Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core_old / 8f19e53121c6cfbe1b543cad73397b5233d56cc8^! / .
commit8f19e53121c6cfbe1b543cad73397b5233d56cc8[log] [tgz]
authorSandeep Patil <sspatil@google.com>Wed Mar 29 10:31:26 2017 -0700
committerSandeep Patil <sspatil@google.com>Wed Mar 29 10:31:26 2017 -0700
tree43c415cef63b61bc8cfdde713e248db06fbe5af0
parentc9ca26af5a44f3ca699b6fd776105c42afdadb64 [diff]
init: consolidate restorecon after selinux initialization in single function

Test: Boot sailfish
Change-Id: I423028f12a84c4e0c12c9bdde52b6d795d45b620
Signed-off-by: Sandeep Patil <sspatil@google.com>

diff --git a/init/init.cpp b/init/init.cpp
index 23448d6..79be971 100644
--- a/init/init.cpp
+++ b/init/init.cpp

@@ -896,6 +896,24 @@
     }
 }
 
+// The files and directories that were created before initial sepolicy load
+// need to have their security context restored to the proper value.
+// This must happen before /dev is populated by ueventd.
+static void selinux_restore_context() {
+    LOG(INFO) << "Running restorecon...";
+    restorecon("/dev");
+    restorecon("/dev/kmsg");
+    restorecon("/dev/socket");
+    restorecon("/dev/random");
+    restorecon("/dev/urandom");
+    restorecon("/dev/__properties__");
+    restorecon("/plat_property_contexts");
+    restorecon("/nonplat_property_contexts");
+    restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE);
+    restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE);
+    restorecon("/dev/device-mapper");
+}
+
 // Set the UDC controller for the ConfigFS USB Gadgets.
 // Read the UDC controller in use from "/sys/class/udc".
 // In case of multiple UDC controllers select the first one.
@@ -1234,22 +1252,7 @@
 
     // Now set up SELinux for second stage.
     selinux_initialize(false);
-
-    // These directories were necessarily created before initial policy load
-    // and therefore need their security context restored to the proper value.
-    // This must happen before /dev is populated by ueventd.
-    LOG(INFO) << "Running restorecon...";
-    restorecon("/dev");
-    restorecon("/dev/kmsg");
-    restorecon("/dev/socket");
-    restorecon("/dev/random");
-    restorecon("/dev/urandom");
-    restorecon("/dev/__properties__");
-    restorecon("/plat_property_contexts");
-    restorecon("/nonplat_property_contexts");
-    restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE);
-    restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE);
-    restorecon("/dev/device-mapper");
+    selinux_restore_context();
 
     epoll_fd = epoll_create1(EPOLL_CLOEXEC);
     if (epoll_fd == -1) {