AOSP: e2fsdroid: support multiple selinux file contexts

Support passing a string of multiple selinux file contexts separated by
comma with -S option.

E.g. e2fsdroid -S ctx1,ctx2 output

Test: make systemimage
Bug: 35219933
Change-Id: Icc0f9d5d6180b5db7d68f7de45a1128f5a20be89
From AOSP commit: 34f4f33b24280c0a21a95407da4cf4988b275c95

Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/contrib/android/e2fsdroid.c b/contrib/android/e2fsdroid.c
index b310667fbd258cf91edca0cb61744029d54d4dd3..1ae133d5e8ecf2d12d63ca8f92bc1708417ba795 100644 (file)
--- a/contrib/android/e2fsdroid.c
+++ b/contrib/android/e2fsdroid.c
@@ -19,7 +19,8 @@ static char *basefs_in;
 static char *mountpoint = "";
 static time_t fixed_time = -1;
 static char *fs_config_file;
-static char *file_contexts;
+static struct selinux_opt seopt_file[8];
+static int max_nr_opt = (int)sizeof(seopt_file) / sizeof(seopt_file[0]);
 static char *product_out;
 static char *src_dir;
 static int android_configure;
@@ -58,6 +59,8 @@ int main(int argc, char *argv[])
        io_manager io_mgr;
        ext2_filsys fs = NULL;
        struct fs_ops_callbacks fs_callbacks = { NULL, NULL };
+       char *token;
+       int nr_opt = 0;
 
        add_error_table(&et_ext2_error_table);
 
@@ -72,7 +75,18 @@ int main(int argc, char *argv[])
                        android_configure = 1;
                        break;
                case 'S':
-                       file_contexts = absolute_path(optarg);
+                       token = strtok(optarg, ",");
+                       while (token) {
+                               if (nr_opt == max_nr_opt) {
+                                       fprintf(stderr, "Expected at most %d selinux opts\n",
+                                               max_nr_opt);
+                                       exit(EXIT_FAILURE);
+                               }
+                               seopt_file[nr_opt].type = SELABEL_OPT_PATH;
+                               seopt_file[nr_opt].value = absolute_path(token);
+                               nr_opt++;
+                               token = strtok(NULL, ",");
+                       }
                        android_configure = 1;
                        break;
                case 'p':
@@ -140,7 +154,7 @@ int main(int argc, char *argv[])
 
        if (android_configure) {
                retval = android_configure_fs(fs, src_dir, product_out, mountpoint,
-                       file_contexts, fs_config_file, fixed_time);
+                       seopt_file, nr_opt, fs_config_file, fixed_time);
                if (retval) {
                        com_err(prog_name, retval, "%s",
                                "while configuring the file system");

diff --git a/contrib/android/perms.c b/contrib/android/perms.c
index 7a5d47d9b5b50983a1231aa39960381c98d7434e..1e4c6db0a48dc2579e8f84a06f83a3fc157984d9 100644 (file)
--- a/contrib/android/perms.c
+++ b/contrib/android/perms.c
@@ -287,7 +287,8 @@ errcode_t __android_configure_fs(ext2_filsys fs, char *src_dir,
 
 errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out,
                               char *mountpoint,
-                              char *file_contexts,
+                              struct selinux_opt *seopts,
+                              unsigned int nopt,
                               char *fs_config_file, time_t fixed_time)
 {
        errcode_t retval;
@@ -295,10 +296,8 @@ errcode_t android_configure_fs(ext2_filsys fs, char *src_dir, char *target_out,
        struct selabel_handle *sehnd = NULL;
 
        /* Retrieve file contexts */
-       if (file_contexts) {
-               struct selinux_opt seopts[] = { { SELABEL_OPT_PATH, "" } };
-               seopts[0].value = file_contexts;
-               sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+       if (nopt > 0) {
+               sehnd = selabel_open(SELABEL_CTX_FILE, seopts, nopt);
                if (!sehnd) {
                        com_err(__func__, -EINVAL,
                                _("while opening file contexts \"%s\""),

diff --git a/contrib/android/perms.h b/contrib/android/perms.h
index f1ed3c5bdf4c2fe364cb0352b85ffb4c8238d86d..9955bb56b20c4d2816f103af537be00e6f672cbb 100644 (file)
--- a/contrib/android/perms.h
+++ b/contrib/android/perms.h
@@ -15,7 +15,8 @@ static inline errcode_t android_configure_fs(ext2_filsys fs,
                                             char *src_dir,
                                             char *target_out,
                                             char *mountpoint,
-                                            char *file_contexts,
+                                            void *seopts,
+                                            unsigned int nopt,
                                             char *fs_config_file,
                                             time_t fixed_time)
 {
@@ -33,7 +34,8 @@ static inline errcode_t android_configure_fs(ext2_filsys fs,
 errcode_t android_configure_fs(ext2_filsys fs, char *src_dir,
                               char *target_out,
                               char *mountpoint,
-                              char *file_contexts,
+                              struct selinux_opt *seopts,
+                              unsigned int nopt,
                               char *fs_config_file, time_t fixed_time);
 
 # endif