Merge "selinux: use the policy version defined in sepolicy"
This commit is contained in:
Jeffrey Vander Stoep
Gerrit Code Review
commit
e21d07fbab
3 changed files with 6 additions and 12 deletions
|
|
@ -91,7 +91,7 @@ cc_defaults {
|
|||
cc_library_static {
|
||||
name: "libinit",
|
||||
recovery_available: true,
|
||||
defaults: ["init_defaults"],
|
||||
defaults: ["init_defaults", "selinux_policy_version"],
|
||||
srcs: [
|
||||
"action.cpp",
|
||||
"action_manager.cpp",
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
LOCAL_PATH:= $(call my-dir)
|
||||
|
||||
include system/sepolicy/policy_version.mk
|
||||
|
||||
# --
|
||||
|
||||
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
|
||||
|
|
@ -28,7 +30,8 @@ init_options += \
|
|||
-DSHUTDOWN_ZERO_TIMEOUT=0
|
||||
endif
|
||||
|
||||
init_options += -DLOG_UEVENTS=0
|
||||
init_options += -DLOG_UEVENTS=0 \
|
||||
-DSEPOLICY_VERSION=$(POLICYVERS)
|
||||
|
||||
init_cflags += \
|
||||
$(init_options) \
|
||||
|
|
|
|||
|
|
@ -316,14 +316,6 @@ bool LoadSplitPolicy() {
|
|||
|
||||
LOG(INFO) << "Compiling SELinux policy";
|
||||
|
||||
// Determine the highest policy language version supported by the kernel
|
||||
set_selinuxmnt("/sys/fs/selinux");
|
||||
int max_policy_version = security_policyvers();
|
||||
if (max_policy_version == -1) {
|
||||
PLOG(ERROR) << "Failed to determine highest policy version supported by kernel";
|
||||
return false;
|
||||
}
|
||||
|
||||
// We store the output of the compilation on /dev because this is the most convenient tmpfs
|
||||
// storage mount available this early in the boot sequence.
|
||||
char compiled_sepolicy[] = "/dev/sepolicy.XXXXXX";
|
||||
|
|
@ -370,14 +362,13 @@ bool LoadSplitPolicy() {
|
|||
if (access(odm_policy_cil_file.c_str(), F_OK) == -1) {
|
||||
odm_policy_cil_file.clear();
|
||||
}
|
||||
const std::string version_as_string = std::to_string(max_policy_version);
|
||||
const std::string version_as_string = std::to_string(SEPOLICY_VERSION);
|
||||
|
||||
// clang-format off
|
||||
std::vector<const char*> compile_args {
|
||||
"/system/bin/secilc",
|
||||
use_userdebug_policy ? userdebug_plat_policy_cil_file : plat_policy_cil_file,
|
||||
"-m", "-M", "true", "-G", "-N",
|
||||
// Target the highest policy language version supported by the kernel
|
||||
"-c", version_as_string.c_str(),
|
||||
plat_mapping_file.c_str(),
|
||||
"-o", compiled_sepolicy,
|
||||
|
|
|
|||
Loading…
Reference in a new issue