Extend recovery and updater to support setting file security contexts.
Extend minzip, recovery, and updater to set the security context on
files based on the file_contexts configuration included in the package.
Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
diff --git a/recovery.c b/recovery.c
index 06d6498..2cb482d 100644
--- a/recovery.c
+++ b/recovery.c
@@ -39,6 +39,8 @@
#include "roots.h"
#include "recovery_ui.h"
+struct selabel_handle *sehandle;
+
static const struct option OPTIONS[] = {
{ "send_intent", required_argument, NULL, 's' },
{ "update_package", required_argument, NULL, 'u' },
@@ -132,7 +134,7 @@
// When writing, try to create the containing directory, if necessary.
// Use generous permissions, the system (init.rc) will reset them.
- if (strchr("wa", mode[0])) dirCreateHierarchy(path, 0777, NULL, 1);
+ if (strchr("wa", mode[0])) dirCreateHierarchy(path, 0777, NULL, 1, sehandle);
FILE *fp = fopen(path, mode);
return fp;
@@ -763,6 +765,19 @@
}
}
+#ifdef HAVE_SELINUX
+ struct selinux_opt seopts[] = {
+ { SELABEL_OPT_PATH, "/file_contexts" }
+ };
+
+ sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+
+ if (!sehandle) {
+ fprintf(stderr, "Warning: No file_contexts\n");
+ ui_print("Warning: No file_contexts\n");
+ }
+#endif
+
device_recovery_start();
printf("Command:");