commit ae6f3d7c05070f7e0e56fe0056c8923c6ee2f473
author Stephen Smalley <sds@tycho.nsa.gov> Tue May 01 15:02:53 2012 -0400
committer rpcraig <rpcraig@tycho.ncsc.mil> Thu Aug 09 09:59:10 2012 -0400
tree 0fa2219d6539d7b9311b24ad60ab1601e15fba63
parent d25b8502ea2c1294c0afab97bf7f14fbd2087efd

Add support for reloading policy from /data/system.

To support runtime policy management, add support for reloading
policy from /data/system.  This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.

Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

init/devices.c

diff --git a/init/devices.c b/init/devices.c
index c367de8..597f958 100644
--- a/init/devices.c
+++ b/init/devices.c
@@ -33,6 +33,7 @@
 #ifdef HAVE_SELINUX
 #include <selinux/selinux.h>
 #include <selinux/label.h>
+#include <selinux/android.h>
 #endif
 
 #include <private/android_filesystem_config.h>
@@ -871,12 +872,10 @@
     struct stat info;
     int fd;
 #ifdef HAVE_SELINUX
-    struct selinux_opt seopts[] = {
-        { SELABEL_OPT_PATH, "/file_contexts" }
-    };
-
-    if (is_selinux_enabled() > 0)
-        sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+    sehandle = NULL;
+    if (is_selinux_enabled() > 0) {
+        sehandle = selinux_android_file_context_handle();
+    }
 #endif
     /* is 64K enough? udev uses 16MB! */
     device_fd = uevent_open_socket(64*1024, true);