Add support for reloading policy from /data/system.
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 054c2ca..6a0c332 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -355,6 +355,10 @@
critical
seclabel u:r:ueventd:s0
+on property:selinux.reload_policy=1
+ restart ueventd
+ restart installd
+
service console /system/bin/sh
class core
console