resolved conflicts for merge of 8f9b41d9 to master
Change-Id: I9af02b9bba1176174540c849f905dece8ade54d8
diff --git a/ext4_utils/make_ext4fs.c b/ext4_utils/make_ext4fs.c
index ccba132..6cd5ade 100644
--- a/ext4_utils/make_ext4fs.c
+++ b/ext4_utils/make_ext4fs.c
@@ -98,7 +98,8 @@
/* Read a local directory and create the same tree in the generated filesystem.
Calls itself recursively with each directory in the given directory */
static u32 build_directory_structure(const char *full_path, const char *dir_path,
- u32 dir_inode, fs_config_func_t fs_config_func)
+ u32 dir_inode, fs_config_func_t fs_config_func,
+ struct selabel_handle *sehnd)
{
int entries = 0;
struct dentry *dentries;
@@ -155,6 +156,18 @@
error("can't set android permissions - built without android support");
#endif
}
+#ifdef HAVE_SELINUX
+ if (sehnd) {
+ char *sepath = NULL;
+ asprintf(&sepath, "/%s", dentries[i].path);
+ if (selabel_lookup(sehnd, &dentries[i].secon, sepath, stat.st_mode) < 0) {
+ error("cannot lookup security context for %s", sepath);
+ }
+ if (dentries[i].secon)
+ printf("Labeling %s as %s\n", sepath, dentries[i].secon);
+ free(sepath);
+ }
+#endif
if (S_ISREG(stat.st_mode)) {
dentries[i].file_type = EXT4_FT_REG_FILE;
@@ -188,7 +201,7 @@
entry_inode = make_file(dentries[i].full_path, dentries[i].size);
} else if (dentries[i].file_type == EXT4_FT_DIR) {
entry_inode = build_directory_structure(dentries[i].full_path,
- dentries[i].path, inode, fs_config_func);
+ dentries[i].path, inode, fs_config_func, sehnd);
} else if (dentries[i].file_type == EXT4_FT_SYMLINK) {
entry_inode = make_link(dentries[i].full_path, dentries[i].link);
} else {
@@ -202,11 +215,15 @@
dentries[i].mtime);
if (ret)
error("failed to set permissions on %s\n", dentries[i].path);
+ ret = inode_set_selinux(entry_inode, dentries[i].secon);
+ if (ret)
+ error("failed to set SELinux context on %s\n", dentries[i].path);
free(dentries[i].path);
free(dentries[i].full_path);
free(dentries[i].link);
free((void *)dentries[i].filename);
+ free(dentries[i].secon);
}
free(dentries);
@@ -279,7 +296,8 @@
free_data_blocks();
}
-int make_ext4fs(const char *filename, s64 len)
+int make_ext4fs(const char *filename, s64 len,
+ const char *mountpoint, struct selabel_handle *sehnd)
{
int fd;
int status;
@@ -293,7 +311,7 @@
return EXIT_FAILURE;
}
- status = make_ext4fs_internal(fd, NULL, NULL, NULL, 0, 0, 0, 1, 0);
+ status = make_ext4fs_internal(fd, NULL, mountpoint, NULL, 0, 0, 0, 1, 0, sehnd);
close(fd);
return status;
@@ -301,7 +319,7 @@
int make_ext4fs_internal(int fd, const char *directory,
char *mountpoint, fs_config_func_t fs_config_func, int gzip, int sparse,
- int crc, int wipe, int init_itabs)
+ int crc, int wipe, int init_itabs, struct selabel_handle *sehnd)
{
u32 root_inode_num;
u16 root_mode;
@@ -393,7 +411,8 @@
root_inode_num = build_default_directory_structure();
#else
if (directory)
- root_inode_num = build_directory_structure(directory, mountpoint, 0, fs_config_func);
+ root_inode_num = build_directory_structure(directory, mountpoint, 0,
+ fs_config_func, sehnd);
else
root_inode_num = build_default_directory_structure();
#endif
@@ -401,6 +420,29 @@
root_mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH;
inode_set_permissions(root_inode_num, root_mode, 0, 0, 0);
+#ifdef HAVE_SELINUX
+ if (sehnd) {
+ char *sepath = NULL;
+ char *secontext = NULL;
+
+ if (mountpoint[0] == '/')
+ sepath = strdup(mountpoint);
+ else
+ asprintf(&sepath, "/%s", mountpoint);
+ if (!sepath)
+ critical_error_errno("malloc");
+ if (selabel_lookup(sehnd, &secontext, sepath, S_IFDIR) < 0) {
+ error("cannot lookup security context for %s", sepath);
+ }
+ if (secontext) {
+ printf("Labeling %s as %s\n", sepath, secontext);
+ inode_set_selinux(root_inode_num, secontext);
+ }
+ free(sepath);
+ freecon(secontext);
+ }
+#endif
+
ext4_update_free();
if (init_itabs)