Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3d1dff22 authored by Janis Danisevskis's avatar Janis Danisevskis
Browse files

Leftovers of the SELinux policy update mechanism 

Remove references to SELinux policy files in /data/security
from libselinux/android.c. In the process all code that is
apparently related to handling an alternate policy and/or
reloading the policy has been removed.

Bug: 26544104
Change-Id: I47bf76ac3c26c5d71f92a21ffac2b17ba14262ea
parent a680117b

init/init.cpp

+0 −18
Original line number Diff line number Diff line
@@ -460,24 +460,6 @@ static bool selinux_is_enforcing(void) 
    return true;

}



int selinux_reload_policy(void)

{

    INFO("SELinux: Attempting to reload policy files\n");



    if (selinux_android_reload_policy() == -1) {

        return -1;

    }



    if (sehandle)

        selabel_close(sehandle);



    if (sehandle_prop)

        selabel_close(sehandle_prop);



    selinux_init_all_handles();

    return 0;

}



static int audit_callback(void *data, security_class_t /*cls*/, char *buf, size_t len) {



    property_audit_data *d = reinterpret_cast<property_audit_data*>(data);

init/init.h

+0 −2
Original line number Diff line number Diff line
@@ -35,8 +35,6 @@ void handle_control_message(const std::string& msg, const std::string& arg); 


void property_changed(const char *name, const char *value);



int selinux_reload_policy(void);



void register_epoll_handler(int fd, void (*fn)());



int add_environment(const char* key, const char* val);

init/property_service.cpp

+1 −5
Original line number Diff line number Diff line
@@ -175,11 +175,7 @@ static int property_set_impl(const char* name, const char* value) { 
    if (!is_legal_property_name(name, namelen)) return -1;

    if (valuelen >= PROP_VALUE_MAX) return -1;



    if (strcmp("selinux.reload_policy", name) == 0 && strcmp("1", value) == 0) {

        if (selinux_reload_policy() != 0) {

            ERROR("Failed to reload policy\n");

        }

    } else if (strcmp("selinux.restorecon_recursive", name) == 0 && valuelen > 0) {

    if (strcmp("selinux.restorecon_recursive", name) == 0 && valuelen > 0) {

        if (restorecon_recursive(value) != 0) {

            ERROR("Failed to restorecon_recursive %s\n", value);

        }

rootdir/init.rc

+0 −6
Original line number Diff line number Diff line
@@ -399,9 +399,6 @@ on post-fs-data 
    # symlink to bugreport storage location

    symlink /data/data/com.android.shell/files/bugreports /data/bugreports



    # Separate location for storing security policy files on data

    mkdir /data/security 0711 system system



    # Create all remaining /data root dirs so that they are made through init

    # and get proper encryption policy installed

    mkdir /data/backup 0700 system system
@@ -413,9 +410,6 @@ on post-fs-data 


    setusercryptopolicies /data/user



    # Reload policy from /data/security if present.

    setprop selinux.reload_policy 1



    # Set SELinux security contexts on upgrade or policy update.

    restorecon_recursive /data