Reflect move of mapping file to /system.
Bug: 36783775
Test: boot device with matching sha256 and non-matching and verify that
device boots and uses either precompiled or compiled policy as needed. Also
verify that mapping_sepolicy.cil has moved.
(cherry-pick of commit: 39ffec779a0556e4e2637154e61cae0896359f7a)
Change-Id: I9c3df2e7ed3f0eadd98e98529ebed360fec66dba
diff --git a/init/init.cpp b/init/init.cpp
index e14034f..9e19468 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -716,14 +716,18 @@
return false;
}
std::string actual_plat_id;
- if (!read_first_line("/system/etc/selinux/plat_sepolicy.cil.sha256", &actual_plat_id)) {
- PLOG(INFO) << "Failed to read /system/etc/selinux/plat_sepolicy.cil.sha256";
+ if (!read_first_line("/system/etc/selinux/plat_and_mapping_sepolicy.cil.sha256",
+ &actual_plat_id)) {
+ PLOG(INFO) << "Failed to read "
+ "/system/etc/selinux/plat_and_mapping_sepolicy.cil.sha256";
return false;
}
std::string precompiled_plat_id;
- if (!read_first_line("/vendor/etc/selinux/precompiled_sepolicy.plat.sha256",
+ if (!read_first_line("/vendor/etc/selinux/precompiled_sepolicy.plat_and_mapping.sha256",
&precompiled_plat_id)) {
- PLOG(INFO) << "Failed to read /vendor/etc/selinux/precompiled_sepolicy.plat.sha256";
+ PLOG(INFO) << "Failed to read "
+ "/vendor/etc/selinux/"
+ "precompiled_sepolicy.plat_and_mapping.sha256";
return false;
}
if ((actual_plat_id.empty()) || (actual_plat_id != precompiled_plat_id)) {
@@ -795,7 +799,7 @@
"-M", "true",
// Target the highest policy language version supported by the kernel
"-c", std::to_string(max_policy_version).c_str(),
- "/vendor/etc/selinux/mapping_sepolicy.cil",
+ "/system/etc/selinux/mapping_sepolicy.cil",
"/vendor/etc/selinux/nonplat_sepolicy.cil",
"-o", compiled_sepolicy,
// We don't care about file_contexts output by the compiler