It is recommended to use the host tools (package 'setools' under
Debian, Ubuntu or Fedora) instead.
Bug: 178191966
Test: lunch aosp_bramble-userdebug; m selinux_policy
Change-Id: I0de06fbf672d1324107caa8e2756aee7f4dd44c1
This is cherry-picked from upstream
8c21eeeace
Signed-off-by: Kelvin Zhang <zhangxp1998@gmail.com>
Change-Id: I3745d2b45eb42e62f29823edc1b20629bf8ab9d7
The boilerplate is no longer necessary for defining rust_test modules
testing generated source.
Bug: 196076408
Test: m libselinux_bindgen_test
Change-Id: Iae623f4146e7580bc58090cebd78a21413ac844d
Use target.android.system_shared_libs when it is used to limit the
default shared libraries (as opposed to remove them completely).
This avoids attempting to add a host dependency on libc when
system_shared_libs is modified to apply to all variants.
Bug: 193559105
Test: m checkbuild
Change-Id: I0aac243d441273d2e5c3b2519c99e5d676d6500a
It's unclear why selinux_android_setcontext() ever called
avc_netlink_close(). It does not appear to be used, and I have
confirmed that no selinux netlink socket is left open when it is
removed.
Test: lsof -p <pidof zygote> | grep netlink
Change-Id: Ie4c424bfe9c2454dc2634888f355182020a4d953
These have never been used in AOSP. Looking at ~10,000 Android
build images confirms that these are not used elsewhere within
the Android ecosystem.
Bug: 192532348
Test: build (failures here would be at build-time)
Change-Id: I0ff47cb433fe5ffc58282c2d66ccfae1ba473680
Use one of the policy config bits to tell the kernel to start using
the nlmsg_readneigh on RTM_GETNEIGH and RTM_GETNEIGHTBL messages instead
of the previous behavior of using nlmsg_read.
Bug: 171572148
Test: atest NetworkInterfaceTest
Test: atest bionic-unit-tests-static
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Test: atest CtsSelinuxTargetSdk30TestCases
Test: atest CtsSelinuxTargetSdk29TestCases
Test: atest CtsSelinuxTargetSdk28TestCases
Test: atest CtsSelinuxTargetSdk27TestCases
Test: atest CompatChangesSelinuxTest
Test: atest NetlinkSocketTest
Test: On Cuttlefish, run combinations of:
- Policy bit set or omitted
- App having nlmsg_readneigh permission or not
Verify that only the combination of the policy bit being set + the app
not having the nlmsg_readneigh permission prevents the app from
sending RTM_GETNEIGH messages.
Change-Id: I1b0e2398f12e9dd9872c9b916efa76d22f85d56b
Use one of the policy config bits to tell the kernel to start using
the nlmsg_readneigh on RTM_GETNEIGH and RTM_GETNEIGHTBL messages instead
of the previous behavior of using nlmsg_read.
Bug: 171572148
Test: atest NetworkInterfaceTest
Test: atest bionic-unit-tests-static
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Test: On Cuttlefish, run combinations of:
- Policy bit set or omitted
- App having nlmsg_readneigh permission or not
Verify that only the combination of the policy bit being set + the app
not having the nlmsg_readneigh permission prevents the app from
sending RTM_GETNEIGH messages.
Change-Id: I8598662b795feaeaeb8b0a7e676b684022861c37
fread(3) returns zero if |size| is zero. This confuses secilc, and
causes it to fail with a "Failure reading file" error, even though there
is no error.
Add a shortcut that closes and skips an input file if file size is zero.
Signed-off-by: Yi-Yo Chiang <yochiang@google.com>
Change-Id: I9832c62ebf6f716235e871b5e29b0fd70c94b453
With this slash, in selinux_android_restorecon_common while loop,
fts_read need to traverse to "/data/system_ce/0" to satisfy the
conditions of skip CE.
If this dir's hash changed in this OTA, new hash will update to
xattr of dir's inode without restorecon for this dir.
When vold installed CE key, and want to restorecon for this dir,
hash match check return true, and dir will be skipped again.
This results in this dir cannot get correct context.
Remove last slash will make skip CE condition satisfy when traverse
"data/system_ce", without update "data/system_ce/0" hash.
Vold can check not match and correct restorecon "data/system_ce/0".
Test: OTA with CE dir contexts changed.
Change-Id: If6aacbe782636acac6cde1517619d8da85143436
Signed-off-by: lijiazi <lijiazi@xiaomi.com>
Remove the vestigial llndk_library modules and replace them with
properties in the llndk clause of the implementation cc_library.
Bug: 170784825
Test: m checkbuild
Test: compare out/soong/build.ninja
Change-Id: I1353f630e5a3f4649a13ce8c21bf6be65067716c
The build system will soon require that symbol files describing APIs
across updatable components (e.g. across APEXes or across sytem/vendor)
have the ".map.txt" suffix. This will trigger the NDK API review in the
gerrit so that backwards incompatible changes are prevented.
Bug: N/A
Test: m nothing
Change-Id: I1aacf8eea317ac1e7cf0dea3689ff8ef3e315dc0
Since commit be3db7b7aeb10adf51b34a681d73d5c5bbd59623 vold has been
responsible for labeling the user profile data root directories. So we
should skip those in a recursive restorecon, as we do for
e.g. /data/data, to avoid having the correct label overridden by an
incorrect one. Unlike /data/data the subdirectories should still be
restored.
Bug: 141677108
Bug: 175311045
Test: Manual. Root dir is not re-labeled, subdir is.
Change-Id: I7ffec8ed95d49e8d08fdb90e8f7e164f1d76f422
Bug: 172338832
Test: make and run libselinux_android_setcontext_fuzzer on device
Test: Run testcase 5652118323200000
Change-Id: Ib619679e89f10a5f58cb8ac17ba2b67d35b1b606
