Mercurial > hg > toybox
changeset 1754:9596bf3ce7fa draft
Implement load_policy.
Note that this is a case where Android's tool isn't the same as the
usual tool. Ours takes an explicit file containing the policy to be
loaded. restorecon is at least command-line compatible, but the
implementation is all in Android's libselinux where there's a
selinux_android_restorecon function.
author | Elliott Hughes <enh@google.com> |
---|---|
date | Tue, 24 Mar 2015 14:17:03 -0500 |
parents | 0f940c4f9658 |
children | ab3532a61d52 |
files | toys/pending/load_policy.c |
diffstat | 1 files changed, 41 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/toys/pending/load_policy.c Tue Mar 24 14:17:03 2015 -0500 @@ -0,0 +1,41 @@ +/* runcon.c - Run command in specified security context + * + * Copyright 2015 The Android Open Source Project + +USE_LOAD_POLICY(NEWTOY(load_policy, "<1>1", TOYFLAG_USR|TOYFLAG_SBIN)) + +config LOAD_POLICY + bool "load_policy" + depends on TOYBOX_SELINUX + default n + help + usage: load_policy FILE + + Load the specified policy file. +*/ + +#define FOR_load_policy +#include "toys.h" + +void load_policy_main(void) +{ + char *path = *toys.optargs; + char *policy_data = 0; + off_t policy_len; + int fd; + + if ((fd = open(path, O_RDONLY)) != -1) { + policy_len = fdlength(fd); + policy_data = mmap(0, policy_len, PROT_READ, MAP_PRIVATE, fd, 0); + close(fd); + } + + if (!policy_data) { + error_exit("Couldn't read %s: %s", path, strerror(errno)); + } + + if (security_load_policy(policy_data, policy_len) < 0) + error_exit("Couldn't load %s: %s", path, strerror(errno)); + + munmap(policy_data, policy_len); +}