Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / selinux / f032946cf9165eaca412d33fb2032a1e0dbb9a20 / . / libselinux / src / selinux_restorecon.c
blob: 41f2225081e0a661cc530c154d84f664a2f18d36 [file] [log] [blame]
/*
* The majority of this code is from Android's
* external/libselinux/src/android.c and upstream
* selinux/policycoreutils/setfiles/restore.c
*
* See selinux_restorecon(3) for details.
*/
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <fts.h>
#include <limits.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/xattr.h>
#include <sys/vfs.h>
#include <sys/statvfs.h>
#include <sys/utsname.h>
#include <linux/magic.h>
#include <libgen.h>
#include <syslog.h>
#include <assert.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
#include <selinux/label.h>
#include <selinux/restorecon.h>
#include "callbacks.h"
#include "selinux_internal.h"
#define RESTORECON_LAST "security.restorecon_last"
#define SYS_PATH "/sys"
#define SYS_PREFIX SYS_PATH "/"
#define STAR_COUNT 1024
static struct selabel_handle *fc_sehandle = NULL;
static unsigned char *fc_digest = NULL;
static size_t fc_digest_len = 0;
static char *rootpath = NULL;
static int rootpathlen;
/* Information on excluded fs and directories. */
struct edir {
char *directory;
size_t size;
/* True if excluded by selinux_restorecon_set_exclude_list(3). */
bool caller_excluded;
};
#define CALLER_EXCLUDED true
static bool ignore_mounts;
static int exclude_non_seclabel_mounts(void);
static int exclude_count = 0;
static struct edir *exclude_lst = NULL;
static uint64_t fc_count = 0; /* Number of files processed so far */
static uint64_t efile_count; /* Estimated total number of files */
/* Store information on directories with xattr's. */
struct dir_xattr *dir_xattr_list;
static struct dir_xattr *dir_xattr_last;
/* restorecon_flags for passing to restorecon_sb() */
struct rest_flags {
bool nochange;
bool verbose;
bool progress;
bool mass_relabel;
bool set_specctx;
bool add_assoc;
bool ignore_digest;
bool recurse;
bool userealpath;
bool set_xdev;
bool abort_on_error;
bool syslog_changes;
bool log_matches;
bool ignore_noent;
bool warnonnomatch;
};
static void restorecon_init(void)
{
struct selabel_handle *sehandle = NULL;
if (!fc_sehandle) {
sehandle = selinux_restorecon_default_handle();
selinux_restorecon_set_sehandle(sehandle);
}
efile_count = 0;
if (!ignore_mounts)
efile_count = exclude_non_seclabel_mounts();
}
static pthread_once_t fc_once = PTHREAD_ONCE_INIT;
/*
* Manage excluded directories:
* remove_exclude() - This removes any conflicting entries as there could be
* a case where a non-seclabel fs is mounted on /foo and
* then a seclabel fs is mounted on top of it.
* However if an entry has been added via
* selinux_restorecon_set_exclude_list(3) do not remove.
*
* add_exclude() - Add a directory/fs to be excluded from labeling. If it
* has already been added, then ignore.
*
* check_excluded() - Check if directory/fs is to be excluded when relabeling.
*
* file_system_count() - Calculates the number of files to be processed.
* The count is only used if SELINUX_RESTORECON_PROGRESS
* is set and a mass relabel is requested.
*
* exclude_non_seclabel_mounts() - Reads /proc/mounts to determine what
* non-seclabel mounts to exclude from
* relabeling. restorecon_init() will not
* call this function if the
* SELINUX_RESTORECON_IGNORE_MOUNTS
* flag is set.
* Setting SELINUX_RESTORECON_IGNORE_MOUNTS
* is useful where there is a non-seclabel fs
* mounted on /foo and then a seclabel fs is
* mounted on a directory below this.
