+static void selinux_init(struct udev *udev)
+{
+#ifdef USE_SELINUX
+ /*
+ * record the present security context, for file-creation
+ * restoration creation purposes.
+ */
+ udev->selinux_enabled = (is_selinux_enabled() > 0);
+ info(udev, "selinux=%i\n", udev->selinux_enabled);
+ if (udev->selinux_enabled) {
+ matchpathcon_init_prefix(NULL, udev_get_dev_path(udev));
+ if (getfscreatecon(&udev->selinux_prev_scontext) < 0) {
+ err(udev, "getfscreatecon failed\n");
+ udev->selinux_prev_scontext = NULL;
+ }
+ }
+#endif
+}
+
+static void selinux_exit(struct udev *udev)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ freecon(udev->selinux_prev_scontext);
+ udev->selinux_prev_scontext = NULL;
+ }
+#endif
+}
+
+void udev_selinux_lsetfilecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ security_context_t scontext = NULL;
+
+ if (matchpathcon(file, mode, &scontext) < 0) {
+ err(udev, "matchpathcon(%s) failed\n", file);
+ return;
+ }
+ if (lsetfilecon(file, scontext) < 0)
+ err(udev, "setfilecon %s failed: %s\n", file, strerror(errno));
+ freecon(scontext);
+ }
+#endif
+}
+
+void udev_selinux_setfscreatecon(struct udev *udev, const char *file, unsigned int mode)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ security_context_t scontext = NULL;
+
+ if (matchpathcon(file, mode, &scontext) < 0) {
+ err(udev, "matchpathcon(%s) failed\n", file);
+ return;
+ }
+ if (setfscreatecon(scontext) < 0)
+ err(udev, "setfscreatecon %s failed: %s\n", file, strerror(errno));
+ freecon(scontext);
+ }
+#endif
+}
+
+void udev_selinux_resetfscreatecon(struct udev *udev)
+{
+#ifdef USE_SELINUX
+ if (udev->selinux_enabled) {
+ if (setfscreatecon(udev->selinux_prev_scontext) < 0)
+ err(udev, "setfscreatecon failed: %s\n", strerror(errno));
+ }
+#endif
+}
+