Merge remote-tracking branch 'aosp/upstream-master' into mymerge

Update to tip-of-tree selinux code.

libselinux/ChangeLog

@@ -1,3 +1,5 @@
+	* Remove deprecated mudflap option, from Stephen Smalley.
+	* Mount procfs before checking /proc/filesystems, from Ben Shelton.
 	* Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach.
 	* label_file:  handle newlines in file names, from Nick Kralevich.
 	* getcon.3:  Fix setcon description, from Stephen Smalley.

libselinux/src/Makefile

@@ -59,7 +59,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
           -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \
           -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \
           -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \
-          -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \
+          -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \
           -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \
           -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \
           -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \

libselinux/src/init.c

@@ -11,6 +11,7 @@
 #include <sys/vfs.h>
 #include <stdint.h>
 #include <limits.h>
+#include <sys/mount.h>
 
 #include "dso.h"
 #include "policy.h"
@@ -54,15 +55,20 @@ static int verify_selinuxmnt(const char *mnt)
 
 int selinuxfs_exists(void)
 {
-	int exists = 0;
+	int exists = 0, mnt_rc = 0;
 	FILE *fp = NULL;
 	char *buf = NULL;
 	size_t len;
 	ssize_t num;
 
+	mnt_rc = mount("proc", "/proc", "proc", 0, 0);
+
 	fp = fopen("/proc/filesystems", "r");
-	if (!fp)
-		return 1; /* Fail as if it exists */
+	if (!fp) {
+		exists = 1; /* Fail as if it exists */
+		goto out;
+	}
+
 	__fsetlocking(fp, FSETLOCKING_BYCALLER);
 
 	num = getline(&buf, &len, fp);
@@ -76,6 +82,14 @@ int selinuxfs_exists(void)
 
 	free(buf);
 	fclose(fp);
+
+out:
+#ifndef MNT_DETACH
+#define MNT_DETACH 2
+#endif
+	if (mnt_rc == 0)
+		umount2("/proc", MNT_DETACH);
+
 	return exists;
 }
 hidden_def(selinuxfs_exists)

libselinux/utils/Makefile

@@ -11,7 +11,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
           -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \
           -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \
           -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \
-          -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \
+          -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \
           -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \
           -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \
           -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \

libsepol/ChangeLog

@@ -1,4 +1,5 @@
-	* Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package(), from James Carter
+	* Don't use symbol versioning for static object files, from Yuli Khodorkovskiy.
+	* Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package(), from James Carter.
 	* Move secilc out of libsepol, from Yuli Khodorkovskiy.
 	* fix building Xen policy with devicetreecon, and add devicetreecon
 	  CIL documentation, from Richard Haines.

libsepol/cil/src/cil.c

@@ -50,8 +50,9 @@
 #include "cil_binary.h"
 #include "cil_policy.h"
 #include "cil_strpool.h"
+#include "dso.h"
 
-#ifndef ANDROID
+#ifndef DISABLE_SYMVER
 asm(".symver cil_build_policydb_pdb,        cil_build_policydb@");
 asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1");
 
@@ -354,7 +355,7 @@ exit:
 	return rc;
 }
 
-#ifdef ANDROID
+#ifdef DISABLE_SYMVER
 int cil_compile(struct cil_db *db)
 #else
 int cil_compile_nopdb(struct cil_db *db)
@@ -402,7 +403,7 @@ exit:
 	return rc;
 }
 
-#ifndef ANDROID
+#ifndef DISABLE_SYMVER
 int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db)
 {
 	return cil_compile_nopdb(db);
@@ -424,7 +425,7 @@ exit:
 }
 #endif
 
-#ifdef ANDROID
+#ifdef DISABLE_SYMVER
 int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db)
 #else
 int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db)
@@ -1116,7 +1117,7 @@ const char * cil_node_to_string(struct cil_tree_node *node)
 	return "<unknown>";
 }
 
-#ifdef ANDROID
+#ifdef DISABLE_SYMVER
 int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size)
 #else
 int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
@@ -1165,7 +1166,7 @@ exit:
 
 }
 
-#ifndef ANDROID
+#ifndef DISABLE_SYMVER
 int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
 {
 	return cil_userprefixes_to_string_nopdb(db, out, size);
@@ -1357,7 +1358,7 @@ static int __cil_level_to_string(struct cil_level *lvl, char *out)
 	return str_tmp - out;
 }
 
-#ifdef ANDROID
+#ifdef DISABLE_SYMVER
 int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size)
 #else
 int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
@@ -1418,14 +1419,14 @@ int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size
 	return SEPOL_OK;
 }
 
-#ifndef ANDROID
+#ifndef DISABLE_SYMVER
 int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
 {
 	return cil_selinuxusers_to_string_nopdb(db, out, size);
 }
 #endif
 
-#ifdef ANDROID
+#ifdef DISABLE_SYMVER
 int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size)
 #else
 int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
@@ -1547,7 +1548,7 @@ int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size)
 	return SEPOL_OK;
 }
 
