From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id t91FLXYM005194 for ; Thu, 1 Oct 2015 11:21:34 -0400 Date: Thu, 1 Oct 2015 15:18:47 +0000 (UTC) From: Richard Haines Reply-To: Richard Haines To: Stephen Smalley , "selinux@tycho.nsa.gov" Message-ID: <212239354.5552563.1443712727654.JavaMail.yahoo@mail.yahoo.com> In-Reply-To: <560AF385.1090407@tycho.nsa.gov> References: <560AF385.1090407@tycho.nsa.gov> Subject: Re: [RFC PATCH V2] libselinux: Add selinux_restorecon function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: > On Tuesday, 29 September 2015, 21:25, Stephen Smalley wrote: > > On 09/27/2015 08:06 AM, Richard Haines wrote: >> The selinux_restorecon(3) man page details this function that relies >> on the selabel_digest(3) function available from [1] (as not yet >> part of upstream libselinux). >> >> It has been built using the work from Android where an SHA1 hash >> of the specfiles is held in an extended attribute to enhance >> performance. Also contains components from policycoreutils/setfiles. >> >> The utils/selinux_restorecon.c utility demonstrates the functionality. >> >> [1] http://marc.info/?l=selinux&m=144274383217343&w=2 >> >> Signed-off-by: Richard Haines >> --- ------------ snip -------------- >> + >> +extern int selinux_restorecon(const char **pathname_list, >> + const char **exclude_list, >> + const char *fc_path, >> + unsigned int restorecon_flags); > > This is a more cumbersome interface for typical users than the Android one. To make this easier would you prefer it to just take a single pathname and the flags (and maybe the fc_path as well, or add another interface to take it as discussed below) The only reason I put the exclude_list is to allow filesystems that don't have xattr support to be excluded by the caller. This could probably be resolved by always setting the FTS_XDEV flag with the caller ensuring they cover their relevant filesystems. ---------------- snip ---------------------- >> + fc_sehandle = selabel_open(SELABEL_CTX_FILE, fc_opts, > NUM_SELABEL_OPTS); >> + if (!fc_sehandle) { >> + selinux_log(SELINUX_ERROR, >> + "Error obtaining file context handle: %s\n", >> + strerror(errno)); >> + return -1; >> + } > > Android only does this once, not on every call to restorecon. > Caller that wants to use selabel_open() itself with custom options can > use selinux_android_set_sethandle() after selabel_open() call; > otherwise, callers don't ever have to specify selabel_open() args. I could implement a similar interface to selinux_android_file_context_handle (I guess that is what you are referring to) that would also take the fc_path if this would be useful, it then keep selinux_restorecon simple and in line with Android. >