Merge "Use apex *_contexts when available"android-t-preview-1android-s-v2-beta-3android-t-preview-1android-s-v2-beta-3

2 files changed, 30 insertions, 3 deletions

diff --git a/libselinux/src/android/android.c b/libselinux/src/android/android.c
index 25f1762f..7ee9e774 100644
--- a/libselinux/src/android/android.c
+++ b/libselinux/src/android/android.c
@@ -14,6 +14,9 @@ static const struct selinux_opt seopts_service_plat[] = {
     { SELABEL_OPT_PATH, "/system/etc/selinux/plat_service_contexts" },
     { SELABEL_OPT_PATH, "/plat_service_contexts" }
 };
+static const struct selinux_opt seopts_service_apex[] = {
+    { SELABEL_OPT_PATH, "/dev/selinux/apex_service_contexts" }
+};
 static const struct selinux_opt seopts_service_system_ext[] = {
     { SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_service_contexts" },
     { SELABEL_OPT_PATH, "/system_ext_service_contexts" }
@@ -122,6 +125,12 @@ struct selabel_handle* selinux_android_service_context_handle(void)
             break;
         }
     }
+    for (i = 0; i < ARRAY_SIZE(seopts_service_apex); i++) {
+        if (access(seopts_service_apex[i].value, R_OK) != -1) {
+            seopts_service[size++] = seopts_service_apex[i];
+            break;
+        }
+    }
     for (i = 0; i < ARRAY_SIZE(seopts_service_system_ext); i++) {
         if (access(seopts_service_system_ext[i].value, R_OK) != -1) {
             seopts_service[size++] = seopts_service_system_ext[i];
diff --git a/libselinux/src/android/android_platform.c b/libselinux/src/android/android_platform.c
index 278a80b0..2516c091 100644
--- a/libselinux/src/android/android_platform.c
+++ b/libselinux/src/android/android_platform.c
@@ -1,9 +1,9 @@
 #include "android_common.h"
 #include <packagelistparser/packagelistparser.h>
 
-// For 'system', 'system_ext' (optional), 'product' (optional), 'vendor' (mandatory)
-// and/or 'odm' (optional).
-#define MAX_FILE_CONTEXT_SIZE 5
+// For 'system', 'system_ext' (optional), 'apex' (optional), 'product' (optional),
+// 'vendor' (mandatory) and/or 'odm' (optional) .
+#define MAX_FILE_CONTEXT_SIZE 6
 
 static const char *const sepolicy_file = "/sepolicy";
 
@@ -11,6 +11,9 @@ static const struct selinux_opt seopts_file_plat[] = {
     { SELABEL_OPT_PATH, "/system/etc/selinux/plat_file_contexts" },
     { SELABEL_OPT_PATH, "/plat_file_contexts" }
 };
+static const struct selinux_opt seopts_file_apex[] = {
+    { SELABEL_OPT_PATH, "/dev/selinux/apex_file_contexts" }
+};
 static const struct selinux_opt seopts_file_system_ext[] = {
     { SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_file_contexts" },
     { SELABEL_OPT_PATH, "/system_ext_file_contexts" }
@@ -38,6 +41,9 @@ static char const * const seapp_contexts_plat[] = {
 	"/system/etc/selinux/plat_seapp_contexts",
 	"/plat_seapp_contexts"
 };
+static char const * const seapp_contexts_apex[] = {
+	"/dev/selinux/apex_seapp_contexts"
+};
 static char const * const seapp_contexts_system_ext[] = {
 	"/system_ext/etc/selinux/system_ext_seapp_contexts",
 	"/system_ext_seapp_contexts"
@@ -88,6 +94,12 @@ struct selabel_handle* selinux_android_file_context_handle(void)
             break;
         }
     }
+    for (i = 0; i < ARRAY_SIZE(seopts_file_apex); i++) {
+        if (access(seopts_file_apex[i].value, R_OK) != -1) {
+            seopts_file[size++] = seopts_file_apex[i];
+            break;
+        }
+    }
     for (i = 0; i < ARRAY_SIZE(seopts_file_system_ext); i++) {
         if (access(seopts_file_system_ext[i].value, R_OK) != -1) {
             seopts_file[size++] = seopts_file_system_ext[i];
@@ -323,6 +335,12 @@ int selinux_android_seapp_context_reload(void)
 			break;
 		}
 	}
+	for (i = 0; i < ARRAY_SIZE(seapp_contexts_apex); i++) {
+		if (access(seapp_contexts_apex[i], R_OK) != -1) {
+			seapp_contexts_files[files_len++] = seapp_contexts_apex[i];
+			break;
+		}
+	}
 	for (i = 0; i < ARRAY_SIZE(seapp_contexts_system_ext); i++) {
 		if (access(seapp_contexts_system_ext[i], R_OK) != -1) {
 			seapp_contexts_files[files_len++] = seapp_contexts_system_ext[i];