Prefer property_contexts from /system & /vendor
This changes system_properties' initialize_properties to prefer
loading property_contexts from /system/etc/selinux &
/vendor/etc/selinux, while falling back to the pre-existing behavior
of loading from /.
Test: Device with *_property_contexts in / boots up fine, no denials
to do with properties, getprop -Z lists correct labels.
Test: Device with *_property_contexts in /system & /vendor, but not
in /, boots up fine, no denials to do with properties,
getprop -Z lists correct labels.
Test: Device with *_property_contexts in /system & vendor and with
empty *_property_contexts in / boots up fine, no denials to do
with properties, getprop -Z lists correct labels.
Bug: 36002573
Change-Id: I15174acdf89ee8f5a96acf1e38a54d4214df51ef
diff --git a/libc/bionic/system_properties.cpp b/libc/bionic/system_properties.cpp
index 2bbf2d3..a4faf85 100644
--- a/libc/bionic/system_properties.cpp
+++ b/libc/bionic/system_properties.cpp
@@ -1058,15 +1058,23 @@
return true;
}
- // TODO: Change path to /system/property_contexts after b/27805372
- if (!initialize_properties_from_file("/plat_property_contexts")) {
- return false;
+ // Use property_contexts from /system & /vendor, fall back to those from /
+ if (access("/system/etc/selinux/plat_property_contexts", R_OK) != -1) {
+ if (!initialize_properties_from_file("/system/etc/selinux/plat_property_contexts")) {
+ return false;
+ }
+ if (!initialize_properties_from_file("/vendor/etc/selinux/nonplat_property_contexts")) {
+ return false;
+ }
+ } else {
+ if (!initialize_properties_from_file("/plat_property_contexts")) {
+ return false;
+ }
+ if (!initialize_properties_from_file("/nonplat_property_contexts")) {
+ return false;
+ }
}
- // TODO: Change path to /vendor/property_contexts after b/27805372
- // device-specific property context is optional, so load if it exists.
- initialize_properties_from_file("/nonplat_property_contexts");
-
return true;
}
