tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Manual merge of mirror-aosp-master to stage-aosp-master am: ca8aba0b86 am: 0d577cb7bc am: 3514ac089f

Browse source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/19135333

Change-Id: Iaa9bccef94afe7e91f6e1de90a6bc7368583e0f1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Colin Cross 2022-07-01 02:14:24 +00:00 committed by Automerger Merge Worker
commit 542a9ac69c
7 changed files with 119 additions and 209 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

205
libselinux/Android.bp
View file

@ -45,9 +45,6 @@ common_CFLAGS = [
"-Wno-error=missing-noreturn",
"-Wno-error=unused-function",
"-Wno-error=unused-variable",
"-DUSE_PCRE2",
// 1003 corresponds to auditd, from system/core/logd/event.logtags
"-DAUDITD_LOG_TAG=1003",
]
cc_defaults {
@ -56,49 +53,15 @@ cc_defaults {
cflags: common_CFLAGS,
srcs: [
"src/android/android.c",
"src/avc.c",
"src/avc_internal.c",
"src/avc_sidtab.c",
"src/booleans.c",
"src/callbacks.c",
"src/canonicalize_context.c",
"src/checkAccess.c",
"src/check_context.c",
"src/compute_av.c",
"src/compute_create.c",
"src/compute_member.c",
"src/context.c",
"src/deny_unknown.c",
"src/disable.c",
"src/enabled.c",
"src/fgetfilecon.c",
"src/freecon.c",
"src/fsetfilecon.c",
"src/get_initial_context.c",
"src/getenforce.c",
"src/getfilecon.c",
"src/getpeercon.c",
"src/init.c",
"src/label.c",
"src/label_backends_android.c",
"src/label_file.c",
"src/label.c",
"src/label_support.c",
"src/lgetfilecon.c",
"src/load_policy.c",
"src/lsetfilecon.c",
"src/mapping.c",
"src/matchpathcon.c",
"src/policyvers.c",
"src/procattr.c",
"src/regex.c",
"src/reject_unknown.c",
"src/sestatus.c",
"src/setenforce.c",
"src/setfilecon.c",
"src/setrans_client.c",
"src/sha1.c",
"src/stringrep.c",
],
target: {
@ -107,52 +70,60 @@ cc_defaults {
"-DBUILD_HOST",
],
},
android: {
srcs: [
"src/android/android_platform.c",
"src/android/android.c",
"src/avc.c",
"src/avc_internal.c",
"src/avc_sidtab.c",
"src/canonicalize_context.c",
"src/checkAccess.c",
"src/check_context.c",
"src/compute_av.c",
"src/compute_create.c",
"src/compute_member.c",
"src/context.c",
"src/deny_unknown.c",
"src/disable.c",
"src/enabled.c",
"src/fgetfilecon.c",
"src/fsetfilecon.c",
"src/getenforce.c",
"src/getfilecon.c",
"src/get_initial_context.c",
"src/getpeercon.c",
"src/init.c",
"src/lgetfilecon.c",
"src/load_policy.c",
"src/lsetfilecon.c",
"src/mapping.c",
"src/policyvers.c",
"src/procattr.c",
"src/reject_unknown.c",
"src/sestatus.c",
"src/setenforce.c",
"src/setfilecon.c",
"src/stringrep.c",
],
static: {
whole_static_libs: [
"libpackagelistparser",
],
},
shared: {
shared_libs: [
"libpackagelistparser",
],
},
shared_libs: [
"liblog",
],
system_shared_libs: ["libc"],
},
darwin: {
enabled: false,
},
header_libs: ["libcutils_headers"],
local_include_dirs: [ "src" ],
// 1003 corresponds to auditd, from system/core/logd/event.logtags
cflags: [
"-DAUDITD_LOG_TAG=1003",
],
}
},
shared_libs: [
"liblog",
],
static: {
whole_static_libs: [
"libpcre2",
],
},
shared: {
shared_libs: [
"libpcre2",
],
},
header_libs: [
"libbase_headers",
"libcutils_headers",
"liblog_headers",
],
local_include_dirs: [
"include",
"src",
],
local_include_dirs: ["include"],
export_include_dirs: ["include"],
stl: "none",
@ -169,53 +140,93 @@ cc_library {
ramdisk_available: true,
vendor_ramdisk_available: true,
recovery_available: true,
host_supported: true,
cflags: ["-DUSE_PCRE2"],
srcs: [
"src/label_file.c",
"src/regex.c",
],
target: {
host_linux: {
srcs: [
"src/avc.c",
"src/avc_internal.c",
"src/avc_sidtab.c",
"src/compute_av.c",
"src/compute_create.c",
"src/compute_member.c",
"src/context.c",
"src/deny_unknown.c",
"src/enabled.c",
"src/getenforce.c",
"src/getfilecon.c",
"src/get_initial_context.c",
"src/init.c",
"src/load_policy.c",
"src/mapping.c",
"src/procattr.c",
"src/reject_unknown.c",
"src/sestatus.c",
"src/setexecfilecon.c",
"src/stringrep.c",
],
},
linux_glibc: {
srcs: [
"src/fgetfilecon.c",
"src/lgetfilecon.c",
"src/lsetfilecon.c",
"src/setfilecon.c",
],
},
linux_bionic: {
enabled: true,
},
android: {
srcs: [
"src/android/android_platform.c",
],
static: {
whole_static_libs: ["libpackagelistparser"],
},
shared: {
shared_libs: ["libpackagelistparser"],
},
version_script: "exported.map.txt",
},
},
static: {
whole_static_libs: ["libpcre2"],
},
shared: {
shared_libs: ["libpcre2"],
},
stubs: {
symbol_file: "exported.map.txt",
versions: ["30"],
},
}
cc_test_host {
name: "libselinux_test",
defaults: ["libselinux_defaults"],
srcs: ["src/android/android_unittest.cpp"],
cflags: [
// regex.h will conflict with the default regex.h from libc.
// Skip regex for gtest.
"-DGTEST_HAS_POSIX_RE=0",
"-DANDROID_UNIT_TESTING",
],
whole_static_libs: [
"libpcre2",
"libbase",
],
// Use default stl.
stl:""
}
cc_binary_host {
name: "sefcontext_compile",
defaults: ["libselinux_defaults"],
cflags: ["-DUSE_PCRE2"],
srcs: ["utils/sefcontext_compile.c"],
static_libs: [
"libselinux",
"libsepol",
],
whole_static_libs: ["libpcre2"],
}
rust_bindgen {

