Set the SELinux security label on new directories.

Automatically set the SELinux security label on directories created
by init.rc.  This avoids the need to separately call restorecon on
each such directory from the init.rc file.  Also restorecon /dev
and /dev/socket after initial policy load so that they are labeled
correctly before any other dev nodes or sockets are created.

Change-Id: If6af6c4887cdead949737cebdd673957e9273ead
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

1 files changed, 1 insertions, 27 deletions

diff --git a/init/devices.c b/init/devices.c
index 3b4d369d..1394351d 100644
--- a/init/devices.c
+++ b/init/devices.c
@@ -52,7 +52,7 @@
 #define FIRMWARE_DIR2   "/vendor/firmware"
 
 #ifdef HAVE_SELINUX
-static struct selabel_handle *sehandle;
+extern struct selabel_handle *sehandle;
 #endif
 
 static int device_fd = -1;
@@ -219,32 +219,6 @@ static void make_device(const char *path,
 #endif
 }
 
-
-static int make_dir(const char *path, mode_t mode)
-{
-    int rc;
-
-#ifdef HAVE_SELINUX
-    char *secontext = NULL;
-
-    if (sehandle) {
-        selabel_lookup(sehandle, &secontext, path, mode);
-        setfscreatecon(secontext);
-    }
-#endif
-
-    rc = mkdir(path, mode);
-
-#ifdef HAVE_SELINUX
-    if (secontext) {
-        freecon(secontext);
-        setfscreatecon(NULL);
-    }
-#endif
-    return rc;
-}
-
-
 static void add_platform_device(const char *name)
 {
     int name_len = strlen(name);