[Toybox] [PATCH] Implement load_policy.
enh
enh at google.com
Fri Mar 13 17:29:04 PDT 2015
Note that this is a case where Android's tool isn't the same as the
usual tool. Ours takes an explicit file containing the policy to be
loaded.
I don't know what your plan/preference is for stuff like this.
restorecon is at least command-line compatible, but the implementation
is all in Android's libselinux where there's a
selinux_android_restorecon function.
diff --git a/toys/pending/load_policy.c b/toys/pending/load_policy.c
new file mode 100644
index 0000000..f15046b
--- /dev/null
+++ b/toys/pending/load_policy.c
@@ -0,0 +1,41 @@
+/* runcon.c - Run command in specified security context
+ *
+ * Copyright 2015 The Android Open Source Project
+
+USE_LOAD_POLICY(NEWTOY(load_policy, "<1>1", TOYFLAG_USR|TOYFLAG_SBIN))
+
+config LOAD_POLICY
+ bool "load_policy"
+ depends on TOYBOX_SELINUX
+ default y
+ help
+ usage: load_policy FILE
+
+ Load the specified policy file.
+*/
+
+#define FOR_load_policy
+#include "toys.h"
+
+void load_policy_main(void)
+{
+ char *path = *toys.optargs;
+ char *policy_data = 0;
+ off_t policy_len;
+ int fd;
+
+ if ((fd = open(path, O_RDONLY)) != -1) {
+ policy_len = fdlength(fd);
+ policy_data = mmap(0, policy_len, PROT_READ, MAP_PRIVATE, fd, 0);
+ close(fd);
+ }
+
+ if (!policy_data) {
+ error_exit("Couldn't read %s: %s", path, strerror(errno));
+ }
+
+ if (security_load_policy(policy_data, policy_len) < 0)
+ error_exit("Couldn't load %s: %s", path, strerror(errno));
+
+ munmap(policy_data, policy_len);
+}
1426292944.0
More information about the Toybox
mailing list