diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-01-28 10:34:09 -0500 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-01-28 10:42:24 -0500 |
| commit | dbd37f2e1da5b27ef1ad6d0cc9580e6893560f5f (patch) | |
| tree | 6f0a3d877b6b0c4734b942443504a6e186e56c30 /init | |
| parent | 6ddabb7a1cc3080ae773acb045f69b5e6afee87a (diff) | |
| download | system_core-dbd37f2e1da5b27ef1ad6d0cc9580e6893560f5f.zip system_core-dbd37f2e1da5b27ef1ad6d0cc9580e6893560f5f.tar.gz system_core-dbd37f2e1da5b27ef1ad6d0cc9580e6893560f5f.tar.bz2 | |
Move restorecon and restorecon_recursive code to libselinux.
This requires telling libselinux to use the sehandle already
obtained by init rather than re-acquiring it internally. init
retains ownership of the sehandle because it performs the
initial load, uses the sehandle for other purposes (e.g. labeling
of directories created via mkdir and labeling of socket files),
and handles the policy reload property trigger.
Change-Id: I4a380caab7f8481c33eb64fcdb16b6cabe918ebd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'init')
| -rw-r--r-- | init/init.c | 1 | ||||
| -rw-r--r-- | init/util.c | 55 |
2 files changed, 5 insertions, 51 deletions
diff --git a/init/init.c b/init/init.c index 4266a73..0250e97 100644 --- a/init/init.c +++ b/init/init.c @@ -868,6 +868,7 @@ struct selabel_handle* selinux_android_prop_context_handle(void) void selinux_init_all_handles(void) { sehandle = selinux_android_file_context_handle(); + selinux_android_set_sehandle(sehandle); sehandle_prop = selinux_android_prop_context_handle(); } diff --git a/init/util.c b/init/util.c index 5efd5be..e772342 100644 --- a/init/util.c +++ b/init/util.c @@ -25,6 +25,7 @@ #include <ftw.h> #include <selinux/label.h> +#include <selinux/android.h> #include <sys/stat.h> #include <sys/types.h> @@ -524,60 +525,12 @@ int make_dir(const char *path, mode_t mode) return rc; } -static int restorecon_sb(const char *pathname, const struct stat *sb) +int restorecon(const char* pathname) { - char *secontext = NULL; - char *oldsecontext = NULL; - int i; - - if (selabel_lookup(sehandle, &secontext, pathname, sb->st_mode) < 0) - return -errno; - - if (lgetfilecon(pathname, &oldsecontext) < 0) { - freecon(secontext); - return -errno; - } - - if (strcmp(oldsecontext, secontext) != 0) { - if (lsetfilecon(pathname, secontext) < 0) { - freecon(oldsecontext); - freecon(secontext); - return -errno; - } - } - freecon(oldsecontext); - freecon(secontext); - return 0; -} - -int restorecon(const char *pathname) -{ - struct stat sb; - - if (is_selinux_enabled() <= 0 || !sehandle) - return 0; - - if (lstat(pathname, &sb) < 0) - return -errno; - - return restorecon_sb(pathname, &sb); -} - -static int nftw_restorecon(const char* filename, const struct stat* statptr, - int fileflags __attribute__((unused)), - struct FTW* pftw __attribute__((unused))) -{ - restorecon_sb(filename, statptr); - return 0; + return selinux_android_restorecon(pathname); } int restorecon_recursive(const char* pathname) { - int fd_limit = 20; - int flags = FTW_DEPTH | FTW_MOUNT | FTW_PHYS; - - if (is_selinux_enabled() <= 0 || !sehandle) - return 0; - - return nftw(pathname, nftw_restorecon, fd_limit, flags); + return selinux_android_restorecon_recursive(pathname); } |