commit 837b2a4c2411c718221327b800f41b456c96f08c
author Logan Chien <loganchien@google.com> Thu May 03 14:33:52 2018 +0800
committer Logan Chien <loganchien@google.com> Fri May 04 15:21:01 2018 +0800
tree 2af64351cfbbfdd50f6423c689e56e0cc2760b48
parent a3d95cf2f8f5b9acca9be690bc3c6904de6677de

init: Use sepolicy version instead

This commit uses vendor sepolicy file version (defined in
`/vendor/etc/selinux/plat_sepolicy_vers.txt`) to determine whether the
source context should be set as `u:r:vendor_init:s0`.

Before this commit, the criterion was `ro.vndk.version` >= 28.  However,
the check in `property_service.cpp` will always be true because
`ro.vndk.version` hasn't been loaded from `/vendor/default.prop`.

Furthermore, under some circumstances, `ro.vndk.version` may be
different from `plat_sepolicy_vers.txt` (e.g. O-MR1 vendor does not
define `ro.vndk.version`).

Bug: 78605339  # high-level bug to combine O-MR1 and P GSI
Bug: 79135481  # the usage of `ro.vndk.version` in init
Test: vts-tradefed run vts -m VtsTrebleVintfTest  # tetheroffload
Change-Id: Ied46e9346b4ca7931aa4dcf1c9dbc11de0e12d93

init/selinux.cpp

diff --git a/init/selinux.cpp b/init/selinux.cpp
index 6aba9c1..0ba5c4a 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -55,12 +55,14 @@
 #include <android-base/chrono_utils.h>
 #include <android-base/file.h>
 #include <android-base/logging.h>
+#include <android-base/parseint.h>
 #include <android-base/unique_fd.h>
 #include <selinux/android.h>
 
 #include "log.h"
 #include "util.h"
 
+using android::base::ParseInt;
 using android::base::Timer;
 using android::base::unique_fd;
 
@@ -453,6 +455,31 @@
     selinux_set_callback(SELINUX_CB_LOG, cb);
 }
 
+// This function checks whether the sepolicy supports vendor init.
+bool SelinuxHasVendorInit() {
+    if (!IsSplitPolicyDevice()) {
+        // If this device does not split sepolicy files, vendor_init will be available in the latest
+        // monolithic sepolicy file.
+        return true;
+    }
+
+    std::string version;
+    if (!GetVendorMappingVersion(&version)) {
+        // Return true as the default if we failed to load the vendor sepolicy version.
+        return true;
+    }
+
+    int major_version;
+    std::string major_version_str(version, 0, version.find('.'));
+    if (!ParseInt(major_version_str, &major_version)) {
+        PLOG(ERROR) << "Failed to parse the vendor sepolicy major version " << major_version_str;
+        // Return true as the default if we failed to parse the major version.
+        return true;
+    }
+
+    return major_version >= 28;
+}
+
 // selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
 // its value.  selinux_android_restorecon() also needs an sehandle for file context look up.  It
 // will create and store its own copy, but selinux_android_set_sehandle() can be used to provide