From eedbe81f753fd19e5eb2238187c5618e9153bf55 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Sat, 25 Apr 2015 14:10:03 -0700
Subject: init: fix write_file checkreqprot logic error

write_file() returned -errno on error, not -1. Callers who check for
-1 would falsely believe that the write was successful when it wasn't.
Fixup write_file so that it return -1 on error consistent
with other functions.

Change-Id: Ic51aaf8678d8d97b2606bd171f11b3b11f642e39
---
 init/init.cpp | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'init/init.cpp')

diff --git a/init/init.cpp b/init/init.cpp
index 377b89c..b79da89 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -947,12 +947,6 @@ static void selinux_initialize(bool in_kernel_domain) {
     }
 
     if (in_kernel_domain) {
-        if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) {
-            ERROR("couldn't write to /sys/fs/selinux/checkreqprot: %s\n",
-                  strerror(errno));
-            security_failure();
-        }
-
         INFO("Loading SELinux policy...\n");
         if (selinux_android_load_policy() < 0) {
             ERROR("failed to load policy: %s\n", strerror(errno));
@@ -962,6 +956,10 @@ static void selinux_initialize(bool in_kernel_domain) {
         bool is_enforcing = selinux_is_enforcing();
         security_setenforce(is_enforcing);
 
+        if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) {
+            security_failure();
+        }
+
         NOTICE("(Initializing SELinux %s took %.2fs.)\n",
                is_enforcing ? "enforcing" : "non-enforcing", t.duration());
     } else {
-- 
cgit v1.1