Thank you for your comments. These were very helpful. One more question, one application (app_1) created a directory (dir_1) under /data/system during run-time and I already writed the labeling of dir_1 in the file_context.
/data/system/dir_1(/.*)? u:object_r:app_1_data_file:s0 But the /data/system/dir_1 have still system_data_file context It can be changed to app_1_data_file after I run "restorecon /data/system/dir_1". How can I label the directory which application create dynamically during run-time without running "restorecon" ? Is there some useful macro? Thank you Best regards 2013/11/14 Stephen Smalley <[email protected]> > On 11/13/2013 07:01 PM, Jaejyn Shin wrote: > > Dear All. > > > > I created and mount a directory through init.rc file > > And also modified file_contexts file to label this directory > > > > /dir_1(/.*)? u:object_r:system_data_file:s0 > > > > But the directory was not labeled, even if apply it. > > > > $ lg -Z > > drwxrwx--x system radio u:object_r:unlabeled:s0 dir_1 > > > > To solve it, I found two solutions. > > > > Solution 1) > > Inserting restorecon("/dir_1") at the main function of init.c file. > > > > Solution 2) > > insering restorecon dir_1 at the "on boot" of init.rc > > > > Question) > > Why dir_1 can not be labeled without inserting additional restorecon ? > > You said you created and mounted it. So when it is created by init, the > mount point directory would be labeled as per your specification above. > But when you mount some filesystem on that directory, it has whatever > label was assigned to that filesystem's root directory already. The > fact that it is unlabeled suggests that it is a filesystem type that is > not configured in fs_use or genfs_contexts or that it was an ext4 > filesystem that had never been labeled. > > >