*/
static void remove_exclude(const char *directory)
{
int i;
for (i = 0; i < exclude_count; i++) {
if (strcmp(directory, exclude_lst[i].directory) == 0 &&
!exclude_lst[i].caller_excluded) {
free(exclude_lst[i].directory);
if (i != exclude_count - 1)
exclude_lst[i] = exclude_lst[exclude_count - 1];
exclude_count--;
return;
}
}
}
static int add_exclude(const char *directory, bool who)
{
struct edir *tmp_list, *current;
size_t len = 0;
int i;
/* Check if already present. */
for (i = 0; i < exclude_count; i++) {
if (strcmp(directory, exclude_lst[i].directory) == 0)
return 0;
}
if (directory == NULL || directory[0] != '/') {
selinux_log(SELINUX_ERROR,
"Full path required for exclude: %s.\n",
directory);
errno = EINVAL;
return -1;
}
tmp_list = realloc(exclude_lst,
sizeof(struct edir) * (exclude_count + 1));
if (!tmp_list)
goto oom;
exclude_lst = tmp_list;
len = strlen(directory);
while (len > 1 && directory[len - 1] == '/')
len--;
current = (exclude_lst + exclude_count);
current->directory = strndup(directory, len);
if (!current->directory)
goto oom;
current->size = len;
current->caller_excluded = who;
exclude_count++;
return 0;
oom:
selinux_log(SELINUX_ERROR, "%s: Out of memory\n", __func__);
return -1;
}
static int check_excluded(const char *file)
{
int i;
for (i = 0; i < exclude_count; i++) {
if (strncmp(file, exclude_lst[i].directory,
exclude_lst[i].size) == 0) {
if (file[exclude_lst[i].size] == 0 ||
file[exclude_lst[i].size] == '/')
return 1;
}
}
return 0;
}
static int file_system_count(char *name)
{
struct statvfs statvfs_buf;
int nfile = 0;
memset(&statvfs_buf, 0, sizeof(statvfs_buf));
if (!statvfs(name, &statvfs_buf))
nfile = statvfs_buf.f_files - statvfs_buf.f_ffree;
return nfile;
}
/*
* This is called once when selinux_restorecon() is first called.
* Searches /proc/mounts for all file systems that do not support extended
* attributes and adds them to the exclude directory table. File systems
* that support security labels have the seclabel option, return
* approximate total file count.
*/
static int exclude_non_seclabel_mounts(void)
{
struct utsname uts;
FILE *fp;
size_t len;
ssize_t num;
int index = 0, found = 0, nfile = 0;
char *mount_info[4];
char *buf = NULL, *item;
/* Check to see if the kernel supports seclabel */
if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
return 0;
fp = fopen("/proc/mounts", "re");
if (!fp)
return 0;
while ((num = getline(&buf, &len, fp)) != -1) {
found = 0;
index = 0;
item = strtok(buf, " ");
while (item != NULL) {
mount_info[index] = item;
index++;
if (index == 4)
break;
item = strtok(NULL, " ");
}
if (index < 4) {
selinux_log(SELINUX_ERROR,
"/proc/mounts record \"%s\" has incorrect format.\n",
buf);
continue;
}
/* Remove pre-existing entry */
remove_exclude(mount_info[1]);
item = strtok(mount_info[3], ",");
while (item != NULL) {
if (strcmp(item, "seclabel") == 0) {
found = 1;
nfile += file_system_count(mount_info[1]);
break;
}
item = strtok(NULL, ",");
}
/* Exclude mount points without the seclabel option */
if (!found) {
if (add_exclude(mount_info[1], !CALLER_EXCLUDED) &&
errno == ENOMEM)
assert(0);
}
}
free(buf);
fclose(fp);
/* return estimated #Files + 5% for directories and hard links */
return nfile * 1.05;
}
/* Called by selinux_restorecon_xattr(3) to build a linked list of entries. */
static int add_xattr_entry(const char *directory, bool delete_nonmatch,
bool delete_all)
{
char *sha1_buf = NULL;
unsigned char *xattr_value = NULL;
ssize_t xattr_size;
size_t i;
int rc, digest_result;
struct dir_xattr *new_entry;
if (!directory) {
errno = EINVAL;
return -1;
}
xattr_value = malloc(fc_digest_len);
if (!xattr_value)
goto oom;
