1 files changed, 78 insertions, 0 deletions

diff --git a/bin/gensquashfs/selinux.c b/bin/gensquashfs/selinux.c
new file mode 100644
index 0000000..678723b
--- /dev/null
+++ b/bin/gensquashfs/selinux.c
@@ -0,0 +1,78 @@
+/* SPDX-License-Identifier: GPL-3.0-or-later */
+/*
+ * selinux.c
+ *
+ * Copyright (C) 2019 David Oberhollenzer <goliath@infraroot.at>
+ */
+#include "mkfs.h"
+
+#define XATTR_NAME_SELINUX "security.selinux"
+#define XATTR_VALUE_SELINUX "system_u:object_r:unlabeled_t:s0"
+
+#ifdef WITH_SELINUX
+int selinux_relable_node(void *sehnd, sqfs_xattr_writer_t *xwr,
+			 tree_node_t *node, const char *path)
+{
+	char *context = NULL;
+	int ret;
+
+	if (selabel_lookup(sehnd, &context, path, node->mode) < 0) {
+		context = strdup(XATTR_VALUE_SELINUX);
+		if (context == NULL)
+			goto fail;
+	}
+
+	ret = sqfs_xattr_writer_add(xwr, XATTR_NAME_SELINUX,
+				    context, strlen(context));
+	free(context);
+
+	if (ret)
+		sqfs_perror(node->name, "storing SELinux xattr", ret);
+
+	return ret;
+fail:
+	perror("relabeling files");
+	return -1;
+}
+
+void *selinux_open_context_file(const char *filename)
+{
+	struct selabel_handle *sehnd;
+	struct selinux_opt seopts[] = {
+		{ SELABEL_OPT_PATH, filename },
+	};
+
+	sehnd = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+	if (sehnd == NULL)
+		perror(filename);
+
+	return sehnd;
+}
+
+void selinux_close_context_file(void *sehnd)
+{
+	selabel_close(sehnd);
+}
+#else
+int selinux_relable_node(void *sehnd, sqfs_xattr_writer_t *xwr,
+			 tree_node_t *node, const char *path)
+{
+	(void)sehnd; (void)xwr; (void)node; (void)path;
+	fputs("Built without SELinux support, cannot add SELinux labels\n",
+	      stderr);
+	return -1;
+}
+
+void *selinux_open_context_file(const char *filename)
+{
+	(void)filename;
+	fputs("Built without SELinux support, cannot open contexts file\n",
+	      stderr);
+	return NULL;
+}
+
+void selinux_close_context_file(void *sehnd)
+{
+	(void)sehnd;
+}
+#endif