Zygote: relabel to either system_userdir_file or system_data_file
To hide other apps' data directories, zygote mounts tmpfs instances over
various directories such as /data/user, then bind-mounts in the needed
app directories. Files in tmpfs get the SELinux label "tmpfs" by
default. After creating them, zygote relabels some of these "tmpfs"
files to their normal labels; however, in every case the desired label
was "u:object_r:system_data_file:s0", so zygote just copied the label of
/data/user_de which happened to have this same label.
With https://r.android.com/2078213, the /data/user_de directory, but not
its subdirectories, will start being labeled as
"u:object_r:system_userdir_file:s0". This would break the
above-mentioned logic, as it would start assigning system_userdir_file
to files that should be system_data_file. Therefore, update it to
assign the appropriate type of [system_userdir_file, system_data_file].
Note that alternatively, it seems that we could just always use
system_data_file, or just remove this relabeling code entirely since the
sepolicy contains 'allow domain tmpfs:dir search' anyway. But as long
as zygote is trying to set the normal labels, it should do it correctly.
Test: Tested together with the sepolicy change
https://r.android.com/2078213; see there for testing notes.
Bug: 156305599
Change-Id: I325aa873cf216e33924d0508100fcc755f265cf2
1 file changed