Merge "Treat Microdroid as OS with monolithic sepolicy" am: 121e3b8320
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2617775
Change-Id: Ic92490103ef484154ebdebe3d3d1cd4636388a13
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 907eb80..a936532 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -300,6 +300,8 @@
}
constexpr const char plat_policy_cil_file[] = "/system/etc/selinux/plat_sepolicy.cil";
+constexpr const char kMicrodroidPrecompiledSepolicy[] =
+ "/system/etc/selinux/microdroid_precompiled_sepolicy";
bool IsSplitPolicyDevice() {
return access(plat_policy_cil_file, R_OK) != -1;
@@ -497,14 +499,19 @@
bool OpenMonolithicPolicy(PolicyFile* policy_file) {
static constexpr char kSepolicyFile[] = "/sepolicy";
+ // In Microdroid the precompiled sepolicy is located on /system, since there is no vendor code.
+ // TODO(b/287206497): refactor once we start conditionally compiling init for Microdroid.
+ std::string monolithic_policy_file = access(kMicrodroidPrecompiledSepolicy, R_OK) == 0
+ ? kMicrodroidPrecompiledSepolicy
+ : kSepolicyFile;
- LOG(VERBOSE) << "Opening SELinux policy from monolithic file";
- policy_file->fd.reset(open(kSepolicyFile, O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
+ LOG(INFO) << "Opening SELinux policy from monolithic file " << monolithic_policy_file;
+ policy_file->fd.reset(open(monolithic_policy_file.c_str(), O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
if (policy_file->fd < 0) {
PLOG(ERROR) << "Failed to open monolithic SELinux policy";
return false;
}
- policy_file->path = kSepolicyFile;
+ policy_file->path = monolithic_policy_file;
return true;
}