On Nov 17, 2013 11:04 AM, "Jaejyn Shin" <[email protected]> wrote: > > Thank you for your comments. These were very helpful. > > One more question, > one application (app_1) created a directory (dir_1) under /data/system during run-time > and I already writed the labeling of dir_1 in the file_context. > > /data/system/dir_1(/.*)? u:object_r:app_1_data_file:s0 > But the /data/system/dir_1 have still system_data_file context > It can be changed to app_1_data_file after I run "restorecon /data/system/dir_1". > > How can I label the directory which application create dynamically during run-time without running "restorecon" ? > Is there some useful macro? >
No macro, but suppose your application is running as type X type_transition X system_data_file:file app_1_data_file; But some words of caution: This will cause all file's to be typ-transitioned if they meet this rule, so if you have 5 apps running in context X, you may accidentally transition too many files. if you create that directory under init.rc, then the context will get picked up via the init builtin and the proper context applied. if app_1 is creating the directory, then you could type transition the mkdir, and optionally give it a hint: No hint: type_transition X system_data_file:dir app_1_data_file; With hint: type_transition X system_data_file:dir app_1_data_file "system/dir_1"; Note that the hint is relative to the mount point. Hope it helps Bill <snip>
