95 lines
2.2 KiB
Diff
95 lines
2.2 KiB
Diff
|
--- a/CMakeLists.txt 2017-11-27 20:08:14.961623274 +0800
|
||
|
+++ b/CMakeLists.txt 2017-11-27 15:13:34.564869828 +0800
|
||
|
@@ -45,6 +45,10 @@
|
||
|
add_subdirectory(upgraded)
|
||
|
ENDIF()
|
||
|
|
||
|
+IF(SELINUX_ENABLED)
|
||
|
+ ADD_DEFINITIONS(-DSELINUX_ENABLED)
|
||
|
+ENDIF()
|
||
|
+
|
||
|
ADD_EXECUTABLE(procd ${SOURCES})
|
||
|
TARGET_LINK_LIBRARIES(procd ${LIBS})
|
||
|
INSTALL(TARGETS procd
|
||
|
--- a/initd/init.c 2017-11-27 20:08:14.961623274 +0800
|
||
|
+++ b/initd/init.c 2017-11-27 20:09:08.089625538 +0800
|
||
|
@@ -29,6 +29,12 @@
|
||
|
#include <unistd.h>
|
||
|
#include <stdio.h>
|
||
|
|
||
|
+#if SELINUX_ENABLED
|
||
|
+#include <selinux/selinux.h>
|
||
|
+#include <selinux/label.h>
|
||
|
+#include <selinux/restorecon.h>
|
||
|
+#endif
|
||
|
+
|
||
|
#include "../utils/utils.h"
|
||
|
#include "init.h"
|
||
|
#include "../watchdog.h"
|
||
|
@@ -67,6 +73,53 @@
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+#if SELINUX_ENABLED
|
||
|
+static const struct selinux_opt se_opts[] = {
|
||
|
+ { SELABEL_OPT_PATH, "/etc/selinux/targeted/contexts/files/file_contexts" },
|
||
|
+ { 0, NULL } };
|
||
|
+
|
||
|
+struct selabel_handle *h = NULL;
|
||
|
+
|
||
|
+static int procd_selinux_init()
|
||
|
+{
|
||
|
+ int enforce = 0;
|
||
|
+
|
||
|
+ if (getenv("SELINUX_INIT") == NULL) {
|
||
|
+ putenv((char*)"SELINUX_INIT=YES");
|
||
|
+
|
||
|
+ // load policy
|
||
|
+ if (selinux_init_load_policy(&enforce) == 0)
|
||
|
+ fprintf(stdout, "SELinux policy load success!\n");
|
||
|
+ else if (enforce > 0) {
|
||
|
+ /* SELinux in enforcing mode but load_policy failed */
|
||
|
+ fprintf(stderr, "can't load SELinux Policy. "
|
||
|
+ "Machine is in enforcing mode. Halting now.\n");
|
||
|
+ return EXIT_FAILURE;
|
||
|
+ }
|
||
|
+
|
||
|
+ // load file_contexts
|
||
|
+ h = selabel_open(SELABEL_CTX_FILE, se_opts, 1);
|
||
|
+ if (!h)
|
||
|
+ fprintf(stderr, "Error getting file context handle\n");
|
||
|
+ else
|
||
|
+ fprintf(stdout, "%s load success!\n", se_opts[0].value);
|
||
|
+
|
||
|
+ // set init process security context to u:r:init:s0
|
||
|
+ setcon("u:r:init:s0");
|
||
|
+
|
||
|
+ // restore contexts
|
||
|
+ selinux_restorecon("/", SELINUX_RESTORECON_RECURSE |
|
||
|
+ SELINUX_RESTORECON_PROGRESS |
|
||
|
+ SELINUX_RESTORECON_MASS_RELABEL |
|
||
|
+ SELINUX_RESTORECON_IGNORE_NOENTRY |
|
||
|
+ SELINUX_RESTORECON_ADD_ASSOC |
|
||
|
+ SELINUX_RESTORECON_SET_SPECFILE_CTX);
|
||
|
+ }
|
||
|
+
|
||
|
+ return 0;
|
||
|
+}
|
||
|
+#endif
|
||
|
+
|
||
|
int
|
||
|
main(int argc, char **argv)
|
||
|
{
|
||
|
@@ -80,6 +133,11 @@
|
||
|
cmdline();
|
||
|
watchdog_init(1);
|
||
|
|
||
|
+#if SELINUX_ENABLED
|
||
|
+ if (procd_selinux_init() != 0)
|
||
|
+ return EXIT_FAILURE;
|
||
|
+#endif
|
||
|
+
|
||
|
uloop_init();
|
||
|
preinit();
|
||
|
uloop_run();
|