From c2a4c9ab9abe2022d753db799dc713ee5c4e5c4c Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Thu, 2 Mar 2017 12:43:10 -0800
Subject: [PATCH] Track the move of split SELinux policy CIL files

The three CIL files comprising split sepolicy are being moved from the
root directory to system and vendor directories based on whether the
file is for platform/system policy or non-platform/vendor policy.

Test: Device boots, no additional SELinux denials. This test was run
      for a device which has split policy and for a device which has
      monolithic policy.
Bug: 31363362
Change-Id: Ica49f0beae56be0f1cea7117e48bf2f6af8b848b
---
 init/init.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/init/init.cpp b/init/init.cpp
index 53e7482e5..28e600803 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -669,7 +669,7 @@ static bool fork_execve_and_wait_for_completion(const char* filename, char* cons
     }
 }
 
-static constexpr const char plat_policy_cil_file[] = "/plat_sepolicy.cil";
+static constexpr const char plat_policy_cil_file[] = "/system/etc/selinux/plat_sepolicy.cil";
 
 static bool selinux_is_split_policy_device() { return access(plat_policy_cil_file, R_OK) != -1; }
 
@@ -701,7 +701,8 @@ static bool selinux_load_split_policy() {
 
     const char* compile_args[] = {"/system/bin/secilc", plat_policy_cil_file, "-M", "true", "-c",
                                   "30",  // TODO: pass in SELinux policy version from build system
-                                  "/mapping_sepolicy.cil", "/nonplat_sepolicy.cil", "-o",
+                                  "/vendor/etc/selinux/mapping_sepolicy.cil",
+                                  "/vendor/etc/selinux/nonplat_sepolicy.cil", "-o",
                                   compiled_sepolicy,
                                   // We don't care about file_contexts output by the compiler
                                   "-f", "/sys/fs/selinux/null",  // /dev/null is not yet available