From 7ef60b4ed4d7533fdf7e4c535d7300ec2920c6fe Mon Sep 17 00:00:00 2001 From: Sandeep Patil Date: Wed, 29 Mar 2017 10:31:26 -0700 Subject: [PATCH] init: consolidate restorecon after selinux initialization in single function Test: Boot sailfish Change-Id: I423028f12a84c4e0c12c9bdde52b6d795d45b620 (cherry picked from commit 74df5bab1622fab9310f4e7f18b31d3db2133992) Signed-off-by: Sandeep Patil --- init/init.cpp | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/init/init.cpp b/init/init.cpp index 4249115b2..6f3b3a690 100644 --- a/init/init.cpp +++ b/init/init.cpp @@ -875,6 +875,24 @@ static void selinux_initialize(bool in_kernel_domain) { } } +// The files and directories that were created before initial sepolicy load +// need to have their security context restored to the proper value. +// This must happen before /dev is populated by ueventd. +static void selinux_restore_context() { + LOG(INFO) << "Running restorecon..."; + restorecon("/dev"); + restorecon("/dev/kmsg"); + restorecon("/dev/socket"); + restorecon("/dev/random"); + restorecon("/dev/urandom"); + restorecon("/dev/__properties__"); + restorecon("/plat_property_contexts"); + restorecon("/nonplat_property_contexts"); + restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE); + restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE); + restorecon("/dev/device-mapper"); +} + // Set the UDC controller for the ConfigFS USB Gadgets. // Read the UDC controller in use from "/sys/class/udc". // In case of multiple UDC controllers select the first one. @@ -1213,22 +1231,7 @@ int main(int argc, char** argv) { // Now set up SELinux for second stage. selinux_initialize(false); - - // These directories were necessarily created before initial policy load - // and therefore need their security context restored to the proper value. - // This must happen before /dev is populated by ueventd. - LOG(INFO) << "Running restorecon..."; - restorecon("/dev"); - restorecon("/dev/kmsg"); - restorecon("/dev/socket"); - restorecon("/dev/random"); - restorecon("/dev/urandom"); - restorecon("/dev/__properties__"); - restorecon("/plat_property_contexts"); - restorecon("/nonplat_property_contexts"); - restorecon("/sys", SELINUX_ANDROID_RESTORECON_RECURSE); - restorecon("/dev/block", SELINUX_ANDROID_RESTORECON_RECURSE); - restorecon("/dev/device-mapper"); + selinux_restore_context(); epoll_fd = epoll_create1(EPOLL_CLOEXEC); if (epoll_fd == -1) {