Create a new location for /data policy files

Updating the location of policy files from
/data/system to /data/securtiy. Requires a
new directory to be created by init and an
update to the location of the
property_contexts file for property service.

Change-Id: Ibac2a84dfb403339bd169787cb5b7f24655be429

3 files changed, 5 insertions, 2 deletions

diff --git a/init/init.c b/init/init.c
index 276de75..b2c8012 100755
--- a/init/init.c
+++ b/init/init.c
@@ -802,7 +802,7 @@ static int bootchart_init_action(int nargs, char **args)
 
 #ifdef HAVE_SELINUX
 static const struct selinux_opt seopts_prop[] = {
-        { SELABEL_OPT_PATH, "/data/system/property_contexts" },
+        { SELABEL_OPT_PATH, "/data/security/property_contexts" },
         { SELABEL_OPT_PATH, "/property_contexts" },
         { 0, NULL }
 };
diff --git a/init/property_service.c b/init/property_service.c
index 1d812df..225d7e8 100755
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -93,7 +93,7 @@ struct {
     { "log.",             AID_SHELL,    0 },
     { "service.adb.root", AID_SHELL,    0 },
     { "service.adb.tcp.port", AID_SHELL,    0 },
-    { "persist.mac_enforcing_mode", AID_SYSTEM, 0 },
+    { "persist.mmac.", AID_SYSTEM, 0 },
     { "persist.sys.",     AID_SYSTEM,   0 },
     { "persist.service.", AID_SYSTEM,   0 },
     { "persist.service.", AID_RADIO,    0 },
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 8a072d5..cc3f0f9 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -260,6 +260,9 @@ on post-fs-data
     # the following directory.
     mkdir /data/drm 0770 drm drm
 
+    # Separate location for storing security policy files on data
+    mkdir /data/security 0600 system system
+
     # If there is no fs-post-data action in the init.<device>.rc file, you
     # must uncomment this line, otherwise encrypted filesystems
     # won't work.