xattr_size = getxattr(directory, RESTORECON_LAST, xattr_value,
fc_digest_len);
if (xattr_size < 0) {
free(xattr_value);
return 1;
}
/* Convert entry to a hex encoded string. */
sha1_buf = malloc(xattr_size * 2 + 1);
if (!sha1_buf) {
free(xattr_value);
goto oom;
}
for (i = 0; i < (size_t)xattr_size; i++)
sprintf((&sha1_buf[i * 2]), "%02x", xattr_value[i]);
rc = memcmp(fc_digest, xattr_value, fc_digest_len);
digest_result = rc ? NOMATCH : MATCH;
if ((delete_nonmatch && rc != 0) || delete_all) {
digest_result = rc ? DELETED_NOMATCH : DELETED_MATCH;
rc = removexattr(directory, RESTORECON_LAST);
if (rc) {
selinux_log(SELINUX_ERROR,
"Error: %s removing xattr \"%s\" from: %s\n",
strerror(errno), RESTORECON_LAST, directory);
digest_result = ERROR;
}
}
free(xattr_value);
/* Now add entries to link list. */
new_entry = malloc(sizeof(struct dir_xattr));
if (!new_entry)
goto oom;
new_entry->next = NULL;
new_entry->directory = strdup(directory);
if (!new_entry->directory)
goto oom;
new_entry->digest = strdup(sha1_buf);
if (!new_entry->digest)
goto oom;
new_entry->result = digest_result;
if (!dir_xattr_list) {
dir_xattr_list = new_entry;
dir_xattr_last = new_entry;
} else {
dir_xattr_last->next = new_entry;
dir_xattr_last = new_entry;
}
free(sha1_buf);
return 0;
oom:
selinux_log(SELINUX_ERROR, "%s: Out of memory\n", __func__);
return -1;
}
/*
* Support filespec services filespec_add(), filespec_eval() and
* filespec_destroy().
*
* selinux_restorecon(3) uses filespec services when the
* SELINUX_RESTORECON_ADD_ASSOC flag is set for adding associations between
* an inode and a specification.
*/
/*
* The hash table of associations, hashed by inode number. Chaining is used
* for collisions, with elements ordered by inode number in each bucket.
* Each hash bucket has a dummy header.
*/
#define HASH_BITS 16
#define HASH_BUCKETS (1 << HASH_BITS)
#define HASH_MASK (HASH_BUCKETS-1)
/*
* An association between an inode and a context.
*/
typedef struct file_spec {
ino_t ino; /* inode number */
char *con; /* matched context */
char *file; /* full pathname */
struct file_spec *next; /* next association in hash bucket chain */
} file_spec_t;
static file_spec_t *fl_head;
/*
* Try to add an association between an inode and a context. If there is a
* different context that matched the inode, then use the first context
* that matched.
*/
static int filespec_add(ino_t ino, const char *con, const char *file)
{
file_spec_t *prevfl, *fl;
int h, ret;
struct stat64 sb;
if (!fl_head) {
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
if (!fl_head)
goto oom;
memset(fl_head, 0, sizeof(file_spec_t) * HASH_BUCKETS);
}
h = (ino + (ino >> HASH_BITS)) & HASH_MASK;
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
prevfl = fl, fl = fl->next) {
if (ino == fl->ino) {
ret = lstat64(fl->file, &sb);
if (ret < 0 || sb.st_ino != ino) {
freecon(fl->con);
free(fl->file);
fl->file = strdup(file);
if (!fl->file)
goto oom;
fl->con = strdup(con);
if (!fl->con)
goto oom;
return 1;
}
if (strcmp(fl->con, con) == 0)
return 1;
selinux_log(SELINUX_ERROR,
"conflicting specifications for %s and %s, using %s.\n",
file, fl->file, fl->con);
free(fl->file);
fl->file = strdup(file);
if (!fl->file)
goto oom;
return 1;
}
if (ino > fl->ino)
break;
}
fl = malloc(sizeof(file_spec_t));
if (!fl)
goto oom;
fl->ino = ino;
fl->con = strdup(con);
if (!fl->con)
goto oom_freefl;
fl->file = strdup(file);
if (!fl->file)
goto oom_freefl;
fl->next = prevfl->next;
prevfl->next = fl;
return 0;
oom_freefl:
free(fl);
oom:
selinux_log(SELINUX_ERROR, "%s: Out of memory\n", __func__);
return -1;
}
/*
* Evaluate the association hash table distribution.
