Move restorecon and restorecon_recursive code to libselinux.
This requires telling libselinux to use the sehandle already obtained by init rather than re-acquiring it internally. init retains ownership of the sehandle because it performs the initial load, uses the sehandle for other purposes (e.g. labeling of directories created via mkdir and labeling of socket files), and handles the policy reload property trigger. Change-Id: I4a380caab7f8481c33eb64fcdb16b6cabe918ebd Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
parent
6ddabb7a1c
commit
dbd37f2e1d
|
|
@ -868,6 +868,7 @@ struct selabel_handle* selinux_android_prop_context_handle(void)
|
|||
void selinux_init_all_handles(void)
|
||||
{
|
||||
sehandle = selinux_android_file_context_handle();
|
||||
selinux_android_set_sehandle(sehandle);
|
||||
sehandle_prop = selinux_android_prop_context_handle();
|
||||
}
|
||||
|
||||
|
|
|
|||
55
init/util.c
55
init/util.c
|
|
@ -25,6 +25,7 @@
|
|||
#include <ftw.h>
|
||||
|
||||
#include <selinux/label.h>
|
||||
#include <selinux/android.h>
|
||||
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
|
|
@ -524,60 +525,12 @@ int make_dir(const char *path, mode_t mode)
|
|||
return rc;
|
||||
}
|
||||
|
||||
static int restorecon_sb(const char *pathname, const struct stat *sb)
|
||||
int restorecon(const char* pathname)
|
||||
{
|
||||
char *secontext = NULL;
|
||||
char *oldsecontext = NULL;
|
||||
int i;
|
||||
|
||||
if (selabel_lookup(sehandle, &secontext, pathname, sb->st_mode) < 0)
|
||||
return -errno;
|
||||
|
||||
if (lgetfilecon(pathname, &oldsecontext) < 0) {
|
||||
freecon(secontext);
|
||||
return -errno;
|
||||
}
|
||||
|
||||
if (strcmp(oldsecontext, secontext) != 0) {
|
||||
if (lsetfilecon(pathname, secontext) < 0) {
|
||||
freecon(oldsecontext);
|
||||
freecon(secontext);
|
||||
return -errno;
|
||||
}
|
||||
}
|
||||
freecon(oldsecontext);
|
||||
freecon(secontext);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int restorecon(const char *pathname)
|
||||
{
|
||||
struct stat sb;
|
||||
|
||||
if (is_selinux_enabled() <= 0 || !sehandle)
|
||||
return 0;
|
||||
|
||||
if (lstat(pathname, &sb) < 0)
|
||||
return -errno;
|
||||
|
||||
return restorecon_sb(pathname, &sb);
|
||||
}
|
||||
|
||||
static int nftw_restorecon(const char* filename, const struct stat* statptr,
|
||||
int fileflags __attribute__((unused)),
|
||||
struct FTW* pftw __attribute__((unused)))
|
||||
{
|
||||
restorecon_sb(filename, statptr);
|
||||
return 0;
|
||||
return selinux_android_restorecon(pathname);
|
||||
}
|
||||
|
||||
int restorecon_recursive(const char* pathname)
|
||||
{
|
||||
int fd_limit = 20;
|
||||
int flags = FTW_DEPTH | FTW_MOUNT | FTW_PHYS;
|
||||
|
||||
if (is_selinux_enabled() <= 0 || !sehandle)
|
||||
return 0;
|
||||
|
||||
return nftw(pathname, nftw_restorecon, fd_limit, flags);
|
||||
return selinux_android_restorecon_recursive(pathname);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue