ueventd: make selinux labeling optional for device creation
This is to setup a way for us to run coldboot during init first stage
and also at ueventd startup. We do not have all of the file context
during the first stage, so the "early" coldboot needs to proceed without
labelling the device nodes. However, the follow up in ueventd must label
these nodes. This change allows us to do both.
b/27805372
Test: Boot angler successfully and compare do before/after comparison of
the output of 'ls -AclpqRZ /dev' to ensure there are no differences.
Change-Id: I5e88bd7da8a1d2cc41e3abba30dda463ecbde32e
Signed-off-by: Sandeep Patil <sspatil@google.com>
diff --git a/init/devices.cpp b/init/devices.cpp
index 6af237c..fbc0359 100644
--- a/init/devices.cpp
+++ b/init/devices.cpp
@@ -249,11 +249,13 @@
mode = get_device_perm(path, links, &uid, &gid) | (block ? S_IFBLK : S_IFCHR);
- if (selabel_lookup_best_match(sehandle, &secontext, path, links, mode)) {
- PLOG(ERROR) << "Device '" << path << "' not created; cannot find SELinux label";
- return;
+ if (sehandle) {
+ if (selabel_lookup_best_match(sehandle, &secontext, path, links, mode)) {
+ PLOG(ERROR) << "Device '" << path << "' not created; cannot find SELinux label";
+ return;
+ }
+ setfscreatecon(secontext);
}
- setfscreatecon(secontext);
dev = makedev(major, minor);
/* Temporarily change egid to avoid race condition setting the gid of the
@@ -264,7 +266,7 @@
setegid(gid);
/* If the node already exists update its SELinux label to handle cases when
* it was created with the wrong context during coldboot procedure. */
- if (mknod(path, mode, dev) && (errno == EEXIST)) {
+ if (mknod(path, mode, dev) && (errno == EEXIST) && secontext) {
char* fcon = nullptr;
int rc = lgetfilecon(path, &fcon);
@@ -285,8 +287,10 @@
chown(path, uid, -1);
setegid(AID_ROOT);
- freecon(secontext);
- setfscreatecon(NULL);
+ if (secontext) {
+ freecon(secontext);
+ setfscreatecon(NULL);
+ }
}
static void add_platform_device(const char *path)