init: Use sepolicy version instead

This commit uses vendor sepolicy file version (defined in `/vendor/etc/selinux/plat_sepolicy_vers.txt`) to determine whether the source context should be set as `u:r:vendor_init:s0`. Before this commit, the criterion was `ro.vndk.version` >= 28. However, the check in `property_service.cpp` will always be true because `ro.vndk.version` hasn't been loaded from `/vendor/default.prop`. Furthermore, under some circumstances, `ro.vndk.version` may be different from `plat_sepolicy_vers.txt` (e.g. O-MR1 vendor does not define `ro.vndk.version`). Bug: 78605339 # high-level bug to combine O-MR1 and P GSI Bug: 79135481 # the usage of `ro.vndk.version` in init Test: vts-tradefed run vts -m VtsTrebleVintfTest # tetheroffload Change-Id: Ied46e9346b4ca7931aa4dcf1c9dbc11de0e12d93 Merged-In: Ied46e9346b4ca7931aa4dcf1c9dbc11de0e12d93
2018-05-03 14:33:52 +08:00 · 2018-05-03 14:33:52 +08:00 · c50144ef1d
parent 979931803b
commit c50144ef1d
6 changed files with 36 additions and 2 deletions
--- a/init/host_init_stubs.cpp
+++ b/init/host_init_stubs.cpp
@ -49,6 +49,10 @@ uint32_t HandlePropertySet(const std::string&, const std::string&, const std::st
 }

 // selinux.h
+bool SelinuxHasVendorInit() {
+    return true;
+}
+
 void SelabelInitialize() {}

 bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
--- a/init/host_init_stubs.h
+++ b/init/host_init_stubs.h
@ -56,6 +56,7 @@ uint32_t HandlePropertySet(const std::string& name, const std::string& value,
                           const std::string& source_context, const ucred& cr, std::string* error);

 // selinux.h
+bool SelinuxHasVendorInit();
 void SelabelInitialize();
 bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);

--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@ -59,6 +59,7 @@
 #include "init.h"
 #include "persistent_properties.h"
 #include "property_type.h"
+#include "selinux.h"
 #include "subcontext.h"
 #include "util.h"

@ -542,7 +543,7 @@ static void LoadProperties(char* data, const char* filter, const char* filename)
    size_t flen = 0;

    const char* context = kInitContext.c_str();
-    if (GetIntProperty("ro.vndk.version", 28) >= 28) {
+    if (SelinuxHasVendorInit()) {
        for (const auto& [path_prefix, secontext] : paths_and_secontexts) {
            if (StartsWith(filename, path_prefix)) {
                context = secontext;
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@ -55,12 +55,14 @@
 #include <android-base/chrono_utils.h>
 #include <android-base/file.h>
 #include <android-base/logging.h>
+#include <android-base/parseint.h>
 #include <android-base/unique_fd.h>
 #include <selinux/android.h>

 #include "log.h"
 #include "util.h"

+using android::base::ParseInt;
 using android::base::Timer;
 using android::base::unique_fd;

@ -453,6 +455,31 @@ void SelinuxSetupKernelLogging() {
    selinux_set_callback(SELINUX_CB_LOG, cb);
 }

+// This function checks whether the sepolicy supports vendor init.
+bool SelinuxHasVendorInit() {
+    if (!IsSplitPolicyDevice()) {
+        // If this device does not split sepolicy files, vendor_init will be available in the latest
+        // monolithic sepolicy file.
+        return true;
+    }
+
+    std::string version;
+    if (!GetVendorMappingVersion(&version)) {
+        // Return true as the default if we failed to load the vendor sepolicy version.
+        return true;
+    }
+
+    int major_version;
+    std::string major_version_str(version, 0, version.find('.'));
+    if (!ParseInt(major_version_str, &major_version)) {
+        PLOG(ERROR) << "Failed to parse the vendor sepolicy major version " << major_version_str;
+        // Return true as the default if we failed to parse the major version.
+        return true;
+    }
+
+    return major_version >= 28;
+}
+
 // selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
 // its value.  selinux_android_restorecon() also needs an sehandle for file context look up.  It
 // will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
--- a/init/selinux.h
+++ b/init/selinux.h
@ -27,6 +27,7 @@ void SelinuxInitialize();
 void SelinuxRestoreContext();

 void SelinuxSetupKernelLogging();
+bool SelinuxHasVendorInit();

 void SelabelInitialize();
 bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@ -357,7 +357,7 @@ Result<std::vector<std::string>> Subcontext::ExpandArgs(const std::vector<std::s
 static std::vector<Subcontext> subcontexts;

 std::vector<Subcontext>* InitializeSubcontexts() {
-    if (GetIntProperty("ro.vndk.version", 28) >= 28) {
+    if (SelinuxHasVendorInit()) {
        for (const auto& [path_prefix, secontext] : paths_and_secontexts) {
            subcontexts.emplace_back(path_prefix, secontext);
        }