init: load /product selinux mapping file
/system/etc/selinux/mapping/V.v.cil is being split into /system and
/product parts.
Change init to account for /product/etc/selinux/mapping/V.v.cil mapping
file when merging SELinux policies.
Bug: 119305624
Test: boot taimen
Test: "cnd" type is declared in /vendor; "dataservice_app" type is
declared in /product. This permission is preserved
"allow cnd dataservice_app:binder { transfer call };"
Change-Id: I65995a75041044ae71c148d655a70c5efd3b84cc
This commit is contained in:
Tri Vo
parent
173a02b439
commit
503f1852ba
1 changed files with 10 additions and 2 deletions
|
|
@ -304,13 +304,18 @@ bool LoadSplitPolicy() {
|
|||
if (!GetVendorMappingVersion(&vend_plat_vers)) {
|
||||
return false;
|
||||
}
|
||||
std::string mapping_file("/system/etc/selinux/mapping/" + vend_plat_vers + ".cil");
|
||||
std::string plat_mapping_file("/system/etc/selinux/mapping/" + vend_plat_vers + ".cil");
|
||||
|
||||
std::string product_policy_cil_file("/product/etc/selinux/product_sepolicy.cil");
|
||||
if (access(product_policy_cil_file.c_str(), F_OK) == -1) {
|
||||
product_policy_cil_file.clear();
|
||||
}
|
||||
|
||||
std::string product_mapping_file("/product/etc/selinux/mapping/" + vend_plat_vers + ".cil");
|
||||
if (access(product_mapping_file.c_str(), F_OK) == -1) {
|
||||
product_mapping_file.clear();
|
||||
}
|
||||
|
||||
// vendor_sepolicy.cil and plat_pub_versioned.cil are the new design to replace
|
||||
// nonplat_sepolicy.cil.
|
||||
std::string plat_pub_versioned_cil_file("/vendor/etc/selinux/plat_pub_versioned.cil");
|
||||
|
|
@ -340,7 +345,7 @@ bool LoadSplitPolicy() {
|
|||
"-m", "-M", "true", "-G", "-N",
|
||||
// Target the highest policy language version supported by the kernel
|
||||
"-c", version_as_string.c_str(),
|
||||
mapping_file.c_str(),
|
||||
plat_mapping_file.c_str(),
|
||||
"-o", compiled_sepolicy,
|
||||
// We don't care about file_contexts output by the compiler
|
||||
"-f", "/sys/fs/selinux/null", // /dev/null is not yet available
|
||||
|
|
@ -350,6 +355,9 @@ bool LoadSplitPolicy() {
|
|||
if (!product_policy_cil_file.empty()) {
|
||||
compile_args.push_back(product_policy_cil_file.c_str());
|
||||
}
|
||||
if (!product_mapping_file.empty()) {
|
||||
compile_args.push_back(product_mapping_file.c_str());
|
||||
}
|
||||
if (!plat_pub_versioned_cil_file.empty()) {
|
||||
compile_args.push_back(plat_pub_versioned_cil_file.c_str());
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue