diff --git a/udev_add.c b/udev_add.c index e5bd042a5..eeab1ca17 100644 --- a/udev_add.c +++ b/udev_add.c @@ -83,7 +83,6 @@ create: selinux_setfscreatecon(file, udev->kernel_name, mode); retval = mknod(file, mode, devt); - selinux_resetfscreatecon(); if (retval != 0) { dbg("mknod(%s, %#o, %u, %u) failed with error '%s'", file, mode, major(devt), minor(devt), strerror(errno)); @@ -197,7 +196,6 @@ static int create_node(struct udevice *udev, struct sysfs_class_device *class_de /* create symlink(s) if requested */ foreach_strpart(udev->symlink, " ", pos, len) { - int retval; char linkname[NAME_SIZE]; char linktarget[NAME_SIZE]; @@ -229,11 +227,9 @@ static int create_node(struct udevice *udev, struct sysfs_class_device *class_de dbg("symlink(%s, %s)", linktarget, filename); if (!udev->test_run) { - unlink(filename); selinux_setfscreatecon(filename, udev->kernel_name, S_IFLNK); - retval = symlink(linktarget, filename); - selinux_resetfscreatecon(); - if (retval != 0) + unlink(filename); + if (symlink(linktarget, filename) != 0) dbg("symlink(%s, %s) failed with error '%s'", linktarget, filename, strerror(errno)); } @@ -330,7 +326,7 @@ int udev_add_device(struct udevice *udev, struct sysfs_class_device *class_dev) } exit: - selinux_exit(); + selinux_restore(); return retval; } diff --git a/udev_selinux.c b/udev_selinux.c index cc6f4d7d3..72381f0d0 100644 --- a/udev_selinux.c +++ b/udev_selinux.c @@ -105,7 +105,7 @@ void selinux_setfilecon(const char *file, const char *devname, unsigned int mode } if (setfilecon(file, scontext) < 0) - dbg("setfilecon %s failed with error '%s'", file, strerror(errno)); + dbg("setfiles %s failed with error '%s'", file, strerror(errno)); freecon(scontext); } @@ -131,20 +131,12 @@ void selinux_setfscreatecon(const char *file, const char *devname, unsigned int } if (setfscreatecon(scontext) < 0) - dbg("setfscreatecon %s failed with error '%s'", file, strerror(errno)); + dbg("setfiles %s failed with error '%s'", file, strerror(errno)); freecon(scontext); } } -void selinux_resetfscreatecon(void) -{ - if (is_selinux_running()) { - if (setfscreatecon(prev_scontext) < 0) - dbg("setfscreatecon %s failed with error '%s'", file, strerror(errno)); - } -} - void selinux_init(void) { /* @@ -152,17 +144,23 @@ void selinux_init(void) * restoration creation purposes. */ if (is_selinux_running()) { - if (getfscreatecon(&prev_scontext) < 0) { + if (getfscreatecon(&prev_scontext) < 0) dbg("getfscreatecon failed\n"); + + prev_scontext = NULL; + } +} + +void selinux_restore(void) +{ + if (is_selinux_running()) { + /* reset the file create context to its former glory */ + if (setfscreatecon(prev_scontext) < 0) + dbg("setfscreatecon failed\n"); + + if (prev_scontext) { + freecon(prev_scontext); prev_scontext = NULL; } } } - -void selinux_exit(void) -{ - if (is_selinux_running() && prev_scontext) { - freecon(prev_scontext); - prev_scontext = NULL; - } -} diff --git a/udev_selinux.h b/udev_selinux.h index d9dfeffad..132a9a655 100644 --- a/udev_selinux.h +++ b/udev_selinux.h @@ -24,17 +24,15 @@ extern void selinux_setfilecon(const char *file, const char *devname, unsigned int mode); extern void selinux_setfscreatecon(const char *file, const char *devname, unsigned int mode); -extern void selinux_resetfscreatecon(void); extern void selinux_init(void); -extern void selinux_exit(void); +extern void selinux_restore(void); #else static inline void selinux_setfilecon(const char *file, const char *devname, unsigned int mode) {} static inline void selinux_setfscreatecon(const char *file, const char *devname, unsigned int mode) {} -static inline void selinux_resetfscreatecon(void) {} static inline void selinux_init(void) {} -static inline void selinux_exit(void) {} +static inline void selinux_restore(void) {} #endif /* USE_SELINUX */ #endif /* _UDEV_USE_SELINUX */