am ef3f7fa3: Merge "Set the SELinux security label on new directories."

* commit 'ef3f7fa32b451bd6f180c4c1586a98cee41aa296':
  Set the SELinux security label on new directories.

1 files changed, 51 insertions, 2 deletions

diff --git a/init/util.c b/init/util.c
index 7d79f39..f994ab9 100755
--- a/init/util.c
+++ b/init/util.c
@@ -302,12 +302,12 @@ int mkdir_recursive(const char *pathname, mode_t mode)
         memcpy(buf, pathname, width);
         buf[width] = 0;
         if (stat(buf, &info) != 0) {
-            ret = mkdir(buf, mode);
+            ret = make_dir(buf, mode);
             if (ret && errno != EEXIST)
                 return ret;
         }
     }
-    ret = mkdir(pathname, mode);
+    ret = make_dir(pathname, mode);
     if (ret && errno != EEXIST)
         return ret;
     return 0;
@@ -463,3 +463,52 @@ void import_kernel_cmdline(int in_qemu,
         ptr = x;
     }
 }
+
+int make_dir(const char *path, mode_t mode)
+{
+    int rc;
+
+#ifdef HAVE_SELINUX
+    char *secontext = NULL;
+
+    if (sehandle) {
+        selabel_lookup(sehandle, &secontext, path, mode);
+        setfscreatecon(secontext);
+    }
+#endif
+
+    rc = mkdir(path, mode);
+
+#ifdef HAVE_SELINUX
+    if (secontext) {
+        int save_errno = errno;
+        freecon(secontext);
+        setfscreatecon(NULL);
+        errno = save_errno;
+    }
+#endif
+    return rc;
+}
+
+int restorecon(const char *pathname)
+{
+#ifdef HAVE_SELINUX
+    char *secontext = NULL;
+    struct stat sb;
+    int i;
+
+    if (is_selinux_enabled() <= 0 || !sehandle)
+        return 0;
+
+    if (lstat(pathname, &sb) < 0)
+        return -errno;
+    if (selabel_lookup(sehandle, &secontext, pathname, sb.st_mode) < 0)
+        return -errno;
+    if (lsetfilecon(pathname, secontext) < 0) {
+        freecon(secontext);
+        return -errno;
+    }
+    freecon(secontext);
+#endif
+    return 0;
+}