New "selinux.restorecon" control property.

This new property is used as a control verb for running a recursive
restorecon at the path contained in the property value.

Shifts both SELinux actions to occur before the actual property set
occurs, so setters can watch for completion.

Bug: 21121357
Change-Id: I3db3eb876ae66e144b3bfd648349b66a028511fd

1 files changed, 10 insertions, 3 deletions

diff --git a/init/property_service.cpp b/init/property_service.cpp
index 0ee0351..c2881ae 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -205,6 +205,16 @@ static int property_set_impl(const char* name, const char* value) {
     if (!is_legal_property_name(name, namelen)) return -1;
     if (valuelen >= PROP_VALUE_MAX) return -1;
 
+    if (strcmp("selinux.reload_policy", name) == 0 && strcmp("1", value) == 0) {
+        if (selinux_reload_policy() != 0) {
+            ERROR("Failed to reload policy\n");
+        }
+    } else if (strcmp("selinux.restorecon_recursive", name) == 0 && valuelen > 0) {
+        if (restorecon_recursive(value) != 0) {
+            ERROR("Failed to restorecon_recursive %s\n", value);
+        }
+    }
+
     prop_info* pi = (prop_info*) __system_property_find(name);
 
     if(pi != 0) {
@@ -236,9 +246,6 @@ static int property_set_impl(const char* name, const char* value) {
          * to prevent them from being overwritten by default values.
          */
         write_persistent_property(name, value);
-    } else if (strcmp("selinux.reload_policy", name) == 0 &&
-               strcmp("1", value) == 0) {
-        selinux_reload_policy();
     }
     property_changed(name, value);
     return 0;