Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c8056537 authored by Nikita Ioffe's avatar Nikita Ioffe Committed by Automerger Merge Worker
Browse files

Merge "Reland "Treat Microdroid as OS with monolithic sepolicy"" am:... 

Merge "Reland "Treat Microdroid as OS with monolithic sepolicy"" am: 448b70a2 am: dfd57251 am: 7dadbf5a

Original change: https://android-review.googlesource.com/c/platform/system/core/+/2627370



Change-Id: I65cf28640b8292b95e78dc18c729e1a9a0919a94
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents e58b78c4 7dadbf5a

init/selinux.cpp

+11 −4
Original line number Diff line number Diff line
@@ -300,6 +300,8 @@ bool GetVendorMappingVersion(std::string* plat_vers) { 
}



constexpr const char plat_policy_cil_file[] = "/system/etc/selinux/plat_sepolicy.cil";

constexpr const char kMicrodroidPrecompiledSepolicy[] =

        "/system/etc/selinux/microdroid_precompiled_sepolicy";



bool IsSplitPolicyDevice() {

    return access(plat_policy_cil_file, R_OK) != -1;
@@ -497,14 +499,19 @@ bool OpenSplitPolicy(PolicyFile* policy_file) { 


bool OpenMonolithicPolicy(PolicyFile* policy_file) {

    static constexpr char kSepolicyFile[] = "/sepolicy";



    LOG(VERBOSE) << "Opening SELinux policy from monolithic file";

    policy_file->fd.reset(open(kSepolicyFile, O_RDONLY | O_CLOEXEC | O_NOFOLLOW));

    // In Microdroid the precompiled sepolicy is located on /system, since there is no vendor code.

    // TODO(b/287206497): refactor once we start conditionally compiling init for Microdroid.

    std::string monolithic_policy_file = access(kMicrodroidPrecompiledSepolicy, R_OK) == 0

                                                 ? kMicrodroidPrecompiledSepolicy

                                                 : kSepolicyFile;



    LOG(INFO) << "Opening SELinux policy from monolithic file " << monolithic_policy_file;

    policy_file->fd.reset(open(monolithic_policy_file.c_str(), O_RDONLY | O_CLOEXEC | O_NOFOLLOW));

    if (policy_file->fd < 0) {

        PLOG(ERROR) << "Failed to open monolithic SELinux policy";

        return false;

    }

    policy_file->path = kSepolicyFile;

    policy_file->path = monolithic_policy_file;

    return true;

}