ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Remove hard-coded policy version from secilc step" am: df2ad0b4ab

Browse source 
am: f7fd531a75

Change-Id: If28e0ea58ef447c3eda58ef3f5900251eabf8001
This commit is contained in:
Alex Klyubin 2017-03-09 21:09:50 +00:00 committed by android-build-merger
commit 33153c6c0d
1 changed files with 22 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
init/init.cpp
View file

@ -790,6 +790,14 @@ static bool selinux_load_split_policy() {
LOG(INFO) << "Compiling SELinux policy"; LOG(INFO) << "Compiling SELinux policy";
// Determine the highest policy language version supported by the kernel
set_selinuxmnt("/sys/fs/selinux");
int max_policy_version = security_policyvers();
if (max_policy_version == -1) {
PLOG(ERROR) << "Failed to determine highest policy version supported by kernel";
return false;
}
// We store the output of the compilation on /dev because this is the most convenient tmpfs // We store the output of the compilation on /dev because this is the most convenient tmpfs
// storage mount available this early in the boot sequence. // storage mount available this early in the boot sequence.
char compiled_sepolicy[] = "/dev/sepolicy.XXXXXX"; char compiled_sepolicy[] = "/dev/sepolicy.XXXXXX";
@ -799,14 +807,20 @@ static bool selinux_load_split_policy() {
return false; return false;
} }
const char* compile_args[] = {"/system/bin/secilc", plat_policy_cil_file, "-M", "true", "-c", // clang-format off
"30", // TODO: pass in SELinux policy version from build system const char* compile_args[] = {
"/vendor/etc/selinux/mapping_sepolicy.cil", "/system/bin/secilc",
"/vendor/etc/selinux/nonplat_sepolicy.cil", "-o", plat_policy_cil_file,
compiled_sepolicy, "-M", "true",
// We don't care about file_contexts output by the compiler // Target the highest policy language version supported by the kernel
"-f", "/sys/fs/selinux/null", // /dev/null is not yet available "-c", std::to_string(max_policy_version).c_str(),
nullptr}; "/vendor/etc/selinux/mapping_sepolicy.cil",
"/vendor/etc/selinux/nonplat_sepolicy.cil",
"-o", compiled_sepolicy,
// We don't care about file_contexts output by the compiler
"-f", "/sys/fs/selinux/null", // /dev/null is not yet available
nullptr};
// clang-format on
if (!fork_execve_and_wait_for_completion(compile_args[0], (char**)compile_args, (char**)ENV)) { if (!fork_execve_and_wait_for_completion(compile_args[0], (char**)compile_args, (char**)ENV)) {
unlink(compiled_sepolicy); unlink(compiled_sepolicy);