GitLab

If file_contexts.bin was opened with SELABEL_OPT_VALIDATE set, then
we should validate contexts in the same manner as with file_contexts.

Change-Id: I08c1ba91c694c5483aa838833ff9d704aceca235
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Check to see if the file whose path is passed to selabel_open() starts
with the file_contexts.bin magic number, and if so, automatically
treat it as a file_contexts.bin file.  This allows one to open
file_contexts.bin formatted files without necessarily having a .bin
file suffix.  This removes the need for the previously added
.bin file suffix test.

Change-Id: I6a0cb303954cc6fa24c437ccc794104859eac24b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Add a selabel_cmp() interface for comparing two label configurations,
and implement it for the file backend (i.e. for file_contexts). This
allows comparing two file_contexts configurations to see if the first
is a subset of, equal/identical to, a superset of, or incomparable to
the second.  The motivating use case is to allow comparing two
file_contexts.bin files in Android CTS to confirm that a device
file_contexts.bin file contains all of the entries in the AOSP
general file_contexts.

Change-Id: I0fe63e0c7f11ae067b5aac2f468f7842e5d76986
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

At present, the label_file backend expects to be provided the path
to the text file_contexts file and always appends the .bin suffix
when checking for the binary file_contexts.bin file.  If one
attempts to directly specify the path to a file_contexts.bin file
to selabel_open(), it will fail as the code will append a second
.bin suffix to it.  Check to see if the file path already has a .bin
suffix and do not append it in that case.

Change-Id: Id560d093440a2aba99cef28c20133b35feebf950
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change the label_file backend in libselinux to support systems
that only have file_contexts.bin files installed and do not ship
a file_contexts file at all.  Only fail if neither file can be
loaded.

Change-Id: I15660f4b3e4c5cb8ae0ec1498c74d6fcbb9a0400
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

This file labeling update brings libselinux into line with upstream
selinux except for minor changes to support MacOS X and Bionic.

Update file labeling to support a PCRE formatted binary
file_contexts file. The file is generated on the host using
sefcontext_compile. Should the bin file not be present (because the
build process has not been implemented yet) or corrupt, the load process
will fallback to the text file.
Using the current emulator file_contexts file containing 321 lines
(64 of which are blank or comments), the binary file loads
approximately 50% faster than the text file.

The processing of text spec files (file_contexts and property_contexts)
now uses the read_spec_entries function instead of sscanf.

To test the file_contexts.bin functionality requires an update to
external/sepolicy/Android.mk to build the binary file for the device
and also adding a 'file_contexts.bin' entry to the
build/target/product/embedded.mk file under the SELinux PRODUCT_PACKAGES.
These updates are available in the appropriate projects.

Major changes in V2:
label_file.c - Move process_line function to label_file.h as this is also
used by utils/sefcontext_compile.c.
sefcontext_compile.c - Update to use common process_line code. Now frees
all malloc'ed memory, checked by valgrind.

Major changes in V3:
label_file.c - Improve error handling in process_file function.
sefcontext_compile.c - Add callback to ignore validation. Fixed error paths
to free/close memory, checked by valgrind.
label_file.h - Revert validation check now added callback to
sefcontext_compile.c.

Changes in V4:
label_file.c - linux/limits.h not supported on MacOS - change to limits.h.
Improve error handling in process_file function.
sefcontext_compile.c - linux/limits.h not spported on MacOS - change to
limits.h. Improve error handling in process_file function.

Changes in V5:
sefcontext_compile.c - Change callbacks so this can build on Android and
selinux upstream with no changes.
label_android_property.c and  label_internal.h - Minor formatting changes
to bring into line with selinux upstream.

Changes in V6:
sefcontext_compile.c - Revert to V3 callback now the problem has been
fixed by upstream commit e88914849490c3fc17b0e5ed67387e47f2701d3c
("libselinux: build sefcontext_compile with static libselinux") that
also hid read_spec_entries function as this is not intended as a
public interface for shared library users.
label_android_property.c - More minor formatting changes to bring
into line with selinux upstream.

Changes in V7:
Android.mk - Add darwin support
label_file.c - In process_file set rc for getline and correct
fopen to upstream.
sefcontext_compile.c - In process_file set rc for getline.

Change in V8:
Android.mk - Remove LOCAL_CFLAGS := -Wall -Werror

Changes in V9:
label_file.c - Fix file labels for regexes with metachars for text
file_contexts
label_support.c - Fix if file_contexts not '\n' terminated
If the last line of a file_contexts file is not '\n' terminated
or if any line has additional isspace(3) characters at end, it
gave an invalid file type error

Changes in V10
Fix file labels for regexes with metachars for binary
file_contexts This change adds a new entry in the binary file with
the calculated prefix length that is then read when processing the
file. This fix also bumps SELINUX_COMPILED_FCONTEXT_MAX_VERS.

Change-Id: Ief0d3a6a5fbffc785b02d9dffb416f837000e61c

This reverts commit c0798527.

There is a change in how file names are matched. Unescaped periods are
no longer treated like a regex period (matching any character including
an actual period). For example in devices/moto/shamu/sepolicy/file_contexts,
several of the block devices have unescaped periods. These partitions
do not receive their proper label, and the device fails to boot.

Bug: 22104578
Change-Id: Iffc60beb24a79a80c110d4f2b0b91f3220615586

This file labeling update brings libselinux into line with upstream
selinux except for minor changes to support MacOS X and Bionic.

Update file labeling to support a PCRE formatted binary
file_contexts file. The file is generated on the host using
sefcontext_compile. Should the bin file not be present (because the
build process has not been implemented yet) or corrupt, the load process
will fallback to the text file.
Using the current emulator file_contexts file containing 321 lines
(64 of which are blank or comments), the binary file loads
approximately 50% faster than the text file.

