Allow init to set the encryption policy on unlabeled directories.
This fixes a bug where a directory's label was removed, causing it to be unlabeled, and we crashed on trying to set its encryption policy. Fixes: 148923156 Test: Successfully update from build with the deleted label. Change-Id: I69c3707e3e66d9e44a22b0783d3016c8ddab6b8f
This commit is contained in:
parent
231b89410f
commit
5e175476f2
@ -546,7 +546,7 @@ allow init init:key { write search setattr };
|
||||
allow init unencrypted_data_file:dir create_dir_perms;
|
||||
|
||||
# Set encryption policy on dirs in /data
|
||||
allowxperm init data_file_type:dir ioctl {
|
||||
allowxperm init { data_file_type unlabeled }:dir ioctl {
|
||||
FS_IOC_GET_ENCRYPTION_POLICY
|
||||
FS_IOC_SET_ENCRYPTION_POLICY
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user