Add support for reloading policy from /data/system. To support runtime policy management, add support for reloading policy from /data/system. This can be triggered by setting the selinux.loadpolicy property to 1, whether from init.rc after mounting /data or from the system_server (e.g. upon invocation of a new device admin API for provisioning policy). ueventd and installd are restarted upon policy reloads to pick up the new policy configurations relevant to their operation. Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: ae6f3d7c05070f7e0e56fe0056c8923c6ee2f473 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Tue May 01 15:02:53 2012 -0400
committer: rpcraig <rpcraig@tycho.ncsc.mil> Thu Aug 09 09:59:10 2012 -0400
tree: 0fa2219d6539d7b9311b24ad60ab1601e15fba63
parent: d25b8502ea2c1294c0afab97bf7f14fbd2087efd [diff] [blame]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 054c2ca..6a0c332 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -355,6 +355,10 @@
     critical
     seclabel u:r:ueventd:s0
 
+on property:selinux.reload_policy=1
+    restart ueventd
+    restart installd
+
 service console /system/bin/sh
     class core
     console
commit	ae6f3d7c05070f7e0e56fe0056c8923c6ee2f473	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Tue May 01 15:02:53 2012 -0400
committer	rpcraig <rpcraig@tycho.ncsc.mil>	Thu Aug 09 09:59:10 2012 -0400
tree	0fa2219d6539d7b9311b24ad60ab1601e15fba63
parent	d25b8502ea2c1294c0afab97bf7f14fbd2087efd [diff] [blame]