Loading init/builtins.cpp +39 −14 Original line number Diff line number Diff line Loading @@ -40,6 +40,7 @@ #include <thread> #include <selinux/android.h> #include <selinux/selinux.h> #include <selinux/label.h> Loading Loading @@ -909,27 +910,51 @@ static int do_chmod(const std::vector<std::string>& args) { static int do_restorecon(const std::vector<std::string>& args) { int ret = 0; for (auto it = std::next(args.begin()); it != args.end(); ++it) { if (restorecon(it->c_str()) < 0) ret = -errno; } return ret; } struct flag_type {const char* name; int value;}; static const flag_type flags[] = { {"--recursive", SELINUX_ANDROID_RESTORECON_RECURSE}, {"--skip-ce", SELINUX_ANDROID_RESTORECON_SKIPCE}, {"--cross-filesystems", SELINUX_ANDROID_RESTORECON_CROSS_FILESYSTEMS}, {0, 0} }; static int do_restorecon_recursive(const std::vector<std::string>& args) { int ret = 0; int flag = 0; for (auto it = std::next(args.begin()); it != args.end(); ++it) { /* The contents of CE paths are encrypted on FBE devices until user * credentials are presented (filenames inside are mangled), so we need * to delay restorecon of those until vold explicitly requests it. */ if (restorecon_recursive_skipce(it->c_str()) < 0) { bool in_flags = true; for (size_t i = 1; i < args.size(); ++i) { if (android::base::StartsWith(args[i], "--")) { if (!in_flags) { LOG(ERROR) << "restorecon - flags must precede paths"; return -1; } bool found = false; for (size_t j = 0; flags[j].name; ++j) { if (args[i] == flags[j].name) { flag |= flags[j].value; found = true; break; } } if (!found) { LOG(ERROR) << "restorecon - bad flag " << args[i]; return -1; } } else { in_flags = false; if (restorecon(args[i].c_str(), flag) < 0) { ret = -errno; } } } return ret; } static int do_restorecon_recursive(const std::vector<std::string>& args) { std::vector<std::string> non_const_args(args); non_const_args.insert(std::next(non_const_args.begin()), "--recursive"); return do_restorecon(non_const_args); } static int do_loglevel(const std::vector<std::string>& args) { // TODO: support names instead/as well? int log_level = -1; Loading init/devices.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -190,7 +190,7 @@ static void fixup_sys_perms(const char* upath, const char* subsystem) { if (access(path.c_str(), F_OK) == 0) { LOG(VERBOSE) << "restorecon_recursive: " << path; restorecon_recursive(path.c_str()); restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE); } } Loading init/init.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -657,8 +657,8 @@ int main(int argc, char** argv) { restorecon("/dev/socket"); restorecon("/dev/__properties__"); restorecon("/property_contexts"); restorecon_recursive("/sys"); restorecon_recursive("/dev/block"); restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE); restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE); restorecon("/dev/device-mapper"); epoll_fd = epoll_create1(EPOLL_CLOEXEC); Loading init/property_service.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -42,6 +42,7 @@ #include <netinet/in.h> #include <sys/mman.h> #include <selinux/android.h> #include <selinux/selinux.h> #include <selinux/label.h> Loading Loading @@ -175,7 +176,7 @@ static int property_set_impl(const char* name, const char* value) { if (valuelen >= PROP_VALUE_MAX) return -1; if (strcmp("selinux.restorecon_recursive", name) == 0 && valuelen > 0) { if (restorecon_recursive(value) != 0) { if (restorecon(value, SELINUX_ANDROID_RESTORECON_RECURSE) != 0) { LOG(ERROR) << "Failed to restorecon_recursive " << value; } } Loading init/util.cpp +2 −13 Original line number Diff line number Diff line Loading @@ -369,20 +369,9 @@ int make_dir(const char *path, mode_t mode) return rc; } int restorecon(const char* pathname) int restorecon(const char* pathname, int flags) { return selinux_android_restorecon(pathname, 0); } int restorecon_recursive(const char* pathname) { return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE); } int restorecon_recursive_skipce(const char* pathname) { return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE | SELINUX_ANDROID_RESTORECON_SKIPCE); return selinux_android_restorecon(pathname, flags); } /* Loading Loading
