)]}' { "commit": "688024169df70336cc128ea8cc929174c53a501e", "tree": "a0e4555e3d4d10e022cbeb6c1b86ff740ff2574a", "parents": [ "168f77787700f0e9f66675beef33c593a777e64e" ], "author": { "name": "Nick Kralevich", "email": "nnk@google.com", "time": "Thu Oct 23 20:36:42 2014 -0700" }, "committer": { "name": "Nick Kralevich", "email": "nnk@google.com", "time": "Thu Oct 23 20:46:33 2014 -0700" }, "message": "unconditionally apply SELinux labels to symlinks\n\nAt the end of the OTA script, we walk through /system, updating\nall the permissions on the filesystem, including the UID, GID,\nstandard UNIX permissions, capabilities, and SELinux labels.\n\nIn the case of a symbolic link, however, we want to skip most of\nthose operations. The UID, GID, UNIX permissions, and capabilities\ndon\u0027t meaningfully apply to symbolic links.\n\nHowever, that\u0027s not true with SELinux labels. The SELinux label on\na symbolic link is important. We need to make sure the label on the\nsymbolic link is always updated, even if none of the other attributes\nare updated.\n\nThis change unconditionally updates the SELinux label on the symbolic\nlink itself. lsetfilecon() is used, so that the link itself is updated,\nnot what it\u0027s pointing to.\n\nIn addition, drop the ENOTSUP special case. SELinux has been a\nrequirement since Android 4.4. Running without filesystem extended\nattributes is no longer supported, and we shouldn\u0027t even try to handle\nnon-SELinux updates anymore. (Note: this could be problematic if\nthese scripts are ever used to produce OTA images for 4.2 devices)\n\nBug: 18079773\nChange-Id: I87f99a1c88fe02bb2914f1884cac23ce1b385f91\n", "tree_diff": [ { "type": "modify", "old_id": "282a6188b05b77ce2e00c20e696731d6853c1e6d", "old_mode": 33188, "old_path": "updater/install.c", "new_id": "db2bd3295f0dc781d3f8d5970fc94e8495c9632a", "new_mode": 33188, "new_path": "updater/install.c" } ] }