*/
#ifdef DEBUG
static void filespec_eval(void)
{
file_spec_t *fl;
int h, used, nel, len, longest;
if (!fl_head)
return;
used = 0;
longest = 0;
nel = 0;
for (h = 0; h < HASH_BUCKETS; h++) {
len = 0;
for (fl = fl_head[h].next; fl; fl = fl->next)
len++;
if (len)
used++;
if (len > longest)
longest = len;
nel += len;
}
selinux_log(SELINUX_INFO,
"filespec hash table stats: %d elements, %d/%d buckets used, longest chain length %d\n",
nel, used, HASH_BUCKETS, longest);
}
#else
static void filespec_eval(void)
{
}
#endif
/*
* Destroy the association hash table.
*/
static void filespec_destroy(void)
{
file_spec_t *fl, *tmp;
int h;
if (!fl_head)
return;
for (h = 0; h < HASH_BUCKETS; h++) {
fl = fl_head[h].next;
while (fl) {
tmp = fl;
fl = fl->next;
freecon(tmp->con);
free(tmp->file);
free(tmp);
}
fl_head[h].next = NULL;
}
free(fl_head);
fl_head = NULL;
}
/*
* Called if SELINUX_RESTORECON_SET_SPECFILE_CTX is not set to check if
* the type components differ, updating newtypecon if so.
*/
static int compare_types(char *curcon, char *newcon, char **newtypecon)
{
int types_differ = 0;
context_t cona;
context_t conb;
int rc = 0;
cona = context_new(curcon);
if (!cona) {
rc = -1;
goto out;
}
conb = context_new(newcon);
if (!conb) {
context_free(cona);
rc = -1;
goto out;
}
types_differ = strcmp(context_type_get(cona), context_type_get(conb));
if (types_differ) {
rc |= context_user_set(conb, context_user_get(cona));
rc |= context_role_set(conb, context_role_get(cona));
rc |= context_range_set(conb, context_range_get(cona));
if (!rc) {
*newtypecon = strdup(context_str(conb));
if (!*newtypecon) {
rc = -1;
goto err;
}
}
}
err:
context_free(cona);
context_free(conb);
out:
return rc;
}
static int restorecon_sb(const char *pathname, const struct stat *sb,
struct rest_flags *flags)
{
char *newcon = NULL;
char *curcon = NULL;
char *newtypecon = NULL;
int rc;
bool updated = false;
const char *lookup_path = pathname;
float pc;
if (rootpath) {
if (strncmp(rootpath, lookup_path, rootpathlen) != 0) {
selinux_log(SELINUX_ERROR,
"%s is not located in alt_rootpath %s\n",
lookup_path, rootpath);
return -1;
}
lookup_path += rootpathlen;
}
if (rootpath != NULL && lookup_path[0] == '\0')
/* this is actually the root dir of the alt root. */
rc = selabel_lookup_raw(fc_sehandle, &newcon, "/",
sb->st_mode);
else
rc = selabel_lookup_raw(fc_sehandle, &newcon, lookup_path,
sb->st_mode);
if (rc < 0) {
if (errno == ENOENT && flags->warnonnomatch)
selinux_log(SELINUX_INFO,
"Warning no default label for %s\n",
lookup_path);
return 0; /* no match, but not an error */
}
if (flags->progress) {
fc_count++;
if (fc_count % STAR_COUNT == 0) {
if (flags->mass_relabel && efile_count > 0) {
pc = (fc_count < efile_count) ? (100.0 *
fc_count / efile_count) : 100;
fprintf(stdout, "\r%-.1f%%", (double)pc);
} else {
fprintf(stdout, "\r%luk", fc_count / STAR_COUNT);
}
fflush(stdout);
}
}
if (flags->add_assoc) {
rc = filespec_add(sb->st_ino, newcon, pathname);
if (rc < 0) {
selinux_log(SELINUX_ERROR,
"filespec_add error: %s\n", pathname);
freecon(newcon);
return -1;
}
if (rc > 0) {
/* Already an association and it took precedence. */
freecon(newcon);
return 0;
}
}
if (flags->log_matches)
selinux_log(SELINUX_INFO, "%s matched by %s\n",
pathname, newcon);
if (lgetfilecon_raw(pathname, &curcon) < 0) {
if (errno != ENODATA)
goto err;
curcon = NULL;
}
