!336 动态文件标签适配

Merge pull request !336 from dapaodexiaoyu2/master

!336 动态文件标签适配
Merge pull request !336 from dapaodexiaoyu2/master
a2e15a94 · openharmony_ci · Gitee · 814ebf05 · 2166750e · a2e15a94
5 changed file
--- a/services/init/init_common_cmds.c
+++ b/services/init/init_common_cmds.c
@@ -36,6 +36,9 @@
 #include "init_plugin_manager.h"
 #include "init_service_manager.h"
 #include "init_utils.h"
+#ifdef WITH_SELINUX
+#include "policycoreutils.h"
+#endif
 #include "securec.h"

 static char *g_fileCryptOptions = NULL;
@@ -321,6 +324,13 @@ static void DoMkDir(const struct CmdArgs *ctx)
        INIT_LOGE("DoMkDir, failed for '%s', err %d.", ctx->argv[0], errno);
        return;
    }
+
+#ifdef WITH_SELINUX
+    if (RestoreconRecurse(ctx->argv[0])) {
+        INIT_LOGE("DoMkDir, Restorecon failed for '%s', err %d.", ctx->argv[0], errno);
+    }
+#endif
+
    if (ctx->argc <= 1) {
        return;
    }

--- a/services/init/standard/init.c
+++ b/services/init/standard/init.c
@@ -230,13 +230,14 @@ void SystemLoadSelinux(void)
 {
 #ifdef WITH_SELINUX
    // load selinux policy and context
-    if (load_policy() < 0) {
+    if (LoadPolicy() < 0) {
        INIT_LOGE("main, load_policy failed.");
    } else {
        INIT_LOGI("main, load_policy success.");
    }

    setcon("u:r:init:s0");
+    (void)RestoreconRecurse("/dev");
 #endif // WITH_SELINUX
 }

@@ -273,6 +274,10 @@ void SystemConfig(void)
    InitParamService();
    RegisterBootStateChange(BootStateChange);

+    // load SELinux context and policy
+    // Do not move position!
+    SystemLoadSelinux();
+
    // parse parameters
    LoadDefaultParams("/system/etc/param/ohos_const", LOAD_PARAM_NORMAL);
    LoadDefaultParams("/vendor/etc/param", LOAD_PARAM_NORMAL);
@@ -291,8 +296,6 @@ void SystemConfig(void)
    PostTrigger(EVENT_TRIGGER_BOOT, "pre-init", strlen("pre-init"));
    PostTrigger(EVENT_TRIGGER_BOOT, "init", strlen("init"));
    PostTrigger(EVENT_TRIGGER_BOOT, "post-init", strlen("post-init"));
-    // load SELinux context and policy
-    SystemLoadSelinux();
 }

 void SystemRun(void)

--- a/services/init/standard/init_cmds.c
+++ b/services/init/standard/init_cmds.c
@@ -274,9 +274,14 @@ static void DoUmountFstabFile(const struct CmdArgs *ctx)
 static void DoRestorecon(const struct CmdArgs *ctx)
 {
 #ifdef WITH_SELINUX
-    INIT_LOGI("start restorecon ......\n");
-    restorecon();
-    INIT_LOGI("finish restorecon ......\n");
+    if (ctx->argc != 1) {
+        INIT_LOGE("DoRestorecon invalid arguments.");
+        return;
+    }
+
+    if (RestoreconRecurse(ctx->argv[0])) {
+        INIT_LOGE("DoRestorecon failed for '%s', err %d.", ctx->argv[0], errno);
+    }
 #endif
    return;
 }
@@ -498,7 +503,7 @@ static const struct CmdTable g_cmdTable[] = {
    { "ifup ", 1, 1, DoIfup },
    { "mount_fstab ", 1, 1, DoMountFstabFile },
    { "umount_fstab ", 1, 1, DoUmountFstabFile },
-    { "restorecon ", 0, 1, DoRestorecon },
+    { "restorecon ", 1, 1, DoRestorecon },
    { "stopAllServices ", 0, 10, DoStopAllServices },
    { "umount ", 1, 1, DoUmount },
    { "sync ", 0, 1, DoSync },

--- a/ueventd/BUILD.gn
+++ b/ueventd/BUILD.gn
@@ -99,6 +99,12 @@ if (defined(ohos_lite)) {
    include_dirs = service_ueventd_include
    deps = service_ueventd_deps
    defines = [ "__RAMDISK__" ]
+    cflags = []
+
+    if (build_selinux) {
+      external_deps = [ "selinux:librestorecon" ]
+      cflags += [ "-DWITH_SELINUX" ]
+    }
  }

  ohos_executable("ueventd") {
@@ -114,6 +120,13 @@ if (defined(ohos_lite)) {
    ]
    deps = service_ueventd_deps
    deps += [ "//base/startup/init_lite/services/param:param_client" ]
+    cflags = []
+
+    if (build_selinux) {
+      external_deps = [ "selinux:librestorecon" ]
+      cflags += [ "-DWITH_SELINUX" ]
+    }
+
    install_images = [
      "system",
      "updater",

--- a/ueventd/ueventd_device_handler.c
+++ b/ueventd/ueventd_device_handler.c
@@ -34,6 +34,9 @@
 #include "securec.h"
 #define INIT_LOG_TAG "ueventd"
 #include "init_log.h"
+#ifdef WITH_SELINUX
+#include <policycoreutils.h>
+#endif

 static void CreateSymbolLinks(const char *deviceNode, char **symLinks)
 {
@@ -79,6 +82,21 @@ static inline void AdjustDeviceNodePermissions(const char *deviceNode, uid_t uid
    }
 }

+static void SetDeviceLable(const char *dir, const char *path)
+{
+#ifdef WITH_SELINUX
+    int rc = 0;
+    if (!STRINGEQUAL(dir, "/dev")) {
+        rc = RestoreconRecurse(dir);
+    }
+
+    rc += Restorecon(path);
+    if (rc != 0) {
+        INIT_LOGI("restorecon device node[%s] failed. %d", path, errno);
+    }
+#endif
+}
+
 static int CreateDeviceNode(const struct Uevent *uevent, const char *deviceNode, char **symLinks, bool isBlock)
 {
    int rc = -1;
@@ -126,6 +144,7 @@ static int CreateDeviceNode(const struct Uevent *uevent, const char *deviceNode,
    if (symLinks != NULL) {
        CreateSymbolLinks(deviceNode, symLinks);
    }
+    SetDeviceLable(devicePath, deviceNode);
    // No matter what result the symbol links returns,
    // as long as create device node done, just returns success.
    rc = 0;