1. 05 Dec, 2014 1 commit
  2. 16 Jun, 2014 1 commit
    • Stephen Smalley's avatar
      Extend label file backend to support label-by-symlink for ueventd. · be7f5e88
      Stephen Smalley authored
      
      When ueventd creates a device node, it may also create one or more
      symlinks to the device node.  These symlinks may be the only stable
      name for the device, e.g. if the partition is dynamically assigned.
      Extend the label file backend to support looking up the "best match"
      for a device node based on its real path (key) and any links to it
      (aliases).  The order of precedence for best match is:
      1) An exact match for the real path (key), or
      2) An exact match for any of the links (aliases), or
      3) The longest fixed prefix match.
      
      Change-Id: Id6c2597eee2b6723a5089dcf7c450f8d0a4128f4
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      be7f5e88
  3. 12 Jun, 2014 1 commit
    • Riley Spahn's avatar
      Add service_context management into libselinux. · bad0ebb4
      Riley Spahn authored
      Add functions to handle opening handles for MAC
      on service_manager. Also add selinux_log_callback
      into libselinux because identical code was spread
      through three different files.
      
      Bug: 12909011
      Change-Id: I04eb855700f1d0c086542053d987b3a30cf1b0c0
      bad0ebb4
  4. 30 May, 2014 1 commit
    • Robert Craig's avatar
      SELinux changes to check policy versions during a reload. · 5b5183f9
      Robert Craig authored
      
      New construct which validates /data/security/current/selinux_version
      against the base version file /selinux_version when policy
      overrides could occur. This change covers the cases where
      sepolicy, seapp_contexts and file_contexts under
      /data/security/current can be used to override their rootfs
      counterparts.
      
      Change-Id: I4716039bb0f5ba1e961977a18350347a67969dca
      Signed-off-by: default avatarrpcraig <rpcraig@tycho.ncsc.mil>
      5b5183f9
  5. 05 May, 2014 1 commit
    • Stephen Smalley's avatar
      Optimize restorecon_recursive tree walk. · 0e7340fb
      Stephen Smalley authored
      
      restorecon_recursive can prune the tree walk whenever it
      encounters a directory for which there is no possible match
      for any of its descendants in the file_contexts configuration.
      This will only presently benefit the restorecon_recursive("/sys") call
      by init since other restorecon_recursive calls always have
      top-level entries that will match anything underneath and this
      is required to fully label those partitions on upgrade. However,
      those other cases are already optimized to only run once per
      file_contexts change (upgrade) and thus do not need this optimization.
      
      Change-Id: I854bf1ccff6ded56e9da2c4184435f67d7069bc1
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      0e7340fb
  6. 27 Mar, 2014 1 commit
    • Stephen Smalley's avatar
      Add a new API for relabeling package directories. · 1d66afb5
      Stephen Smalley authored
      
      Add a new selinux_android_restorecon_pkgdir() API for
      relabeling package directories that explicitly takes the
      seinfo and uid information from the caller.  This is similar
      to the selinux_android_setfilecon() API used by installd to
      label newly created package directories but can be used to
      recursively restorecon existing package directories.  By
      passing the seinfo and uid information directly, we avoid the
      need to rely upon packages.list for this purpose and can
      perform the relabeling on a per-directory basis before each app
      is loaded.
      
      Also if we are not provided with a seinfo value and we cannot
      lookup the package name in packages.list, log a warning and
      return an error condition rather than silently ignoring the failure.
      This avoids mislabeling the file by restorecon and provides a warning
      if any future bugs arise in this area.
      
