Add support for reloading policy from /data/system.
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/toolbox/restorecon.c b/toolbox/restorecon.c
index 5ef0ef1..f9f604f 100644
--- a/toolbox/restorecon.c
+++ b/toolbox/restorecon.c
@@ -7,8 +7,7 @@
#include <fts.h>
#include <selinux/selinux.h>
#include <selinux/label.h>
-
-#define FCPATH "/file_contexts"
+#include <selinux/android.h>
static struct selabel_handle *sehandle;
static const char *progname;
@@ -17,7 +16,7 @@
static void usage(void)
{
- fprintf(stderr, "usage: %s [-f file_contexts] [-nrRv] pathname...\n", progname);
+ fprintf(stderr, "usage: %s [-nrRv] pathname...\n", progname);
exit(1);
}
@@ -54,21 +53,16 @@
int restorecon_main(int argc, char **argv)
{
- struct selinux_opt seopts[] = {
- { SELABEL_OPT_PATH, FCPATH }
- };
int ch, recurse = 0, ftsflags = FTS_PHYSICAL;
+ int i = 0;
progname = argv[0];
do {
- ch = getopt(argc, argv, "f:nrRv");
+ ch = getopt(argc, argv, "nrRv");
if (ch == EOF)
break;
switch (ch) {
- case 'f':
- seopts[0].value = optarg;
- break;
case 'n':
nochange = 1;
break;
@@ -89,9 +83,10 @@
if (!argc)
usage();
- sehandle = selabel_open(SELABEL_CTX_FILE, seopts, 1);
+ sehandle = selinux_android_file_context_handle();
+
if (!sehandle) {
- fprintf(stderr, "Could not load file contexts from %s: %s\n", seopts[0].value,
+ fprintf(stderr, "Could not load file_contexts: %s\n",
strerror(errno));
return -1;
}