--- init.c.orig 2005-04-18 15:12:41.000000000 -0500 +++ init.c 2005-04-18 15:35:35.000000000 -0500 @@ -42,6 +42,10 @@ #include #include #include +#include +#include + +int no_selinux = 0; #ifdef __i386__ # if (__GLIBC__ >= 2) @@ -2591,6 +2595,65 @@ return 1; } +int security_load_policy(void *data, size_t len) +{ + int fd, ret; + + fd = open("/selinux/load", O_RDWR); + if (fd < 0) + return -1; + ret = write(fd, data, len); + close(fd); + if (ret < 0) + return -1; + return 0; +} + +int load_policy(void) +{ + int ret; + int fd; + void *map; + struct stat sb; + + ret = mount("none", "/selinux", "selinuxfs", 0, 0); + if (ret < 0) { + initlog(L_VB, "SELinux: failed to mount /selinux (errno=%d)\n", + errno); + return ret; + } + + fd = open("/etc/policy.bin", O_RDONLY); + if (fd < 0) { + initlog(L_VB, "SELinux: couldn't find /etc/policy.bin (errno=%d)\n", + errno); + return -1; + } + + ret = fstat(fd, &sb); + if (ret < 0) { + initlog(L_VB, "Can't stat /etc/policy.bin (errno=%d)\n", + errno); + close(fd); + return ret; + } + map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); + if (map == MAP_FAILED) { + initlog(L_VB, "Can't map /etc/policy.bin (errno=%d\n", + errno); + close(fd); + return -1; + } + + ret = security_load_policy(map, sb.st_size); + if (ret < 0) { + initlog(L_VB, "security_load_policy failed\n"); + } + + close(fd); + return ret; +} + /* * Main entry for init and telinit. */ @@ -2651,6 +2714,8 @@ putenv("AUTOBOOT=YES"); else if (!strcmp(argv[f], "-b") || !strcmp(argv[f],"emergency")) emerg_shell = 1; + else if (!strcmp(argv[f], "-p") || !strcmp(argv[f],"noselinux")) + no_selinux = 1; else if (!strcmp(argv[f], "-z")) { /* Ignore -z xxx */ if (argv[f + 1]) f++; @@ -2662,6 +2727,15 @@ maxproclen += strlen(argv[f]) + 1; } + if (!no_selinux) { + if (load_policy() != 0) { + printf("Failed to load SELinux policy.\n"); + exit(1); + } + printf("SELinux policy loaded.\n"); + } else + printf("Disabling SELinux by your command\n"); + /* Start booting. */ argv0 = argv[0]; argv[1] = NULL;