-#ifndef ANDROID
+#ifndef DISABLE_SYMVER
 int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size)
 {
 	return cil_filecons_to_string_nopdb(db, out, size);

libsepol/cil/src/dso.h

@@ -0,0 +1,27 @@
+#ifndef _SEPOL_DSO_H
+#define _SEPOL_DSO_H	1
+
+#if !defined(SHARED) || defined(ANDROID)
+    #define DISABLE_SYMVER 1
+#endif
+
+#ifdef SHARED
+# define hidden __attribute__ ((visibility ("hidden")))
+# define hidden_proto(fct) __hidden_proto (fct, fct##_internal)
+# define __hidden_proto(fct, internal)	\
+     extern __typeof (fct) internal;	\
+     extern __typeof (fct) fct __asm (#internal) hidden;
+# if defined(__alpha__) || defined(__mips__)
+#  define hidden_def(fct) \
+     asm (".globl " #fct "\n" #fct " = " #fct "_internal");
+# else
+#  define hidden_def(fct) \
+     asm (".globl " #fct "\n.set " #fct ", " #fct "_internal");
+#endif
+#else
+# define hidden
+# define hidden_proto(fct)
+# define hidden_def(fct)
+#endif
+
+#endif

libsepol/src/dso.h

@@ -1,6 +1,10 @@
 #ifndef _SEPOL_DSO_H
 #define _SEPOL_DSO_H	1
 
+#if !defined(SHARED) || defined(ANDROID)
+    #define DISABLE_SYMVER 1
+#endif
+
 #ifdef SHARED
 # define hidden __attribute__ ((visibility ("hidden")))
 # define hidden_proto(fct) __hidden_proto (fct, fct##_internal)

policycoreutils/ChangeLog

@@ -1,3 +1,5 @@
+	* setfiles/restorecon: fix -r/-R option, from Petr Lautrbach.
+	* org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley.
 	* hll: Move core functions of pp to libsepol, from James Carter
 	* run_init: Use a ring buffer in open_init_pty, from Jason Zaman.
 	* run_init: fix open_init_pty availability check, from Nicolas Iooss.

policycoreutils/sepolicy/org.selinux.policy

@@ -40,7 +40,7 @@
         <defaults>
           <allow_any>no</allow_any>
           <allow_inactive>no</allow_inactive>
-	  <allow_active>yes</allow_active>
+	  <allow_active>auth_admin_keep</allow_active>
         </defaults>
     </action>
     <action id="org.selinux.semodule_list">
@@ -49,7 +49,7 @@
         <defaults>
           <allow_any>no</allow_any>
           <allow_inactive>no</allow_inactive>
-	  <allow_active>yes</allow_active>
+	  <allow_active>auth_admin_keep</allow_active>
         </defaults>
     </action>
     <action id="org.selinux.relabel_on_boot">

policycoreutils/setfiles/setfiles.c

@@ -153,6 +153,9 @@ int main(int argc, char **argv)
 	int recurse; /* Recursive descent. */
 	const char *base;
 	int mass_relabel = 0, errors = 0;
+	const char *ropts = "e:f:hilno:pqrsvFRW0";
+	const char *sopts = "c:de:f:hilno:pqr:svFR:W0";
+	const char *opts;
 	
 	memset(&r_opts, 0, sizeof(r_opts));
 
@@ -196,6 +199,7 @@ int main(int argc, char **argv)
 		r_opts.add_assoc = 1;
 		r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV;
 		ctx_validate = 1;
+		opts = sopts;
 	} else {
 		/*
 		 * restorecon:  
@@ -215,6 +219,7 @@ int main(int argc, char **argv)
 		r_opts.add_assoc = 0;
 		r_opts.fts_flags = FTS_PHYSICAL;
 		ctx_validate = 0;
+		opts = ropts;
 
 		/* restorecon only:  silent exit if no SELinux.
 		   Allows unconditional execution by scripts. */
@@ -226,7 +231,7 @@ int main(int argc, char **argv)
 	r_opts.nfile = exclude_non_seclabel_mounts();
 
 	/* Process any options. */
-	while ((opt = getopt(argc, argv, "c:de:f:hilno:pqrsvFRW0")) > 0) {
+	while ((opt = getopt(argc, argv, opts)) > 0) {
 		switch (opt) {
 		case 'c':
 			{
@@ -315,18 +320,13 @@ int main(int argc, char **argv)
 				recurse = 1;
 				break;
 			}
-			if (optind + 1 >= argc) {
-				fprintf(stderr, "usage:  %s -r rootpath\n",
-					argv[0]);
-				exit(-1);
-			}
 			if (NULL != r_opts.rootpath) {
 				fprintf(stderr,
 					"%s: only one -r can be specified\n",
 					argv[0]);
 				exit(-1);
 			}
-			set_rootpath(argv[optind++]);
+			set_rootpath(optarg);
 			break;
 		case 's':
 			use_input_file = 1;