GitLab

This file labeling update brings libselinux into line with upstream
selinux except for minor changes to support MacOS X and Bionic.

Update file labeling to support a PCRE formatted binary
file_contexts file. The file is generated on the host using
sefcontext_compile. Should the bin file not be present (because the
build process has not been implemented yet) or corrupt, the load process
will fallback to the text file.
Using the current emulator file_contexts file containing 321 lines
(64 of which are blank or comments), the binary file loads
approximately 50% faster than the text file.

The processing of text spec files (file_contexts and property_contexts)
now uses the read_spec_entries function instead of sscanf.

To test the file_contexts.bin functionality requires an update to
external/sepolicy/Android.mk to build the binary file for the device
and also adding a 'file_contexts.bin' entry to the
build/target/product/embedded.mk file under the SELinux PRODUCT_PACKAGES.
These updates are available in the appropriate projects.

Major changes in V2:
label_file.c - Move process_line function to label_file.h as this is also
used by utils/sefcontext_compile.c.
sefcontext_compile.c - Update to use common process_line code. Now frees
all malloc'ed memory, checked by valgrind.

Major changes in V3:
label_file.c - Improve error handling in process_file function.
sefcontext_compile.c - Add callback to ignore validation. Fixed error paths
to free/close memory, checked by valgrind.
label_file.h - Revert validation check now added callback to
sefcontext_compile.c.

Changes in V4:
label_file.c - linux/limits.h not supported on MacOS - change to limits.h.
Improve error handling in process_file function.
sefcontext_compile.c - linux/limits.h not spported on MacOS - change to
limits.h. Improve error handling in process_file function.

Changes in V5:
sefcontext_compile.c - Change callbacks so this can build on Android and
selinux upstream with no changes.
label_android_property.c and  label_internal.h - Minor formatting changes
to bring into line with selinux upstream.

Changes in V6:
sefcontext_compile.c - Revert to V3 callback now the problem has been
fixed by upstream commit e88914849490c3fc17b0e5ed67387e47f2701d3c
("libselinux: build sefcontext_compile with static libselinux") that
also hid read_spec_entries function as this is not intended as a
public interface for shared library users.
label_android_property.c - More minor formatting changes to bring
into line with selinux upstream.

Changes in V7:
Android.mk - Add darwin support
label_file.c - In process_file set rc for getline and correct
fopen to upstream.
sefcontext_compile.c - In process_file set rc for getline.

Change in V8:
Android.mk - Remove LOCAL_CFLAGS := -Wall -Werror

Changes in V9:
label_file.c - Fix file labels for regexes with metachars for text
file_contexts
label_support.c - Fix if file_contexts not '\n' terminated
If the last line of a file_contexts file is not '\n' terminated
or if any line has additional isspace(3) characters at end, it
gave an invalid file type error

Changes in V10
Fix file labels for regexes with metachars for binary
file_contexts This change adds a new entry in the binary file with
the calculated prefix length that is then read when processing the
file. This fix also bumps SELINUX_COMPILED_FCONTEXT_MAX_VERS.

Change-Id: Ief0d3a6a5fbffc785b02d9dffb416f837000e61c

This reverts commit c0798527.

There is a change in how file names are matched. Unescaped periods are
no longer treated like a regex period (matching any character including
an actual period). For example in devices/moto/shamu/sepolicy/file_contexts,
several of the block devices have unescaped periods. These partitions
do not receive their proper label, and the device fails to boot.

Bug: 22104578
Change-Id: Iffc60beb24a79a80c110d4f2b0b91f3220615586

This file labeling update brings libselinux into line with upstream
selinux except for minor changes to support MacOS X and Bionic.

Update file labeling to support a PCRE formatted binary
file_contexts file. The file is generated on the host using
sefcontext_compile. Should the bin file not be present (because the
build process has not been implemented yet) or corrupt, the load process
will fallback to the text file.
Using the current emulator file_contexts file containing 321 lines
(64 of which are blank or comments), the binary file loads
approximately 50% faster than the text file.

The processing of text spec files (file_contexts and property_contexts)
now uses the read_spec_entries function instead of sscanf.

To test the file_contexts.bin functionality requires an update to
external/sepolicy/Android.mk to build the binary file for the device
and also adding a 'file_contexts.bin' entry to the
build/target/product/embedded.mk file under the SELinux PRODUCT_PACKAGES.
These updates are available in the appropriate projects.

Major changes in V2:
label_file.c - Move process_line function to label_file.h as this is also
used by utils/sefcontext_compile.c.
sefcontext_compile.c - Update to use common process_line code. Now frees
all malloc'ed memory, checked by valgrind.

Major changes in V3:
label_file.c - Improve error handling in process_file function.
sefcontext_compile.c - Add callback to ignore validation. Fixed error paths
to free/close memory, checked by valgrind.
label_file.h - Revert validation check now added callback to
sefcontext_compile.c.

Changes in V4:
label_file.c - linux/limits.h not supported on MacOS - change to limits.h.
Improve error handling in process_file function.
sefcontext_compile.c - linux/limits.h not spported on MacOS - change to
limits.h. Improve error handling in process_file function.

Changes in V5:
sefcontext_compile.c - Change callbacks so this can build on Android and
selinux upstream with no changes.
label_android_property.c and  label_internal.h - Minor formatting changes
to bring into line with selinux upstream.

