From 46e1bd89b457713bf91d2dc751795822cc202658 Mon Sep 17 00:00:00 2001
From: William Roberts <w.roberts@sta.samsung.com>
Date: Wed, 23 Jan 2013 14:05:04 -0800
Subject: [PATCH] Create a new location for /data policy files

Adding a new location for policy files under
/data, the new location is /data/security. The
new location is used before attempting to use
any other location.
This requires a new directory to be created by
the init script and an update to the location of
the property_contexts file for property service.

Change-Id: I955a722ac3e51fa6c1b97201b8bdef3f601cf09d
---
 init/init.c     | 1 +
 rootdir/init.rc | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/init/init.c b/init/init.c
index bfaf983b4..ede2daa8a 100755
--- a/init/init.c
+++ b/init/init.c
@@ -745,6 +745,7 @@ static int bootchart_init_action(int nargs, char **args)
 #endif
 
 static const struct selinux_opt seopts_prop[] = {
+        { SELABEL_OPT_PATH, "/data/security/property_contexts" },
         { SELABEL_OPT_PATH, "/data/system/property_contexts" },
         { SELABEL_OPT_PATH, "/property_contexts" },
         { 0, NULL }
diff --git a/rootdir/init.rc b/rootdir/init.rc
index d6182e884..72f351fab 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -242,6 +242,9 @@ on post-fs-data
     # the following directory.
     mkdir /data/drm 0770 drm drm
 
+    # Separate location for storing security policy files on data
+    mkdir /data/security 0600 system system
+
     # If there is no fs-post-data action in the init.<device>.rc file, you
     # must uncomment this line, otherwise encrypted filesystems
     # won't work.