5
libselinux/src/android/android.c
View file

@ -128,10 +128,11 @@ struct selabel_handle* initialize_backend(
return sehandle;
}
struct selabel_handle* context_handle(
/* Initialize a backend using a set of context paths */
static struct selabel_handle* context_handle(
unsigned int backend,
const char* const context_paths[MAX_CONTEXT_PATHS][MAX_ALT_CONTEXT_PATHS],
const char* name)
char *name)
{
const char* existing_paths[MAX_CONTEXT_PATHS];
struct selinux_opt opts[MAX_CONTEXT_PATHS];

7
libselinux/src/android/android_common.h
View file

@ -13,10 +13,14 @@
#include <sys/stat.h>
#include <sys/xattr.h>
#include <fcntl.h>
#include <fts.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
#include <selinux/android.h>
#include <selinux/label.h>
#ifndef __ANDROID_VNDK__
#include <private/android_filesystem_config.h>
#endif
#include <log/log.h>
#include "policy.h"
#include "callbacks.h"
@ -28,6 +32,9 @@
#include <linux/magic.h>
#include <libgen.h>
#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
#include <sys/_system_properties.h>
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define FC_DIGEST_SIZE SHA_DIGEST_LENGTH

16
libselinux/src/android/android_internal.h
View file

@ -2,11 +2,6 @@
#include "android_common.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Within each set of files, adds the first file that is accessible to `paths`.
* Returns the number of accessible files. */
size_t find_existing_files(
@ -27,14 +22,3 @@ struct selabel_handle* initialize_backend(
const char* name,
const struct selinux_opt* opts,
size_t nopts);
/* Initialize a backend using a set of context paths */
struct selabel_handle* context_handle(
unsigned int backend,
const char* const context_paths[MAX_CONTEXT_PATHS][MAX_ALT_CONTEXT_PATHS],
const char* name);
#ifdef __cplusplus
}
#endif

