diff options
Diffstat (limited to 'init')
| -rw-r--r-- | init/builtins.c | 6 | ||||
| -rwxr-xr-x | init/init.c | 65 | ||||
| -rw-r--r-- | init/init_parser.c | 1 | ||||
| -rw-r--r-- | init/keywords.h | 2 | ||||
| -rwxr-xr-x | init/property_service.c | 4 |
5 files changed, 4 insertions, 74 deletions
diff --git a/init/builtins.c b/init/builtins.c index 275a1af..0f9f131 100644 --- a/init/builtins.c +++ b/init/builtins.c @@ -515,12 +515,6 @@ int do_mount_all(int nargs, char **args) return ret; } -int do_selinux_reload(int nargs, char **args) { - if (is_selinux_enabled() <= 0) - return 0; - return selinux_reload_policy(); -} - int do_setcon(int nargs, char **args) { if (is_selinux_enabled() <= 0) return 0; diff --git a/init/init.c b/init/init.c index 54adabb..f8b21e6 100755 --- a/init/init.c +++ b/init/init.c @@ -61,9 +61,6 @@ struct selabel_handle *sehandle; struct selabel_handle *sehandle_prop; -#define SELINUX_DATA_POLICY_VERSION_PATH "/data/security/bundle/metadata/version" -#define SELINUX_BOOT_POLICY_VERSION_PATH "/sepolicy.version" - static int property_triggers_enabled = 0; #if BOOTCHART @@ -748,7 +745,7 @@ static int bootchart_init_action(int nargs, char **args) #endif static const struct selinux_opt seopts_prop[] = { - { SELABEL_OPT_PATH, "/data/security/current/property_contexts" }, + { SELABEL_OPT_PATH, "/data/security/property_contexts" }, { SELABEL_OPT_PATH, "/property_contexts" }, { 0, NULL } }; @@ -777,58 +774,6 @@ void selinux_init_all_handles(void) sehandle_prop = selinux_android_prop_context_handle(); } -static int selinux_read_version_file(char *version_file_path) -{ - unsigned version_string_length = 0; - unsigned characters_consumed = 0; - int policy_version = 0; - char *version_string; - - version_string = read_file(version_file_path, &version_string_length); - if (version_string == NULL) - return -1; - - sscanf(version_string, "%d%n", &policy_version, &characters_consumed); - free(version_string); - - if (characters_consumed != (version_string_length - 1)) - return -1; - - return policy_version; -} - -static int selinux_check_policy_version(void) -{ - int data_policy_version = 0; - int boot_policy_version = 0; - - // get the policy version for the sepolicy on the data partition - // fail open to allow the existing policy to relabel - data_policy_version = selinux_read_version_file(SELINUX_DATA_POLICY_VERSION_PATH); - if (data_policy_version < 0) { - INFO("Couldn't read data policy version file"); - return 0; - } - - // get the policy version for the sepolicy on the boot partition - // fail open to allow devices without an sepolicy.version to update - boot_policy_version = selinux_read_version_file(SELINUX_BOOT_POLICY_VERSION_PATH); - if (boot_policy_version < 0) { - INFO("Couldn't read boot policy version file"); - return 0; - } - - // return an error if the "updated" policy is too old - if (data_policy_version <= boot_policy_version) { - ERROR("SELinux: data policy version (%d) <= factory policy version (%d)", - data_policy_version, - boot_policy_version); - return -1; - } - - return 0; -} - int selinux_reload_policy(void) { if (!selinux_enabled) { @@ -837,10 +782,6 @@ int selinux_reload_policy(void) INFO("SELinux: Attempting to reload policy files\n"); - if (selinux_check_policy_version() == -1) { - return -1; - } - if (selinux_android_reload_policy() == -1) { return -1; } @@ -852,10 +793,6 @@ int selinux_reload_policy(void) selabel_close(sehandle_prop); selinux_init_all_handles(); - - selinux_android_fixcon("/data"); - selinux_android_fixcon("/dev"); - return 0; } diff --git a/init/init_parser.c b/init/init_parser.c index 5182a29..686640e 100644 --- a/init/init_parser.c +++ b/init/init_parser.c @@ -138,7 +138,6 @@ int lookup_keyword(const char *s) break; case 's': if (!strcmp(s, "eclabel")) return K_seclabel; - if (!strcmp(s, "elinux_reload_policy")) return K_selinux_reload_policy; if (!strcmp(s, "ervice")) return K_service; if (!strcmp(s, "etcon")) return K_setcon; if (!strcmp(s, "etenforce")) return K_setenforce; diff --git a/init/keywords.h b/init/keywords.h index 55d6af3..f188db5 100644 --- a/init/keywords.h +++ b/init/keywords.h @@ -18,7 +18,6 @@ int do_restart(int nargs, char **args); int do_restorecon(int nargs, char **args); int do_rm(int nargs, char **args); int do_rmdir(int nargs, char **args); -int do_selinux_reload(int nargs, char **args); int do_setcon(int nargs, char **args); int do_setenforce(int nargs, char **args); int do_setkey(int nargs, char **args); @@ -72,7 +71,6 @@ enum { KEYWORD(rm, COMMAND, 1, do_rm) KEYWORD(rmdir, COMMAND, 1, do_rmdir) KEYWORD(seclabel, OPTION, 0, 0) - KEYWORD(selinux_reload_policy, COMMAND, 0, do_selinux_reload) KEYWORD(service, SECTION, 0, 0) KEYWORD(setcon, COMMAND, 1, do_setcon) KEYWORD(setenforce, COMMAND, 1, do_setenforce) diff --git a/init/property_service.c b/init/property_service.c index e8c8869..c1be2e0 100755 --- a/init/property_service.c +++ b/init/property_service.c @@ -91,7 +91,6 @@ struct { { "persist.service.", AID_SYSTEM, 0 }, { "persist.security.", AID_SYSTEM, 0 }, { "persist.service.bdroid.", AID_BLUETOOTH, 0 }, - { "persist.selinux.enforcing", AID_SYSTEM, 0}, { "selinux." , AID_SYSTEM, 0 }, { NULL, 0, 0 } }; @@ -388,6 +387,9 @@ int property_set(const char *name, const char *value) * to prevent them from being overwritten by default values. */ write_persistent_property(name, value); + } else if (strcmp("selinux.reload_policy", name) == 0 && + strcmp("1", value) == 0) { + selinux_reload_policy(); } property_changed(name, value); return 0; |