ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Fix precompiled sepolicy logic" am: 4664bbc6c7

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/1690527

Change-Id: I095b5009b7a0ff346c5f28b2e9ad2e37efcae178
This commit is contained in:
Inseob Kim 2021-04-30 01:50:04 +00:00 committed by Automerger Merge Worker
commit ff9de56e37
1 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
init/selinux.cpp
View file

@ -240,25 +240,25 @@ Result<std::string> FindPrecompiledSplitPolicy() {
} }
// Use precompiled sepolicy only when all corresponding hashes are equal. // Use precompiled sepolicy only when all corresponding hashes are equal.
// plat_sepolicy is always checked, while system_ext and product are checked only when they
// exist.
std::vector<std::pair<std::string, std::string>> sepolicy_hashes{ std::vector<std::pair<std::string, std::string>> sepolicy_hashes{
{"/system/etc/selinux/plat_sepolicy_and_mapping.sha256", {"/system/etc/selinux/plat_sepolicy_and_mapping.sha256",
precompiled_sepolicy + ".plat_sepolicy_and_mapping.sha256"}, precompiled_sepolicy + ".plat_sepolicy_and_mapping.sha256"},
{"/system_ext/etc/selinux/system_ext_sepolicy_and_mapping.sha256",
precompiled_sepolicy + ".system_ext_sepolicy_and_mapping.sha256"},
{"/product/etc/selinux/product_sepolicy_and_mapping.sha256",
precompiled_sepolicy + ".product_sepolicy_and_mapping.sha256"},
}; };
if (access("/system_ext/etc/selinux/system_ext_sepolicy.cil", F_OK) == 0) {
sepolicy_hashes.emplace_back(
"/system_ext/etc/selinux/system_ext_sepolicy_and_mapping.sha256",
precompiled_sepolicy + ".system_ext_sepolicy_and_mapping.sha256");
}
if (access("/product/etc/selinux/product_sepolicy.cil", F_OK) == 0) {
sepolicy_hashes.emplace_back("/product/etc/selinux/product_sepolicy_and_mapping.sha256",
precompiled_sepolicy + ".product_sepolicy_and_mapping.sha256");
}
for (const auto& [actual_id_path, precompiled_id_path] : sepolicy_hashes) { for (const auto& [actual_id_path, precompiled_id_path] : sepolicy_hashes) {
// Both of them should exist or both of them shouldn't exist.
if (access(actual_id_path.c_str(), R_OK) != 0) {
if (access(precompiled_id_path.c_str(), R_OK) == 0) {
return Error() << precompiled_id_path << " exists but " << actual_id_path
<< " doesn't";
}
continue;
}
std::string actual_id; std::string actual_id;
if (!ReadFirstLine(actual_id_path.c_str(), &actual_id)) { if (!ReadFirstLine(actual_id_path.c_str(), &actual_id)) {
return ErrnoError() << "Failed to read " << actual_id_path; return ErrnoError() << "Failed to read " << actual_id_path;