diff options
| author | Treehugger Robot <treehugger-gerrit@google.com> | 2016-11-17 17:39:52 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2016-11-17 17:39:53 +0000 |
| commit | 5fbd1cfd340e8b33ba308e5341dc07d82edfe9c0 (patch) | |
| tree | 373155a72ea854bd3f473500f53d21b1c98f0dfa /init/builtins.cpp | |
| parent | ed0a48c617e7dce710bcc498000be9b9e0a43ce4 (diff) | |
| parent | a8d8434c42b27f0186be7ecd78c2acc9d459b068 (diff) | |
Merge "Add flags to restorecon_recursive to traverse filesystems"
Diffstat (limited to 'init/builtins.cpp')
| -rw-r--r-- | init/builtins.cpp | 53 |
1 files changed, 39 insertions, 14 deletions
diff --git a/init/builtins.cpp b/init/builtins.cpp index 8042bfd65..6d58754a7 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp @@ -40,6 +40,7 @@ #include <thread> +#include <selinux/android.h> #include <selinux/selinux.h> #include <selinux/label.h> @@ -904,27 +905,51 @@ static int do_chmod(const std::vector<std::string>& args) { static int do_restorecon(const std::vector<std::string>& args) { int ret = 0; - for (auto it = std::next(args.begin()); it != args.end(); ++it) { - if (restorecon(it->c_str()) < 0) - ret = -errno; - } - return ret; -} + struct flag_type {const char* name; int value;}; + static const flag_type flags[] = { + {"--recursive", SELINUX_ANDROID_RESTORECON_RECURSE}, + {"--skip-ce", SELINUX_ANDROID_RESTORECON_SKIPCE}, + {"--cross-filesystems", SELINUX_ANDROID_RESTORECON_CROSS_FILESYSTEMS}, + {0, 0} + }; -static int do_restorecon_recursive(const std::vector<std::string>& args) { - int ret = 0; + int flag = 0; - for (auto it = std::next(args.begin()); it != args.end(); ++it) { - /* The contents of CE paths are encrypted on FBE devices until user - * credentials are presented (filenames inside are mangled), so we need - * to delay restorecon of those until vold explicitly requests it. */ - if (restorecon_recursive_skipce(it->c_str()) < 0) { - ret = -errno; + bool in_flags = true; + for (size_t i = 1; i < args.size(); ++i) { + if (android::base::StartsWith(args[i], "--")) { + if (!in_flags) { + LOG(ERROR) << "restorecon - flags must precede paths"; + return -1; + } + bool found = false; + for (size_t j = 0; flags[j].name; ++j) { + if (args[i] == flags[j].name) { + flag |= flags[j].value; + found = true; + break; + } + } + if (!found) { + LOG(ERROR) << "restorecon - bad flag " << args[i]; + return -1; + } + } else { + in_flags = false; + if (restorecon(args[i].c_str(), flag) < 0) { + ret = -errno; + } } } return ret; } +static int do_restorecon_recursive(const std::vector<std::string>& args) { + std::vector<std::string> non_const_args(args); + non_const_args.insert(std::next(non_const_args.begin()), "--recursive"); + return do_restorecon(non_const_args); +} + static int do_loglevel(const std::vector<std::string>& args) { // TODO: support names instead/as well? int log_level = -1; |