diff options
author | repo sync <gcondra@google.com> | 2013-05-17 12:46:00 -0700 |
---|---|---|
committer | repo sync <gcondra@google.com> | 2013-05-17 12:46:00 -0700 |
commit | 52351300d156826bf22c493828571f45a1cea16a (patch) | |
tree | c59262e650b62b83efa96eacf84b147d0f52379a /init | |
parent | 921be8b6568df0057c4eacbac2e1022b71e09620 (diff) | |
download | system_core-52351300d156826bf22c493828571f45a1cea16a.zip system_core-52351300d156826bf22c493828571f45a1cea16a.tar.gz system_core-52351300d156826bf22c493828571f45a1cea16a.tar.bz2 |
Revert "Add a version check for SELinux policy on device."
This reverts commit 921be8b6568df0057c4eacbac2e1022b71e09620.
Diffstat (limited to 'init')
-rwxr-xr-x | init/init.c | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/init/init.c b/init/init.c index 853762b..fc8ff20 100755 --- a/init/init.c +++ b/init/init.c @@ -61,9 +61,6 @@ struct selabel_handle *sehandle; struct selabel_handle *sehandle_prop; -#define SELINUX_DATA_POLICY_VERSION_PATH "/data/security/bundle/metadata/version" -#define SELINUX_BOOT_POLICY_VERSION_PATH "/sepolicy.version" - static int property_triggers_enabled = 0; #if BOOTCHART @@ -777,58 +774,6 @@ void selinux_init_all_handles(void) sehandle_prop = selinux_android_prop_context_handle(); } -static int selinux_read_version_file(char *version_file_path) -{ - unsigned version_string_length = 0; - unsigned characters_consumed = 0; - int policy_version = 0; - char *version_string; - - version_string = read_file(version_file_path, &version_string_length); - if (version_string == NULL) - return -1; - - sscanf(version_string, "%d%n", &policy_version, &characters_consumed); - free(version_string); - - if (characters_consumed != (version_string_length - 1)) - return -1; - - return policy_version; -} - -static int selinux_check_policy_version(void) -{ - int data_policy_version = 0; - int boot_policy_version = 0; - - // get the policy version for the sepolicy on the data partition - // fail open to allow the existing policy to relabel - data_policy_version = selinux_read_version_file(SELINUX_DATA_POLICY_VERSION_PATH); - if (data_policy_version < 0) { - INFO("Couldn't read data policy version file"); - return 0; - } - - // get the policy version for the sepolicy on the boot partition - // fail open to allow devices without an sepolicy.version to update - boot_policy_version = selinux_read_version_file(SELINUX_BOOT_POLICY_VERSION_PATH); - if (boot_policy_version < 0) { - INFO("Couldn't read boot policy version file"); - return 0; - } - - // return an error if the "updated" policy is too old - if (data_policy_version <= boot_policy_version) { - ERROR("SELinux: data policy version (%d) <= factory policy version (%d)", - data_policy_version, - boot_policy_version); - return -1; - } - - return 0; -} - int selinux_reload_policy(void) { if (!selinux_enabled) { @@ -837,10 +782,6 @@ int selinux_reload_policy(void) INFO("SELinux: Attempting to reload policy files\n"); - if (selinux_check_policy_version() == -1) { - return -1; - } - if (selinux_android_reload_policy() == -1) { return -1; } |