From cc13e8ab87f74143293722e5301480fbe31b788d Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 26 Aug 2013 10:53:25 -0400
Subject: [PATCH] Do not change ownership of /sys/fs/selinux/load to system
 UID.

Policy reload is handled by setting the selinux.reload_policy property
and letting the init process perform the actual loading of policy into
the kernel.  Thus, there should be no need for the system UID to directly
write to /sys/fs/selinux/load.

Change-Id: I240c5bb2deaee757a2e1e396e14dea9e5d9286f5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 rootdir/init.rc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 5e3c99156..21ae5bf5c 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -339,7 +339,6 @@ on boot
     chown root radio /proc/cmdline
 
 # Set these so we can remotely update SELinux policy
-    chown system system /sys/fs/selinux/load
     chown system system /sys/fs/selinux/enforce
 
 # Define TCP buffer sizes for various networks