From 779701db515d1a0d363d5a8896252f331bc4e22a Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 9 Feb 2012 14:13:23 -0500
Subject: Extend recovery and updater to support setting file security
 contexts.

Extend minzip, recovery, and updater to set the security context on
files based on the file_contexts configuration included in the package.

Change-Id: Ied379f266a16c64f2b4dca15dc39b98fcce16f29
---
 recovery.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'recovery.c')

diff --git a/recovery.c b/recovery.c
index 06d649809..2cb482d02 100644
--- a/recovery.c
+++ b/recovery.c
@@ -39,6 +39,8 @@
 #include "roots.h"
 #include "recovery_ui.h"
 
+struct selabel_handle *sehandle;
+
 static const struct option OPTIONS[] = {
   { "send_intent", required_argument, NULL, 's' },
   { "update_package", required_argument, NULL, 'u' },
@@ -132,7 +134,7 @@ fopen_path(const char *path, const char *mode) {
 
     // When writing, try to create the containing directory, if necessary.
     // Use generous permissions, the system (init.rc) will reset them.
-    if (strchr("wa", mode[0])) dirCreateHierarchy(path, 0777, NULL, 1);
+    if (strchr("wa", mode[0])) dirCreateHierarchy(path, 0777, NULL, 1, sehandle);
 
     FILE *fp = fopen(path, mode);
     return fp;
@@ -763,6 +765,19 @@ main(int argc, char **argv) {
         }
     }
 
+#ifdef HAVE_SELINUX
+    struct selinux_opt seopts[] = {
+      { SELABEL_OPT_PATH, "/file_contexts" }
+    };
+
+    sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+
+    if (!sehandle) {
+        fprintf(stderr, "Warning: No file_contexts\n");
+        ui_print("Warning:  No file_contexts\n");
+    }
+#endif
+
     device_recovery_start();
 
     printf("Command:");
-- 
cgit v1.2.3