From 176cf1f65b4431a00f9238e811f71295c36d4a27 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Wed, 8 Mar 2017 13:16:03 -0800
Subject: [PATCH] Prefer property_contexts from /system & /vendor

This changes system_properties' initialize_properties to prefer
loading property_contexts from /system/etc/selinux &
/vendor/etc/selinux, while falling back to the pre-existing behavior
of loading from /.

Test: Device with *_property_contexts in / boots up fine, no denials
      to do with properties, getprop -Z lists correct labels.
Test: Device with *_property_contexts in /system & /vendor, but not
      in /, boots up fine, no denials to do with properties,
      getprop -Z lists correct labels.
Test: Device with *_property_contexts in /system & vendor and with
      empty *_property_contexts in / boots up fine, no denials to do
      with properties, getprop -Z lists correct labels.
Bug: 36002573

Change-Id: I15174acdf89ee8f5a96acf1e38a54d4214df51ef
---
 libc/bionic/system_properties.cpp | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/libc/bionic/system_properties.cpp b/libc/bionic/system_properties.cpp
index 2bbf2d306..a4faf85ac 100644
--- a/libc/bionic/system_properties.cpp
+++ b/libc/bionic/system_properties.cpp
@@ -1058,15 +1058,23 @@ static bool initialize_properties() {
     return true;
   }
 
-  // TODO: Change path to /system/property_contexts after b/27805372
-  if (!initialize_properties_from_file("/plat_property_contexts")) {
-    return false;
+  // Use property_contexts from /system & /vendor, fall back to those from /
+  if (access("/system/etc/selinux/plat_property_contexts", R_OK) != -1) {
+    if (!initialize_properties_from_file("/system/etc/selinux/plat_property_contexts")) {
+      return false;
+    }
+    if (!initialize_properties_from_file("/vendor/etc/selinux/nonplat_property_contexts")) {
+      return false;
+    }
+  } else {
+    if (!initialize_properties_from_file("/plat_property_contexts")) {
+      return false;
+    }
+    if (!initialize_properties_from_file("/nonplat_property_contexts")) {
+      return false;
+    }
   }
 
-  // TODO: Change path to /vendor/property_contexts after b/27805372
-  // device-specific property context is optional, so load if it exists.
-  initialize_properties_from_file("/nonplat_property_contexts");
-
   return true;
 }