}
if (in_kernel_domain) {
- if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) {
- ERROR("couldn't write to /sys/fs/selinux/checkreqprot: %s\n",
- strerror(errno));
- security_failure();
- }
-
INFO("Loading SELinux policy...\n");
if (selinux_android_load_policy() < 0) {
ERROR("failed to load policy: %s\n", strerror(errno));
bool is_enforcing = selinux_is_enforcing();
security_setenforce(is_enforcing);
+ if (write_file("/sys/fs/selinux/checkreqprot", "0") == -1) {
+ security_failure();
+ }
+
NOTICE("(Initializing SELinux %s took %.2fs.)\n",
is_enforcing ? "enforcing" : "non-enforcing", t.duration());
} else {
int write_file(const char* path, const char* content) {
int fd = TEMP_FAILURE_RETRY(open(path, O_WRONLY|O_CREAT|O_NOFOLLOW|O_CLOEXEC, 0600));
if (fd == -1) {
- return -errno;
+ NOTICE("write_file: Unable to open '%s': %s\n", path, strerror(errno));
+ return -1;
+ }
+ int result = android::base::WriteStringToFd(content, fd) ? 0 : -1;
+ if (result == -1) {
+ NOTICE("write_file: Unable to write to '%s': %s\n", path, strerror(errno));
}
- int result = android::base::WriteStringToFd(content, fd) ? 0 : -errno;
TEMP_FAILURE_RETRY(close(fd));
return result;
}