1*00c7fec1SAndroid Build Coastguard Worker /* 2*00c7fec1SAndroid Build Coastguard Worker * Copyright (C) 2017 The Android Open Source Project 3*00c7fec1SAndroid Build Coastguard Worker * 4*00c7fec1SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*00c7fec1SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*00c7fec1SAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*00c7fec1SAndroid Build Coastguard Worker * 8*00c7fec1SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*00c7fec1SAndroid Build Coastguard Worker * 10*00c7fec1SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*00c7fec1SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*00c7fec1SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*00c7fec1SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*00c7fec1SAndroid Build Coastguard Worker * limitations under the License. 15*00c7fec1SAndroid Build Coastguard Worker */ 16*00c7fec1SAndroid Build Coastguard Worker 17*00c7fec1SAndroid Build Coastguard Worker #pragma once 18*00c7fec1SAndroid Build Coastguard Worker 19*00c7fec1SAndroid Build Coastguard Worker namespace android { 20*00c7fec1SAndroid Build Coastguard Worker namespace init { 21*00c7fec1SAndroid Build Coastguard Worker 22*00c7fec1SAndroid Build Coastguard Worker // Initialize SELinux, then exec init to run in the init SELinux context. 23*00c7fec1SAndroid Build Coastguard Worker int SetupSelinux(char** argv); 24*00c7fec1SAndroid Build Coastguard Worker 25*00c7fec1SAndroid Build Coastguard Worker // Restore the proper security context to files and directories on ramdisk, and 26*00c7fec1SAndroid Build Coastguard Worker // those that were created before initial sepolicy load. 27*00c7fec1SAndroid Build Coastguard Worker // This must happen before /dev is populated by ueventd. 28*00c7fec1SAndroid Build Coastguard Worker void SelinuxRestoreContext(); 29*00c7fec1SAndroid Build Coastguard Worker 30*00c7fec1SAndroid Build Coastguard Worker // Set up SELinux logging to be written to kmsg, to match init's logging. 31*00c7fec1SAndroid Build Coastguard Worker void SelinuxSetupKernelLogging(); 32*00c7fec1SAndroid Build Coastguard Worker 33*00c7fec1SAndroid Build Coastguard Worker // Return the Android API level with which the vendor SEPolicy was compiled. 34*00c7fec1SAndroid Build Coastguard Worker // Used for version checks such as whether or not vendor_init should be used. 35*00c7fec1SAndroid Build Coastguard Worker int SelinuxGetVendorAndroidVersion(); 36*00c7fec1SAndroid Build Coastguard Worker 37*00c7fec1SAndroid Build Coastguard Worker static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT"; 38*00c7fec1SAndroid Build Coastguard Worker 39*00c7fec1SAndroid Build Coastguard Worker } // namespace init 40*00c7fec1SAndroid Build Coastguard Worker } // namespace android 41