On Tue, 2012-07-10 at 20:07 -0400, Joshua Brindle wrote: > I was looking at this: > <https://android-review.googlesource.com/#/c/36321/4/init/init.c> > > and remembered that years ago we had a discussion about the .policyver > filename syntax. I kind of get it for SELinux machines where there is > managed policy and could be multiple policies on the system but since > SEAndroid is targeting non-device managed policies, it adds extra code > to search for the right extension and you can tell what version the > policy is as soon as you open it, why not ditch the suffix? First, that patch doesn't introduce the use of the version suffix (that's in the already merged code); it just preserves it in the new logic for reloading policy at runtime. I'm open to removing the use of the policy version suffix in a follow-on patch, although that would need to be coordinated across sepolicy and system/core. But the current code is consistent with existing practice in Linux distributions (so follows principle of least surprise) and it allows for different versions to be installed simultaneously (thereby supporting booting multiple kernels). Also, we don't have libsepol on the device so we cannot in fact determine the version when we open it there presently. So I'm not convinced we should remove the suffix. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
