sign_android_image: use ARCVM file context if needed
Apparently the file android_file_contexts has a different name for ARCVM
with _vm suffix. Choose _vm if the container one is not found.
BUG=b:161828692
TEST=sign_official_build.sh base recovery_image.bin mykey signed.bin
BRANCH=none
Signed-off-by: Victor Hsieh <victorhsieh@chromium.org>
Change-Id: I8a93d8e1dd5b824f319d7de804f8f74825166a97
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2323647
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/scripts/image_signing/sign_android_image.sh b/scripts/image_signing/sign_android_image.sh
index 2558a98..c1f7c76 100755
--- a/scripts/image_signing/sign_android_image.sh
+++ b/scripts/image_signing/sign_android_image.sh
@@ -206,9 +206,16 @@
info "Reapplying file security context"
- sudo /sbin/setfiles -v -r "${system_mnt}" \
- "${root_fs_dir}/etc/selinux/arc/contexts/files/android_file_contexts" \
- "${system_mnt}"
+ local selinux_dir="${root_fs_dir}/etc/selinux"
+ local file_contexts="${selinux_dir}/arc/contexts/files/android_file_contexts"
+ if [[ ! -f "${file_contexts}" ]]; then
+ file_contexts="${file_contexts}_vm"
+ if [[ ! -f "${file_contexts}" ]]; then
+ die "Can't find Android's file contexts"
+ fi
+ fi
+
+ sudo /sbin/setfiles -v -r "${system_mnt}" "${file_contexts}" "${system_mnt}"
}
# Snapshot file properties in a directory recursively.