libselinux: add The Android fork files

Android is now rectified with upstream libselinux with the
exception of the src/android.c and include/selinux/android.h
files. Since the changes now reside in separate files, no
conflict will occur when merging updates from upstream.

Any changes to other files should go upstream.

Bug: 31910164
Test: Builds
Change-Id: I4c3c3d1a89a69f2796ec07ccccaf1aaa99457377
Signed-off-by: William Roberts <william.c.roberts@intel.com>
This commit is contained in:
William Roberts 2016-09-21 16:06:37 -07:00 committed by Jeff Vander Stoep
parent 2c4f2cc69c
commit 8afa5467e2
4 changed files with 1652 additions and 0 deletions

41
README.android Normal file
View file

@ -0,0 +1,41 @@
This fork of Android differs in the following ways:
- README.android
- All Android.mk and Android.bp files
- ALL MODULE_LICENSE_* files
- libselinux/include/selinux/android.h
- libselinux/src/android/android.c
All other changes should be upstreamed to selinux as
Android no longer carries changes outside of those files.
The upstream project can be found at:
https://github.com/SELinuxProject/selinux
Thus, since all changes are in separate files, updates merged from
upstream should occur with no merge conflicts.
This fork differs from upstream libselinux in at least the following ways:
* The Android fork omits compiling many of the src files and specifies
custom build configurations. The exact details, are encoded in the
Android.bp and Android.mk files.
* The SELinux policy files are all located in / rather than under
/etc/selinux since /etc is not available in Android until /system
is mounted and use fixed paths, not dependent on /etc/selinux/config.
* The kernel policy file (sepolicy in Android, policy.N in Linux) does
not include a version suffix since Android does not need to support
booting multiple kernels.
* The policy loading logic does not support automatic downgrading of
the kernel policy file to a version known to the kernel, since this
requires libsepol on the device and is only needed to support mixing
and matching kernels and userspace easily.
* restorecon functionality, including recursive restorecon, has been
been upstreamed as selinux_restorecon(), but there are residual
differences between it and selinux_android_restorecon().
* Support for seapp_contexts, a new Android-specific SELinux
configuration file has been added within android.c.

View file

View file

@ -0,0 +1,57 @@
#ifndef _SELINUX_ANDROID_H_
#define _SELINUX_ANDROID_H_
#include <stdbool.h>
#include <sys/types.h>
#include <unistd.h>
#include <selinux/label.h>
#ifdef __cplusplus
extern "C" {
#endif
extern struct selabel_handle* selinux_android_file_context_handle(void);
extern struct selabel_handle* selinux_android_prop_context_handle(void);
extern struct selabel_handle* selinux_android_service_context_handle(void);
extern void selinux_android_set_sehandle(const struct selabel_handle *hndl);
extern int selinux_android_load_policy(void);
extern int selinux_android_setcon(const char *con);
extern int selinux_android_setcontext(uid_t uid,
bool isSystemServer,
const char *seinfo,
const char *name);
extern int selinux_android_setfilecon(const char *pkgdir,
const char *pkgname,
const char *seinfo,
uid_t uid);
extern int selinux_log_callback(int type, const char *fmt, ...)
__attribute__ ((format(printf, 2, 3)));
#define SELINUX_ANDROID_RESTORECON_NOCHANGE 1
#define SELINUX_ANDROID_RESTORECON_VERBOSE 2
#define SELINUX_ANDROID_RESTORECON_RECURSE 4
#define SELINUX_ANDROID_RESTORECON_FORCE 8
#define SELINUX_ANDROID_RESTORECON_DATADATA 16
#define SELINUX_ANDROID_RESTORECON_SKIPCE 32
extern int selinux_android_restorecon(const char *file, unsigned int flags);
extern int selinux_android_restorecon_pkgdir(const char *pkgdir,
const char *seinfo,
uid_t uid,
unsigned int flags);
extern int selinux_android_seapp_context_reload(void);
#ifdef __cplusplus
}
#endif
#endif

File diff suppressed because it is too large Load diff