Do not change ownership of /sys/fs/selinux/load to system UID. Policy reload is handled by setting the selinux.reload_policy property and letting the init process perform the actual loading of policy into the kernel. Thus, there should be no need for the system UID to directly write to /sys/fs/selinux/load. Change-Id: I240c5bb2deaee757a2e1e396e14dea9e5d9286f5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: cc13e8ab87f74143293722e5301480fbe31b788d [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Mon Aug 26 10:53:25 2013 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Thu Sep 19 11:26:26 2013 -0400
tree: 0e59f74279717c1a82b40ec0c0e524e503bb6c54
parent: a208ea6301b3a7141f800d21407b0befa8ad0a56 [diff]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 5e3c991..21ae5bf 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -339,7 +339,6 @@
     chown root radio /proc/cmdline
 
 # Set these so we can remotely update SELinux policy
-    chown system system /sys/fs/selinux/load
     chown system system /sys/fs/selinux/enforce
 
 # Define TCP buffer sizes for various networks
commit	cc13e8ab87f74143293722e5301480fbe31b788d	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Mon Aug 26 10:53:25 2013 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Thu Sep 19 11:26:26 2013 -0400
tree	0e59f74279717c1a82b40ec0c0e524e503bb6c54
parent	a208ea6301b3a7141f800d21407b0befa8ad0a56 [diff]