Revert "Revert "move file_context APIs out of libselinux_vendor""
This reverts commit 379af6c574.
Also make sure label_file.c is compiled in all targets that libselinux
is built for.
Bug: 37343404
Bug: 37919668
Test: Build and boot
Change-Id: I7e06ad6cad13d157ba1fb6bfd23ce9ceddf3ba79
Signed-off-by: Sandeep Patil <sspatil@google.com>
This commit is contained in:
Sandeep Patil
parent
51428ba055
commit
554b7e4e82
4 changed files with 125 additions and 115 deletions
|
|
@ -24,7 +24,6 @@ cc_defaults {
|
|||
"src/freecon.c",
|
||||
"src/label_backends_android.c",
|
||||
"src/label.c",
|
||||
"src/label_file.c",
|
||||
"src/label_support.c",
|
||||
"src/matchpathcon.c",
|
||||
"src/regex.c",
|
||||
|
|
@ -106,6 +105,7 @@ cc_library {
|
|||
name: "libselinux_vendor",
|
||||
defaults: ["libselinux_defaults"],
|
||||
vendor: true,
|
||||
cflags: ["-DNO_FILE_BACKEND"],
|
||||
|
||||
target: {
|
||||
android: {
|
||||
|
|
@ -119,6 +119,10 @@ cc_library {
|
|||
defaults: ["libselinux_defaults"],
|
||||
host_supported: true,
|
||||
|
||||
srcs: [
|
||||
"src/label_file.c",
|
||||
],
|
||||
|
||||
target: {
|
||||
linux: {
|
||||
srcs: [
|
||||
|
|
|
|||
|
|
@ -1,13 +1,5 @@
|
|||
#include "android_common.h"
|
||||
|
||||
static const struct selinux_opt seopts_file_split[] = {
|
||||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_file_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/vendor/etc/selinux/nonplat_file_contexts" }
|
||||
};
|
||||
|
||||
static const struct selinux_opt seopts_file_rootfs[] = {
|
||||
{ SELABEL_OPT_PATH, "/file_contexts.bin" }
|
||||
};
|
||||
|
||||
static const char *const sepolicy_file = "/sepolicy";
|
||||
|
||||
|
|
@ -47,110 +39,6 @@ static const struct selinux_opt seopts_vndservice =
|
|||
static const struct selinux_opt seopts_vndservice_rootfs =
|
||||
{ SELABEL_OPT_PATH, "/vndservice_contexts" };
|
||||
|
||||
uint8_t fc_digest[FC_DIGEST_SIZE];
|
||||
|
||||
static bool compute_file_contexts_hash(uint8_t c_digest[], const struct selinux_opt *opts, unsigned nopts)
|
||||
{
|
||||
int fd = -1;
|
||||
void *map = MAP_FAILED;
|
||||
bool ret = false;
|
||||
uint8_t *fc_data = NULL;
|
||||
size_t total_size = 0;
|
||||
struct stat sb;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < nopts; i++) {
|
||||
fd = open(opts[i].value, O_CLOEXEC | O_RDONLY);
|
||||
if (fd < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not open %s: %s\n",
|
||||
opts[i].value, strerror(errno));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (fstat(fd, &sb) < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not stat %s: %s\n",
|
||||
opts[i].value, strerror(errno));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
map = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
|
||||
if (map == MAP_FAILED) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not map %s: %s\n",
|
||||
opts[i].value, strerror(errno));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
fc_data = realloc(fc_data, total_size + sb.st_size);
|
||||
if (!fc_data) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Count not re-alloc for %s: %s\n",
|
||||
opts[i].value, strerror(errno));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
memcpy(fc_data + total_size, map, sb.st_size);
|
||||
total_size += sb.st_size;
|
||||
|
||||
/* reset everything for next file */
|
||||
munmap(map, sb.st_size);
|
||||
close(fd);
|
||||
map = MAP_FAILED;
