Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core_old / ac819672e8f62fdea4453c06f4b96e5f6a8bf72c^1..ac819672e8f62fdea4453c06f4b96e5f6a8bf72c / .
commitac819672e8f62fdea4453c06f4b96e5f6a8bf72c[log] [tgz]
authorJeffrey Vander Stoep <jeffv@google.com>Tue Mar 19 15:48:39 2019 -0700
committerandroid-build-merger <android-build-merger@google.com>Tue Mar 19 15:48:39 2019 -0700
treea186a633e9144b0b59cef0bda1209d7480b1d520
parentc0f335fef52c5eef9146efa2a7fdd89ccd6d1e31 [diff]
parentad8fcdcd14453daae5b7964d6de06a7f3053a9bd [diff]
Merge "selinux: use the policy version defined in sepolicy" am: e21d07fbab am: 75c256ca4a
am: 9f66e4465e

Change-Id: I5b5159a221484671586bbf95dcba99fa05cf1e05

diff --git a/init/Android.bp b/init/Android.bp
index 8a0bb55..8292aa0 100644
--- a/init/Android.bp
+++ b/init/Android.bp

@@ -91,7 +91,7 @@
 cc_library_static {
     name: "libinit",
     recovery_available: true,
-    defaults: ["init_defaults"],
+    defaults: ["init_defaults", "selinux_policy_version"],
     srcs: [
         "action.cpp",
         "action_manager.cpp",

diff --git a/init/Android.mk b/init/Android.mk
index cc514ed..c63760c 100644
--- a/init/Android.mk
+++ b/init/Android.mk

@@ -2,6 +2,8 @@
 
 LOCAL_PATH:= $(call my-dir)
 
+include system/sepolicy/policy_version.mk
+
 # --
 
 ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
@@ -28,7 +30,8 @@
     -DSHUTDOWN_ZERO_TIMEOUT=0
 endif
 
-init_options += -DLOG_UEVENTS=0
+init_options += -DLOG_UEVENTS=0 \
+    -DSEPOLICY_VERSION=$(POLICYVERS)
 
 init_cflags += \
     $(init_options) \

diff --git a/init/selinux.cpp b/init/selinux.cpp
index 797c4e0..aa66baa 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp

@@ -316,14 +316,6 @@
 
     LOG(INFO) << "Compiling SELinux policy";
 
-    // Determine the highest policy language version supported by the kernel
-    set_selinuxmnt("/sys/fs/selinux");
-    int max_policy_version = security_policyvers();
-    if (max_policy_version == -1) {
-        PLOG(ERROR) << "Failed to determine highest policy version supported by kernel";
-        return false;
-    }
-
     // We store the output of the compilation on /dev because this is the most convenient tmpfs
     // storage mount available this early in the boot sequence.
     char compiled_sepolicy[] = "/dev/sepolicy.XXXXXX";
@@ -370,14 +362,13 @@
     if (access(odm_policy_cil_file.c_str(), F_OK) == -1) {
         odm_policy_cil_file.clear();
     }
-    const std::string version_as_string = std::to_string(max_policy_version);
+    const std::string version_as_string = std::to_string(SEPOLICY_VERSION);
 
     // clang-format off
     std::vector<const char*> compile_args {
         "/system/bin/secilc",
         use_userdebug_policy ? userdebug_plat_policy_cil_file : plat_policy_cil_file,
         "-m", "-M", "true", "-G", "-N",
-        // Target the highest policy language version supported by the kernel
         "-c", version_as_string.c_str(),
         plat_mapping_file.c_str(),
         "-o", compiled_sepolicy,