- Don't set exec label on executables. Smack label should be set only by
launcher. Also that exec label was wrong. Apps run with appId-based label,
not pkgId-based.
- Set transmute attribute. To keep all files in SECURITY_MANAGER_PATH_RW
labeled with pkgId-based label, directories must be transmutable.
Change-Id: I3ce69ae70796d2d591b57c75bd175c9c3ea99028
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
switch (pathType) {
case SECURITY_MANAGER_PATH_RW:
label = zoneSmackLabelGenerate(generatePkgLabel(pkgId), zoneId);
switch (pathType) {
case SECURITY_MANAGER_PATH_RW:
label = zoneSmackLabelGenerate(generatePkgLabel(pkgId), zoneId);
- label_executables = true;
- label_transmute = false;
+ label_executables = false;
+ label_transmute = true;
break;
case SECURITY_MANAGER_PATH_RO:
label = zoneSmackLabelGenerate(generatePkgROLabel(pkgId), zoneId);
break;
case SECURITY_MANAGER_PATH_RO:
label = zoneSmackLabelGenerate(generatePkgROLabel(pkgId), zoneId);