From eae8bc192e19dbdce118bf7b936befb3953a21ea Mon Sep 17 00:00:00 2001
From: Xin Shi <shixin21@huawei.com>
Date: Thu, 24 Aug 2023 09:34:46 +0800
Subject: [PATCH 3/5] add support to relabel systemd process for embedded

Signed-off-by: Xin Shi <shixin21@huawei.com>
---
 src/core/selinux-setup.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index 2bafbee..74e2a2f 100644
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -6,6 +6,7 @@
 
 #if HAVE_SELINUX
 #include <selinux/selinux.h>
+#include <selinux/restorecon.h>
 #endif
 
 #include "log.h"
@@ -68,6 +69,10 @@ int mac_selinux_setup(bool *loaded_policy) {
 
                 mac_selinux_retest();
 
+		int ret = selinux_restorecon(SYSTEMD_BINARY_PATH, 0);
+		if (ret != 0)
+			log_warning("Failed to relabel %s, errno=%d.", SYSTEMD_BINARY_PATH, errno);
+
                 /* Transition to the new context */
                 r = mac_selinux_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
                 if (r < 0 || !label) {
-- 
2.27.0