Google Git
Sign in
fuchsia / third_party / android / platform / system / core / 7e72349865db83d62f98eec8bca4b170712fe0e0^2..7e72349865db83d62f98eec8bca4b170712fe0e0 / .
commit7e72349865db83d62f98eec8bca4b170712fe0e0[log] [tgz]
authorMatthew Xie <mattx@google.com>Wed May 22 17:36:53 2013 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Wed May 22 17:36:53 2013 +0000
tree13f8b2d2dc35dec034d634e1447d060677a6b55f
parent49be240735a06f44e1d91aa51dd299779ad36d96 [diff]
parent40a91a2884333e48aacf266fde53960e03fa1cc4 [diff]
Merge "Add permission for bluetooth app in non-primary users" into jb-mr2-dev
diff --git a/init/builtins.c b/init/builtins.c
index 275a1af..0f9f131 100644
--- a/init/builtins.c
+++ b/init/builtins.c

@@ -515,12 +515,6 @@
     return ret;
 }
 
-int do_selinux_reload(int nargs, char **args) {
-    if (is_selinux_enabled() <= 0)
-        return 0;
-    return selinux_reload_policy();
-}
-
 int do_setcon(int nargs, char **args) {
     if (is_selinux_enabled() <= 0)
         return 0;

diff --git a/init/init.c b/init/init.c
index 853762b..93b5997 100755
--- a/init/init.c
+++ b/init/init.c

@@ -61,9 +61,6 @@
 struct selabel_handle *sehandle;
 struct selabel_handle *sehandle_prop;
 
-#define SELINUX_DATA_POLICY_VERSION_PATH "/data/security/bundle/metadata/version"
-#define SELINUX_BOOT_POLICY_VERSION_PATH "/sepolicy.version"
-
 static int property_triggers_enabled = 0;
 
 #if BOOTCHART
@@ -748,7 +745,7 @@
 #endif
 
 static const struct selinux_opt seopts_prop[] = {
-        { SELABEL_OPT_PATH, "/data/security/current/property_contexts" },
+        { SELABEL_OPT_PATH, "/data/security/property_contexts" },
         { SELABEL_OPT_PATH, "/property_contexts" },
         { 0, NULL }
 };
@@ -777,58 +774,6 @@
     sehandle_prop = selinux_android_prop_context_handle();
 }
 
-static int selinux_read_version_file(char *version_file_path)
-{
-    unsigned version_string_length = 0;
-    unsigned characters_consumed = 0;
-    int policy_version = 0;
-    char *version_string;
-
-    version_string = read_file(version_file_path, &version_string_length);
-    if (version_string == NULL)
-        return -1;
-
-    sscanf(version_string, "%d%n", &policy_version, &characters_consumed);
-    free(version_string);
-
-    if (characters_consumed != (version_string_length - 1))
-        return -1;
-
-    return policy_version;
-}
-
-static int selinux_check_policy_version(void)
-{
-    int data_policy_version = 0;
-    int boot_policy_version = 0;
-
-    // get the policy version for the sepolicy on the data partition
-    // fail open to allow the existing policy to relabel
-    data_policy_version = selinux_read_version_file(SELINUX_DATA_POLICY_VERSION_PATH);
-    if (data_policy_version < 0) {
-        INFO("Couldn't read data policy version file");
-        return 0;
-    }
-
-    // get the policy version for the sepolicy on the boot partition
-    // fail open to allow devices without an sepolicy.version to update
-    boot_policy_version = selinux_read_version_file(SELINUX_BOOT_POLICY_VERSION_PATH);
-    if (boot_policy_version < 0) {
-        INFO("Couldn't read boot policy version file");
-        return 0;
-    }
-
-    // return an error if the "updated" policy is too old
-    if (data_policy_version <= boot_policy_version) {
-        ERROR("SELinux: data policy version (%d) <= factory policy version (%d)",
-            data_policy_version,
-            boot_policy_version);
-        return -1;
-    }
-
-    return 0;
-}
-
 int selinux_reload_policy(void)
 {
     if (!selinux_enabled) {
@@ -837,10 +782,6 @@
 
