From e398112bdf7f4ced9388bb814697e35144e4a1a5 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Tue, 7 Apr 2015 14:07:46 -0700 Subject: Implement Android restorecon. On Android, much of the restorecon logic is in libselinux, so this isn't portable. We do want to be able to build on the host for testing *other* toys, though, so #if keeps this building. Change-Id: Ida5a6713a926140c549d5770d62798f4aedca748 --- toys/android/restorecon.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 toys/android/restorecon.c (limited to 'toys/android/restorecon.c') diff --git a/toys/android/restorecon.c b/toys/android/restorecon.c new file mode 100644 index 00000000..5ea6b3f9 --- /dev/null +++ b/toys/android/restorecon.c @@ -0,0 +1,47 @@ +/* restorecon.c - Restore default security contexts for files + * + * Copyright 2015 The Android Open Source Project + +USE_RESTORECON(NEWTOY(restorecon, "<1DFnRrv", TOYFLAG_USR|TOYFLAG_SBIN)) + +config RESTORECON + bool "restorecon" + depends on TOYBOX_SELINUX + default y + help + usage: restorecon [-D] [-F] [-R] [-n] [-v] FILE... + + Restores the default security contexts for the given files. + + -D apply to /data/data too + -F force reset + -R recurse into directories + -n don't make any changes; useful with -v to see what would change + -v verbose: show any changes +*/ + +#define FOR_restorecon +#include "toys.h" + +#if defined(__ANDROID__) +#include +#endif + +void restorecon_main(void) +{ +#if defined(__ANDROID__) + char **s; + int flags = 0; + + if (toys.optflags & FLAG_D) flags |= SELINUX_ANDROID_RESTORECON_DATADATA; + if (toys.optflags & FLAG_F) flags |= SELINUX_ANDROID_RESTORECON_FORCE; + if (toys.optflags & (FLAG_R|FLAG_r)) + flags |= SELINUX_ANDROID_RESTORECON_RECURSE; + if (toys.optflags & FLAG_n) flags |= SELINUX_ANDROID_RESTORECON_NOCHANGE; + if (toys.optflags & FLAG_v) flags |= SELINUX_ANDROID_RESTORECON_VERBOSE; + + for (s = toys.optargs; *s; s++) + if (selinux_android_restorecon(*s, flags) < 0) + perror_msg("restorecon failed: %s", *s); +#endif +} -- cgit v1.2.3