Update ueventd set the SELinux context on sysfs
This change enables labeling of dynamically created sysfs nodes
with specific SELinux security contexts.
Change-Id: If8b8d66120453123c1371ce063b6f20e8b96b6ef
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/init/devices.c b/init/devices.c
index e25034c..69f5fc8 100644
--- a/init/devices.c
+++ b/init/devices.c
@@ -127,6 +127,7 @@
char buf[512];
struct listnode *node;
struct perms_ *dp;
+ char *secontext;
/* upaths omit the "/sys" that paths in this list
* contain, so we add 4 when comparing...
@@ -148,6 +149,14 @@
INFO("fixup %s %d %d 0%o\n", buf, dp->uid, dp->gid, dp->perm);
chown(buf, dp->uid, dp->gid);
chmod(buf, dp->perm);
+ if (sehandle) {
+ secontext = NULL;
+ selabel_lookup(sehandle, &secontext, buf, 0);
+ if (secontext) {
+ setfilecon(buf, secontext);
+ freecon(secontext);
+ }
+ }
}
}