init: remove restorecon() from util.cpp (482f36cf) · Commits · e / os / android_system_core

init/builtins.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -762,7 +762,7 @@ static int do_restorecon(const std::vector<std::string>& args) {
		}
		} else {
		in_flags = false;
		if (restorecon(args[i].c_str(), flag) < 0) {
		if (selinux_android_restorecon(args[i].c_str(), flag) < 0) {
		ret = -errno;
		}
		}

init/devices.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -251,7 +251,7 @@ static void fixup_sys_permissions(const std::string& upath, const std::string& s

		if (access(path.c_str(), F_OK) == 0) {
		LOG(VERBOSE) << "restorecon_recursive: " << path;
		restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE);
		selinux_android_restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE);
		}
		}

init/init.cpp

+16 −16

Original line number	Diff line number	Diff line
		@@ -871,23 +871,23 @@ static void selinux_initialize(bool in_kernel_domain) {
		// value. This must happen before /dev is populated by ueventd.
		static void selinux_restore_context() {
		LOG(INFO) << "Running restorecon...";
		restorecon("/dev");
		restorecon("/dev/kmsg");
		selinux_android_restorecon("/dev", 0);
		selinux_android_restorecon("/dev/kmsg", 0);
		if constexpr (WORLD_WRITABLE_KMSG) {
		restorecon("/dev/kmsg_debug");
		selinux_android_restorecon("/dev/kmsg_debug", 0);
		}
		restorecon("/dev/socket");
		restorecon("/dev/random");
		restorecon("/dev/urandom");
		restorecon("/dev/__properties__");
		restorecon("/plat_property_contexts");
		restorecon("/nonplat_property_contexts");
		restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE);
		restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE);
		restorecon("/dev/device-mapper");
		selinux_android_restorecon("/dev/socket", 0);
		selinux_android_restorecon("/dev/random", 0);
		selinux_android_restorecon("/dev/urandom", 0);
		selinux_android_restorecon("/dev/__properties__", 0);
		selinux_android_restorecon("/plat_property_contexts", 0);
		selinux_android_restorecon("/nonplat_property_contexts", 0);
		selinux_android_restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE);
		selinux_android_restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE);
		selinux_android_restorecon("/dev/device-mapper", 0);

		restorecon("/sbin/mke2fs");
		restorecon("/sbin/e2fsdroid");
		selinux_android_restorecon("/sbin/mke2fs", 0);
		selinux_android_restorecon("/sbin/e2fsdroid", 0);
		}

		// Set the UDC controller for the ConfigFS USB Gadgets.
		@@ -996,7 +996,7 @@ int main(int argc, char** argv) {

		// We're in the kernel domain, so re-exec init to transition to the init domain now
		// that the SELinux policy has been loaded.
		if (restorecon("/init") == -1) {
		if (selinux_android_restorecon("/init", 0) == -1) {
		PLOG(ERROR) << "restorecon failed";
		security_failure();
		}

init/property_service.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -177,7 +177,7 @@ uint32_t property_set(const std::string& name, const std::string& value) {
		}

		if (name == "selinux.restorecon_recursive" && valuelen > 0) {
		if (restorecon(value.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE) != 0) {
		if (selinux_android_restorecon(value.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE) != 0) {
		LOG(ERROR) << "Failed to restorecon_recursive " << value;
		}
		}

init/util.cpp

+0 −5

Original line number	Diff line number	Diff line
		@@ -266,11 +266,6 @@ int make_dir(const char* path, mode_t mode, selabel_handle* sehandle) {
		return rc;
		}

		int restorecon(const char* pathname, int flags)
		{
		return selinux_android_restorecon(pathname, flags);
		}

		/*
		* Writes hex_len hex characters (1/2 byte) to hex from bytes.
		*/