Move comments into selinux.h and fix

}  // namespace

// The files and directories that were created before initial sepolicy load or

// files on ramdisk need to have their security context restored to the proper

// value. This must happen before /dev is populated by ueventd.

void SelinuxRestoreContext() {

    LOG(INFO) << "Running restorecon...";

    selinux_android_restorecon("/dev", 0);

    return 0;

}

// This function sets up SELinux logging to be written to kmsg, to match init's logging.

void SelinuxSetupKernelLogging() {

    selinux_callback cb;

    cb.func_log = SelinuxKlogCallback;

    selinux_set_callback(SELINUX_CB_LOG, cb);

}

// This function returns the Android version with which the vendor SEPolicy was compiled.

// It is used for version checks such as whether or not vendor_init should be used

int SelinuxGetVendorAndroidVersion() {

    static int vendor_android_version = [] {

        if (!IsSplitPolicyDevice()) {

    return vendor_android_version;

}

// This function initializes SELinux then execs init to run in the init SELinux context.

int SetupSelinux(char** argv) {

    SetStdioToDevNull(argv);

    InitKernelLogging(argv);

namespace android {

namespace init {

// Initialize SELinux, then exec init to run in the init SELinux context.

int SetupSelinux(char** argv);

// Restore the proper security context to files and directories on ramdisk, and

// those that were created before initial sepolicy load.

// This must happen before /dev is populated by ueventd.

void SelinuxRestoreContext();

// Set up SELinux logging to be written to kmsg, to match init's logging.

void SelinuxSetupKernelLogging();

// Return the Android API level with which the vendor SEPolicy was compiled.

// Used for version checks such as whether or not vendor_init should be used.

int SelinuxGetVendorAndroidVersion();

static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT";