There are two problems addressed by this change.
1) qsort doesn't compare all pairs of elements having the same
precedence. We can't rely only on qsort's comparator to detect
duplicates.
2) comparing logic is broken. For example,
s1->isPrivAppSet && s1->isPrivApp == s2->isPrivApp
really should be
!s1->isPrivAppSet || s1->isPrivApp == s2->isPrivApp
Bug: 291528964
Test: manually create two duplicated entries and boot
Change-Id: Ieae4a7f5419e18636bb2fd5f70700faa4fa8acf1
Right now selinux_android_restorecon will silently succeed if selinux is
disabled which is confusing.
This change adds a log statement that should help with debugging issues
related to disabled selinux (see attached bug).
Bug: 284277137
Test: presubmit
Change-Id: I4ebc6400ac7188660658ef3cccfb7cbdc76c0f22
seapp_context_lookup_internal applies a flag that is referenced in
seapp_contexts based on the seInfo string passed to it.
This enables testers to test out the set of restriction planned the
next SDK version and give feedback before we decide on the actual
restrictions for the next release.
Bug: b/270148964
Test: manual test app and adb shell ps -Z
Change-Id: I175229d135d99516dd6f38b8963d0ccc93a61a4f
Merged-In: I175229d135d99516dd6f38b8963d0ccc93a61a4f
seapp_context_lookup_internal applies a flag that is referenced in
seapp_contexts based on the seInfo string passed to it.
This enables testers to test out the set of restriction planned the
next SDK version and give feedback before we decide on the actual
restrictions for the next release.
Bug: b/270148964
Test: manual test app and adb shell ps -Z
Change-Id: I175229d135d99516dd6f38b8963d0ccc93a61a4f
libselinux log messages usually end with a new line character. Android
log system does not require the new line character and will include the
character as-is in the log buffer.
selinux_log_callback and selinux_vendor_log_callback implementations are
merged as they provide similar functionalities.
Match the indentation (i.e., tabs) with the rest of the file.
Test: boot & inspect logcat
Change-Id: I0a5e53b8f048c65f29c5df3bd7e0b38f523e42cd
We were previously on 3.5-rc2, there has been only little changes since
then.
Followed the steps:
repo start update_3.5 .
git merge 3.5 --no-ff # No merge conflicts were found.
lunch && m
repo upload .
# Update METADATA in a separate change.
Test: TH
Change-Id: If88fe90d2cbdb1ba6a279cba8b397cd2c808c6ab
Add a note that querying a foreign process via its PID is inherently
racy.
Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
Add the public interfaces getpidprevcon(3) and getpidprevcon_raw(3), and
the utility getpidprevcon to gather the previous context before the last
exec of a given process.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
The hash mask is set to 2^16 - 1, which does not fit into a signed 16
bit integer. Use uint32_t to be on the safe side. Also use size_t for
counting in debug function.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
Add const qualifier to read-only state struct.
Minimize scope of function local variables, to reduce complexity.
Pass only the file type related file flags to selabel_lookup(3).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
The optimization flag -funit-at-a-time is enabled by default in GCC[1]
and not supported by Clang:
clang: error: optimization flag '-funit-at-a-time' is not supported [-Werror,-Wignored-optimization-argument]
[1]: https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
Commit 7506771e4b
"add missing booleans to man pages" dramatically slowed down
"sepolicy manpage -a" by removing caching of setools rule query.
Re-add said caching and update the query to only return conditional
rules.
Before commit 7506771e:
#time sepolicy manpage -a
real 1m43.153s
# time sepolicy manpage -d httpd_t
real 0m4.493s
After commit 7506771e:
#time sepolicy manpage -a
real 1h56m43.153s
# time sepolicy manpage -d httpd_t
real 0m8.352s
After this commit:
#time sepolicy manpage -a
real 1m41.074s
# time sepolicy manpage -d httpd_t
real 0m7.358s
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
Since 30b3e9d2 (libselinux: Workaround for heap overhead of pcre,
2023-01-12), performance of PCRE2 matches has been affected due to
excesive recreation of the match_data in an attempt to reduce memory
utilization; instead of a workaround, it would be better to address
the problem and maybe even improve performance in the process.
The issue is that currently the structure that holds PCRE state has
both a pcre2_code (which is per pattern) and a pcre2_match_data (which
is per match), forcing us to add a mutex to prevent multiple matches to
step on each other.
Lets remove the match_data and the mutex and instead allocate one once
in a thread independent way that could be used and reused, by extending
our pthread interface to not only store TLS variables but also retrieve
them, and then use one of those.
Since we are not interested on the capture groups (if any) lets only
allocate 1 pair which is all that will be needed and change the logic
so that a return of 0 (which means the pattern matched but there were
not enough capture spots) is also considered a match.
This will ensure that the memory use would be bound to the number of
concurrent matches instead of the number of patterns and therefore
reduce the impact that recent changes on the way that the frames used
for matching are allocated might had brough since 10.41 was released.
For cases where threads are not available, just keep it working in slow
mode as done before the workaround was reverted.
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
cherry picked from:
https://patchwork.kernel.org/project/selinux/patch/20230123014047.84911-3-carenas@gmail.com/
Bug: 262469329
Test: atest MicrodroidBenchmarkApp
Change-Id: I3207c6dd2a215f81699aa62e8fcdf65c745bae72
Do not remove the runtime directory /run/setrans/, which is the parent
for the security context translation socket .setrans-unix, when the
service is stopped, so the path can not be taken over by a foreign
program, which could lead to a compromise of the context translation of
libselinux.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Enables processes with :IsolatedComputeApp set to be selected by seapp contexts with isIsolatedComputeApp selector.
Bug: 265540209
Bug: 265746493
Test: m && atest --host libselinux_test with change on android_unittest.cpp
Change-Id: I44f33bdd17454586708cbff2631ecd6725e53087
