init: remove restorecon() from util.cpp
restorecon() has become nothing more than a small wrapper around
selinux_android_restore(). This itself isn't super problematic, but
it is an obstacle for compiling util.cpp on the host as that function
is not available on the host.
Bug: 36970783
Test: Boot bullhead
Change-Id: I7e209ece6898f9a0d5eb9e5d5d8155c2f1ba9faf
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 27b72f9..1eacb36 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -762,7 +762,7 @@
}
} else {
in_flags = false;
- if (restorecon(args[i].c_str(), flag) < 0) {
+ if (selinux_android_restorecon(args[i].c_str(), flag) < 0) {
ret = -errno;
}
}
diff --git a/init/devices.cpp b/init/devices.cpp
index 74f099a..d8258cf 100644
--- a/init/devices.cpp
+++ b/init/devices.cpp
@@ -251,7 +251,7 @@
if (access(path.c_str(), F_OK) == 0) {
LOG(VERBOSE) << "restorecon_recursive: " << path;
- restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE);
+ selinux_android_restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE);
}
}
diff --git a/init/init.cpp b/init/init.cpp
index 6de2061..eddfa50 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -889,36 +889,36 @@
// value. This must happen before /dev is populated by ueventd.
static void selinux_restore_context() {
LOG(INFO) << "Running restorecon...";
- restorecon("/dev");
- restorecon("/dev/kmsg");
+ selinux_android_restorecon("/dev", 0);
+ selinux_android_restorecon("/dev/kmsg", 0);
if constexpr (WORLD_WRITABLE_KMSG) {
- restorecon("/dev/kmsg_debug");
+ selinux_android_restorecon("/dev/kmsg_debug", 0);
}
- restorecon("/dev/socket");
- restorecon("/dev/random");
- restorecon("/dev/urandom");
- restorecon("/dev/__properties__");
+ selinux_android_restorecon("/dev/socket", 0);
+ selinux_android_restorecon("/dev/random", 0);
+ selinux_android_restorecon("/dev/urandom", 0);
+ selinux_android_restorecon("/dev/__properties__", 0);
- restorecon("/file_contexts.bin");
- restorecon("/plat_file_contexts");
- restorecon("/nonplat_file_contexts");
- restorecon("/plat_property_contexts");
- restorecon("/nonplat_property_contexts");
- restorecon("/plat_seapp_contexts");
- restorecon("/nonplat_seapp_contexts");
- restorecon("/plat_service_contexts");
- restorecon("/nonplat_service_contexts");
- restorecon("/plat_hwservice_contexts");
- restorecon("/nonplat_hwservice_contexts");
- restorecon("/sepolicy");
- restorecon("/vndservice_contexts");
+ selinux_android_restorecon("/file_contexts.bin", 0);
+ selinux_android_restorecon("/plat_file_contexts", 0);
+ selinux_android_restorecon("/nonplat_file_contexts", 0);
+ selinux_android_restorecon("/plat_property_contexts", 0);
+ selinux_android_restorecon("/nonplat_property_contexts", 0);
+ selinux_android_restorecon("/plat_seapp_contexts", 0);
+ selinux_android_restorecon("/nonplat_seapp_contexts", 0);
+ selinux_android_restorecon("/plat_service_contexts", 0);
+ selinux_android_restorecon("/nonplat_service_contexts", 0);
+ selinux_android_restorecon("/plat_hwservice_contexts", 0);
+ selinux_android_restorecon("/nonplat_hwservice_contexts", 0);
+ selinux_android_restorecon("/sepolicy", 0);
+ selinux_android_restorecon("/vndservice_contexts", 0);
- restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE);
- restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE);
- restorecon("/dev/device-mapper");
+ selinux_android_restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE);
+ selinux_android_restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE);
+ selinux_android_restorecon("/dev/device-mapper", 0);
- restorecon("/sbin/mke2fs");
- restorecon("/sbin/e2fsdroid");
+ selinux_android_restorecon("/sbin/mke2fs", 0);
+ selinux_android_restorecon("/sbin/e2fsdroid", 0);
}
// Set the UDC controller for the ConfigFS USB Gadgets.
@@ -1027,7 +1027,7 @@
// We're in the kernel domain, so re-exec init to transition to the init domain now
// that the SELinux policy has been loaded.
- if (restorecon("/init") == -1) {
+ if (selinux_android_restorecon("/init", 0) == -1) {
PLOG(ERROR) << "restorecon failed";
security_failure();
}
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 7722750..18e47e3 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -177,7 +177,7 @@
}
if (name == "selinux.restorecon_recursive" && valuelen > 0) {
- if (restorecon(value.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE) != 0) {
+ if (selinux_android_restorecon(value.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE) != 0) {
LOG(ERROR) << "Failed to restorecon_recursive " << value;
}
}
diff --git a/init/util.cpp b/init/util.cpp
index 5afe285..75f81b9 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -266,11 +266,6 @@
return rc;
}
-int restorecon(const char* pathname, int flags)
-{
- return selinux_android_restorecon(pathname, flags);
-}
-
/*
* Writes hex_len hex characters (1/2 byte) to hex from bytes.
*/
diff --git a/init/util.h b/init/util.h
index f3252c2..1ad6b77 100644
--- a/init/util.h
+++ b/init/util.h
@@ -68,7 +68,6 @@
void import_kernel_cmdline(bool in_qemu,
const std::function<void(const std::string&, const std::string&, bool)>&);
int make_dir(const char* path, mode_t mode, selabel_handle* sehandle);
-int restorecon(const char *pathname, int flags = 0);
std::string bytes_to_hex(const uint8_t *bytes, size_t bytes_len);
bool is_dir(const char* pathname);
bool expand_props(const std::string& src, std::string* dst);