Add support for reloading policy from /data/system.
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/init/devices.c b/init/devices.c
index c367de8..597f958 100644
--- a/init/devices.c
+++ b/init/devices.c
@@ -33,6 +33,7 @@
#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
+#include <selinux/android.h>
#endif
#include <private/android_filesystem_config.h>
@@ -871,12 +872,10 @@
struct stat info;
int fd;
#ifdef HAVE_SELINUX
- struct selinux_opt seopts[] = {
- { SELABEL_OPT_PATH, "/file_contexts" }
- };
-
- if (is_selinux_enabled() > 0)
- sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+ sehandle = NULL;
+ if (is_selinux_enabled() > 0) {
+ sehandle = selinux_android_file_context_handle();
+ }
#endif
/* is 64K enough? udev uses 16MB! */
device_fd = uevent_open_socket(64*1024, true);