From cdb73b034d1a546afc34302896a3cdc72dbdc8e6 Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Tue, 2 Jun 2015 11:11:02 -0700
Subject: [PATCH] init: change exec parsing to make SECLABEL optional

(cherry pick from commit 17fff893c04971b519d25d52b07f51111353cba5)

Allow SECLABEL to be - to denote default

Change-Id: I58cdc6c805dc6e50dc42b7e13e72d0eaf4864f11
---
 init/init.cpp        | 3 ++-
 init/init_parser.cpp | 3 ++-
 init/readme.txt      | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/init/init.cpp b/init/init.cpp
index 5185f7736..85d79093f 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -380,7 +380,8 @@ void service_start(struct service *svc, const char *dynamic_args)
 
     if ((svc->flags & SVC_EXEC) != 0) {
         INFO("SVC_EXEC pid %d (uid %d gid %d+%zu context %s) started; waiting...\n",
-             svc->pid, svc->uid, svc->gid, svc->nr_supp_gids, svc->seclabel);
+             svc->pid, svc->uid, svc->gid, svc->nr_supp_gids,
+             svc->seclabel ? : "default");
         waiting_for_exec = true;
     }
 
diff --git a/init/init_parser.cpp b/init/init_parser.cpp
index d36995d88..385b37b7f 100644
--- a/init/init_parser.cpp
+++ b/init/init_parser.cpp
@@ -666,6 +666,7 @@ int action_queue_empty()
 
 service* make_exec_oneshot_service(int nargs, char** args) {
     // Parse the arguments: exec [SECLABEL [UID [GID]*] --] COMMAND ARGS...
+    // SECLABEL can be a - to denote default
     int command_arg = 1;
     for (int i = 1; i < nargs; ++i) {
         if (strcmp(args[i], "--") == 0) {
@@ -691,7 +692,7 @@ service* make_exec_oneshot_service(int nargs, char** args) {
         return NULL;
     }
 
-    if (command_arg > 2) {
+    if ((command_arg > 2) && strcmp(args[1], "-")) {
         svc->seclabel = args[1];
     }
     if (command_arg > 3) {
diff --git a/init/readme.txt b/init/readme.txt
index 6b9c42d3f..c2130416d 100644
--- a/init/readme.txt
+++ b/init/readme.txt
@@ -180,7 +180,7 @@ exec [ <seclabel> [ <user> [ <group> ]* ] ] -- <command> [ <argument> ]*
    Fork and execute command with the given arguments. The command starts
    after "--" so that an optional security context, user, and supplementary
    groups can be provided. No other commands will be run until this one
-   finishes.
+   finishes. <seclabel> can be a - to denote default.
 
 export <name> <value>
    Set the environment variable <name> equal to <value> in the