SELinux changes to check policy versions during a reload.
When deciding on which property_contexts policy to load
during a reload, an initial call is made to libselinux to
grab the correct policy index. This policy index represents
whether the /data/security or the rootfs version will
be used.
Change-Id: I4716039bb0f5ba1e961977a18350347a67969dca
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
diff --git a/init/init.c b/init/init.c
index 0884236..9e345e8 100644
--- a/init/init.c
+++ b/init/init.c
@@ -843,24 +843,21 @@
static const struct selinux_opt seopts_prop[] = {
{ SELABEL_OPT_PATH, "/property_contexts" },
+ { SELABEL_OPT_PATH, "/data/security/current/property_contexts" },
{ 0, NULL }
};
struct selabel_handle* selinux_android_prop_context_handle(void)
{
- int i = 0;
- struct selabel_handle* sehandle = NULL;
- while ((sehandle == NULL) && seopts_prop[i].value) {
- sehandle = selabel_open(SELABEL_CTX_ANDROID_PROP, &seopts_prop[i], 1);
- i++;
- }
-
+ int policy_index = selinux_android_use_data_policy() ? 1 : 0;
+ struct selabel_handle* sehandle = selabel_open(SELABEL_CTX_ANDROID_PROP,
+ &seopts_prop[policy_index], 1);
if (!sehandle) {
ERROR("SELinux: Could not load property_contexts: %s\n",
strerror(errno));
return NULL;
}
- INFO("SELinux: Loaded property contexts from %s\n", seopts_prop[i - 1].value);
+ INFO("SELinux: Loaded property contexts from %s\n", seopts_prop[policy_index].value);
return sehandle;
}