diff --git a/frameworks/database/BUILD.gn b/frameworks/database/BUILD.gn index 01ba9871f21640a5235c4aa6bf4f4151921bee22..99beae0ed953f50e1d07186968c238b3e6bf47cb 100644 --- a/frameworks/database/BUILD.gn +++ b/frameworks/database/BUILD.gn @@ -34,4 +34,8 @@ ohos_shared_library("accesstoken_database_cxx") { ] external_deps = [ "hiviewdfx_hilog_native:libhilog" ] + if (build_selinux) { + external_deps += [ "selinux:librestorecon" ] + cflags_cc += [ "-DWITH_SELINUX" ] + } } diff --git a/frameworks/database/src/sqlite_helper.cpp b/frameworks/database/src/sqlite_helper.cpp index a01c5e5f676a2f7c5d40789d836dd02a0dee25f7..545bccd73549792bb95ac0df5125caea1c82a848 100644 --- a/frameworks/database/src/sqlite_helper.cpp +++ b/frameworks/database/src/sqlite_helper.cpp @@ -16,6 +16,9 @@ #include "sqlite_helper.h" #include "accesstoken_log.h" +#ifdef WITH_SELINUX +#include +#endif // WITH_SELINUX namespace OHOS { namespace Security { @@ -46,6 +49,10 @@ void SqliteHelper::Open() return; } +#ifdef WITH_SELINUX + Restorecon(fileName.c_str()); +#endif // WITH_SELINUX + int version = GetVersion(); if (version == currentVersion_) { return; diff --git a/interfaces/innerkits/nativetoken/BUILD.gn b/interfaces/innerkits/nativetoken/BUILD.gn index 7fe115760dd048f5fa4137eaf602a0fabdde98d9..6038fe4543d5cb7eded85c5430dfa5354ae17354 100644 --- a/interfaces/innerkits/nativetoken/BUILD.gn +++ b/interfaces/innerkits/nativetoken/BUILD.gn @@ -45,4 +45,9 @@ ohos_static_library("libnativetoken") { ] external_deps = [ "hiviewdfx_hilog_native:libhilog" ] + + if (build_selinux) { + external_deps += [ "selinux:librestorecon" ] + cflags += [ "-DWITH_SELINUX" ] + } } diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c index d426d9d4b2e18b826625464d1d22a2647d530c67..89c507868d9fb5e91e4f2b019b5d75c573e3be74 100644 --- a/interfaces/innerkits/nativetoken/src/nativetoken.c +++ b/interfaces/innerkits/nativetoken/src/nativetoken.c @@ -13,6 +13,11 @@ * limitations under the License. */ #include "nativetoken.h" + +#ifdef WITH_SELINUX +#include +#endif // WITH_SELINUX + #include "nativetoken_json_oper.h" #include "nativetoken_kit.h" @@ -182,6 +187,11 @@ static int32_t CreateCfgFile(void) AT_LOG_ERROR("[ATLIB-%s]:open failed.", __func__); return ATRET_FAILED; } + +#ifdef WITH_SELINUX + Restorecon(TOKEN_ID_CFG_FILE_PATH); +#endif // WITH_SELINUX + close(fd); fd = -1;