Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3b4c0bda authored by Nick Kralevich's avatar Nick Kralevich
Browse files

ueventd fixup_sys_perms: fixup SELinux labels unconditionally 

Currently, the fixup code in fixup_sys_perms() scans through all
entries in uevent*.rc. If it finds a match, then it performs a fixup.
If there's no match in that file, no fixup is performed.

SELinux file labels are independently stored in /file_contexts,
with no relationship to the files in /ueventd.rc. Even when no
entries exist in ueventd.rc, we still want to fixup the SELinux
file label in /sys when a uevent message occurs.

Change-Id: I0ccb5395ec0be9282095b844a5022e8c0d8903ac
parent f6ef1f53

init/devices.c

+15 −13
Original line number Diff line number Diff line
@@ -134,7 +134,6 @@ void fixup_sys_perms(const char *upath) 
    char buf[512];

    struct listnode *node;

    struct perms_ *dp;

    char *secontext;



    /* upaths omit the "/sys" that paths in this list

     * contain, so we add 4 when comparing...
@@ -153,20 +152,23 @@ void fixup_sys_perms(const char *upath) 
        }



        if ((strlen(upath) + strlen(dp->attr) + 6) > sizeof(buf))

            return;

            break;



        sprintf(buf,"/sys%s/%s", upath, dp->attr);

        INFO("fixup %s %d %d 0%o\n", buf, dp->uid, dp->gid, dp->perm);

        chown(buf, dp->uid, dp->gid);

        chmod(buf, dp->perm);

        if (sehandle) {

            secontext = NULL;

            selabel_lookup(sehandle, &secontext, buf, 0);

            if (secontext) {

                setfilecon(buf, secontext);

                freecon(secontext);

    }



    // Now fixup SELinux file labels

    int len = snprintf(buf, sizeof(buf), "/sys%s", upath);

    if ((len < 0) || ((size_t) len >= sizeof(buf))) {

        // Overflow

        return;

    }

    if (access(buf, F_OK) == 0) {

        INFO("restorecon_recursive: %s\n", buf);

        restorecon_recursive(buf);

    }

}