aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorElliott Hughes <enh@google.com>2015-04-07 14:07:46 -0700
committerRob Landley <rob@landley.net>2015-04-10 20:47:40 -0500
commite398112bdf7f4ced9388bb814697e35144e4a1a5 (patch)
tree599fbbe1604894a269c62d6e816d0a5010377ae3
parent6425277b218ceea473baf453e3bfc632a0f518d9 (diff)
downloadtoybox-e398112bdf7f4ced9388bb814697e35144e4a1a5.tar.gz
Implement Android restorecon.
On Android, much of the restorecon logic is in libselinux, so this isn't portable. We do want to be able to build on the host for testing *other* toys, though, so #if keeps this building. Change-Id: Ida5a6713a926140c549d5770d62798f4aedca748
-rw-r--r--toys/android/restorecon.c47
1 files changed, 47 insertions, 0 deletions
diff --git a/toys/android/restorecon.c b/toys/android/restorecon.c
new file mode 100644
index 00000000..5ea6b3f9
--- /dev/null
+++ b/toys/android/restorecon.c
@@ -0,0 +1,47 @@
+/* restorecon.c - Restore default security contexts for files
+ *
+ * Copyright 2015 The Android Open Source Project
+
+USE_RESTORECON(NEWTOY(restorecon, "<1DFnRrv", TOYFLAG_USR|TOYFLAG_SBIN))
+
+config RESTORECON
+ bool "restorecon"
+ depends on TOYBOX_SELINUX
+ default y
+ help
+ usage: restorecon [-D] [-F] [-R] [-n] [-v] FILE...
+
+ Restores the default security contexts for the given files.
+
+ -D apply to /data/data too
+ -F force reset
+ -R recurse into directories
+ -n don't make any changes; useful with -v to see what would change
+ -v verbose: show any changes
+*/
+
+#define FOR_restorecon
+#include "toys.h"
+
+#if defined(__ANDROID__)
+#include <selinux/android.h>
+#endif
+
+void restorecon_main(void)
+{
+#if defined(__ANDROID__)
+ char **s;
+ int flags = 0;
+
+ if (toys.optflags & FLAG_D) flags |= SELINUX_ANDROID_RESTORECON_DATADATA;
+ if (toys.optflags & FLAG_F) flags |= SELINUX_ANDROID_RESTORECON_FORCE;
+ if (toys.optflags & (FLAG_R|FLAG_r))
+ flags |= SELINUX_ANDROID_RESTORECON_RECURSE;
+ if (toys.optflags & FLAG_n) flags |= SELINUX_ANDROID_RESTORECON_NOCHANGE;
+ if (toys.optflags & FLAG_v) flags |= SELINUX_ANDROID_RESTORECON_VERBOSE;
+
+ for (s = toys.optargs; *s; s++)
+ if (selinux_android_restorecon(*s, flags) < 0)
+ perror_msg("restorecon failed: %s", *s);
+#endif
+}