From 82eb7e909022ab9a5a87e4b8d31b9b4c0c887e5f Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 18 Jan 2017 15:17:42 -0800 Subject: [PATCH] AOSP: HACK: android: exit(1) if selabel_lookup fails If selabel_lookup fails, the current implementation of set_selinux_xattr returns -1, but the command line tool e2fsdroid reports success. There's a bunch of things wrong: 1) -1 does not appear to be a legal errcode_t value. The appropriate return value appears to be DIRENT_ABORT. 2) A return value of DIRENT_ABORT is ignored by the upper layers of the code. 3) Attempting to fix the upper layers of the code to not ignore DIRENT_ABORT results in complaints about not being able to create /lost+found. Call stack: - main - android_configure_fs - __android_configure_fs - ext2fs_dir_iterate2 - ext2fs_block_iterate3 - ext2fs_process_dir_block - walk_dir - ext2fs_dir_iterate2 - ext2fs_block_iterate3 - ext2fs_process_dir_block - walk_dir - ext2fs_dir_iterate2 - ext2fs_block_iterate3 - ext2fs_process_dir_block - androidify_inode - set_selinux_xattr I'm honestly not sure how to fix this, so just throw an exit(1) in there, to make sure the program dies a horrible death if selabel_lookup() fails. This is much better than the alternative of e2fsdroid returning success with an improperly labeled file. Bug: 34358308 Test: Artifically modify selabel_lookup() to return a failure, and verify Android doesn't compile. Test: Verify Android compiles under normal circumstances. Change-Id: I60e04bc6559a66d3f3202f2c28e2519856385ded From AOSP commit: 87a7db7cf2ca0feecaccad94bf22f92c726000c3 Signed-off-by: Theodore Ts'o --- contrib/android/perms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/android/perms.c b/contrib/android/perms.c index 02ce99f..7a5d47d 100644 --- a/contrib/android/perms.c +++ b/contrib/android/perms.c @@ -86,7 +86,7 @@ static errcode_t set_selinux_xattr(ext2_filsys fs, ext2_ino_t ino, if (retval < 0) { com_err(__func__, retval, _("searching for label \"%s\""), params->filename); - return retval; + exit(1); } retval = ino_add_xattr(fs, ino, "security." XATTR_SELINUX_SUFFIX, -- 1.8.3.1