ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

am 52351300: Revert "Add a version check for SELinux policy on device."

Browse source 
* commit '52351300d156826bf22c493828571f45a1cea16a':
  Revert "Add a version check for SELinux policy on device."
This commit is contained in:
gcondra@google.com 2013-05-20 15:52:26 -07:00 committed by Android Git Automerger
commit b9866649e2
2 changed files with 3 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
init/init.c
View file

@ -61,9 +61,6 @@
struct selabel_handle *sehandle; struct selabel_handle *sehandle;
struct selabel_handle *sehandle_prop; struct selabel_handle *sehandle_prop;
#define SELINUX_DATA_POLICY_VERSION_PATH "/data/security/bundle/metadata/version"
#define SELINUX_BOOT_POLICY_VERSION_PATH "/sepolicy.version"
static int property_triggers_enabled = 0; static int property_triggers_enabled = 0;
#if BOOTCHART #if BOOTCHART
@ -777,58 +774,6 @@ void selinux_init_all_handles(void)
sehandle_prop = selinux_android_prop_context_handle(); sehandle_prop = selinux_android_prop_context_handle();
} }
static int selinux_read_version_file(char *version_file_path)
{
unsigned version_string_length = 0;
unsigned characters_consumed = 0;
int policy_version = 0;
char *version_string;
version_string = read_file(version_file_path, &version_string_length);
if (version_string == NULL)
return -1;
sscanf(version_string, "%d%n", &policy_version, &characters_consumed);
free(version_string);
if (characters_consumed != (version_string_length - 1))
return -1;
return policy_version;
}
static int selinux_check_policy_version(void)
{
int data_policy_version = 0;
int boot_policy_version = 0;
// get the policy version for the sepolicy on the data partition
// fail open to allow the existing policy to relabel
data_policy_version = selinux_read_version_file(SELINUX_DATA_POLICY_VERSION_PATH);
if (data_policy_version < 0) {
INFO("Couldn't read data policy version file");
return 0;
}
// get the policy version for the sepolicy on the boot partition
// fail open to allow devices without an sepolicy.version to update
boot_policy_version = selinux_read_version_file(SELINUX_BOOT_POLICY_VERSION_PATH);
if (boot_policy_version < 0) {
INFO("Couldn't read boot policy version file");
return 0;
}
// return an error if the "updated" policy is too old
if (data_policy_version <= boot_policy_version) {
ERROR("SELinux: data policy version (%d) <= factory policy version (%d)",
data_policy_version,
boot_policy_version);
return -1;
}
return 0;
}
int selinux_reload_policy(void) int selinux_reload_policy(void)
{ {
if (!selinux_enabled) { if (!selinux_enabled) {
@ -837,10 +782,6 @@ int selinux_reload_policy(void)
INFO("SELinux: Attempting to reload policy files\n"); INFO("SELinux: Attempting to reload policy files\n");
if (selinux_check_policy_version() == -1) {
return -1;
}
if (selinux_android_reload_policy() == -1) { if (selinux_android_reload_policy() == -1) {
return -1; return -1;
} }

6
rootdir/init.rc
View file

@ -177,6 +177,9 @@ on post-fs
mkdir /cache/lost+found 0770 root root mkdir /cache/lost+found 0770 root root
on post-fs-data on post-fs-data
# reload SELinux based on what we find on the data partition
selinux_reload_policy
# We chown/chmod /data again so because mount is run as root + defaults # We chown/chmod /data again so because mount is run as root + defaults
chown system system /data chown system system /data
chmod 0771 /data chmod 0771 /data
@ -260,9 +263,6 @@ on post-fs-data
#setprop vold.post_fs_data_done 1 #setprop vold.post_fs_data_done 1
on boot on boot
# reload SELinux policy to make sure we use the most up-to-date one
selinux_reload_policy
# basic network init # basic network init
ifup lo ifup lo
hostname localhost hostname localhost