Add support for reloading policy from /data/system.
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/init/property_service.c b/init/property_service.c
index 79914cd..471c3dc 100644
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -86,6 +86,7 @@
{ "persist.sys.", AID_SYSTEM, 0 },
{ "persist.service.", AID_SYSTEM, 0 },
{ "persist.security.", AID_SYSTEM, 0 },
+ { "selinux." , AID_SYSTEM, 0 },
{ NULL, 0, 0 }
};
@@ -334,6 +335,11 @@
* to prevent them from being overwritten by default values.
*/
write_persistent_property(name, value);
+#ifdef HAVE_SELINUX
+ } else if (strcmp("selinux.reload_policy", name) == 0 &&
+ strcmp("1", value) == 0) {
+ selinux_reload_policy();
+#endif
}
property_changed(name, value);
return 0;