Commits

Stephen Smalley  committed c5d9ca5

Do not change ownership of /sys/fs/selinux/load to system UID.

Policy reload is handled by setting the selinux.reload_policy property
and letting the init process perform the actual loading of policy into
the kernel. Thus, there should be no need for the system UID to directly
write to /sys/fs/selinux/load.

Change-Id: I240c5bb2deaee757a2e1e396e14dea9e5d9286f5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

  • Participants
  • Parent commits a79ed8a
  • Branches seandroid-4.3_r2, seandroid-4.3_r3

Comments (0)

Files changed (1)

File rootdir/init.rc

     chown root radio /proc/cmdline
 
 # Set these so we can remotely update SELinux policy
-    chown system system /sys/fs/selinux/load
     chown system system /sys/fs/selinux/enforce
 
 # Define TCP buffer sizes for various networks