commit aa4051dc4f90f987ba05269ce396d676571156e0
author Nick Kralevich <nnk@google.com> Thu Oct 10 12:38:44 2013 -0700
committer Android Git Automerger <android-git-automerger@android.com> Thu Oct 10 12:38:44 2013 -0700
tree 29f9730a4b5a1ab3e90460274aee6942ece88173
parent 33d1e6294f609c4f417905239bd5a086f3ef880f
parent 2f924ebe0b0891dba1996c246839427b23705018

am 2f924ebe: am a94d2b39: Merge "Add a restorecon_recursive built-in command to init."

* commit '2f924ebe0b0891dba1996c246839427b23705018':
  Add a restorecon_recursive built-in command to init.

init/builtins.c

diff --git a/init/builtins.c b/init/builtins.c
index e8c8f91..e2932d5 100644
--- a/init/builtins.c
+++ b/init/builtins.c
@@ -797,12 +797,24 @@
 
 int do_restorecon(int nargs, char **args) {
     int i;
+    int ret = 0;
 
     for (i = 1; i < nargs; i++) {
         if (restorecon(args[i]) < 0)
-            return -errno;
+            ret = -errno;
     }
-    return 0;
+    return ret;
+}
+
+int do_restorecon_recursive(int nargs, char **args) {
+    int i;
+    int ret = 0;
+
+    for (i = 1; i < nargs; i++) {
+        if (restorecon_recursive(args[i]) < 0)
+            ret = -errno;
+    }
+    return ret;
 }
 
 int do_setsebool(int nargs, char **args) {

init/init_parser.c

diff --git a/init/init_parser.c b/init/init_parser.c
index 667c7ab..3f0838f 100644
--- a/init/init_parser.c
+++ b/init/init_parser.c
@@ -135,6 +135,7 @@
     case 'r':
         if (!strcmp(s, "estart")) return K_restart;
         if (!strcmp(s, "estorecon")) return K_restorecon;
+        if (!strcmp(s, "estorecon_recursive")) return K_restorecon_recursive;
         if (!strcmp(s, "mdir")) return K_rmdir;
         if (!strcmp(s, "m")) return K_rm;
         break;

init/keywords.h

diff --git a/init/keywords.h b/init/keywords.h
index 5a44df3..97fe50c 100644
--- a/init/keywords.h
+++ b/init/keywords.h
@@ -17,6 +17,7 @@
 int do_powerctl(int nargs, char **args);
 int do_restart(int nargs, char **args);
 int do_restorecon(int nargs, char **args);
+int do_restorecon_recursive(int nargs, char **args);
 int do_rm(int nargs, char **args);
 int do_rmdir(int nargs, char **args);
 int do_setcon(int nargs, char **args);
@@ -71,6 +72,7 @@
     KEYWORD(powerctl,    COMMAND, 1, do_powerctl)
     KEYWORD(restart,     COMMAND, 1, do_restart)
     KEYWORD(restorecon,  COMMAND, 1, do_restorecon)
+    KEYWORD(restorecon_recursive,  COMMAND, 1, do_restorecon_recursive)
     KEYWORD(rm,          COMMAND, 1, do_rm)
     KEYWORD(rmdir,       COMMAND, 1, do_rmdir)
     KEYWORD(seclabel,    OPTION,  0, 0)

init/readme.txt

diff --git a/init/readme.txt b/init/readme.txt
index 1e8c392..42a09cb 100644
--- a/init/readme.txt
+++ b/init/readme.txt
@@ -192,12 +192,18 @@
    device by name.
    <mountoption>s include "ro", "rw", "remount", "noatime", ...
 
-restorecon <path>
+restorecon <path> [ <path> ]*
    Restore the file named by <path> to the security context specified
    in the file_contexts configuration.
    Not required for directories created by the init.rc as these are
    automatically labeled correctly by init.
 
+restorecon_recursive <path> [ <path> ]*
+   Recursively restore the directory tree named by <path> to the
+   security contexts specified in the file_contexts configuration.
+   Do NOT use this with paths leading to shell-writable or app-writable
+   directories, e.g. /data/local/tmp, /data/data or any prefix thereof.
+
 setcon <securitycontext>
    Set the current process security context to the specified string.
    This is typically only used from early-init to set the init context