From 17facdaa312d70883a90c342648ee4c18ce7080c Mon Sep 17 00:00:00 2001 From: y30045862 Date: Sun, 16 Jul 2023 15:59:59 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9data/app/el=E5=AD=90=E7=9B=AE?= =?UTF-8?q?=E5=BD=95=E7=9A=84selinux=E6=A0=87=E7=AD=BE=E8=AE=BE=E7=BD=AE?= =?UTF-8?q?=20Signed-off-by:=20yangjingbo10=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Id9b086c1fa16f1b6aaf52a45c5f4004949552807 --- libselinux/include/selinux/restorecon.h | 5 +++++ libselinux/src/selinux_restorecon.c | 8 ++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h index b10fe684..688ab9df 100644 --- a/libselinux/include/selinux/restorecon.h +++ b/libselinux/include/selinux/restorecon.h @@ -126,6 +126,11 @@ extern int selinux_restorecon_parallel(const char *pathname, */ #define SELINUX_RESTORECON_COUNT_ERRORS 0x20000 +/* + * Count, but otherwise ignore, errors during the file tree walk. + */ +#define SELINUX_RESTORECON_LABEL_DATA_APP_EL 0x40000 + /** * selinux_restorecon_set_sehandle - Set the global fc handle. * @hndl: specifies handle to set as the global fc handle. diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index dea3adbc..abbba502 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -87,6 +87,7 @@ struct rest_flags { bool warnonnomatch; bool conflicterror; bool count_errors; + bool labelDataAppEl; }; static void restorecon_init(void) @@ -639,11 +640,12 @@ static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool fi bool updated = false; const char *lookup_path = pathname; float pc; - if (!strncmp(pathname, DATA_APP_EL1, sizeof(DATA_APP_EL1) - 1) || + /* support to re-label subfolder under data/app/el2/ when labelDataAppEl is true */ + if (!flags->labelDataAppEl && (!strncmp(pathname, DATA_APP_EL1, sizeof(DATA_APP_EL1) - 1) || !strncmp(pathname, DATA_APP_EL2, sizeof(DATA_APP_EL2) - 1) || !strncmp(pathname, DATA_APP_EL3, sizeof(DATA_APP_EL3) - 1) || !strncmp(pathname, DATA_APP_EL4, sizeof(DATA_APP_EL4) - 1) || - !strncmp(pathname, DATA_ACCOUNTS_ACCOUNT_0, sizeof(DATA_ACCOUNTS_ACCOUNT_0) - 1)) { + !strncmp(pathname, DATA_ACCOUNTS_ACCOUNT_0, sizeof(DATA_ACCOUNTS_ACCOUNT_0) - 1))) { goto out; } if (rootpath) { @@ -1054,6 +1056,8 @@ static int selinux_restorecon_common(const char *pathname_orig, state.flags.count_errors = (restorecon_flags & SELINUX_RESTORECON_COUNT_ERRORS) ? true : false; state.setrestorecondigest = true; + state.flags.labelDataAppEl = (restorecon_flags & + SELINUX_RESTORECON_LABEL_DATA_APP_EL) ? true : false; state.head = NULL; state.current = NULL; -- Gitee