Move fstree selinux code to gensquashfs

Same rational as for the dir-scanner code: It's actually the only user and
it is going to get a lot closer integerated with libsquashfs.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

3 files changed, 72 insertions, 1 deletions

diff --git a/mkfs/Makemodule.am b/mkfs/Makemodule.am
index f1e0d0d..75fc3a4 100644
--- a/mkfs/Makemodule.am
+++ b/mkfs/Makemodule.am
@@ -3,9 +3,11 @@ gensquashfs_SOURCES += mkfs/dirscan.c
 gensquashfs_LDADD = libsqfshelper.a libsquashfs.la libfstree.a libutil.la
 gensquashfs_LDADD += $(LIBSELINUX_LIBS)
 gensquashfs_CPPFLAGS = $(AM_CPPFLAGS)
-gensquashfs_CFLAGS = $(AM_CFLAGS)
+gensquashfs_CFLAGS = $(AM_CFLAGS) $(LIBSELINUX_CFLAGS)
+
 if WITH_SELINUX
 gensquashfs_CPPFLAGS += -DWITH_SELINUX
+gensquashfs_SOURCES += mkfs/selinux.c
 endif
 
 bin_PROGRAMS += gensquashfs
diff --git a/mkfs/mkfs.h b/mkfs/mkfs.h
index bce98d8..f00898b 100644
--- a/mkfs/mkfs.h
+++ b/mkfs/mkfs.h
@@ -23,6 +23,11 @@
 #include <sys/xattr.h>
 #endif
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+#endif
+
 #include <getopt.h>
 #include <assert.h>
 #include <unistd.h>
@@ -65,4 +70,6 @@ void process_command_line(options_t *opt, int argc, char **argv);
 
 int fstree_from_dir(fstree_t *fs, const char *path, unsigned int flags);
 
+int fstree_relabel_selinux(fstree_t *fs, const char *filename);
+
 #endif /* MKFS_H */
diff --git a/mkfs/selinux.c b/mkfs/selinux.c
new file mode 100644
index 0000000..5fc4f52
--- /dev/null
+++ b/mkfs/selinux.c
@@ -0,0 +1,62 @@
+/* SPDX-License-Identifier: GPL-3.0-or-later */
+/*
+ * selinux.c
+ *
+ * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at>
+ */
+#include "mkfs.h"
+
+#define XATTR_NAME_SELINUX "security.selinux"
+#define XATTR_VALUE_SELINUX "system_u:object_r:unlabeled_t:s0"
+
+static int relable_node(fstree_t *fs, struct selabel_handle *sehnd,
+			tree_node_t *node)
+{
+	char *context = NULL, *path;
+	int ret;
+
+	path = fstree_get_path(node);
+	if (path == NULL)
+		goto fail;
+
+	if (selabel_lookup(sehnd, &context, path, node->mode) < 0) {
+		context = strdup(XATTR_VALUE_SELINUX);
+		if (context == NULL)
+			goto fail;
+	}
+
+	ret = fstree_add_xattr(fs, node, XATTR_NAME_SELINUX, context);
+	free(context);
+	free(path);
+	return ret;
+fail:
+	perror("relabeling files");
+	free(path);
+	return -1;
+}
+
+int fstree_relabel_selinux(fstree_t *fs, const char *filename)
+{
+	struct selabel_handle *sehnd;
+	struct selinux_opt seopts[] = {
+		{ SELABEL_OPT_PATH, filename },
+	};
+	size_t i;
+	int ret = 0;
+
+	sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+
+	if (sehnd == NULL) {
+		perror(filename);
+		return -1;
+	}
+
+	for (i = 2; i < fs->inode_tbl_size; ++i) {
+		ret = relable_node(fs, sehnd, fs->inode_table[i]);
+		if (ret)
+			break;
+	}
+
+	selabel_close(sehnd);
+	return ret;
+}