On 06/22/2015 08:13 AM, Dominick Grift wrote: > Please excuse my ignorance, and please bear with me for a moment: > > I would consider lsetfilecon() functionality roughly the same to that of "restorecon" (in a sense at least). > > Which libselinux interface would be provide roughly the same functionality to that of "restorecon -F" (in a sense at least) ? > > Is that what selinux_lsetfilecon_default() is for? Yes, that's probably the closest equivalent in upstream libselinux. However, in Android libselinux [1], we have a selinux_android_restorecon() function that fully replicates restorecon functionality. We should likely take a version of that to upstream libselinux. Interface is: #define SELINUX_ANDROID_RESTORECON_NOCHANGE 1 #define SELINUX_ANDROID_RESTORECON_VERBOSE 2 #define SELINUX_ANDROID_RESTORECON_RECURSE 4 #define SELINUX_ANDROID_RESTORECON_FORCE 8 #define SELINUX_ANDROID_RESTORECON_DATADATA 16 extern int selinux_android_restorecon(const char *file, unsigned int flags); [1] https://android.googlesource.com/platform/external/libselinux _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
