Gitiles
Code Review Sign In
192.168.1.100 / YUKUAI_patch / 86118913b4bf0e102d1cce3c6e5d35277b427cb7^! / . / rootfs / etc / init.d / selinux-init
commit86118913b4bf0e102d1cce3c6e5d35277b427cb7[log] [tgz]
authorxf.li <xf.li@mobiletek.cn>Wed Mar 19 20:07:27 2025 -0700
committerxf.li <xf.li@mobiletek.cn>Wed Mar 19 20:07:27 2025 -0700
tree22095aac0b3072dbb9e2ceb7a919e4ea2eeb71d9
parentb387c263b4c94f8a2bb169447e1481a1c4cc3029 [diff] [blame]
[Feature][YUKUAI_patch]add 18.02 code

Only Configure: No
Affected branch: master
Affected module: unknow
Is it affected on both ZXIC and MTK: only ZXIC
Self-test: Yes
Doc Update: No

Change-Id: I7f71153004f10fc0ea5adfa083866aaeeb1053ac

diff --git a/rootfs/etc/init.d/selinux-init b/rootfs/etc/init.d/selinux-init
new file mode 100755
index 0000000..6231790
--- /dev/null
+++ b/rootfs/etc/init.d/selinux-init

@@ -0,0 +1,51 @@
+#!/bin/sh
+
+/usr/sbin/selinuxenabled 2>/dev/null || exit 0
+
+CHCON=/usr/bin/chcon
+MATCHPATHCON=/usr/sbin/matchpathcon
+RESTORECON=/sbin/restorecon
+SECON=/usr/bin/secon
+SETENFORCE=/usr/sbin/setenforce
+
+for i in ${CHCON} ${MATCHPATHCON} ${RESTORECON} ${SECON} ${SETENFORCE}; do
+	test -x $i && continue
+	echo "$i is missing in the system."
+	echo "Please add \"selinux=0\" in the kernel command line to disable SELinux."
+	exit 1
+done
+
+check_rootfs()
+{
+	${CHCON} `${MATCHPATHCON} -n /` / >/dev/null 2>&1 && return 0
+	echo ""
+	echo "* SELinux requires the root '/' filesystem support extended"
+	echo "  filesystem attributes (XATTRs).  It does not appear that this"
+	echo "  filesystem has extended attribute support or it is not enabled."
+	echo ""
+	echo "  - To continue using SELinux you will need to enable extended"
+	echo "    attribute support on the root device."
+	echo ""
+	echo "  - To disable SELinux, please add \"selinux=0\" in the kernel"
+	echo "    command line."
+	echo ""
+	echo "* Halting the system now."
+	/sbin/shutdown -f -h now
+}
+
+# Contents will be added to selinux-init.sh to support relabelling with sysvinit
+# If first booting, the security context type of init would be
+# "kernel_t", and the whole file system should be relabeled.
+if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then
+	echo "Checking SELinux security contexts:"
+	check_rootfs
+	echo " * First booting, filesystem will be relabeled..."
+	test -x /etc/init.d/auditd && /etc/init.d/auditd start
+	${SETENFORCE} 0
+	${RESTORECON} -RF /
+	${RESTORECON} -F /
+	echo " * Relabel done, rebooting the system."
+	/sbin/reboot
+fi
+
+exit 0