Create a new location for /data policy files

Adding a new location for policy files under /data, the new location is /data/security. The new location is used before attempting to use any other location. This requires a new directory to be created by the init script and an update to the location of the property_contexts file for property service. Change-Id: I955a722ac3e51fa6c1b97201b8bdef3f601cf09d
2013-01-23 14:05:04 -08:00 · 2013-01-23 14:05:04 -08:00 · 46e1bd89b4
commit 46e1bd89b4
parent 55e1df471b
2 changed files with 4 additions and 0 deletions
--- a/init/init.c
+++ b/init/init.c
@ -745,6 +745,7 @@ static int bootchart_init_action(int nargs, char **args)
 #endif

 static const struct selinux_opt seopts_prop[] = {
+        { SELABEL_OPT_PATH, "/data/security/property_contexts" },
        { SELABEL_OPT_PATH, "/data/system/property_contexts" },
        { SELABEL_OPT_PATH, "/property_contexts" },
        { 0, NULL }
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -242,6 +242,9 @@ on post-fs-data
    # the following directory.
    mkdir /data/drm 0770 drm drm

+    # Separate location for storing security policy files on data
+    mkdir /data/security 0600 system system
+
    # If there is no fs-post-data action in the init.<device>.rc file, you
    # must uncomment this line, otherwise encrypted filesystems
    # won't work.