ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "selinux: use the policy version defined in sepolicy"

Browse source 
am: e21d07fbab

Change-Id: I8fd4263d0e3c9cb7a35f2503e86c26952474267d
This commit is contained in:
Jeffrey Vander Stoep 2019-03-19 15:03:29 -07:00 committed by android-build-merger
commit 75c256ca4a
3 changed files with 6 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
init/Android.bp
View file

@ -91,7 +91,7 @@ cc_defaults {
cc_library_static { cc_library_static {
name: "libinit", name: "libinit",
recovery_available: true, recovery_available: true,
defaults: ["init_defaults"], defaults: ["init_defaults", "selinux_policy_version"],
srcs: [ srcs: [
"action.cpp", "action.cpp",
"action_manager.cpp", "action_manager.cpp",

5
init/Android.mk
View file

@ -2,6 +2,8 @@
LOCAL_PATH:= $(call my-dir) LOCAL_PATH:= $(call my-dir)
include system/sepolicy/policy_version.mk
# -- # --
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
@ -28,7 +30,8 @@ init_options += \
-DSHUTDOWN_ZERO_TIMEOUT=0 -DSHUTDOWN_ZERO_TIMEOUT=0
endif endif
init_options += -DLOG_UEVENTS=0 init_options += -DLOG_UEVENTS=0 \
-DSEPOLICY_VERSION=$(POLICYVERS)
init_cflags += \ init_cflags += \
$(init_options) \ $(init_options) \

11
init/selinux.cpp
View file

@ -316,14 +316,6 @@ bool LoadSplitPolicy() {
LOG(INFO) << "Compiling SELinux policy"; LOG(INFO) << "Compiling SELinux policy";
// Determine the highest policy language version supported by the kernel
set_selinuxmnt("/sys/fs/selinux");
int max_policy_version = security_policyvers();
if (max_policy_version == -1) {
PLOG(ERROR) << "Failed to determine highest policy version supported by kernel";
return false;
}
// We store the output of the compilation on /dev because this is the most convenient tmpfs // We store the output of the compilation on /dev because this is the most convenient tmpfs
// storage mount available this early in the boot sequence. // storage mount available this early in the boot sequence.
char compiled_sepolicy[] = "/dev/sepolicy.XXXXXX"; char compiled_sepolicy[] = "/dev/sepolicy.XXXXXX";
@ -370,14 +362,13 @@ bool LoadSplitPolicy() {
if (access(odm_policy_cil_file.c_str(), F_OK) == -1) { if (access(odm_policy_cil_file.c_str(), F_OK) == -1) {
odm_policy_cil_file.clear(); odm_policy_cil_file.clear();
} }
const std::string version_as_string = std::to_string(max_policy_version); const std::string version_as_string = std::to_string(SEPOLICY_VERSION);
// clang-format off // clang-format off
std::vector<const char*> compile_args { std::vector<const char*> compile_args {
"/system/bin/secilc", "/system/bin/secilc",
use_userdebug_policy ? userdebug_plat_policy_cil_file : plat_policy_cil_file, use_userdebug_policy ? userdebug_plat_policy_cil_file : plat_policy_cil_file,
"-m", "-M", "true", "-G", "-N", "-m", "-M", "true", "-G", "-N",
// Target the highest policy language version supported by the kernel
"-c", version_as_string.c_str(), "-c", version_as_string.c_str(),
plat_mapping_file.c_str(), plat_mapping_file.c_str(),
"-o", compiled_sepolicy, "-o", compiled_sepolicy,