.
Change-Id: I670b2148e65c7e0fcabd1e11f5bace0c4f4e18bd
Merged-In: I670b2148e65c7e0fcabd1e11f5bace0c4f4e18bd
(cherry picked from commit bca5cd78fe14292079e2ffd63912f51e974c7fc3)
diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index c3c95f6..98f12e8 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -39,6 +39,7 @@
#include <android-base/logging.h>
#include <android-base/parseint.h>
#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
#include <cutils/fs.h>
#include <cutils/log.h>
@@ -751,9 +752,11 @@
std::list<std::string> toUnmount;
mntent* mentry;
while ((mentry = getmntent(fp)) != NULL) {
- if (strncmp(mentry->mnt_dir, "/mnt/", 5) == 0
- || strncmp(mentry->mnt_dir, "/storage/", 9) == 0) {
- toUnmount.push_front(std::string(mentry->mnt_dir));
+ auto test = std::string(mentry->mnt_dir);
+ if ((android::base::StartsWith(test, "/mnt/") &&
+ !android::base::StartsWith(test, "/mnt/vendor")) ||
+ android::base::StartsWith(test, "/storage/")) {
+ toUnmount.push_front(test);
}
}
endmntent(fp);