|
||||
fd = -1;
|
||||
}
|
||||
|
||||
SHA1(fc_data, total_size, c_digest);
|
||||
ret = true;
|
||||
|
||||
cleanup:
|
||||
if (map != MAP_FAILED)
|
||||
munmap(map, sb.st_size);
|
||||
if (fd >= 0)
|
||||
close(fd);
|
||||
free(fc_data);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static struct selabel_handle* selinux_android_file_context(const struct selinux_opt *opts,
|
||||
unsigned nopts)
|
||||
{
|
||||
struct selabel_handle *sehandle;
|
||||
struct selinux_opt fc_opts[nopts + 1];
|
||||
|
||||
memcpy(fc_opts, opts, nopts*sizeof(struct selinux_opt));
|
||||
fc_opts[nopts].type = SELABEL_OPT_BASEONLY;
|
||||
fc_opts[nopts].value = (char *)1;
|
||||
|
||||
sehandle = selabel_open(SELABEL_CTX_FILE, fc_opts, ARRAY_SIZE(fc_opts));
|
||||
if (!sehandle) {
|
||||
selinux_log(SELINUX_ERROR, "%s: Error getting file context handle (%s)\n",
|
||||
__FUNCTION__, strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
if (!compute_file_contexts_hash(fc_digest, opts, nopts)) {
|
||||
selabel_close(sehandle);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
selinux_log(SELINUX_INFO, "SELinux: Loaded file_contexts\n");
|
||||
|
||||
return sehandle;
|
||||
}
|
||||
|
||||
static bool selinux_android_opts_file_exists(const struct selinux_opt *opt)
|
||||
{
|
||||
return (access(opt[0].value, R_OK) != -1);
|
||||
}
|
||||
|
||||
struct selabel_handle* selinux_android_file_context_handle(void)
|
||||
{
|
||||
if (selinux_android_opts_file_exists(seopts_file_split)) {
|
||||
return selinux_android_file_context(seopts_file_split,
|
||||
ARRAY_SIZE(seopts_file_split));
|
||||
} else {
|
||||
return selinux_android_file_context(seopts_file_rootfs,
|
||||
ARRAY_SIZE(seopts_file_rootfs));
|
||||
}
|
||||
}
|
||||
struct selabel_handle* selinux_android_prop_context_handle(void)
|
||||
{
|
||||
struct selabel_handle* sehandle;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,15 @@
|
|||
#include "android_common.h"
|
||||
#include <packagelistparser/packagelistparser.h>
|
||||
|
||||
static const struct selinux_opt seopts_file_split[] = {
|
||||
{ SELABEL_OPT_PATH, "/system/etc/selinux/plat_file_contexts" },
|
||||
{ SELABEL_OPT_PATH, "/vendor/etc/selinux/nonplat_file_contexts" }
|
||||
};
|
||||
|
||||
static const struct selinux_opt seopts_file_rootfs[] = {
|
||||
{ SELABEL_OPT_PATH, "/file_contexts.bin" }
|
||||
};
|
||||
|
||||
/*
|
||||
* XXX Where should this configuration file be located?
|
||||
* Needs to be accessible by zygote and installd when
|
||||
|
|
@ -17,7 +26,110 @@ static char const * const seapp_contexts_rootfs[] = {
|
|||
"/nonplat_seapp_contexts"
|
||||
};
|
||||
|
||||
extern uint8_t fc_digest[FC_DIGEST_SIZE];
|
||||
uint8_t fc_digest[FC_DIGEST_SIZE];
|
||||
|
||||
static bool compute_file_contexts_hash(uint8_t c_digest[], const struct selinux_opt *opts, unsigned nopts)
|
||||
{
|
||||
int fd = -1;
|
||||
void *map = MAP_FAILED;
|
||||
bool ret = false;
|
||||
uint8_t *fc_data = NULL;
|
||||
size_t total_size = 0;
|
||||
struct stat sb;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < nopts; i++) {
|
||||
fd = open(opts[i].value, O_CLOEXEC | O_RDONLY);
|
||||
if (fd < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not open %s: %s\n",
|
||||
opts[i].value, strerror(errno));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (fstat(fd, &sb) < 0) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not stat %s: %s\n",
