From f831f10abe37645356007080cbf28a2c09f9d5e1 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Tue, 5 Nov 2019 09:46:59 -0800 Subject: [PATCH] Move comments into selinux.h and fix Make comments imperative, remove redundant words, clarify API level. Bug: 26641735 Test: treehugger Change-Id: Icad6001321aa2274b70fdcc74f6fe176f0b2d0db --- init/selinux.cpp | 7 ------- init/selinux.h | 9 +++++++++ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/init/selinux.cpp b/init/selinux.cpp index a15d13649..a9cd290d6 100644 --- a/init/selinux.cpp +++ b/init/selinux.cpp @@ -514,9 +514,6 @@ void SelinuxAvcLog(char* buf, size_t buf_len) { } // namespace -// The files and directories that were created before initial sepolicy load or -// files on ramdisk need to have their security context restored to the proper -// value. This must happen before /dev is populated by ueventd. void SelinuxRestoreContext() { LOG(INFO) << "Running restorecon..."; selinux_android_restorecon("/dev", 0); @@ -560,15 +557,12 @@ int SelinuxKlogCallback(int type, const char* fmt, ...) { return 0; } -// This function sets up SELinux logging to be written to kmsg, to match init's logging. void SelinuxSetupKernelLogging() { selinux_callback cb; cb.func_log = SelinuxKlogCallback; selinux_set_callback(SELINUX_CB_LOG, cb); } -// This function returns the Android version with which the vendor SEPolicy was compiled. -// It is used for version checks such as whether or not vendor_init should be used int SelinuxGetVendorAndroidVersion() { static int vendor_android_version = [] { if (!IsSplitPolicyDevice()) { @@ -594,7 +588,6 @@ int SelinuxGetVendorAndroidVersion() { return vendor_android_version; } -// This function initializes SELinux then execs init to run in the init SELinux context. int SetupSelinux(char** argv) { SetStdioToDevNull(argv); InitKernelLogging(argv); diff --git a/init/selinux.h b/init/selinux.h index 63ad470ed..1a41bfd6f 100644 --- a/init/selinux.h +++ b/init/selinux.h @@ -19,10 +19,19 @@ namespace android { namespace init { +// Initialize SELinux, then exec init to run in the init SELinux context. int SetupSelinux(char** argv); + +// Restore the proper security context to files and directories on ramdisk, and +// those that were created before initial sepolicy load. +// This must happen before /dev is populated by ueventd. void SelinuxRestoreContext(); +// Set up SELinux logging to be written to kmsg, to match init's logging. void SelinuxSetupKernelLogging(); + +// Return the Android API level with which the vendor SEPolicy was compiled. +// Used for version checks such as whether or not vendor_init should be used. int SelinuxGetVendorAndroidVersion(); static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT";