Properly set SELinux context after reboot

After reboot, the SELinux context labels for files located in `/data/adb` are reset to `u:object_r:adb_data_file:s0`. To fully address the issue in ed1f61d2, we should always compare the SELinux context and reset it when necessary.
2025-11-08 20:13:53 +01:00 · 2025-11-08 20:13:53 +01:00 · 487e835559
parent b270bd55df
commit 487e835559
2 changed files with 32 additions and 9 deletions
--- a/daemon/src/main/java/org/lsposed/lspd/service/ConfigFileManager.java
+++ b/daemon/src/main/java/org/lsposed/lspd/service/ConfigFileManager.java
@ -70,6 +70,7 @@ import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
+import java.util.stream.Stream;
 import java.util.zip.Deflater;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
@ -454,20 +455,38 @@ public class ConfigFileManager {

    static Path resolveModuleDir(String packageName, String dir, int userId, int uid) throws IOException {
        var path = modulePath.resolve(String.valueOf(userId)).resolve(packageName).resolve(dir).normalize();
-        if (uid != -1) {
-            if (path.toFile().mkdirs()) {
-                try {
-                    SELinux.setFileContext(path.toString(), "u:object_r:xposed_data:s0");
-                    Os.chown(path.toString(), uid, uid);
-                    Os.chmod(path.toString(), 0755);
-                } catch (ErrnoException e) {
-                    throw new IOException(e);
-                }
+        // Ensure the directory and any necessary parent directories exist.
+        path.toFile().mkdirs();
+
+        if (SELinux.getFileContext(path.toString()) != "u:object_r:xposed_data:s0") {
+            // SELinux label could be reset after a reboot.
+            try {
+                setSelinuxContextRecursive(path, "u:object_r:xposed_data:s0");
+                Os.chown(path.toString(), uid, uid);
+                Os.chmod(path.toString(), 0755);
+            } catch (ErrnoException e) {
+                throw new IOException(e);
            }
        }
        return path;
    }

+     private static void setSelinuxContextRecursive(Path path, String context) throws IOException {
+        try {
+            SELinux.setFileContext(path.toString(), context);
+
+            if (Files.isDirectory(path)) {
+                try (Stream<Path> stream = Files.list(path)) {
+                    for (Path entry : (Iterable<Path>) stream::iterator) {
+                        setSelinuxContextRecursive(entry, context);
+                    }
+                }
+            }
+        } catch (Exception e) {
+            throw new IOException("Failed to recursively set SELinux context for " + path, e);
+        }
+    }
+
    private static class FileLocker {
        private final FileChannel lockChannel;
        private final FileLock locker;
--- a/hiddenapi/stubs/src/main/java/android/os/SELinux.java
+++ b/hiddenapi/stubs/src/main/java/android/os/SELinux.java
@ -9,6 +9,10 @@ public class SELinux {
        throw new UnsupportedOperationException("Stub");
    }

+    public static String getFileContext(String path) {
+        throw new UnsupportedOperationException("Stub");
+    }
+
    public static boolean setFSCreateContext(String context){
        throw new UnsupportedOperationException("Stub");
    }