Loading init/selinux.cpp +0 −7 Original line number Original line Diff line number Diff line Loading @@ -514,9 +514,6 @@ void SelinuxAvcLog(char* buf, size_t buf_len) { } // namespace } // namespace // The files and directories that were created before initial sepolicy load or // files on ramdisk need to have their security context restored to the proper // value. This must happen before /dev is populated by ueventd. void SelinuxRestoreContext() { void SelinuxRestoreContext() { LOG(INFO) << "Running restorecon..."; LOG(INFO) << "Running restorecon..."; selinux_android_restorecon("/dev", 0); selinux_android_restorecon("/dev", 0); Loading Loading @@ -560,15 +557,12 @@ int SelinuxKlogCallback(int type, const char* fmt, ...) { return 0; return 0; } } // This function sets up SELinux logging to be written to kmsg, to match init's logging. void SelinuxSetupKernelLogging() { void SelinuxSetupKernelLogging() { selinux_callback cb; selinux_callback cb; cb.func_log = SelinuxKlogCallback; cb.func_log = SelinuxKlogCallback; selinux_set_callback(SELINUX_CB_LOG, cb); selinux_set_callback(SELINUX_CB_LOG, cb); } } // This function returns the Android version with which the vendor SEPolicy was compiled. // It is used for version checks such as whether or not vendor_init should be used int SelinuxGetVendorAndroidVersion() { int SelinuxGetVendorAndroidVersion() { static int vendor_android_version = [] { static int vendor_android_version = [] { if (!IsSplitPolicyDevice()) { if (!IsSplitPolicyDevice()) { Loading @@ -594,7 +588,6 @@ int SelinuxGetVendorAndroidVersion() { return vendor_android_version; return vendor_android_version; } } // This function initializes SELinux then execs init to run in the init SELinux context. int SetupSelinux(char** argv) { int SetupSelinux(char** argv) { SetStdioToDevNull(argv); SetStdioToDevNull(argv); InitKernelLogging(argv); InitKernelLogging(argv); Loading init/selinux.h +9 −0 Original line number Original line Diff line number Diff line Loading @@ -19,10 +19,19 @@ namespace android { namespace android { namespace init { namespace init { // Initialize SELinux, then exec init to run in the init SELinux context. int SetupSelinux(char** argv); int SetupSelinux(char** argv); // Restore the proper security context to files and directories on ramdisk, and // those that were created before initial sepolicy load. // This must happen before /dev is populated by ueventd. void SelinuxRestoreContext(); void SelinuxRestoreContext(); // Set up SELinux logging to be written to kmsg, to match init's logging. void SelinuxSetupKernelLogging(); void SelinuxSetupKernelLogging(); // Return the Android API level with which the vendor SEPolicy was compiled. // Used for version checks such as whether or not vendor_init should be used. int SelinuxGetVendorAndroidVersion(); int SelinuxGetVendorAndroidVersion(); static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT"; static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT"; Loading Loading
init/selinux.cpp +0 −7 Original line number Original line Diff line number Diff line Loading @@ -514,9 +514,6 @@ void SelinuxAvcLog(char* buf, size_t buf_len) { } // namespace } // namespace // The files and directories that were created before initial sepolicy load or // files on ramdisk need to have their security context restored to the proper // value. This must happen before /dev is populated by ueventd. void SelinuxRestoreContext() { void SelinuxRestoreContext() { LOG(INFO) << "Running restorecon..."; LOG(INFO) << "Running restorecon..."; selinux_android_restorecon("/dev", 0); selinux_android_restorecon("/dev", 0); Loading Loading @@ -560,15 +557,12 @@ int SelinuxKlogCallback(int type, const char* fmt, ...) { return 0; return 0; } } // This function sets up SELinux logging to be written to kmsg, to match init's logging. void SelinuxSetupKernelLogging() { void SelinuxSetupKernelLogging() { selinux_callback cb; selinux_callback cb; cb.func_log = SelinuxKlogCallback; cb.func_log = SelinuxKlogCallback; selinux_set_callback(SELINUX_CB_LOG, cb); selinux_set_callback(SELINUX_CB_LOG, cb); } } // This function returns the Android version with which the vendor SEPolicy was compiled. // It is used for version checks such as whether or not vendor_init should be used int SelinuxGetVendorAndroidVersion() { int SelinuxGetVendorAndroidVersion() { static int vendor_android_version = [] { static int vendor_android_version = [] { if (!IsSplitPolicyDevice()) { if (!IsSplitPolicyDevice()) { Loading @@ -594,7 +588,6 @@ int SelinuxGetVendorAndroidVersion() { return vendor_android_version; return vendor_android_version; } } // This function initializes SELinux then execs init to run in the init SELinux context. int SetupSelinux(char** argv) { int SetupSelinux(char** argv) { SetStdioToDevNull(argv); SetStdioToDevNull(argv); InitKernelLogging(argv); InitKernelLogging(argv); Loading
init/selinux.h +9 −0 Original line number Original line Diff line number Diff line Loading @@ -19,10 +19,19 @@ namespace android { namespace android { namespace init { namespace init { // Initialize SELinux, then exec init to run in the init SELinux context. int SetupSelinux(char** argv); int SetupSelinux(char** argv); // Restore the proper security context to files and directories on ramdisk, and // those that were created before initial sepolicy load. // This must happen before /dev is populated by ueventd. void SelinuxRestoreContext(); void SelinuxRestoreContext(); // Set up SELinux logging to be written to kmsg, to match init's logging. void SelinuxSetupKernelLogging(); void SelinuxSetupKernelLogging(); // Return the Android API level with which the vendor SEPolicy was compiled. // Used for version checks such as whether or not vendor_init should be used. int SelinuxGetVendorAndroidVersion(); int SelinuxGetVendorAndroidVersion(); static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT"; static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT"; Loading
