diff options
| author | alk3pInjection <webmaster@raspii.tech> | 2022-05-02 09:56:20 +0800 |
|---|---|---|
| committer | alk3pInjection <webmaster@raspii.tech> | 2022-05-02 09:56:20 +0800 |
| commit | d53ccefe1270307c78ac8f833c82abcaa262cc3a (patch) | |
| tree | 6993ccbaec8f775df73b75d38c5b529889479417 /init/selinux.cpp | |
| parent | adbb1c10dd503804988344c1905df3c23973cf0d (diff) | |
| parent | 8fc3f7296741ce589f7294113f8771837fb49bda (diff) | |
Merge tag 'LA.QSSI.12.0.r1-06800-qssi.0' into sugisawa-mr1
"LA.QSSI.12.0.r1-06800-qssi.0"
Change-Id: I979d0f844cf44539ca87aade5929a4c84b4d31ff
Diffstat (limited to 'init/selinux.cpp')
| -rw-r--r-- | init/selinux.cpp | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/init/selinux.cpp b/init/selinux.cpp index 42d302324..29c0ff3ba 100644 --- a/init/selinux.cpp +++ b/init/selinux.cpp @@ -295,6 +295,25 @@ bool IsSplitPolicyDevice() { return access(plat_policy_cil_file, R_OK) != -1; } +std::optional<const char*> GetUserdebugPlatformPolicyFile() { + // See if we need to load userdebug_plat_sepolicy.cil instead of plat_sepolicy.cil. + const char* force_debuggable_env = getenv("INIT_FORCE_DEBUGGABLE"); + if (force_debuggable_env && "true"s == force_debuggable_env && AvbHandle::IsDeviceUnlocked()) { + const std::vector<const char*> debug_policy_candidates = { +#if INSTALL_DEBUG_POLICY_TO_SYSTEM_EXT == 1 + "/system_ext/etc/selinux/userdebug_plat_sepolicy.cil", +#endif + kDebugRamdiskSEPolicy, + }; + for (const char* debug_policy : debug_policy_candidates) { + if (access(debug_policy, F_OK) == 0) { + return debug_policy; + } + } + } + return std::nullopt; +} + struct PolicyFile { unique_fd fd; std::string path; @@ -310,13 +329,10 @@ bool OpenSplitPolicy(PolicyFile* policy_file) { // secilc is invoked to compile the above three policy files into a single monolithic policy // file. This file is then loaded into the kernel. - // See if we need to load userdebug_plat_sepolicy.cil instead of plat_sepolicy.cil. - const char* force_debuggable_env = getenv("INIT_FORCE_DEBUGGABLE"); - bool use_userdebug_policy = - ((force_debuggable_env && "true"s == force_debuggable_env) && - AvbHandle::IsDeviceUnlocked() && access(kDebugRamdiskSEPolicy, F_OK) == 0); + const auto userdebug_plat_sepolicy = GetUserdebugPlatformPolicyFile(); + const bool use_userdebug_policy = userdebug_plat_sepolicy.has_value(); if (use_userdebug_policy) { - LOG(WARNING) << "Using userdebug system sepolicy"; + LOG(INFO) << "Using userdebug system sepolicy " << *userdebug_plat_sepolicy; } // Load precompiled policy from vendor image, if a matching policy is found there. The policy @@ -413,7 +429,7 @@ bool OpenSplitPolicy(PolicyFile* policy_file) { // clang-format off std::vector<const char*> compile_args { "/system/bin/secilc", - use_userdebug_policy ? kDebugRamdiskSEPolicy: plat_policy_cil_file, + use_userdebug_policy ? *userdebug_plat_sepolicy : plat_policy_cil_file, "-m", "-M", "true", "-G", "-N", "-c", version_as_string.c_str(), plat_mapping_file.c_str(), |