From 76417519ec7b361604f4977b9ad238d0a276c49d Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Tue, 9 Jun 2015 11:02:55 -0700 Subject: [PATCH] New "selinux.restorecon" control property. This new property is used as a control verb for running a recursive restorecon at the path contained in the property value. Shifts both SELinux actions to occur before the actual property set occurs, so setters can watch for completion. Bug: 21121357 Change-Id: I3db3eb876ae66e144b3bfd648349b66a028511fd --- init/property_service.cpp | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/init/property_service.cpp b/init/property_service.cpp index 0ee0351fb..c2881aeb1 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -205,6 +205,16 @@ static int property_set_impl(const char* name, const char* value) { if (!is_legal_property_name(name, namelen)) return -1; if (valuelen >= PROP_VALUE_MAX) return -1; + if (strcmp("selinux.reload_policy", name) == 0 && strcmp("1", value) == 0) { + if (selinux_reload_policy() != 0) { + ERROR("Failed to reload policy\n"); + } + } else if (strcmp("selinux.restorecon_recursive", name) == 0 && valuelen > 0) { + if (restorecon_recursive(value) != 0) { + ERROR("Failed to restorecon_recursive %s\n", value); + } + } + prop_info* pi = (prop_info*) __system_property_find(name); if(pi != 0) { @@ -236,9 +246,6 @@ static int property_set_impl(const char* name, const char* value) { * to prevent them from being overwritten by default values. */ write_persistent_property(name, value); - } else if (strcmp("selinux.reload_policy", name) == 0 && - strcmp("1", value) == 0) { - selinux_reload_policy(); } property_changed(name, value); return 0;