ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reload policy after setting up the data partition.

Browse source 
This forces a policy reload + fixcon to deal with dynamically
delivered policy changing labels on device nodes.

It's implemented as a new keyword in init.

Bug: 8702843
Change-Id: I803cf1ecf6ff8318ce25dcc5cda4f292adc9738c
This commit is contained in:
repo sync 2013-04-29 22:21:06 -07:00
parent 538b5d4e8e
commit fee250d27a
5 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
init/builtins.c
View file

@ -515,6 +515,12 @@ int do_mount_all(int nargs, char **args)
return ret; return ret;
} }
int do_selinux_reload(int nargs, char **args) {
if (is_selinux_enabled() <= 0)
return 0;
return selinux_reload_policy();
}
int do_setcon(int nargs, char **args) { int do_setcon(int nargs, char **args) {
if (is_selinux_enabled() <= 0) if (is_selinux_enabled() <= 0)
return 0; return 0;

1
init/init_parser.c
View file

@ -138,6 +138,7 @@ int lookup_keyword(const char *s)
break; break;
case 's': case 's':
if (!strcmp(s, "eclabel")) return K_seclabel; if (!strcmp(s, "eclabel")) return K_seclabel;
if (!strcmp(s, "elinux_reload_policy")) return K_selinux_reload_policy;
if (!strcmp(s, "ervice")) return K_service; if (!strcmp(s, "ervice")) return K_service;
if (!strcmp(s, "etcon")) return K_setcon; if (!strcmp(s, "etcon")) return K_setcon;
if (!strcmp(s, "etenforce")) return K_setenforce; if (!strcmp(s, "etenforce")) return K_setenforce;

2
init/keywords.h
View file

@ -18,6 +18,7 @@ int do_restart(int nargs, char **args);
int do_restorecon(int nargs, char **args); int do_restorecon(int nargs, char **args);
int do_rm(int nargs, char **args); int do_rm(int nargs, char **args);
int do_rmdir(int nargs, char **args); int do_rmdir(int nargs, char **args);
int do_selinux_reload(int nargs, char **args);
int do_setcon(int nargs, char **args); int do_setcon(int nargs, char **args);
int do_setenforce(int nargs, char **args); int do_setenforce(int nargs, char **args);
int do_setkey(int nargs, char **args); int do_setkey(int nargs, char **args);
@ -71,6 +72,7 @@ enum {
KEYWORD(rm, COMMAND, 1, do_rm) KEYWORD(rm, COMMAND, 1, do_rm)
KEYWORD(rmdir, COMMAND, 1, do_rmdir) KEYWORD(rmdir, COMMAND, 1, do_rmdir)
KEYWORD(seclabel, OPTION, 0, 0) KEYWORD(seclabel, OPTION, 0, 0)
KEYWORD(selinux_reload_policy, COMMAND, 0, do_selinux_reload)
KEYWORD(service, SECTION, 0, 0) KEYWORD(service, SECTION, 0, 0)
KEYWORD(setcon, COMMAND, 1, do_setcon) KEYWORD(setcon, COMMAND, 1, do_setcon)
KEYWORD(setenforce, COMMAND, 1, do_setenforce) KEYWORD(setenforce, COMMAND, 1, do_setenforce)

3
init/property_service.c
View file

@ -384,9 +384,6 @@ int property_set(const char *name, const char *value)
* to prevent them from being overwritten by default values. * to prevent them from being overwritten by default values.
*/ */
write_persistent_property(name, value); write_persistent_property(name, value);
} else if (strcmp("selinux.reload_policy", name) == 0 &&
strcmp("1", value) == 0) {
selinux_reload_policy();
} }
property_changed(name, value); property_changed(name, value);
return 0; return 0;

4
rootdir/init.rc
View file

@ -177,6 +177,9 @@ on post-fs
mkdir /cache/lost+found 0770 root root mkdir /cache/lost+found 0770 root root
on post-fs-data on post-fs-data
# reload SELinux based on what we find on the data partition
selinux_reload_policy
# We chown/chmod /data again so because mount is run as root + defaults # We chown/chmod /data again so because mount is run as root + defaults
chown system system /data chown system system /data
chmod 0771 /data chmod 0771 /data
@ -410,6 +413,7 @@ service ueventd /sbin/ueventd
seclabel u:r:ueventd:s0 seclabel u:r:ueventd:s0
on property:selinux.reload_policy=1 on property:selinux.reload_policy=1
selinux_reload_policy
restart ueventd restart ueventd
restart installd restart installd