支持通过by-name配置设备节点的selinux标签

Signed-off-by: N chengjinsong2 <chengjinsong2@huawei.com> Change-Id: I992bb382486618d2a443feb1df2d68c2f44ada2b

支持通过by-name配置设备节点的selinux标签
Signed-off-by: N chengjinsong2 <chengjinsong2@huawei.com> Change-Id: I992bb382486618d2a443feb1df2d68c2f44ada2b
00a15cd4 · chengjinsong2 · e7b0449f · 00a15cd4 · 00a15cd4 · 00a15cd4
4 changed file
--- a/test/unittest/BUILD.gn
+++ b/test/unittest/BUILD.gn
@@ -261,6 +261,7 @@ ohos_unittest("init_unittest") {
    "//third_party/bounds_checking_function/include",
    "//third_party/cJSON",
    "//third_party/zlib",
+    "//third_party/selinux/libselinux/include/selinux",
    "//base/security/access_token/interfaces/innerkits/token_setproc/include",
    "//base/security/access_token/interfaces/innerkits/nativetoken/include",
    "//base/startup/init/services/sandbox/include",
@@ -275,6 +276,7 @@ ohos_unittest("init_unittest") {
    "//third_party/googletest:gmock",
    "//third_party/googletest:gtest",
    "//third_party/mbedtls:mbedtls_shared",
+    "//third_party/selinux:libselinux",
    "//third_party/zlib:libz",
  ]


--- a/test/unittest/ueventd/ueventd_event_unittest.cpp
+++ b/test/unittest/ueventd/ueventd_event_unittest.cpp
@@ -22,6 +22,7 @@
 #include <sys/stat.h>
 #include <dirent.h>
 #include <fcntl.h>
+#include <selinux/selinux.h>

 #include "param_stub.h"
 #include "ueventd.h"

--- a/ueventd/BUILD.gn
+++ b/ueventd/BUILD.gn
@@ -68,6 +68,7 @@ if (defined(ohos_lite)) {
    "//base/startup/init/services/include",
    "//base/startup/init/services/utils",
    "//base/startup/init/ueventd/include",
+    "//third_party/selinux/libselinux/include/selinux",
  ]

  service_ueventd_deps = [
@@ -75,6 +76,7 @@ if (defined(ohos_lite)) {
    "//base/startup/init/services/log:init_log",
    "//base/startup/init/services/utils:libinit_utils",
    "//third_party/bounds_checking_function:libsec_static",
+    "//third_party/selinux:libselinux",
  ]

  #

--- a/ueventd/ueventd_device_handler.c
+++ b/ueventd/ueventd_device_handler.c
@@ -34,6 +34,7 @@
 #define INIT_LOG_TAG "ueventd"
 #include "init_log.h"
 #ifdef WITH_SELINUX
+#include <selinux/selinux.h>
 #include <policycoreutils.h>
 #endif

@@ -92,7 +93,7 @@ static void CreateSymbolLinks(const char *deviceNode, char **symLinks)
 }

 #if defined(WITH_SELINUX) && !defined(__RAMDISK__)
-static void SetDeviceLable(const char *path)
+static void SetDeviceLable(const char *path, char **symLinks)
 {
    int rc = 0;
    char buffer[PATH_MAX] = {};
@@ -125,6 +126,19 @@ static void SetDeviceLable(const char *path)
        INIT_LOGE("[uevent] Failed to Restorecon \" %s \"", path);
    }

+    INIT_CHECK_ONLY_RETURN(symLinks != NULL);
+    char *context = NULL;
+    for (int i = 0; symLinks[i] != NULL; i++) {
+        const char *linkName = symLinks[i];
+        const char *byNamePath = "/dev/block/by-name";
+        if (strncmp(linkName, byNamePath, strlen(byNamePath)) == 0) {
+            (void)Restorecon(linkName);
+            lgetfilecon(linkName, &context);
+            setfilecon(path, context);
+            return;
+        }
+    }
+
    return;
 }
 #endif
@@ -177,7 +191,7 @@ static int CreateDeviceNode(const struct Uevent *uevent, const char *deviceNode,
        CreateSymbolLinks(deviceNode, symLinks);
    }
 #if defined(WITH_SELINUX) && !defined(__RAMDISK__)
-    SetDeviceLable(deviceNode);
+    SetDeviceLable(deviceNode, symLinks);
 #endif
    // No matter what result the symbol links returns,
    // as long as create device node done, just returns success.