if (curcon == NULL || strcmp(curcon, newcon) != 0) {
if (!flags->set_specctx && curcon &&
(is_context_customizable(curcon) > 0)) {
if (flags->verbose) {
selinux_log(SELINUX_INFO,
"%s not reset as customized by admin to %s\n",
pathname, curcon);
goto out;
}
}
if (!flags->set_specctx && curcon) {
/* If types different then update newcon. */
rc = compare_types(curcon, newcon, &newtypecon);
if (rc)
goto err;
if (newtypecon) {
freecon(newcon);
newcon = newtypecon;
} else {
goto out;
}
}
if (!flags->nochange) {
if (lsetfilecon(pathname, newcon) < 0)
goto err;
updated = true;
}
if (flags->verbose)
selinux_log(SELINUX_INFO,
"%s %s from %s to %s\n",
updated ? "Relabeled" : "Would relabel",
pathname, curcon, newcon);
if (flags->syslog_changes && !flags->nochange) {
if (curcon)
syslog(LOG_INFO,
"relabeling %s from %s to %s\n",
pathname, curcon, newcon);
else
syslog(LOG_INFO, "labeling %s to %s\n",
pathname, newcon);
}
}
out:
rc = 0;
out1:
freecon(curcon);
freecon(newcon);
return rc;
err:
selinux_log(SELINUX_ERROR,
"Could not set context for %s: %s\n",
pathname, strerror(errno));
rc = -1;
goto out1;
}
/*
* Public API
*/
/* selinux_restorecon(3) - Main function that is responsible for labeling */
int selinux_restorecon(const char *pathname_orig,
unsigned int restorecon_flags)
{
struct rest_flags flags;
flags.ignore_digest = (restorecon_flags &
SELINUX_RESTORECON_IGNORE_DIGEST) ? true : false;
flags.nochange = (restorecon_flags &
SELINUX_RESTORECON_NOCHANGE) ? true : false;
flags.verbose = (restorecon_flags &
SELINUX_RESTORECON_VERBOSE) ? true : false;
flags.progress = (restorecon_flags &
SELINUX_RESTORECON_PROGRESS) ? true : false;
flags.mass_relabel = (restorecon_flags &
SELINUX_RESTORECON_MASS_RELABEL) ? true : false;
flags.recurse = (restorecon_flags &
SELINUX_RESTORECON_RECURSE) ? true : false;
flags.set_specctx = (restorecon_flags &
SELINUX_RESTORECON_SET_SPECFILE_CTX) ? true : false;
flags.userealpath = (restorecon_flags &
SELINUX_RESTORECON_REALPATH) ? true : false;
flags.set_xdev = (restorecon_flags &
SELINUX_RESTORECON_XDEV) ? true : false;
flags.add_assoc = (restorecon_flags &
SELINUX_RESTORECON_ADD_ASSOC) ? true : false;
flags.abort_on_error = (restorecon_flags &
SELINUX_RESTORECON_ABORT_ON_ERROR) ? true : false;
flags.syslog_changes = (restorecon_flags &
SELINUX_RESTORECON_SYSLOG_CHANGES) ? true : false;
flags.log_matches = (restorecon_flags &
SELINUX_RESTORECON_LOG_MATCHES) ? true : false;
flags.ignore_noent = (restorecon_flags &
SELINUX_RESTORECON_IGNORE_NOENTRY) ? true : false;
flags.warnonnomatch = true;
ignore_mounts = (restorecon_flags &
SELINUX_RESTORECON_IGNORE_MOUNTS) ? true : false;
bool issys;
bool setrestoreconlast = true; /* TRUE = set xattr RESTORECON_LAST
* FALSE = don't use xattr */
struct stat sb;
struct statfs sfsb;
FTS *fts;
FTSENT *ftsent;
char *pathname = NULL, *pathdnamer = NULL, *pathdname, *pathbname;
char *paths[2] = { NULL, NULL };
int fts_flags, error, sverrno;
char *xattr_value = NULL;
ssize_t size;
dev_t dev_num = 0;
if (flags.verbose && flags.progress)
flags.verbose = false;
__selinux_once(fc_once, restorecon_init);
if (!fc_sehandle)
return -1;
if (fc_digest_len) {
xattr_value = malloc(fc_digest_len);
if (!xattr_value)
return -1;
}
/*
* Convert passed-in pathname to canonical pathname by resolving
* realpath of containing dir, then appending last component name.
