am 63577d92: am fee250d2: Reload policy after setting up the data partition.
* commit '63577d9280e7919bfb7221030d211b833e66bb1e':
Reload policy after setting up the data partition.
diff --git a/init/builtins.c b/init/builtins.c
index 9ae9ba3..06180a1 100644
--- a/init/builtins.c
+++ b/init/builtins.c
@@ -516,6 +516,12 @@
return ret;
}
+int do_selinux_reload(int nargs, char **args) {
+ if (is_selinux_enabled() <= 0)
+ return 0;
+ return selinux_reload_policy();
+}
+
int do_setcon(int nargs, char **args) {
if (is_selinux_enabled() <= 0)
return 0;
diff --git a/init/init_parser.c b/init/init_parser.c
index a1d2423..a79d3a1 100644
--- a/init/init_parser.c
+++ b/init/init_parser.c
@@ -140,6 +140,7 @@
break;
case 's':
if (!strcmp(s, "eclabel")) return K_seclabel;
+ if (!strcmp(s, "elinux_reload_policy")) return K_selinux_reload_policy;
if (!strcmp(s, "ervice")) return K_service;
if (!strcmp(s, "etcon")) return K_setcon;
if (!strcmp(s, "etenforce")) return K_setenforce;
diff --git a/init/keywords.h b/init/keywords.h
index f147506..275c64d 100644
--- a/init/keywords.h
+++ b/init/keywords.h
@@ -19,6 +19,7 @@
int do_restorecon(int nargs, char **args);
int do_rm(int nargs, char **args);
int do_rmdir(int nargs, char **args);
+int do_selinux_reload(int nargs, char **args);
int do_setcon(int nargs, char **args);
int do_setenforce(int nargs, char **args);
int do_setkey(int nargs, char **args);
@@ -73,6 +74,7 @@
KEYWORD(rm, COMMAND, 1, do_rm)
KEYWORD(rmdir, COMMAND, 1, do_rmdir)
KEYWORD(seclabel, OPTION, 0, 0)
+ KEYWORD(selinux_reload_policy, COMMAND, 0, do_selinux_reload)
KEYWORD(service, SECTION, 0, 0)
KEYWORD(setcon, COMMAND, 1, do_setcon)
KEYWORD(setenforce, COMMAND, 1, do_setenforce)
diff --git a/init/property_service.c b/init/property_service.c
index f6e4053..ac9e52a 100644
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -385,9 +385,6 @@
* to prevent them from being overwritten by default values.
*/
write_persistent_property(name, value);
- } else if (strcmp("selinux.reload_policy", name) == 0 &&
- strcmp("1", value) == 0) {
- selinux_reload_policy();
}
property_changed(name, value);
return 0;
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 476f6d4..c91a439 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -177,6 +177,9 @@
mkdir /cache/lost+found 0770 root root
on post-fs-data
+ # reload SELinux based on what we find on the data partition
+ selinux_reload_policy
+
# We chown/chmod /data again so because mount is run as root + defaults
chown system system /data
chmod 0771 /data
@@ -413,6 +416,7 @@
seclabel u:r:ueventd:s0
on property:selinux.reload_policy=1
+ selinux_reload_policy
restart ueventd
restart installd