GitLab

debuggerd tries to restorecon on the tombstones directory which fails
when SELinux is not enabled in the kernel. That would return an error
condition to debuggerd which would then abort its attempt to dump the
stacks of the failing program.

Fix it here in case there are other places that might call this in the
future. Currently the only other caller is android_os_SELinux.cpp JNI
code.

Change-Id: Id73796a70174333b61fd04ee6b1d99fccbea8116

Change-Id: I7c0bdca5c9a1ffe428200a830c1b706fc8ed9675
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

The app_* syntax was a legacy of the original approach of looking up
the username returned by getpwuid() and the original username encoding
scheme by bionic.  With the recent changes to move away from this approach,
there is no reason to retain that syntax.  Instead, just use _app to match
app UIDs and _isolated to match isolated service UIDs.  The underscore
prefix is to signify that these are not real usernames and to avoid
conflicts with any system usernames.

Requires a corresponding change to sepolicy.

Change-Id: I21f9f88415b653c1bf6332fc100d91d969c9da64
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Map the app IDs to a category pair rather than a single category.
With this scheme,  we can represent up to 2^16 app IDs, which exceeds
the maximum of 10000 imposed by Android.  This also only uses category
bits 0-511, so 512-1023 remain free for use for other purposes (or we
could shrink the number of categories defined in the policy).

Also perform other minor code cleanups previously suggested, e.g.
fix const declaration, use an enum rather than #define, correct %lu
to %u for format string, etc.

Change-Id: I5bb727bfb4297e3e13ba1ef078e41db3ea7d1b8f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Re-factor the logic shared by selinux_android_setfilecon2 and
selinux_android_setcontext into a common helper and replace the
use of getpwuid and username string parsing with direct use of
android_filesystem_config.h definitions.  Also map isolated UIDs
to a separate isolated key so that we can label them differently
in the future if desired.

Change-Id: If2f9def21222588b440a6cedcceec0434f6797fd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

The policy version suffix support was carried over from conventional
Linux distributions, where we needed to support simultaneous installation
of multiple kernels and policies.  This isn't required for Android, so
get rid of it and thereby simplify the policy pathname.

Requires a corresponding change to sepolicy.

Change-Id: I061607f5fe6457e469b4834da6fc659d7ddca6f9
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Move the SELinux enabled check to the once handler so that we do
not perform this on each call to selinux_check_access().  Reduces
overhead in both the SELinux-enabled and the SELinux-disabled cases.

Change-Id: I61fe85bc04fe53cbf840ba712c81bdb06e4e0c2f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Commit bf9441e in bionic introduced a new scheme for naming system uids
as secondary users (as part of multi-user support).  Update the libselinux
logic to correctly map these identities for lookup purposes in the
seapp_contexts configuration file.

This is not needed when used within the reload scenerio. We
actually need the file_contexts to be read multiple times.

These changes reflect changes made to init.
The sepolicy reload now happens in libselinux.

Allows the zygote to still spawn apps in the zygote's
context when no match is found in seapp_contexts. In
enforcing mode, apps that are not matched will not be
spawned. A "No match" message will (still) be printed
to logcat.

Change-Id: Ibe362cc8e168be7acae5162c9ff6a310233fcbe6

The seapp rule will containing an sebool clause will
ONLY be applied on a match to that boolean,
and only if the boolean is set to true.

Change-Id: Ifdba35cd3a78ce1c8173786514db649203018e28
Signed-off-by: William Roberts <w.roberts@sta.samsung.com>

This reverts commit 0beab968.

This patch will allow non-matched apps in seapp_contexts to
still be spawned via the zygote. An error message will be sent
to logcat.

Change-Id: I9fb5dcfeb384a26e6a01d69bffd2ef14af74c51c
Signed-off-by: William Roberts <w.roberts@sta.samsung.com>

Add function selinux_android_file_context_handle
that opens the correct file_contexts policy file
and returns the available sehandle object.

Change-Id: I1fd35714001e3fcf9022756334cbb89611ce5c66

We need to always build libselinux even if it's not being used by
anything in the system image. This makes sure some unrelated change
doesn't accidentally break libselinux.

This reverts commit 6670f53f.

seapp_contexts configuration upon updates, and introduce support for
loading it from /data/system or /.