diff options
| author | Nick Kralevich <nnk@google.com> | 2013-07-17 19:01:37 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2013-07-18 15:21:12 -0700 |
| commit | 627eb30f73c29257acaeb6568f3da38880784f7c (patch) | |
| tree | 044a0368547eadfaefa9ee4c9a24672ac5a30dc5 /minzip | |
| parent | 51c84694b0198a90b8eed635b46a3712c44db7a5 (diff) | |
| download | bootable_recovery-627eb30f73c29257acaeb6568f3da38880784f7c.zip bootable_recovery-627eb30f73c29257acaeb6568f3da38880784f7c.tar.gz bootable_recovery-627eb30f73c29257acaeb6568f3da38880784f7c.tar.bz2 | |
Update OTA installer to understand SELinux filesystem labels
Modify the OTA installer to understand SELinux filesystem labels.
We do this by introducing new set_perm2 / set_perm2_recursive
calls, which understand SELinux filesystem labels. These filesystem
labels are applied at the same time that we apply the
UID / GID / permission changes.
For compatibility, we preserve the behavior of the existing
set_perm / set_perm_recursive calls.
If the destination kernel doesn't support security labels, don't
fail. SELinux isn't enabled on all kernels.
Bug: 8985290
Change-Id: I99800499f01784199e4918a82e3e2db1089cf25b
Diffstat (limited to 'minzip')
| -rw-r--r-- | minzip/DirUtil.c | 9 | ||||
| -rw-r--r-- | minzip/DirUtil.h | 2 |
2 files changed, 8 insertions, 3 deletions
diff --git a/minzip/DirUtil.c b/minzip/DirUtil.c index 8dd5da1..c120fa3 100644 --- a/minzip/DirUtil.c +++ b/minzip/DirUtil.c @@ -23,6 +23,7 @@ #include <errno.h> #include <dirent.h> #include <limits.h> +#include <selinux/selinux.h> #include "DirUtil.h" @@ -237,7 +238,7 @@ dirUnlinkHierarchy(const char *path) int dirSetHierarchyPermissions(const char *path, - int uid, int gid, int dirMode, int fileMode) + int uid, int gid, int dirMode, int fileMode, const char* secontext) { struct stat st; if (lstat(path, &st)) { @@ -255,6 +256,10 @@ dirSetHierarchyPermissions(const char *path, return -1; } + if ((secontext != NULL) && lsetfilecon(path, secontext) && (errno != ENOTSUP)) { + return -1; + } + /* recurse over directory components */ if (S_ISDIR(st.st_mode)) { DIR *dir = opendir(path); @@ -271,7 +276,7 @@ dirSetHierarchyPermissions(const char *path, char dn[PATH_MAX]; snprintf(dn, sizeof(dn), "%s/%s", path, de->d_name); - if (!dirSetHierarchyPermissions(dn, uid, gid, dirMode, fileMode)) { + if (!dirSetHierarchyPermissions(dn, uid, gid, dirMode, fileMode, secontext)) { errno = 0; } else if (errno == 0) { errno = -1; diff --git a/minzip/DirUtil.h b/minzip/DirUtil.h index a5cfa76..3e12a0b 100644 --- a/minzip/DirUtil.h +++ b/minzip/DirUtil.h @@ -54,7 +54,7 @@ int dirUnlinkHierarchy(const char *path); * Sets directories to <dirMode> and files to <fileMode>. Skips symlinks. */ int dirSetHierarchyPermissions(const char *path, - int uid, int gid, int dirMode, int fileMode); + int uid, int gid, int dirMode, int fileMode, const char* secontext); #ifdef __cplusplus } |