From 8b9e44a0df7bc8f7d005fc0e37092396a8abf013 Mon Sep 17 00:00:00 2001 From: Jin Qian Date: Fri, 21 Apr 2017 16:29:07 -0700 Subject: [PATCH] AOSP: e2fsdroid: support multiple selinux file contexts Support passing a string of multiple selinux file contexts separated by comma with -S option. E.g. e2fsdroid -S ctx1,ctx2 output Test: make systemimage Bug: 35219933 Change-Id: Icc0f9d5d6180b5db7d68f7de45a1128f5a20be89 From AOSP commit: 34f4f33b24280c0a21a95407da4cf4988b275c95 Signed-off-by: Theodore Ts'o --- contrib/android/e2fsdroid.c | 20 +++++++++++++++++--- contrib/android/perms.c | 9 ++++----- contrib/android/perms.h | 6 ++++-- 3 files changed, 25 insertions(+), 10 deletions(-) diff --git a/contrib/android/e2fsdroid.c b/contrib/android/e2fsdroid.c index b310667..1ae133d 100644 --- a/contrib/android/e2fsdroid.c +++ b/contrib/android/e2fsdroid.c @@ -19,7 +19,8 @@ static char *basefs_in; static char *mountpoint = ""; static time_t fixed_time = -1; static char *fs_config_file; -static char *file_contexts; +static struct selinux_opt seopt_file[8]; +static int max_nr_opt = (int)sizeof(seopt_file) / sizeof(seopt_file[0]); static char *product_out; static char *src_dir; static int android_configure; @@ -58,6 +59,8 @@ int main(int argc, char *argv[]) io_manager io_mgr; ext2_filsys fs = NULL; struct fs_ops_callbacks fs_callbacks = { NULL, NULL }; + char *token; + int nr_opt = 0; add_error_table(&et_ext2_error_table); @@ -72,7 +75,18 @@ int main(int argc, char *argv[]) android_configure = 1; break; case 'S': - file_contexts = absolute_path(optarg); + token = strtok(optarg, ","); + while (token) { + if (nr_opt == max_nr_opt) { + fprintf(stderr, "Expected at most %d selinux opts\n", + max_nr_opt); + exit(EXIT_FAILURE); + } + seopt_file[nr_opt].type = SELABEL_OPT_PATH; + seopt_file[nr_opt].value = absolute_path(token); + nr_opt++; + token = strtok(NULL, ","); + } android_configure = 1; break; case 'p': @@ -140,7 +154,7 @@ int main(int argc, char *argv[]) if (android_configure) { retval = android_configure_fs(fs, src_dir, product_out, mountpoint, - file_contexts, fs_config_file, fixed_time); + seopt_file, nr_opt, fs_config_file, fixed_time); if (retval) { com_err(prog_name, retval, "%s", "while configuring the file system"); diff --git a/contrib/android/perms.c b/contrib/android/perms.c index 7a5d47d..1e4c6db 100644 --- a/contrib/android/perms.c +++ b/contrib/android/perms.c @@ -287,7 +287,8 @@ errcode_t __android_configure_fs(ext2_filsys fs, char *src_dir, errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out, char *mountpoint, - char *file_contexts, + struct selinux_opt *seopts, + unsigned int nopt, char *fs_config_file, time_t fixed_time) { errcode_t retval; @@ -295,10 +296,8 @@ errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out, struct selabel_handle *sehnd = NULL; /* Retrieve file contexts */ - if (file_contexts) { - struct selinux_opt seopts[] = { { SELABEL_OPT_PATH, "" } }; - seopts[0].value = file_contexts; - sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1); + if (nopt > 0) { + sehnd = selabel_open(SELABEL_CTX_FILE, seopts, nopt); if (!sehnd) { com_err(__func__, -EINVAL, _("while opening file contexts \"%s\""), diff --git a/contrib/android/perms.h b/contrib/android/perms.h index f1ed3c5..9955bb5 100644 --- a/contrib/android/perms.h +++ b/contrib/android/perms.h @@ -15,7 +15,8 @@ static inline errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out, char *mountpoint, - char *file_contexts, + void *seopts, + unsigned int nopt, char *fs_config_file, time_t fixed_time) { @@ -33,7 +34,8 @@ static inline errcode_t android_configure_fs(ext2_filsys fs, errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out, char *mountpoint, - char *file_contexts, + struct selinux_opt *seopts, + unsigned int nopt, char *fs_config_file, time_t fixed_time); # endif -- 1.8.3.1