Allow init to set the encryption policy on unlabeled directories.

This fixes a bug where a directory's label was removed, causing it to be unlabeled, and we crashed on trying to set its encryption policy. Fixes: 148923156 Test: Successfully update from build with the deleted label. Change-Id: I69c3707e3e66d9e44a22b0783d3016c8ddab6b8f
2020-02-05 14:58:27 -08:00 · 2020-02-05 14:58:27 -08:00 · 5e175476f2
commit 5e175476f2
parent 231b89410f
1 changed files with 1 additions and 1 deletions
--- a/public/init.te
+++ b/public/init.te
@ -546,7 +546,7 @@ allow init init:key { write search setattr };
 allow init unencrypted_data_file:dir create_dir_perms;

 # Set encryption policy on dirs in /data
-allowxperm init data_file_type:dir ioctl {
+allowxperm init { data_file_type unlabeled }:dir ioctl {
  FS_IOC_GET_ENCRYPTION_POLICY
  FS_IOC_SET_ENCRYPTION_POLICY
 };