      Change-Id: Ie440cba2c96f0907458086348197e1506d31c1b6
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      1d66afb5
  7. 19 Feb, 2014 2 commits
    • Stephen Smalley's avatar
      Only restorecon /data/data if passed an explicit flag. · 027670de
      Stephen Smalley authored
      As discussed in the comments of:
      https://android-review.googlesource.com/#/c/81292/
      
      
      we do not want restorecon_recursive /data by init.rc to
      change the contexts of /data/data or /data/users/N because
      those contexts are dependent on package information in
      /data/system/packages.list that may not be set correctly
      at boot on an upgrade.  Therefore we skip /data/data
      on a recursive restorecon unless passed an explicit flag.
      This flag will be used by the PMS or installd in a subsequent
      change to restorecon /data/data after computing the seinfo
      values for packages and updating packages.list accordingly.
      It will also be optionally used by the toolbox restorecon
      command if passed a new option to be introduced in a subsequent
      change.
      
      Change-Id: I137588013ed1750315702c0dbe088ce3e4a29e83
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      027670de
    • Stephen Smalley's avatar
      Get rid of security_context_t and fix const declarations. · ab40ea9b
      Stephen Smalley authored
      
      The const security_context_t declarations were incorrect;
      const char * was intended, not char * const.   Easiest fix is to
      replace them all with const char *.  And while we are at it, just
      get rid of all usage of security_context_t itself as it adds no value.
      typedef left to permit building legacy users until such a time as all are
      updated.
      
      Change-Id: I2f9df7bb9f575f76024c3e5f5b660345da2931a7
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      ab40ea9b
  8. 12 Feb, 2014 1 commit
  9. 07 Feb, 2014 1 commit
  10. 06 Feb, 2014 2 commits
    • Stephen Smalley's avatar
      Replace obsolete selinux_android_restorecon* functions with macros. · f61f9792
      Stephen Smalley authored
      
      Replace the older selinux_android_restorecon() and
      selinux_android_restorecon_recursive() functions with macros
      calling the new selinux_android_restorecon_flags() function with
      the right flags.  These macros provide temporary API compatibility
      until all callers are updated.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      
      Change-Id: Ib52c3d7a375d2cf3ac7a3d4460b4ba51860315cb
      f61f9792
    • Stephen Smalley's avatar
      Unify toolbox restorecon and libselinux restorecon implementations. · 08587cfb
      Stephen Smalley authored
      
      Extend the libselinux restorecon implementation to allow reuse
      by the toolbox restorecon command.  This simply requires adding
      support for the nochange (-n) and verbose (-v) options to the
      libselinux functions and rewriting the toolbox restorecon command
      to use the libselinux functions.  Also add a force (-F) option to
      support forcing a restorecon_recursive even if the restorecon_last
      attribute matches the current file_contexts hash so that we can
      continue to force a restorecon via the toolbox command for testing
      or when we know something else has changed (e.g. for when we support
      relabeling /data/data and package information has changed).
      
      Change-Id: I92bb3259790a7195ba56a5e9555c3b6c76ceb862
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      08587cfb
  11. 28 Jan, 2014 1 commit
    • Stephen Smalley's avatar
      Move restorecon and restorecon_recursive code to libselinux. · 7fc97fb4
      Stephen Smalley authored
      
      This requires telling libselinux to use the sehandle already
      obtained by init rather than re-acquiring it internally.  init
      retains ownership of the sehandle because it performs the
      initial load, uses the sehandle for other purposes (e.g. labeling
      of directories created via mkdir and labeling of socket files),
      and handles the policy reload property trigger.
      
      Unify the restorecon code previously duplicated between init and libselinux.
      
      Change-Id: I4a380caab7f8481c33eb64fcdb16b6cabe918ebd
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      7fc97fb4
  12. 19 Nov, 2013 1 commit
  13. 05 Nov, 2012 1 commit
  14. 02 Aug, 2012 1 commit
  15. 27 Jul, 2012 2 commits
  16. 12 Jul, 2012 1 commit
  17. 11 Jun, 2012 1 commit
  18. 04 Apr, 2012 1 commit
  19. 19 Mar, 2012 2 commits
  20. 18 Jan, 2012 1 commit
  21. 04 Jan, 2012 1 commit