|
||||
opts[i].value, strerror(errno));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
map = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
|
||||
if (map == MAP_FAILED) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Could not map %s: %s\n",
|
||||
opts[i].value, strerror(errno));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
fc_data = realloc(fc_data, total_size + sb.st_size);
|
||||
if (!fc_data) {
|
||||
selinux_log(SELINUX_ERROR, "SELinux: Count not re-alloc for %s: %s\n",
|
||||
opts[i].value, strerror(errno));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
memcpy(fc_data + total_size, map, sb.st_size);
|
||||
total_size += sb.st_size;
|
||||
|
||||
/* reset everything for next file */
|
||||
munmap(map, sb.st_size);
|
||||
close(fd);
|
||||
map = MAP_FAILED;
|
||||
fd = -1;
|
||||
}
|
||||
|
||||
SHA1(fc_data, total_size, c_digest);
|
||||
ret = true;
|
||||
|
||||
cleanup:
|
||||
if (map != MAP_FAILED)
|
||||
munmap(map, sb.st_size);
|
||||
if (fd >= 0)
|
||||
close(fd);
|
||||
free(fc_data);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static struct selabel_handle* selinux_android_file_context(const struct selinux_opt *opts,
|
||||
unsigned nopts)
|
||||
{
|
||||
struct selabel_handle *sehandle;
|
||||
struct selinux_opt fc_opts[nopts + 1];
|
||||
|
||||
memcpy(fc_opts, opts, nopts*sizeof(struct selinux_opt));
|
||||
fc_opts[nopts].type = SELABEL_OPT_BASEONLY;
|
||||
fc_opts[nopts].value = (char *)1;
|
||||
|
||||
sehandle = selabel_open(SELABEL_CTX_FILE, fc_opts, ARRAY_SIZE(fc_opts));
|
||||
if (!sehandle) {
|
||||
selinux_log(SELINUX_ERROR, "%s: Error getting file context handle (%s)\n",
|
||||
__FUNCTION__, strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
if (!compute_file_contexts_hash(fc_digest, opts, nopts)) {
|
||||
selabel_close(sehandle);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
selinux_log(SELINUX_INFO, "SELinux: Loaded file_contexts\n");
|
||||
|
||||
return sehandle;
|
||||
}
|
||||
|
||||
static bool selinux_android_opts_file_exists(const struct selinux_opt *opt)
|
||||
{
|
||||
return (access(opt[0].value, R_OK) != -1);
|
||||
}
|
||||
|
||||
struct selabel_handle* selinux_android_file_context_handle(void)
|
||||
{
|
||||
if (selinux_android_opts_file_exists(seopts_file_split)) {
|
||||
return selinux_android_file_context(seopts_file_split,
|
||||
ARRAY_SIZE(seopts_file_split));
|
||||
} else {
|
||||
return selinux_android_file_context(seopts_file_rootfs,
|
||||
ARRAY_SIZE(seopts_file_rootfs));
|
||||
}
|
||||
}
|
||||
|
||||
enum levelFrom {
|
||||
LEVELFROM_NONE,
|
||||
|
|
|
|||
|
|
@ -17,6 +17,12 @@
|
|||
|
||||
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
|
||||
|
||||
#ifdef NO_FILE_BACKEND
|
||||
#define CONFIG_FILE_BACKEND(fnptr) NULL
|
||||
#else
|
||||
#define CONFIG_FILE_BACKEND(fnptr) &fnptr
|
||||
#endif
|
||||
|
||||
#ifdef NO_MEDIA_BACKEND
|
||||
#define CONFIG_MEDIA_BACKEND(fnptr) NULL
|
||||
#else
|
||||
|
|
@ -46,7 +52,7 @@ typedef int (*selabel_initfunc)(struct selabel_handle *rec,
|
|||
unsigned nopts);
|
||||
|
||||
static selabel_initfunc initfuncs[] = {
|
||||
&selabel_file_init,
|
||||
CONFIG_FILE_BACKEND(selabel_file_init),
|
||||
CONFIG_MEDIA_BACKEND(selabel_media_init),
|
||||
CONFIG_X_BACKEND(selabel_x_init),
|
||||
CONFIG_DB_BACKEND(selabel_db_init),
|
||||
|
|
|
|||
Loading…
Reference in a new issue