Changes in V6:
sefcontext_compile.c - Revert to V3 callback now the problem has been
fixed by upstream commit e88914849490c3fc17b0e5ed67387e47f2701d3c
("libselinux: build sefcontext_compile with static libselinux") that
also hid read_spec_entries function as this is not intended as a
public interface for shared library users.
label_android_property.c - More minor formatting changes to bring
into line with selinux upstream.

Changes in V7:
Android.mk - Add darwin support
label_file.c - In process_file set rc for getline and correct
fopen to upstream.
sefcontext_compile.c - In process_file set rc for getline.

Change in V8:
Android.mk - Remove LOCAL_CFLAGS := -Wall -Werror

Change-Id: I75a781100082c23536f70ce3603f7de42408b5ba
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>

This change breaks the Mac build due to no stdio_ext.h

This reverts commit 992200ff.

Change-Id: Ic5a20dd4ed41b325174202ce992d557fe09f23da

Device side libselinux has Android specific modifications.
but host side tools do not. Move host functionality over to common
selinux directory. This allows tools with libselinux dependency e.g.
audit2allow to be built in tree.

Change-Id: I30967f45928c6c20572114b52fa946f366a024a6

This fixes build warnings:
build/core/copy_headers.mk:15: warning: overriding commands for target
`out/host/linux-x86/obj/include/selinux/selinux.h'

Change-Id: Ie64a43856f7fd3759d84a6d3a5b897040cb648f3

Bug: 19908228
Change-Id: I618938a5a487d5d9ed8d961f85b4b584f419a1d0

Bug: 18675947
Change-Id: Id22090dd5d7aa0c0b98ac3594f20a8bd1265832e

Suppress warning until we get a fix from upstream.

Change-Id: I8846f514410d53cbc52a44d43f737d455ba2faa0

To speed up the boot process, Android doesn't visit every directory
in /sys. Instead, only those directories which match a regular
expression in /file_contexts are visited. Other directories are
skipped. This results in 2-3 second boot time reduction.

The initial version of this optimization was implemented in
change 0e7340fb. However, because
PCRE wasn't available, it was recognized that false positives and
false negatives might occur.

Now that PCRE is available, start using it. It will avoid the
false positive / negatives problem.

Bug: 17682157

(cherry picked from commit d0b768ab)

(cherry picked from commit d514c5af)

Change-Id: I78a0453236d2c2ebf7a5dcd44f896c06a2b423c5

To speed up the boot process, Android doesn't visit every directory
in /sys. Instead, only those directories which match a regular
expression in /file_contexts are visited. Other directories are
skipped. This results in 2-3 second boot time reduction.

The initial version of this optimization was implemented in
change 0e7340fb. However, because
PCRE wasn't available, it was recognized that false positives and
false negatives might occur.

Now that PCRE is available, start using it. It will avoid the
false positive / negatives problem.

Bug: 17682157

(cherry picked from commit d0b768ab)

Change-Id: I403e32cdb23e45abcf6f2a702af88a3eacc47942

To speed up the boot process, Android doesn't visit every directory
in /sys. Instead, only those directories which match a regular
expression in /file_contexts are visited. Other directories are
skipped. This results in 2-3 second boot time reduction.

The initial version of this optimization was implemented in
change 0e7340fb. However, because
PCRE wasn't available, it was recognized that false positives and
false negatives might occur.

Now that PCRE is available, start using it. It will avoid the
false positive / negatives problem.

Bug: 17682157
Change-Id: I94a109733b0c97a70f80c94fd0a980cb7cb5ca43

In addition to logging userspace SELinux denials to logcat,
also log it to eventlog using the auditd log tag.

Change-Id: I6a269a832bc2f5e5da6c9dbd169ed2f901b49166

Add functions to handle opening handles for MAC
on service_manager. Also add selinux_log_callback
into libselinux because identical code was spread
through three different files.

Bug: 12909011
Change-Id: I04eb855700f1d0c086542053d987b3a30cf1b0c0

For any persistent directory (e.g. /data, /persist), we only want
to apply restorecon_recursive when there is a change to the
file_contexts mapping on an update.  Avoid repeatedly walking the
directory tree on each boot by setting a security.restorecon_last
xattr on each directory during a restorecon_recursive tree walk
to a hash of the file_contexts file and skipping the traversal if
the xattr is already set and matches the hash of the current file_contexts
file.

For /sys, the attempt to get and set the xattr will fail but this
is harmless.

Change-Id: I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

These functions allow programs to check whether there has
been a change to the SELinux status without needing to poll a netlink socket.

Change-Id: Ic7f310d69a7c420e48fbc974000cf4a5b9ab4a3b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Map the app IDs to a category pair rather than a single category.
With this scheme,  we can represent up to 2^16 app IDs, which exceeds
the maximum of 10000 imposed by Android.  This also only uses category
bits 0-511, so 512-1023 remain free for use for other purposes (or we
could shrink the number of categories defined in the policy).

Also perform other minor code cleanups previously suggested, e.g.
fix const declaration, use an enum rather than #define, correct %lu
to %u for format string, etc.

Change-Id: I5bb727bfb4297e3e13ba1ef078e41db3ea7d1b8f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

We need to always build libselinux even if it's not being used by
anything in the system image. This makes sure some unrelated change
doesn't accidentally break libselinux.

This reverts commit 6670f53f.