Merge "init: Use sepolicy version instead" am: 751f2fa535

am: 82103ab7d9

Change-Id: I2cf978f20587b7875994777c9154017bf5a3d4aa

init/host_init_stubs.cpp

@@ -49,6 +49,10 @@ uint32_t HandlePropertySet(const std::string&, const std::string&, const std::st
 }
 
 // selinux.h
+bool SelinuxHasVendorInit() {
+    return true;
+}
+
 void SelabelInitialize() {}
 
 bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {

init/host_init_stubs.h

@@ -56,6 +56,7 @@ uint32_t HandlePropertySet(const std::string& name, const std::string& value,
                            const std::string& source_context, const ucred& cr, std::string* error);
 
 // selinux.h
+bool SelinuxHasVendorInit();
 void SelabelInitialize();
 bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
 

init/property_service.cpp

@@ -59,6 +59,7 @@
 #include "init.h"
 #include "persistent_properties.h"
 #include "property_type.h"
+#include "selinux.h"
 #include "subcontext.h"
 #include "util.h"
 
@@ -542,7 +543,7 @@ static void LoadProperties(char* data, const char* filter, const char* filename)
     size_t flen = 0;
 
     const char* context = kInitContext.c_str();
-    if (GetIntProperty("ro.vndk.version", 28) >= 28) {
+    if (SelinuxHasVendorInit()) {
         for (const auto& [path_prefix, secontext] : paths_and_secontexts) {
             if (StartsWith(filename, path_prefix)) {
                 context = secontext;

init/selinux.cpp

@@ -55,12 +55,14 @@
 #include <android-base/chrono_utils.h>
 #include <android-base/file.h>
 #include <android-base/logging.h>
+#include <android-base/parseint.h>
 #include <android-base/unique_fd.h>
 #include <selinux/android.h>
 
 #include "log.h"
 #include "util.h"
 
+using android::base::ParseInt;
 using android::base::Timer;
 using android::base::unique_fd;
 
@@ -453,6 +455,31 @@ void SelinuxSetupKernelLogging() {
     selinux_set_callback(SELINUX_CB_LOG, cb);
 }
 
+// This function checks whether the sepolicy supports vendor init.
+bool SelinuxHasVendorInit() {
+    if (!IsSplitPolicyDevice()) {
+        // If this device does not split sepolicy files, vendor_init will be available in the latest
+        // monolithic sepolicy file.
+        return true;
+    }
+
+    std::string version;
+    if (!GetVendorMappingVersion(&version)) {
+        // Return true as the default if we failed to load the vendor sepolicy version.
+        return true;
+    }
+
+    int major_version;
+    std::string major_version_str(version, 0, version.find('.'));
+    if (!ParseInt(major_version_str, &major_version)) {
+        PLOG(ERROR) << "Failed to parse the vendor sepolicy major version " << major_version_str;
+        // Return true as the default if we failed to parse the major version.
+        return true;
+    }
+
+    return major_version >= 28;
+}
+
 // selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
 // its value.  selinux_android_restorecon() also needs an sehandle for file context look up.  It
 // will create and store its own copy, but selinux_android_set_sehandle() can be used to provide

init/selinux.h

@@ -27,6 +27,7 @@ void SelinuxInitialize();
 void SelinuxRestoreContext();
 
 void SelinuxSetupKernelLogging();
+bool SelinuxHasVendorInit();
 
 void SelabelInitialize();
 bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);

init/subcontext.cpp

@@ -357,7 +357,7 @@ Result<std::vector<std::string>> Subcontext::ExpandArgs(const std::vector<std::s
 static std::vector<Subcontext> subcontexts;
 
 std::vector<Subcontext>* InitializeSubcontexts() {
-    if (GetIntProperty("ro.vndk.version", 28) >= 28) {
+    if (SelinuxHasVendorInit()) {
         for (const auto& [path_prefix, secontext] : paths_and_secontexts) {
             subcontexts.emplace_back(path_prefix, secontext);
         }