*/
if (flags.userealpath) {
char *basename_cpy = strdup(pathname_orig);
if (!basename_cpy)
goto realpatherr;
pathbname = basename(basename_cpy);
if (!strcmp(pathbname, "/") || !strcmp(pathbname, ".") ||
!strcmp(pathbname, "..")) {
pathname = realpath(pathname_orig, NULL);
if (!pathname) {
free(basename_cpy);
goto realpatherr;
}
} else {
char *dirname_cpy = strdup(pathname_orig);
if (!dirname_cpy) {
free(basename_cpy);
goto realpatherr;
}
pathdname = dirname(dirname_cpy);
pathdnamer = realpath(pathdname, NULL);
free(dirname_cpy);
if (!pathdnamer) {
free(basename_cpy);
goto realpatherr;
}
if (!strcmp(pathdnamer, "/"))
error = asprintf(&pathname, "/%s", pathbname);
else
error = asprintf(&pathname, "%s/%s",
pathdnamer, pathbname);
if (error < 0) {
free(basename_cpy);
goto oom;
}
}
free(basename_cpy);
} else {
pathname = strdup(pathname_orig);
if (!pathname)
goto oom;
}
paths[0] = pathname;
issys = (!strcmp(pathname, SYS_PATH) ||
!strncmp(pathname, SYS_PREFIX,
sizeof(SYS_PREFIX) - 1)) ? true : false;
if (lstat(pathname, &sb) < 0) {
if (flags.ignore_noent && errno == ENOENT) {
free(pathdnamer);
free(pathname);
return 0;
} else {
selinux_log(SELINUX_ERROR,
"lstat(%s) failed: %s\n",
pathname, strerror(errno));
error = -1;
goto cleanup;
}
}
/* Ignore restoreconlast if not a directory */
if ((sb.st_mode & S_IFDIR) != S_IFDIR)
setrestoreconlast = false;
if (!flags.recurse) {
if (check_excluded(pathname)) {
error = 0;
goto cleanup;
}
error = restorecon_sb(pathname, &sb, &flags);
goto cleanup;
}
/* Ignore restoreconlast on /sys */
if (issys)
setrestoreconlast = false;
/* Ignore restoreconlast on in-memory filesystems */
if (statfs(pathname, &sfsb) == 0) {
if (sfsb.f_type == RAMFS_MAGIC || sfsb.f_type == TMPFS_MAGIC)
setrestoreconlast = false;
}
if (setrestoreconlast) {
size = getxattr(pathname, RESTORECON_LAST, xattr_value,
fc_digest_len);
if (!flags.ignore_digest && (size_t)size == fc_digest_len &&
memcmp(fc_digest, xattr_value, fc_digest_len)
== 0) {
selinux_log(SELINUX_INFO,
"Skipping restorecon as matching digest on: %s\n",
pathname);
error = 0;
goto cleanup;
}
}
if (flags.set_xdev)
fts_flags = FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV;
else
fts_flags = FTS_PHYSICAL | FTS_NOCHDIR;
fts = fts_open(paths, fts_flags, NULL);
if (!fts)
goto fts_err;
ftsent = fts_read(fts);
if (!ftsent)
goto fts_err;
/*
* Keep the inode of the first device. This is because the FTS_XDEV
* flag tells fts not to descend into directories with different
* device numbers, but fts will still give back the actual directory.
* By saving the device number of the directory that was passed to
* selinux_restorecon() and then skipping all actions on any
* directories with a different device number when the FTS_XDEV flag
* is set (from http://marc.info/?l=selinux&m=124688830500777&w=2).
*/
dev_num = ftsent->fts_statp->st_dev;
error = 0;
do {
/* If the FTS_XDEV flag is set and the device is different */
if (flags.set_xdev && ftsent->fts_statp->st_dev != dev_num)
continue;
switch (ftsent->fts_info) {
case FTS_DC:
selinux_log(SELINUX_ERROR,
"Directory cycle on %s.\n",
ftsent->fts_path);
errno = ELOOP;
error = -1;
goto out;
case FTS_DP:
continue;
case FTS_DNR:
selinux_log(SELINUX_ERROR,
"Could not read %s: %s.\n",
ftsent->fts_path,
strerror(ftsent->fts_errno));
fts_set(fts, ftsent, FTS_SKIP);
continue;
case FTS_NS:
selinux_log(SELINUX_ERROR,
"Could not stat %s: %s.\n",
ftsent->fts_path,
strerror(ftsent->fts_errno));
fts_set(fts, ftsent, FTS_SKIP);
continue;
case FTS_ERR:
selinux_log(SELINUX_ERROR,
"Error on %s: %s.\n",
ftsent->fts_path,
strerror(ftsent->fts_errno));
fts_set(fts, ftsent, FTS_SKIP);
continue;
case FTS_D:
if (issys && !selabel_partial_match(fc_sehandle,
ftsent->fts_path)) {
fts_set(fts, ftsent, FTS_SKIP);
continue;
}
if (check_excluded(ftsent->fts_path)) {
fts_set(fts, ftsent, FTS_SKIP);
continue;
}
/* fall through */
default:
error |= restorecon_sb(ftsent->fts_path,
ftsent->fts_statp, &flags);
if (flags.warnonnomatch)
flags.warnonnomatch = false;
if (error && flags.abort_on_error)
goto out;
break;
}
} while ((ftsent = fts_read(fts)) != NULL);
/* Labeling successful. Mark the top level directory as completed. */
if (setrestoreconlast && !flags.nochange && !error && fc_digest) {
error = setxattr(pathname, RESTORECON_LAST, fc_digest,
fc_digest_len, 0);
if (!error && flags.verbose)
selinux_log(SELINUX_INFO,
"Updated digest for: %s\n", pathname);
}
out:
if (flags.progress && flags.mass_relabel)
fprintf(stdout, "\r%s 100.0%%\n", pathname);
sverrno = errno;
(void) fts_close(fts);
errno = sverrno;
cleanup:
if (flags.add_assoc) {
if (flags.verbose)
filespec_eval();
filespec_destroy();
}
free(pathdnamer);
free(pathname);
free(xattr_value);
return error;
oom:
sverrno = errno;
selinux_log(SELINUX_ERROR, "%s: Out of memory\n", __func__);
errno = sverrno;
error = -1;
goto cleanup;
realpatherr:
sverrno = errno;
selinux_log(SELINUX_ERROR,
"SELinux: Could not get canonical path for %s restorecon: %s.\n",
pathname_orig, strerror(errno));
errno = sverrno;
error = -1;
goto cleanup;
fts_err:
selinux_log(SELINUX_ERROR,
"fts error while labeling %s: %s\n",
paths[0], strerror(errno));
error = -1;
goto cleanup;
}
/* selinux_restorecon_set_sehandle(3) is called to set the global fc handle */
void selinux_restorecon_set_sehandle(struct selabel_handle *hndl)
{
char **specfiles;
size_t num_specfiles;
fc_sehandle = (struct selabel_handle *) hndl;
/*
* Read digest if requested in selabel_open(3) and set global params.
*/
if (selabel_digest(fc_sehandle, &fc_digest, &fc_digest_len,
&specfiles, &num_specfiles) < 0) {
fc_digest = NULL;
fc_digest_len = 0;
}
}
/*
* selinux_restorecon_default_handle(3) is called to set the global restorecon
* handle by a process if the default params are required.
*/
struct selabel_handle *selinux_restorecon_default_handle(void)
{
struct selabel_handle *sehandle;
struct selinux_opt fc_opts[] = {
{ SELABEL_OPT_DIGEST, (char *)1 }
};
sehandle = selabel_open(SELABEL_CTX_FILE, fc_opts, 1);
if (!sehandle) {
selinux_log(SELINUX_ERROR,
"Error obtaining file context handle: %s\n",
strerror(errno));
return NULL;
}
return sehandle;
}
/*
* selinux_restorecon_set_exclude_list(3) is called to add additional entries
* to be excluded from labeling checks.
