ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reflect move of mapping file to /system.

Browse source 
Bug: 36783775
Test: boot device with matching sha256 and non-matching and verify that
device boots and uses either precompiled or compiled policy as needed. Also
verify that mapping_sepolicy.cil has moved.

Change-Id: I9c3df2e7ed3f0eadd98e98529ebed360fec66dba
This commit is contained in:
Dan Cashman 2017-04-06 09:51:23 -07:00
parent 210be3820f
commit 39ffec779a
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
init/init.cpp
View file

@ -714,14 +714,18 @@ static bool selinux_find_precompiled_split_policy(std::string* file) {
return false; return false;
} }
std::string actual_plat_id; std::string actual_plat_id;
if (!read_first_line("/system/etc/selinux/plat_sepolicy.cil.sha256", &actual_plat_id)) { if (!read_first_line("/system/etc/selinux/plat_and_mapping_sepolicy.cil.sha256",
PLOG(INFO) << "Failed to read /system/etc/selinux/plat_sepolicy.cil.sha256"; &actual_plat_id)) {
PLOG(INFO) << "Failed to read "
"/system/etc/selinux/plat_and_mapping_sepolicy.cil.sha256";
return false; return false;
} }
std::string precompiled_plat_id; std::string precompiled_plat_id;
if (!read_first_line("/vendor/etc/selinux/precompiled_sepolicy.plat.sha256", if (!read_first_line("/vendor/etc/selinux/precompiled_sepolicy.plat_and_mapping.sha256",
&precompiled_plat_id)) { &precompiled_plat_id)) {
PLOG(INFO) << "Failed to read /vendor/etc/selinux/precompiled_sepolicy.plat.sha256"; PLOG(INFO) << "Failed to read "
"/vendor/etc/selinux/"
"precompiled_sepolicy.plat_and_mapping.sha256";
return false; return false;
} }
if ((actual_plat_id.empty()) || (actual_plat_id != precompiled_plat_id)) { if ((actual_plat_id.empty()) || (actual_plat_id != precompiled_plat_id)) {
@ -793,7 +797,7 @@ static bool selinux_load_split_policy() {
"-M", "true", "-M", "true",
// Target the highest policy language version supported by the kernel // Target the highest policy language version supported by the kernel
"-c", std::to_string(max_policy_version).c_str(), "-c", std::to_string(max_policy_version).c_str(),
"/vendor/etc/selinux/mapping_sepolicy.cil", "/system/etc/selinux/mapping_sepolicy.cil",
"/vendor/etc/selinux/nonplat_sepolicy.cil", "/vendor/etc/selinux/nonplat_sepolicy.cil",
"-o", compiled_sepolicy, "-o", compiled_sepolicy,
// We don't care about file_contexts output by the compiler // We don't care about file_contexts output by the compiler