From c2ef2f0d8d7b8b6c113e2fabb259209f9890f407 Mon Sep 17 00:00:00 2001 From: Tom Cherry Date: Mon, 8 May 2017 13:38:15 -0700 Subject: [PATCH] init: remove restorecon() from util.cpp restorecon() has become nothing more than a small wrapper around selinux_android_restore(). This itself isn't super problematic, but it is an obstacle for compiling util.cpp on the host as that function is not available on the host. Bug: 36970783 Test: Boot bullhead Change-Id: I7e209ece6898f9a0d5eb9e5d5d8155c2f1ba9faf --- init/builtins.cpp | 2 +- init/devices.cpp | 2 +- init/init.cpp | 52 +++++++++++++++++++-------------------- init/property_service.cpp | 2 +- init/util.cpp | 5 ---- init/util.h | 1 - 6 files changed, 29 insertions(+), 35 deletions(-) diff --git a/init/builtins.cpp b/init/builtins.cpp index 27b72f96c..1eacb363e 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp @@ -762,7 +762,7 @@ static int do_restorecon(const std::vector& args) { } } else { in_flags = false; - if (restorecon(args[i].c_str(), flag) < 0) { + if (selinux_android_restorecon(args[i].c_str(), flag) < 0) { ret = -errno; } } diff --git a/init/devices.cpp b/init/devices.cpp index 74f099ade..d8258cf55 100644 --- a/init/devices.cpp +++ b/init/devices.cpp @@ -251,7 +251,7 @@ static void fixup_sys_permissions(const std::string& upath, const std::string& s if (access(path.c_str(), F_OK) == 0) { LOG(VERBOSE) << "restorecon_recursive: " << path; - restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE); + selinux_android_restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE); } } diff --git a/init/init.cpp b/init/init.cpp index 6de206162..eddfa50b1 100644 --- a/init/init.cpp +++ b/init/init.cpp @@ -889,36 +889,36 @@ static void selinux_initialize(bool in_kernel_domain) { // value. This must happen before /dev is populated by ueventd. static void selinux_restore_context() { LOG(INFO) << "Running restorecon..."; - restorecon("/dev"); - restorecon("/dev/kmsg"); + selinux_android_restorecon("/dev", 0); + selinux_android_restorecon("/dev/kmsg", 0); if constexpr (WORLD_WRITABLE_KMSG) { - restorecon("/dev/kmsg_debug"); + selinux_android_restorecon("/dev/kmsg_debug", 0); } - restorecon("/dev/socket"); - restorecon("/dev/random"); - restorecon("/dev/urandom"); - restorecon("/dev/__properties__"); + selinux_android_restorecon("/dev/socket", 0); + selinux_android_restorecon("/dev/random", 0); + selinux_android_restorecon("/dev/urandom", 0); + selinux_android_restorecon("/dev/__properties__", 0); - restorecon("/file_contexts.bin"); - restorecon("/plat_file_contexts"); - restorecon("/nonplat_file_contexts"); - restorecon("/plat_property_contexts"); - restorecon("/nonplat_property_contexts"); - restorecon("/plat_seapp_contexts"); - restorecon("/nonplat_seapp_contexts"); - restorecon("/plat_service_contexts"); - restorecon("/nonplat_service_contexts"); - restorecon("/plat_hwservice_contexts"); - restorecon("/nonplat_hwservice_contexts"); - restorecon("/sepolicy"); - restorecon("/vndservice_contexts"); + selinux_android_restorecon("/file_contexts.bin", 0); + selinux_android_restorecon("/plat_file_contexts", 0); + selinux_android_restorecon("/nonplat_file_contexts", 0); + selinux_android_restorecon("/plat_property_contexts", 0); + selinux_android_restorecon("/nonplat_property_contexts", 0); + selinux_android_restorecon("/plat_seapp_contexts", 0); + selinux_android_restorecon("/nonplat_seapp_contexts", 0); + selinux_android_restorecon("/plat_service_contexts", 0); + selinux_android_restorecon("/nonplat_service_contexts", 0); + selinux_android_restorecon("/plat_hwservice_contexts", 0); + selinux_android_restorecon("/nonplat_hwservice_contexts", 0); + selinux_android_restorecon("/sepolicy", 0); + selinux_android_restorecon("/vndservice_contexts", 0); - restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE); - restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE); - restorecon("/dev/device-mapper"); + selinux_android_restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE); + selinux_android_restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE); + selinux_android_restorecon("/dev/device-mapper", 0); - restorecon("/sbin/mke2fs"); - restorecon("/sbin/e2fsdroid"); + selinux_android_restorecon("/sbin/mke2fs", 0); + selinux_android_restorecon("/sbin/e2fsdroid", 0); } // Set the UDC controller for the ConfigFS USB Gadgets. @@ -1027,7 +1027,7 @@ int main(int argc, char** argv) { // We're in the kernel domain, so re-exec init to transition to the init domain now // that the SELinux policy has been loaded. - if (restorecon("/init") == -1) { + if (selinux_android_restorecon("/init", 0) == -1) { PLOG(ERROR) << "restorecon failed"; security_failure(); } diff --git a/init/property_service.cpp b/init/property_service.cpp index 77227505b..18e47e3df 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -177,7 +177,7 @@ uint32_t property_set(const std::string& name, const std::string& value) { } if (name == "selinux.restorecon_recursive" && valuelen > 0) { - if (restorecon(value.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE) != 0) { + if (selinux_android_restorecon(value.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE) != 0) { LOG(ERROR) << "Failed to restorecon_recursive " << value; } } diff --git a/init/util.cpp b/init/util.cpp index 5afe28554..75f81b946 100644 --- a/init/util.cpp +++ b/init/util.cpp @@ -266,11 +266,6 @@ int make_dir(const char* path, mode_t mode, selabel_handle* sehandle) { return rc; } -int restorecon(const char* pathname, int flags) -{ - return selinux_android_restorecon(pathname, flags); -} - /* * Writes hex_len hex characters (1/2 byte) to hex from bytes. */ diff --git a/init/util.h b/init/util.h index f3252c294..1ad6b776b 100644 --- a/init/util.h +++ b/init/util.h @@ -68,7 +68,6 @@ int wait_for_file(const char *filename, std::chrono::nanoseconds timeout); void import_kernel_cmdline(bool in_qemu, const std::function&); int make_dir(const char* path, mode_t mode, selabel_handle* sehandle); -int restorecon(const char *pathname, int flags = 0); std::string bytes_to_hex(const uint8_t *bytes, size_t bytes_len); bool is_dir(const char* pathname); bool expand_props(const std::string& src, std::string* dst);