add fix /data/data contexts to fixPermissions
only compile symbols if selinux is defined
Change-Id: I7c8596360cdf2f715c8e1379fc55ea27d9370393
diff --git a/fixPermissions.cpp b/fixPermissions.cpp
index 2fa1b66..78e7654 100644
--- a/fixPermissions.cpp
+++ b/fixPermissions.cpp
@@ -30,10 +30,63 @@
 #include "fixPermissions.hpp"
 #include "twrp-functions.hpp"
 #include "twcommon.h"
+#ifdef HAVE_SELINUX
+#include "selinux/selinux.h"
+#include "selinux/label.h"
+#include "selinux/android.h"
+#include "selinux/label.h"
+#endif
 
 using namespace std;
 using namespace rapidxml;
 
+#ifdef HAVE_SELINUX
+int fixPermissions::restorecon(string entry, struct stat *sb) {
+	char *oldcontext, *newcontext;
+	struct selabel_handle *sehandle;
+
+	sehandle = selinux_android_file_context_handle();
+	if (lgetfilecon(entry.c_str(), &oldcontext) < 0) {
+		LOGINFO("Couldn't get selinux context for %s\n", entry.c_str());
+		return -1;
+	}
+	if (selabel_lookup(sehandle, &newcontext, entry.c_str(), sb->st_mode) < 0) {
+		LOGINFO("Couldn't lookup selinux context for %s\n", entry.c_str());
+		return -1;
+	}
+	LOGINFO("Relabeling %s from %s to %s\n", entry.c_str(), oldcontext, newcontext);
+	if (lsetfilecon(entry.c_str(), newcontext) < 0) {
+		LOGINFO("Couldn't label %s with %s: %s\n", entry.c_str(), newcontext, strerror(errno));
+	}
+	freecon(oldcontext);
+	freecon(newcontext);
+	return 0;
+}
+
+int fixPermissions::fixDataDataContexts(void) {
+	DIR *d;
+	struct dirent *de;
+	struct stat sb;
+	struct selabel_handle *selinux_handle;
+	struct selinux_opt selinux_options[] = {
+		{ SELABEL_OPT_PATH, "/file_contexts" }
+	};
+	selinux_handle = selabel_open(SELABEL_CTX_FILE, selinux_options, 1);
+	if (!selinux_handle)
+		printf("No file contexts for SELinux\n");
+	else
+		printf("SELinux contexts loaded from /file_contexts\n");
+	d = opendir("/data/data");
+	while (( de = readdir(d)) != NULL) {
+		stat(de->d_name, &sb);
+		string f = "/data/data/";
+		f = f + de->d_name;
+		restorecon(f, &sb);
+	}
+	return 0;
+}
+#endif
+
 int fixPermissions::fixPerms(bool enable_debug, bool remove_data_for_missing_apps) {
 	packageFile = "/data/system/packages.xml";
 	debug = enable_debug;
@@ -116,6 +169,10 @@
 			return -1;
 		}
 	}
+	#ifdef HAVE_SELINUX
+	gui_print("Fixing /data/data contexts.\n");
+	fixDataDataContexts();
+	#endif
 	gui_print("Done fixing permissions.\n");
 	return 0;
 }
@@ -225,7 +282,7 @@
 	while (temp != NULL) {
 		if (TWFunc::Path_Exists(temp->codePath)) {
 			if (temp->appDir.compare("/system/app") == 0) {
-				if (debug)  {
+				if (debug)	{
 					LOGINFO("Looking at '%s'\n", temp->codePath.c_str());
 					LOGINFO("Fixing permissions on '%s'\n", temp->pkgName.c_str());
 					LOGINFO("Directory: '%s'\n", temp->appDir.c_str());
diff --git a/fixPermissions.hpp b/fixPermissions.hpp
index 491029a..aa6f609 100644
--- a/fixPermissions.hpp
+++ b/fixPermissions.hpp
@@ -27,6 +27,9 @@
 		int fixDataApps();
 		int fixAllFiles(string directory, int gid, int uid, string file_perms);
 		int fixDataData(string dataDir);
+		int fixDataDataContexts(void);
+		int restorecon(std::string entry, struct stat *sb);
+
 		struct package {
 			string pkgName;
 			string codePath;