6
libselinux/src/android/android_platform.c
View file

@ -1,10 +1,6 @@
#include "android_common.h"
#include "android_internal.h"
#include <fts.h>
#include <packagelistparser/packagelistparser.h>
#include <private/android_filesystem_config.h>
#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
#include <sys/_system_properties.h>
/* Locations for the file_contexts files. For each partition, only the first
* existing entry will be used (for example, if

85
libselinux/src/android/android_unittest.cpp
View file

@ -1,85 +0,0 @@
#include <gtest/gtest.h>
#include <android-base/file.h>
#include <android-base/stringprintf.h>
#include "android_internal.h"
using android::base::StringPrintf;
using android::base::WriteStringToFile;
using std::string;
class AndroidSELinuxTest : public ::testing::Test {
protected:
TemporaryDir tdir_;
};
TEST_F(AndroidSELinuxTest, LoadAndLookupServiceContext)
{
string service_contexts =
StringPrintf("%s/service_contexts", tdir_.path);
string unused_service_contexts =
StringPrintf("%s/unused_contexts", tdir_.path);
string vendor_contexts =
StringPrintf("%s/vendor_service_contexts", tdir_.path);
WriteStringToFile("account u:object_r:account_service:s0\n",
service_contexts);
WriteStringToFile("ignored u:object_r:ignored_service:s0\n",
unused_service_contexts);
WriteStringToFile(
"android.hardware.power.IPower/default u:object_r:hal_power_service:s0\n",
vendor_contexts);
static const char *const
service_paths[MAX_CONTEXT_PATHS][MAX_ALT_CONTEXT_PATHS] = {
{ service_contexts.c_str(),
unused_service_contexts.c_str() },
{ vendor_contexts.c_str() }
};
struct selabel_handle *handle = context_handle(
SELABEL_CTX_ANDROID_SERVICE, service_paths, "test_service");
EXPECT_NE(handle, nullptr);
char *tcontext;
EXPECT_EQ(selabel_lookup_raw(handle, &tcontext, "foobar",
SELABEL_CTX_ANDROID_SERVICE),
-1);
EXPECT_EQ(selabel_lookup_raw(handle, &tcontext, "account",
SELABEL_CTX_ANDROID_SERVICE),
0);
EXPECT_STREQ(tcontext, "u:object_r:account_service:s0");
free(tcontext);
EXPECT_EQ(selabel_lookup_raw(handle, &tcontext, "ignored",
SELABEL_CTX_ANDROID_SERVICE),
-1);
EXPECT_EQ(selabel_lookup_raw(handle, &tcontext,
"android.hardware.power.IPower/default",
SELABEL_CTX_ANDROID_SERVICE),
0);
EXPECT_STREQ(tcontext, "u:object_r:hal_power_service:s0");
free(tcontext);
selabel_close(handle);
}
TEST_F(AndroidSELinuxTest, FailLoadingServiceContext)
{
string service_contexts =
StringPrintf("%s/service_contexts", tdir_.path);
WriteStringToFile("garbage\n", service_contexts);
static const char *const
service_paths[MAX_CONTEXT_PATHS][MAX_ALT_CONTEXT_PATHS] = {
{ service_contexts.c_str() }
};
struct selabel_handle *handle = context_handle(
SELABEL_CTX_ANDROID_SERVICE, service_paths, "test_service");
EXPECT_EQ(handle, nullptr);
}

4
libselinux/src/init.c
View file

@ -147,18 +147,14 @@ static void init_lib(void) __attribute__ ((constructor));
static void init_lib(void)
{
selinux_page_size = sysconf(_SC_PAGE_SIZE);
#ifndef ANDROID_UNIT_TESTING
init_selinuxmnt();
#ifndef ANDROID
has_selinux_config = (access(SELINUXCONFIG, F_OK) == 0);
#endif
#endif
}
static void fini_lib(void) __attribute__ ((destructor));
static void fini_lib(void)
{
#ifndef ANDROID_UNIT_TESTING
fini_selinuxmnt();
#endif
}