From e9887e46cea4a095e4219927eadbe4c57bb1a5ee Mon Sep 17 00:00:00 2001
From: Robert Craig <rpcraig@tycho.ncsc.mil>
Date: Thu, 20 Feb 2014 10:25:56 -0500
Subject: [PATCH] Extend installd to support SELinux restorecon function.

Implement new restorecondata function which will allow
the relabeling of /data/data and /data/user directories.
This is needed in the case of certain OTAs. Not every
boot will apply this relabeling however. Consult change
I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1 for
clarification on this issue.

Change-Id: I05e8b438950ddb908e46c9168ea6ee601e6d674f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 cmds/installd/commands.c | 29 +++++++++++++++++++++++++++++
 cmds/installd/installd.c |  7 +++++++
 cmds/installd/installd.h |  1 +
 3 files changed, 37 insertions(+)

diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c
index f1f6f9972..12e8cd199 100644
--- a/cmds/installd/commands.c
+++ b/cmds/installd/commands.c
@@ -1234,3 +1234,32 @@ fail:
     }
     return -1;
 }
+
+int restorecon_data()
+{
+    char *data_dir = build_string2(android_data_dir.path, PRIMARY_USER_PREFIX);
+    char *user_dir = build_string2(android_data_dir.path, SECONDARY_USER_PREFIX);
+
+    unsigned int flags = SELINUX_ANDROID_RESTORECON_RECURSE |
+            SELINUX_ANDROID_RESTORECON_DATADATA;
+
+    int ret = 0;
+
+    if (!data_dir || !user_dir) {
+        return -1;
+    }
+
+    if (selinux_android_restorecon(data_dir, flags) < 0) {
+        ALOGE("restorecon failed for %s: %s\n", data_dir, strerror(errno));
+        ret |= -1;
+    }
+
+    if (selinux_android_restorecon(user_dir, flags) < 0) {
+        ALOGE("restorecon failed for %s: %s\n", user_dir, strerror(errno));
+        ret |= -1;
+    }
+
+    free(data_dir);
+    free(user_dir);
+    return ret;
+}
diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c
index b4df3a3ba..40fc13f0e 100644
--- a/cmds/installd/installd.c
+++ b/cmds/installd/installd.c
@@ -129,6 +129,12 @@ static int do_idmap(char **arg, char reply[REPLY_MAX])
     return idmap(arg[0], arg[1], atoi(arg[2]));
 }
 
+static int do_restorecon_data(char **arg __attribute__((unused)),
+    char reply[REPLY_MAX] __attribute__((unused)))
+{
+    return restorecon_data();
+}
+
 struct cmdinfo {
     const char *name;
     unsigned numargs;
@@ -153,6 +159,7 @@ struct cmdinfo cmds[] = {
     { "mkuserdata",           4, do_mk_user_data },
     { "rmuser",               1, do_rm_user },
     { "idmap",                3, do_idmap },
+    { "restorecondata",       0, do_restorecon_data },
 };
 
 static int readx(int s, void *_buf, int count)
diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h
index b45803185..3e9caf36b 100644
--- a/cmds/installd/installd.h
+++ b/cmds/installd/installd.h
@@ -213,3 +213,4 @@ int dexopt(const char *apk_path, uid_t uid, int is_public, const char *pkgName);
 int movefiles();
 int linklib(const char* target, const char* source, int userId);
 int idmap(const char *target_path, const char *overlay_path, uid_t uid);
+int restorecon_data();