diff options
| author | Nick Kralevich <nnk@google.com> | 2013-10-10 12:42:49 -0700 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2013-10-10 12:42:49 -0700 |
| commit | 3a5a7c0e26cf34e7228a1e6a3181ad0d46d60d6d (patch) | |
| tree | 2b52420d1afdcbed9a6a0e1cd1c37b58a17a69a7 /init | |
| parent | df206c8e46699bda2b496ad3f9b24a6eb07f6047 (diff) | |
| parent | aa4051dc4f90f987ba05269ce396d676571156e0 (diff) | |
| download | system_core-3a5a7c0e26cf34e7228a1e6a3181ad0d46d60d6d.zip system_core-3a5a7c0e26cf34e7228a1e6a3181ad0d46d60d6d.tar.gz system_core-3a5a7c0e26cf34e7228a1e6a3181ad0d46d60d6d.tar.bz2 | |
am aa4051dc: am 2f924ebe: am a94d2b39: Merge "Add a restorecon_recursive built-in command to init."
* commit 'aa4051dc4f90f987ba05269ce396d676571156e0':
Add a restorecon_recursive built-in command to init.
Diffstat (limited to 'init')
| -rw-r--r-- | init/builtins.c | 16 | ||||
| -rw-r--r-- | init/init_parser.c | 1 | ||||
| -rw-r--r-- | init/keywords.h | 2 | ||||
| -rw-r--r-- | init/readme.txt | 8 |
4 files changed, 24 insertions, 3 deletions
diff --git a/init/builtins.c b/init/builtins.c index e8c8f91..e2932d5 100644 --- a/init/builtins.c +++ b/init/builtins.c @@ -797,12 +797,24 @@ int do_chmod(int nargs, char **args) { int do_restorecon(int nargs, char **args) { int i; + int ret = 0; for (i = 1; i < nargs; i++) { if (restorecon(args[i]) < 0) - return -errno; + ret = -errno; } - return 0; + return ret; +} + +int do_restorecon_recursive(int nargs, char **args) { + int i; + int ret = 0; + + for (i = 1; i < nargs; i++) { + if (restorecon_recursive(args[i]) < 0) + ret = -errno; + } + return ret; } int do_setsebool(int nargs, char **args) { diff --git a/init/init_parser.c b/init/init_parser.c index 667c7ab..3f0838f 100644 --- a/init/init_parser.c +++ b/init/init_parser.c @@ -135,6 +135,7 @@ int lookup_keyword(const char *s) case 'r': if (!strcmp(s, "estart")) return K_restart; if (!strcmp(s, "estorecon")) return K_restorecon; + if (!strcmp(s, "estorecon_recursive")) return K_restorecon_recursive; if (!strcmp(s, "mdir")) return K_rmdir; if (!strcmp(s, "m")) return K_rm; break; diff --git a/init/keywords.h b/init/keywords.h index 5a44df3..97fe50c 100644 --- a/init/keywords.h +++ b/init/keywords.h @@ -17,6 +17,7 @@ int do_mount(int nargs, char **args); int do_powerctl(int nargs, char **args); int do_restart(int nargs, char **args); int do_restorecon(int nargs, char **args); +int do_restorecon_recursive(int nargs, char **args); int do_rm(int nargs, char **args); int do_rmdir(int nargs, char **args); int do_setcon(int nargs, char **args); @@ -71,6 +72,7 @@ enum { KEYWORD(powerctl, COMMAND, 1, do_powerctl) KEYWORD(restart, COMMAND, 1, do_restart) KEYWORD(restorecon, COMMAND, 1, do_restorecon) + KEYWORD(restorecon_recursive, COMMAND, 1, do_restorecon_recursive) KEYWORD(rm, COMMAND, 1, do_rm) KEYWORD(rmdir, COMMAND, 1, do_rmdir) KEYWORD(seclabel, OPTION, 0, 0) diff --git a/init/readme.txt b/init/readme.txt index 1e8c392..42a09cb 100644 --- a/init/readme.txt +++ b/init/readme.txt @@ -192,12 +192,18 @@ mount <type> <device> <dir> [ <mountoption> ]* device by name. <mountoption>s include "ro", "rw", "remount", "noatime", ... -restorecon <path> +restorecon <path> [ <path> ]* Restore the file named by <path> to the security context specified in the file_contexts configuration. Not required for directories created by the init.rc as these are automatically labeled correctly by init. +restorecon_recursive <path> [ <path> ]* + Recursively restore the directory tree named by <path> to the + security contexts specified in the file_contexts configuration. + Do NOT use this with paths leading to shell-writable or app-writable + directories, e.g. /data/local/tmp, /data/data or any prefix thereof. + setcon <securitycontext> Set the current process security context to the specified string. This is typically only used from early-init to set the init context |