From 9bcb6edfe419d390acddc2ed7d0c04d37b753ac3 Mon Sep 17 00:00:00 2001
From: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Date: Sat, 28 Sep 2019 21:40:31 +0200
Subject: Do the SELinux relabeling while generating the fstree

This commit splits the SELinux relabeling function up into 3 parts:
 - open the label file
 - apply relabeling rules to a given file
 - close the label file

The relabeling is done while building the tree (if reading from an
input directory) or in a post process step if reading from a desription
file.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
---
 mkfs/dirscan.c | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

(limited to 'mkfs/dirscan.c')

diff --git a/mkfs/dirscan.c b/mkfs/dirscan.c
index 5cb955a..160fbc3 100644
--- a/mkfs/dirscan.c
+++ b/mkfs/dirscan.c
@@ -109,9 +109,9 @@ fail:
 #endif
 
 static int populate_dir(fstree_t *fs, tree_node_t *root, dev_t devstart,
-			unsigned int flags)
+			void *selinux_handle, unsigned int flags)
 {
-	char *extra = NULL;
+	char *extra = NULL, *path;
 	struct dirent *ent;
 	struct stat sb;
 	tree_node_t *n;
@@ -177,6 +177,21 @@ static int populate_dir(fstree_t *fs, tree_node_t *root, dev_t devstart,
 				goto fail;
 		}
 #endif
+		if (selinux_handle != NULL) {
+			path = fstree_get_path(n);
+			if (path == NULL) {
+				perror("getting full path for "
+				       "SELinux relabeling");
+				goto fail;
+			}
+
+			if (selinux_relable_node(selinux_handle, fs, n, path)) {
+				free(path);
+				goto fail;
+			}
+
+			free(path);
+		}
 
 		free(extra);
 		extra = NULL;
@@ -189,7 +204,7 @@ static int populate_dir(fstree_t *fs, tree_node_t *root, dev_t devstart,
 			if (pushd(n->name))
 				return -1;
 
-			if (populate_dir(fs, n, devstart, flags))
+			if (populate_dir(fs, n, devstart, selinux_handle, flags))
 				return -1;
 
 			if (popd())
@@ -206,7 +221,8 @@ fail:
 	return -1;
 }
 
-int fstree_from_dir(fstree_t *fs, const char *path, unsigned int flags)
+int fstree_from_dir(fstree_t *fs, const char *path, void *selinux_handle,
+		    unsigned int flags)
 {
 	struct stat sb;
 	int ret;
@@ -219,7 +235,7 @@ int fstree_from_dir(fstree_t *fs, const char *path, unsigned int flags)
 	if (pushd(path))
 		return -1;
 
-	ret = populate_dir(fs, fs->root, sb.st_dev, flags);
+	ret = populate_dir(fs, fs->root, sb.st_dev, selinux_handle, flags);
 
 	if (popd())
 		ret = -1;
-- 
cgit v1.2.3