The processing of text spec files (file_contexts and property_contexts)
now uses the read_spec_entries function instead of sscanf.

To test the file_contexts.bin functionality requires an update to
external/sepolicy/Android.mk to build the binary file for the device
and also adding a 'file_contexts.bin' entry to the
build/target/product/embedded.mk file under the SELinux PRODUCT_PACKAGES.
These updates are available in the appropriate projects.

Major changes in V2:
label_file.c - Move process_line function to label_file.h as this is also
used by utils/sefcontext_compile.c.
sefcontext_compile.c - Update to use common process_line code. Now frees
all malloc'ed memory, checked by valgrind.

Major changes in V3:
label_file.c - Improve error handling in process_file function.
sefcontext_compile.c - Add callback to ignore validation. Fixed error paths
to free/close memory, checked by valgrind.
label_file.h - Revert validation check now added callback to
sefcontext_compile.c.

Changes in V4:
label_file.c - linux/limits.h not supported on MacOS - change to limits.h.
Improve error handling in process_file function.
sefcontext_compile.c - linux/limits.h not spported on MacOS - change to
limits.h. Improve error handling in process_file function.

Changes in V5:
sefcontext_compile.c - Change callbacks so this can build on Android and
selinux upstream with no changes.
label_android_property.c and  label_internal.h - Minor formatting changes
to bring into line with selinux upstream.

Changes in V6:
sefcontext_compile.c - Revert to V3 callback now the problem has been
fixed by upstream commit e88914849490c3fc17b0e5ed67387e47f2701d3c
("libselinux: build sefcontext_compile with static libselinux") that
also hid read_spec_entries function as this is not intended as a
public interface for shared library users.
label_android_property.c - More minor formatting changes to bring
into line with selinux upstream.

Changes in V7:
Android.mk - Add darwin support
label_file.c - In process_file set rc for getline and correct
fopen to upstream.
sefcontext_compile.c - In process_file set rc for getline.

Change in V8:
Android.mk - Remove LOCAL_CFLAGS := -Wall -Werror

Change-Id: I75a781100082c23536f70ce3603f7de42408b5ba
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>

restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.

See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.

(cherry picked from commit 51fc85bc)

Change-Id: I413ff130e4328b8325be78d9fab119a466df84f3

restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.

See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.

Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a

Per the man page, pcre_study can return NULL without error if
it could not find any additional information.  Errors are indicated
by the combination of a NULL return value and a non-NULL error string.
Fix the handling so that we do not incorrectly reject file_contexts
entries.

Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

To speed up the boot process, Android doesn't visit every directory
in /sys. Instead, only those directories which match a regular
expression in /file_contexts are visited. Other directories are
skipped. This results in 2-3 second boot time reduction.

The initial version of this optimization was implemented in
change 0e7340fb. However, because
PCRE wasn't available, it was recognized that false positives and
false negatives might occur.

Now that PCRE is available, start using it. It will avoid the
false positive / negatives problem.

Bug: 17682157

(cherry picked from commit d0b768ab)

(cherry picked from commit d514c5af)

Change-Id: I78a0453236d2c2ebf7a5dcd44f896c06a2b423c5

To speed up the boot process, Android doesn't visit every directory
in /sys. Instead, only those directories which match a regular
expression in /file_contexts are visited. Other directories are
skipped. This results in 2-3 second boot time reduction.

The initial version of this optimization was implemented in
change 0e7340fb. However, because
PCRE wasn't available, it was recognized that false positives and
false negatives might occur.

Now that PCRE is available, start using it. It will avoid the
false positive / negatives problem.

Bug: 17682157

(cherry picked from commit d0b768ab)

Change-Id: I403e32cdb23e45abcf6f2a702af88a3eacc47942

To speed up the boot process, Android doesn't visit every directory
in /sys. Instead, only those directories which match a regular
expression in /file_contexts are visited. Other directories are
skipped. This results in 2-3 second boot time reduction.

The initial version of this optimization was implemented in
change 0e7340fb. However, because
PCRE wasn't available, it was recognized that false positives and
false negatives might occur.

Now that PCRE is available, start using it. It will avoid the
false positive / negatives problem.

Bug: 17682157
Change-Id: I94a109733b0c97a70f80c94fd0a980cb7cb5ca43

When ueventd creates a device node, it may also create one or more
symlinks to the device node.  These symlinks may be the only stable
name for the device, e.g. if the partition is dynamically assigned.
Extend the label file backend to support looking up the "best match"
for a device node based on its real path (key) and any links to it
(aliases).  The order of precedence for best match is:
1) An exact match for the real path (key), or
2) An exact match for any of the links (aliases), or
3) The longest fixed prefix match.

Change-Id: Id6c2597eee2b6723a5089dcf7c450f8d0a4128f4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

restorecon_recursive can prune the tree walk whenever it
encounters a directory for which there is no possible match
for any of its descendants in the file_contexts configuration.
This will only presently benefit the restorecon_recursive("/sys") call
by init since other restorecon_recursive calls always have
top-level entries that will match anything underneath and this
is required to fully label those partitions on upgrade. However,
those other cases are already optimized to only run once per
file_contexts change (upgrade) and thus do not need this optimization.

Change-Id: I854bf1ccff6ded56e9da2c4184435f67d7069bc1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Do casting when using the result of a malloc / realloc. This allows
this code to be compiled using c++, if needed.

Change-Id: I4f38b6747216548effb8b4edad77ee54de386a81

Change-Id: I7c0bdca5c9a1ffe428200a830c1b706fc8ed9675
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>