init/builtins.cpp +39 −14 Original line number Diff line number Diff line Loading @@ -40,6 +40,7 @@ #include <thread> #include <selinux/android.h> #include <selinux/selinux.h> #include <selinux/label.h> Loading Loading @@ -909,27 +910,51 @@ static int do_chmod(const std::vector<std::string>& args) { static int do_restorecon(const std::vector<std::string>& args) { int ret = 0; for (auto it = std::next(args.begin()); it != args.end(); ++it) { if (restorecon(it->c_str()) < 0) ret = -errno; } return ret; } struct flag_type {const char* name; int value;}; static const flag_type flags[] = { {"--recursive", SELINUX_ANDROID_RESTORECON_RECURSE}, {"--skip-ce", SELINUX_ANDROID_RESTORECON_SKIPCE}, {"--cross-filesystems", SELINUX_ANDROID_RESTORECON_CROSS_FILESYSTEMS}, {0, 0} }; static int do_restorecon_recursive(const std::vector<std::string>& args) { int ret = 0; int flag = 0; for (auto it = std::next(args.begin()); it != args.end(); ++it) { /* The contents of CE paths are encrypted on FBE devices until user * credentials are presented (filenames inside are mangled), so we need * to delay restorecon of those until vold explicitly requests it. */ if (restorecon_recursive_skipce(it->c_str()) < 0) { bool in_flags = true; for (size_t i = 1; i < args.size(); ++i) { if (android::base::StartsWith(args[i], "--")) { if (!in_flags) { LOG(ERROR) << "restorecon - flags must precede paths"; return -1; } bool found = false; for (size_t j = 0; flags[j].name; ++j) { if (args[i] == flags[j].name) { flag |= flags[j].value; found = true; break; } } if (!found) { LOG(ERROR) << "restorecon - bad flag " << args[i]; return -1; } } else { in_flags = false; if (restorecon(args[i].c_str(), flag) < 0) { ret = -errno; } } } return ret; } static int do_restorecon_recursive(const std::vector<std::string>& args) { std::vector<std::string> non_const_args(args); non_const_args.insert(std::next(non_const_args.begin()), "--recursive"); return do_restorecon(non_const_args); } static int do_loglevel(const std::vector<std::string>& args) { // TODO: support names instead/as well? int log_level = -1; Loading
init/devices.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -190,7 +190,7 @@ static void fixup_sys_perms(const char* upath, const char* subsystem) { if (access(path.c_str(), F_OK) == 0) { LOG(VERBOSE) << "restorecon_recursive: " << path; restorecon_recursive(path.c_str()); restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE); } } Loading
init/init.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -657,8 +657,8 @@ int main(int argc, char** argv) { restorecon("/dev/socket"); restorecon("/dev/__properties__"); restorecon("/property_contexts"); restorecon_recursive("/sys"); restorecon_recursive("/dev/block"); restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE); restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE); restorecon("/dev/device-mapper"); epoll_fd = epoll_create1(EPOLL_CLOEXEC); Loading
init/property_service.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -42,6 +42,7 @@ #include <netinet/in.h> #include <sys/mman.h> #include <selinux/android.h> #include <selinux/selinux.h> #include <selinux/label.h> Loading Loading @@ -175,7 +176,7 @@ static int property_set_impl(const char* name, const char* value) { if (valuelen >= PROP_VALUE_MAX) return -1; if (strcmp("selinux.restorecon_recursive", name) == 0 && valuelen > 0) { if (restorecon_recursive(value) != 0) { if (restorecon(value, SELINUX_ANDROID_RESTORECON_RECURSE) != 0) { LOG(ERROR) << "Failed to restorecon_recursive " << value; } } Loading
init/util.cpp +2 −13 Original line number Diff line number Diff line Loading @@ -369,20 +369,9 @@ int make_dir(const char *path, mode_t mode) return rc; } int restorecon(const char* pathname) int restorecon(const char* pathname, int flags) { return selinux_android_restorecon(pathname, 0); } int restorecon_recursive(const char* pathname) { return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE); } int restorecon_recursive_skipce(const char* pathname) { return selinux_android_restorecon(pathname, SELINUX_ANDROID_RESTORECON_RECURSE | SELINUX_ANDROID_RESTORECON_SKIPCE); return selinux_android_restorecon(pathname, flags); } /* Loading
