aboutsummaryrefslogtreecommitdiffstats
path: root/minzip
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2013-07-17 19:01:37 -0700
committerNick Kralevich <nnk@google.com>2013-07-18 15:21:12 -0700
commit627eb30f73c29257acaeb6568f3da38880784f7c (patch)
tree044a0368547eadfaefa9ee4c9a24672ac5a30dc5 /minzip
parent51c84694b0198a90b8eed635b46a3712c44db7a5 (diff)
downloadbootable_recovery-627eb30f73c29257acaeb6568f3da38880784f7c.zip
bootable_recovery-627eb30f73c29257acaeb6568f3da38880784f7c.tar.gz
bootable_recovery-627eb30f73c29257acaeb6568f3da38880784f7c.tar.bz2
Update OTA installer to understand SELinux filesystem labels
Modify the OTA installer to understand SELinux filesystem labels. We do this by introducing new set_perm2 / set_perm2_recursive calls, which understand SELinux filesystem labels. These filesystem labels are applied at the same time that we apply the UID / GID / permission changes. For compatibility, we preserve the behavior of the existing set_perm / set_perm_recursive calls. If the destination kernel doesn't support security labels, don't fail. SELinux isn't enabled on all kernels. Bug: 8985290 Change-Id: I99800499f01784199e4918a82e3e2db1089cf25b
Diffstat (limited to 'minzip')
-rw-r--r--minzip/DirUtil.c9
-rw-r--r--minzip/DirUtil.h2
2 files changed, 8 insertions, 3 deletions
diff --git a/minzip/DirUtil.c b/minzip/DirUtil.c
index 8dd5da1..c120fa3 100644
--- a/minzip/DirUtil.c
+++ b/minzip/DirUtil.c
@@ -23,6 +23,7 @@
#include <errno.h>
#include <dirent.h>
#include <limits.h>
+#include <selinux/selinux.h>
#include "DirUtil.h"
@@ -237,7 +238,7 @@ dirUnlinkHierarchy(const char *path)
int
dirSetHierarchyPermissions(const char *path,
- int uid, int gid, int dirMode, int fileMode)
+ int uid, int gid, int dirMode, int fileMode, const char* secontext)
{
struct stat st;
if (lstat(path, &st)) {
@@ -255,6 +256,10 @@ dirSetHierarchyPermissions(const char *path,
return -1;
}
+ if ((secontext != NULL) && lsetfilecon(path, secontext) && (errno != ENOTSUP)) {
+ return -1;
+ }
+
/* recurse over directory components */
if (S_ISDIR(st.st_mode)) {
DIR *dir = opendir(path);
@@ -271,7 +276,7 @@ dirSetHierarchyPermissions(const char *path,
char dn[PATH_MAX];
snprintf(dn, sizeof(dn), "%s/%s", path, de->d_name);
- if (!dirSetHierarchyPermissions(dn, uid, gid, dirMode, fileMode)) {
+ if (!dirSetHierarchyPermissions(dn, uid, gid, dirMode, fileMode, secontext)) {
errno = 0;
} else if (errno == 0) {
errno = -1;
diff --git a/minzip/DirUtil.h b/minzip/DirUtil.h
index a5cfa76..3e12a0b 100644
--- a/minzip/DirUtil.h
+++ b/minzip/DirUtil.h
@@ -54,7 +54,7 @@ int dirUnlinkHierarchy(const char *path);
* Sets directories to <dirMode> and files to <fileMode>. Skips symlinks.
*/
int dirSetHierarchyPermissions(const char *path,
- int uid, int gid, int dirMode, int fileMode);
+ int uid, int gid, int dirMode, int fileMode, const char* secontext);
#ifdef __cplusplus
}