GitLab

Suppress warning until we get a fix from upstream.

Change-Id: I8846f514410d53cbc52a44d43f737d455ba2faa0

Change-Id: I76e2ed95d4e4f8618458e63d30ae82e37d1acf7b

* commit 'd0b768ab':
  implement partial matching using PCRE

To speed up the boot process, Android doesn't visit every directory
in /sys. Instead, only those directories which match a regular
expression in /file_contexts are visited. Other directories are
skipped. This results in 2-3 second boot time reduction.

The initial version of this optimization was implemented in
change 0e7340fb. However, because
PCRE wasn't available, it was recognized that false positives and
false negatives might occur.

Now that PCRE is available, start using it. It will avoid the
false positive / negatives problem.

Bug: 17682157
Change-Id: I94a109733b0c97a70f80c94fd0a980cb7cb5ca43

* commit 'f76c30b8':
  Add isOwner= input selector for seapp_contexts.

Enable distinctions to be made between the owner/primary user
and secondary users in seapp_contexts.

Change-Id: I37aa5b183a7a617cce68ccf14510c31dfee4e04d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'dfb9fe2f':
  Remove FTS_COMFOLLOW from fts_open flags on restorecon_recursive.

When I converted restorecon_recursive from using nftw to using fts,
I followed bionic's nftw implementation
(bionic/libc/upstream-netbsd/lib/libc/gen/nftw.c)
and set FTS_COMFOLLOW in the flags for fts_open.  However, this is
not needed for any legitimate purpose and could be dangerous if someone
were to add an explicit restorecon_recursive /data/local/tmp/foo command
to an init*.rc file.  This should not be a problem with current policy,
but no point in risking it.

Change-Id: I7cec116d68ae60fe8e18fe4ecc9b6c8e564ac10f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'f8417037':
  Do not try to set restorecon_last on /sys entries.

* commit 'da4208c8':
  Do not try to set restorecon_last on /sys entries.

There is no benefit to setting restorecon_last on /sys entries
since they are re-created on each boot and doing so triggers
sys_admin denials.   Also, apply the same partial matching
optimization to restorecon_recursive on subdirectories of /sys
as we apply on the top-level restorecon_recursive /sys.

Change-Id: I90ea143e189db44bf8dc6c93c08d794e80d5539f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '86ae6256':
  Log userspace SELinux denials to the event log.

* commit 'f58dbddb':
  Log userspace SELinux denials to the event log.

In addition to logging userspace SELinux denials to logcat,
also log it to eventlog using the auditd log tag.

Change-Id: I6a269a832bc2f5e5da6c9dbd169ed2f901b49166

* commit '51b51eea':
  Extend label file backend to support label-by-symlink for ueventd.

* commit 'be7f5e88':
  Extend label file backend to support label-by-symlink for ueventd.

When ueventd creates a device node, it may also create one or more
symlinks to the device node.  These symlinks may be the only stable
name for the device, e.g. if the partition is dynamically assigned.
Extend the label file backend to support looking up the "best match"
for a device node based on its real path (key) and any links to it
(aliases).  The order of precedence for best match is:
1) An exact match for the real path (key), or
2) An exact match for any of the links (aliases), or
3) The longest fixed prefix match.

Change-Id: Id6c2597eee2b6723a5089dcf7c450f8d0a4128f4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'd57030c2':
  Add service_context management into libselinux.

* commit 'bad0ebb4':
  Add service_context management into libselinux.

Add functions to handle opening handles for MAC
on service_manager. Also add selinux_log_callback
into libselinux because identical code was spread
through three different files.

Bug: 12909011
Change-Id: I04eb855700f1d0c086542053d987b3a30cf1b0c0

* commit '74f2c202':
  SELinux changes to check policy versions during a reload.

* commit 'e9b58950':
  SELinux changes to check policy versions during a reload.

* commit '5b5183f9':
  SELinux changes to check policy versions during a reload.

New construct which validates /data/security/current/selinux_version
against the base version file /selinux_version when policy
overrides could occur. This change covers the cases where
sepolicy, seapp_contexts and file_contexts under
/data/security/current can be used to override their rootfs
counterparts.

Change-Id: I4716039bb0f5ba1e961977a18350347a67969dca
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

* commit '3446861b':
  Don't set restorecon_last on subdirectories

* commit '24a286e6':
  Don't set restorecon_last on subdirectories

* commit 'a8e4ad3c':
  Don't set restorecon_last on subdirectories

When restorecon_recursive is called, we set the directory xattr
"security.restorecon_last" to the hash of /file_contexts.
This allows us to do automatic relabeling when /file_contexts
changes.

Prior to this change, we were also setting the xattr for all
subdirectories of the directory. Doing so is unnecessary because
we never look at the value.

Remove setting the xattr for subdirectories, but continue to set
the xattr for the directory itself.

Change-Id: Id81d1e24209e195c559b4e382bee42ddd48a7593

* commit 'ba6a1437':
  restorecon top-level entries under /data/user.

* commit '807e815a':
  restorecon top-level entries under /data/user.

* commit 'b4c9808a':
  restorecon top-level entries under /data/user.

/data/user has a set of top-level entries including the /data/user/0
symlink and the /data/user/N subdirectories for secondary users that
need to be relabeled on upgrades from 4.2 with unlabeled userdata.
Only set the flag to skip on subdirectories of /data/user, not on
/data/user itself.

Change-Id: I7a4c7ede74daa249db654963ba49585755c9b04e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '1a90be24':
  Ensure labeling of /data/data and /data/user

* commit 'f6237001':
  Ensure labeling of /data/data and /data/user

* commit '4b130cc0':
  Ensure labeling of /data/data and /data/user

On an upgrade, the *contents* of the /data/data and /data/user
directories are not labeled by init, because their labels are
managed by installd.

However, the /data/data and /data/user directories themselves are
never labeled, neither by init nor installd.

On an upgrade from an Android 4.2 system, it's possible for these
two directories to remain unlabeled, causing anything created
within these directories to also be unlabeled.

Make sure we label /data/data and /data/user (but not their contents)
from init's restorecon_recursive.

Change-Id: I65dcfa8e77a63cb61551a1010358f0e45956dbbf

* commit '057b08e2':
  Optimize restorecon_recursive tree walk.

* commit 'f4a4fb4d':
  Optimize restorecon_recursive tree walk.

* commit '0e7340fb':
  Optimize restorecon_recursive tree walk.