commit dbd37f2e1da5b27ef1ad6d0cc9580e6893560f5f
author Stephen Smalley <sds@tycho.nsa.gov> Tue Jan 28 10:34:09 2014 -0500
committer Stephen Smalley <sds@tycho.nsa.gov> Tue Jan 28 10:42:24 2014 -0500
tree 6f0a3d877b6b0c4734b942443504a6e186e56c30
parent 6ddabb7a1cc3080ae773acb045f69b5e6afee87a

Move restorecon and restorecon_recursive code to libselinux.

This requires telling libselinux to use the sehandle already
obtained by init rather than re-acquiring it internally.  init
retains ownership of the sehandle because it performs the
initial load, uses the sehandle for other purposes (e.g. labeling
of directories created via mkdir and labeling of socket files),
and handles the policy reload property trigger.

Change-Id: I4a380caab7f8481c33eb64fcdb16b6cabe918ebd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

init/util.c

diff --git a/init/util.c b/init/util.c
index 5efd5be..e772342 100644
--- a/init/util.c
+++ b/init/util.c
@@ -25,6 +25,7 @@
 #include <ftw.h>
 
 #include <selinux/label.h>
+#include <selinux/android.h>
 
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -524,60 +525,12 @@
     return rc;
 }
 
-static int restorecon_sb(const char *pathname, const struct stat *sb)
+int restorecon(const char* pathname)
 {
-    char *secontext = NULL;
-    char *oldsecontext = NULL;
-    int i;
-
-    if (selabel_lookup(sehandle, &secontext, pathname, sb->st_mode) < 0)
-        return -errno;
-
-    if (lgetfilecon(pathname, &oldsecontext) < 0) {
-        freecon(secontext);
-        return -errno;
-    }
-
-    if (strcmp(oldsecontext, secontext) != 0) {
-        if (lsetfilecon(pathname, secontext) < 0) {
-            freecon(oldsecontext);
-            freecon(secontext);
-            return -errno;
-        }
-    }
-    freecon(oldsecontext);
-    freecon(secontext);
-    return 0;
-}
-
-int restorecon(const char *pathname)
-{
-    struct stat sb;
-
-    if (is_selinux_enabled() <= 0 || !sehandle)
-        return 0;
-
-    if (lstat(pathname, &sb) < 0)
-        return -errno;
-
-    return restorecon_sb(pathname, &sb);
-}
-
-static int nftw_restorecon(const char* filename, const struct stat* statptr,
-    int fileflags __attribute__((unused)),
-    struct FTW* pftw __attribute__((unused)))
-{
-    restorecon_sb(filename, statptr);
-    return 0;
+    return selinux_android_restorecon(pathname);
 }
 
 int restorecon_recursive(const char* pathname)
 {
-    int fd_limit = 20;
-    int flags = FTW_DEPTH | FTW_MOUNT | FTW_PHYS;
-
-    if (is_selinux_enabled() <= 0 || !sehandle)
-        return 0;
-
-    return nftw(pathname, nftw_restorecon, fd_limit, flags);
+    return selinux_android_restorecon_recursive(pathname);
 }