diff options
| -rw-r--r-- | init/builtins.c | 6 | ||||
| -rw-r--r-- | init/init_parser.c | 1 | ||||
| -rw-r--r-- | init/keywords.h | 2 | ||||
| -rw-r--r-- | init/property_service.c | 3 | ||||
| -rw-r--r-- | rootdir/init.rc | 4 |
5 files changed, 13 insertions, 3 deletions
diff --git a/init/builtins.c b/init/builtins.c index 9ae9ba3..06180a1 100644 --- a/init/builtins.c +++ b/init/builtins.c @@ -516,6 +516,12 @@ int do_mount_all(int nargs, char **args) return ret; } +int do_selinux_reload(int nargs, char **args) { + if (is_selinux_enabled() <= 0) + return 0; + return selinux_reload_policy(); +} + int do_setcon(int nargs, char **args) { if (is_selinux_enabled() <= 0) return 0; diff --git a/init/init_parser.c b/init/init_parser.c index a1d2423..a79d3a1 100644 --- a/init/init_parser.c +++ b/init/init_parser.c @@ -140,6 +140,7 @@ int lookup_keyword(const char *s) break; case 's': if (!strcmp(s, "eclabel")) return K_seclabel; + if (!strcmp(s, "elinux_reload_policy")) return K_selinux_reload_policy; if (!strcmp(s, "ervice")) return K_service; if (!strcmp(s, "etcon")) return K_setcon; if (!strcmp(s, "etenforce")) return K_setenforce; diff --git a/init/keywords.h b/init/keywords.h index f147506..275c64d 100644 --- a/init/keywords.h +++ b/init/keywords.h @@ -19,6 +19,7 @@ int do_restart(int nargs, char **args); int do_restorecon(int nargs, char **args); int do_rm(int nargs, char **args); int do_rmdir(int nargs, char **args); +int do_selinux_reload(int nargs, char **args); int do_setcon(int nargs, char **args); int do_setenforce(int nargs, char **args); int do_setkey(int nargs, char **args); @@ -73,6 +74,7 @@ enum { KEYWORD(rm, COMMAND, 1, do_rm) KEYWORD(rmdir, COMMAND, 1, do_rmdir) KEYWORD(seclabel, OPTION, 0, 0) + KEYWORD(selinux_reload_policy, COMMAND, 0, do_selinux_reload) KEYWORD(service, SECTION, 0, 0) KEYWORD(setcon, COMMAND, 1, do_setcon) KEYWORD(setenforce, COMMAND, 1, do_setenforce) diff --git a/init/property_service.c b/init/property_service.c index f6e4053..ac9e52a 100644 --- a/init/property_service.c +++ b/init/property_service.c @@ -385,9 +385,6 @@ int property_set(const char *name, const char *value) * to prevent them from being overwritten by default values. */ write_persistent_property(name, value); - } else if (strcmp("selinux.reload_policy", name) == 0 && - strcmp("1", value) == 0) { - selinux_reload_policy(); } property_changed(name, value); return 0; diff --git a/rootdir/init.rc b/rootdir/init.rc index 476f6d4..c91a439 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -177,6 +177,9 @@ on post-fs mkdir /cache/lost+found 0770 root root on post-fs-data + # reload SELinux based on what we find on the data partition + selinux_reload_policy + # We chown/chmod /data again so because mount is run as root + defaults chown system system /data chmod 0771 /data @@ -413,6 +416,7 @@ service ueventd /sbin/ueventd seclabel u:r:ueventd:s0 on property:selinux.reload_policy=1 + selinux_reload_policy restart ueventd restart installd |