*/
void selinux_restorecon_set_exclude_list(const char **exclude_list)
{
int i;
struct stat sb;
for (i = 0; exclude_list[i]; i++) {
if (lstat(exclude_list[i], &sb) < 0 && errno != EACCES) {
selinux_log(SELINUX_ERROR,
"lstat error on exclude path \"%s\", %s - ignoring.\n",
exclude_list[i], strerror(errno));
break;
}
if (add_exclude(exclude_list[i], CALLER_EXCLUDED) &&
errno == ENOMEM)
assert(0);
}
}
/* selinux_restorecon_set_alt_rootpath(3) sets an alternate rootpath. */
int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath)
{
int len;
/* This should be NULL on first use */
if (rootpath)
free(rootpath);
rootpath = strdup(alt_rootpath);
if (!rootpath) {
selinux_log(SELINUX_ERROR, "%s: Out of memory\n", __func__);
return -1;
}
/* trim trailing /, if present */
len = strlen(rootpath);
while (len && (rootpath[len - 1] == '/'))
rootpath[--len] = '\0';
rootpathlen = len;
return 0;
}
/* selinux_restorecon_xattr(3) - Find RESTORECON_LAST entries. */
int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
struct dir_xattr ***xattr_list)
{
bool recurse = (xattr_flags &
SELINUX_RESTORECON_XATTR_RECURSE) ? true : false;
bool delete_nonmatch = (xattr_flags &
SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS) ? true : false;
bool delete_all = (xattr_flags &
SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS) ? true : false;
ignore_mounts = (xattr_flags &
SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS) ? true : false;
int rc, fts_flags;
struct stat sb;
struct statfs sfsb;
struct dir_xattr *current, *next;
FTS *fts;
FTSENT *ftsent;
char *paths[2] = { NULL, NULL };
__selinux_once(fc_once, restorecon_init);
if (!fc_sehandle || !fc_digest_len)
return -1;
if (lstat(pathname, &sb) < 0) {
if (errno == ENOENT)
return 0;
selinux_log(SELINUX_ERROR,
"lstat(%s) failed: %s\n",
pathname, strerror(errno));
return -1;
}
if (!recurse) {
if (statfs(pathname, &sfsb) == 0) {
if (sfsb.f_type == RAMFS_MAGIC ||
sfsb.f_type == TMPFS_MAGIC)
return 0;
}
if (check_excluded(pathname))
return 0;
rc = add_xattr_entry(pathname, delete_nonmatch, delete_all);
if (!rc && dir_xattr_list)
*xattr_list = &dir_xattr_list;
else if (rc == -1)
return rc;
return 0;
}
paths[0] = (char *)pathname;
fts_flags = FTS_PHYSICAL | FTS_NOCHDIR;
fts = fts_open(paths, fts_flags, NULL);
if (!fts) {
selinux_log(SELINUX_ERROR,
"fts error on %s: %s\n",
paths[0], strerror(errno));
return -1;
}
while ((ftsent = fts_read(fts)) != NULL) {
switch (ftsent->fts_info) {
case FTS_DP:
continue;
case FTS_D:
if (statfs(ftsent->fts_path, &sfsb) == 0) {
if (sfsb.f_type == RAMFS_MAGIC ||
sfsb.f_type == TMPFS_MAGIC)
continue;
}
if (check_excluded(ftsent->fts_path)) {
fts_set(fts, ftsent, FTS_SKIP);
continue;
}
rc = add_xattr_entry(ftsent->fts_path,
delete_nonmatch, delete_all);
if (rc == 1)
continue;
else if (rc == -1)
goto cleanup;
break;
default:
break;
}
}
if (dir_xattr_list)
*xattr_list = &dir_xattr_list;
(void) fts_close(fts);
return 0;
cleanup:
rc = errno;
(void) fts_close(fts);
errno = rc;
if (dir_xattr_list) {
/* Free any used memory */
current = dir_xattr_list;
while (current) {
next = current->next;
free(current->directory);
free(current->digest);
free(current);
current = next;
}
}
return -1;
}