     INFO("SELinux: Attempting to reload policy files\n");
 
-    if (selinux_check_policy_version() == -1) {
-        return -1;
-    }
-
     if (selinux_android_reload_policy() == -1) {
         return -1;
     }
@@ -852,10 +793,6 @@
         selabel_close(sehandle_prop);
 
     selinux_init_all_handles();
-
-    selinux_android_fixcon("/data");
-    selinux_android_fixcon("/dev");
-
     return 0;
 }
 

diff --git a/init/init_parser.c b/init/init_parser.c
index 5182a29..686640e 100644
--- a/init/init_parser.c
+++ b/init/init_parser.c

@@ -138,7 +138,6 @@
         break;
     case 's':
         if (!strcmp(s, "eclabel")) return K_seclabel;
-        if (!strcmp(s, "elinux_reload_policy")) return K_selinux_reload_policy;
         if (!strcmp(s, "ervice")) return K_service;
         if (!strcmp(s, "etcon")) return K_setcon;
         if (!strcmp(s, "etenforce")) return K_setenforce;

diff --git a/init/keywords.h b/init/keywords.h
index 55d6af3..f188db5 100644
--- a/init/keywords.h
+++ b/init/keywords.h

@@ -18,7 +18,6 @@
 int do_restorecon(int nargs, char **args);
 int do_rm(int nargs, char **args);
 int do_rmdir(int nargs, char **args);
-int do_selinux_reload(int nargs, char **args);
 int do_setcon(int nargs, char **args);
 int do_setenforce(int nargs, char **args);
 int do_setkey(int nargs, char **args);
@@ -72,7 +71,6 @@
     KEYWORD(rm,          COMMAND, 1, do_rm)
     KEYWORD(rmdir,       COMMAND, 1, do_rmdir)
     KEYWORD(seclabel,    OPTION,  0, 0)
-    KEYWORD(selinux_reload_policy,    COMMAND, 0, do_selinux_reload)
     KEYWORD(service,     SECTION, 0, 0)
     KEYWORD(setcon,      COMMAND, 1, do_setcon)
     KEYWORD(setenforce,  COMMAND, 1, do_setenforce)

diff --git a/init/property_service.c b/init/property_service.c
index 45e9e37..e9cf1bb 100755
--- a/init/property_service.c
+++ b/init/property_service.c

@@ -92,7 +92,6 @@
     { "persist.service.", AID_SYSTEM,   0 },
     { "persist.security.", AID_SYSTEM,   0 },
     { "persist.service.bdroid.", AID_BLUETOOTH,   0 },
-    { "persist.selinux.enforcing", AID_SYSTEM,  0},
     { "selinux."         , AID_SYSTEM,   0 },
     { NULL, 0, 0 }
 };
@@ -392,6 +391,9 @@
          * to prevent them from being overwritten by default values.
          */
         write_persistent_property(name, value);
+    } else if (strcmp("selinux.reload_policy", name) == 0 &&
+               strcmp("1", value) == 0) {
+        selinux_reload_policy();
     }
     property_changed(name, value);
     return 0;

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 4e8ff60..f7fe6f3 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -260,9 +260,6 @@
     #setprop vold.post_fs_data_done 1
 
 on boot
-# reload SELinux policy to make sure we use the most up-to-date one
-    selinux_reload_policy
-
 # basic network init
     ifup lo
     hostname localhost
@@ -413,16 +410,9 @@
     seclabel u:r:ueventd:s0
 
 on property:selinux.reload_policy=1
-    selinux_reload_policy
     restart ueventd
     restart installd
 
-on property:persist.selinux.enforcing=1
-    setenforce 1
-
-on property:persist.selinux.enforcing=0
-    setenforce 0
-
 service console /system/bin/sh
     class core
     console