Extend recovery and updater to support setting file security contexts.

Extend minzip, recovery, and updater to set the security context on
files based on the file_contexts configuration included in the package.

Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29

1 files changed, 15 insertions, 0 deletions

diff --git a/updater/updater.c b/updater/updater.c
index aa626d2..5f15808 100644
--- a/updater/updater.c
+++ b/updater/updater.c
@@ -32,6 +32,8 @@
 // (Note it's "updateR-script", not the older "update-script".)
 #define SCRIPT_NAME "META-INF/com/google/android/updater-script"
 
+struct selabel_handle *sehandle;
+
 int main(int argc, char** argv) {
     // Various things log information to stdout or stderr more or less
     // at random.  The log file makes more sense if buffering is
@@ -103,6 +105,19 @@ int main(int argc, char** argv) {
         return 6;
     }
 
+#ifdef HAVE_SELINUX
+    struct selinux_opt seopts[] = {
+      { SELABEL_OPT_PATH, "/file_contexts" }
+    };
+
+    sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+
+    if (!sehandle) {
+        fprintf(stderr, "Warning:  No file_contexts\n");
+        fprintf(cmd_pipe, "ui_print Warning: No file_contexts\n");
+    }
+#endif
+
     // Evaluate the parsed script.
 
     UpdaterInfo updater_info;