tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
5490 commits 1 branch 0 tags 17 MiB
Commit graph

5490 commits

This branch
This branch
All branches
Author SHA1 Message Date
Thiébaud Weksteen
4bd090ce2d Add unit tests am: bec99f4190 am: b8bd8fd1d4 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3071445

Change-Id: I7a32b43623c51dd4a581bac1990016401b8bbb0e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-06 09:39:23 +00:00
Thiébaud Weksteen
2f153efebb Add is_credential_encrypted_path am: 5fd6afea62 am: 91b167b346 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3071444

Change-Id: I8bff31c102e79307a600c7e99b5fc14eb8f9399e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-06 09:39:17 +00:00
Thiébaud Weksteen
d33c417f8a Harmonize indentation am: 0562394766 am: eb74075265 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3071443

Change-Id: Id7ffa614d83f062952e9b8b8421d94be83fd686e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-06 09:39:12 +00:00
Thiébaud Weksteen
dabc49b544 Move is_app_data_path and extract_pkgname_and_userid am: 62ca57dac9 am: 2aa410a334 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3071442

Change-Id: I014eae01b07fef45969ebd66bb7f6c983d1421ee
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-06 09:39:06 +00:00
Thiébaud Weksteen
b8bd8fd1d4 Add unit tests am: bec99f4190 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3071445

Change-Id: Iafc498eb4ad76881d08383c9ca21a097c5ac0a85
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-06 09:09:38 +00:00
Thiébaud Weksteen
91b167b346 Add is_credential_encrypted_path am: 5fd6afea62 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3071444

Change-Id: I2731d3b2fa045b73a4d1abfe803a38c8a332873c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-06 09:09:35 +00:00
Thiébaud Weksteen
eb74075265 Harmonize indentation am: 0562394766 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3071443

Change-Id: Ib08df4f37b6a382e209ea5a79205a44feea75f26
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-06 09:09:33 +00:00
Thiébaud Weksteen
2aa410a334 Move is_app_data_path and extract_pkgname_and_userid am: 62ca57dac9 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3071442

Change-Id: I0f18bd5bdef38cdf6b3cfb81720771e34dd5f623
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-05-06 09:09:29 +00:00
Thiébaud Weksteen
bec99f4190 Add unit tests 
Add unit tests for is_app_data_path, is_credential_encrypted_path and
extract_pkgname_and_userid.

Test: atest --host libselinux_test
Bug: 317296680
Change-Id: Ib5f528d8beb62db0c59207ee88b6503d0f5845f3
 2024-05-06 13:11:09 +10:00
Thiébaud Weksteen
5fd6afea62 Add is_credential_encrypted_path 
Add an internal function to clarify the restorecon logic. Move the
function to android.c so it can be unit tested.

Test: build
Bug: 317296680
Change-Id: I972fca7509504ab50de41374c1f5d6ed878bf42f
 2024-05-06 13:10:29 +10:00
Thiébaud Weksteen
0562394766 Harmonize indentation 
A mixture of tab and spaces has been used in a few source files.
Consistently use tab to match the rest of libselinux.

Test: git show --ignore-space-change
Bug: 317296680
Change-Id: If2ddde565e7565ee4e3a7a3d3586ce40dc86dec7
 2024-05-06 12:15:35 +10:00
Thiébaud Weksteen
62ca57dac9 Move is_app_data_path and extract_pkgname_and_userid 
Move these functions as-is into android.c so they can be used in the
unit tests. The functions have not been modified, this is a no-op.

Test: build
Bug: 317296680
Change-Id: Icb1e5501a4a337573d24be894a31c0db72ae8acd
 2024-05-06 12:12:31 +10:00
Xin Li
9753881e4c [automerger skipped] Empty merge of Android 24Q2 Release (ab/11526283) to aosp-main-future am: 83d75ece5d -s ours 
am skip reason: Merged-In Ie0bb4b46ea66b59e09a8d3702079ddcb13b8b027 with SHA-1 b0bbd007d9 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/27144070

Change-Id: I6b061430ff67ad17fba4258431cf6d6897277526
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-29 22:16:25 +00:00
Xin Li
83d75ece5d Empty merge of Android 24Q2 Release (ab/11526283) to aosp-main-future 
Bug: 337098550
Merged-In: Ie0bb4b46ea66b59e09a8d3702079ddcb13b8b027
Change-Id: I28157ec3be1da5f7a000850915363568f996fcd9
 2024-04-29 11:51:00 -07:00
Ellen Arteca
1e9017a411 Add /data/storage_area to app data directories am: 261afd394b am: b0bbd007d9 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2957472

Change-Id: I32c8694969a9b0e8c9440fda713b383a12118d0e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-26 03:58:09 +00:00
Ellen Arteca
b0bbd007d9 Add /data/storage_area to app data directories am: 261afd394b 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2957472

Change-Id: Ie0bb4b46ea66b59e09a8d3702079ddcb13b8b027
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-26 03:43:51 +00:00
Ellen Arteca
261afd394b Add /data/storage_area to app data directories 
libselinux has special handling for the app data directories such as
/data/user/$userId/$pkgName and /data/user_de/$userId/$pkgName, because
their SELinux contexts are determined differently from "normal" files.

/data/storage_area/$userId/$pkgName will be a new app data directory
(with a different SELinux context, but determined through the same process).
THerefore, add it to the list of app data directories.

Bug: 325129836

Change-Id: I4371c23193e6ad07207bc1f22cfd6d1580ccd600
 2024-04-18 17:47:11 +00:00
Steven Moreland
5159c81252 checkpolicy: disable leak detection am: c8d5fc8b44 am: adce3dbbb6 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3042635

Change-Id: I5fc62e0ded1efeac59d8e9feb1036df8c8c9fd57
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-16 01:04:32 +00:00
Steven Moreland
adce3dbbb6 checkpolicy: disable leak detection am: c8d5fc8b44 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/3042635

Change-Id: Ic922a1591efa5376b48e1249cb80bf0ca5269701
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-04-16 00:44:32 +00:00
Steven Moreland
c8d5fc8b44 checkpolicy: disable leak detection 
Breaking ASAN host builds.

Bugs: me
Test: build with SANITIZE_HOST=address
Change-Id: Idb72d16d8fbe4d082b94994854e488f57ef4bb26
 2024-04-15 23:02:00 +00:00
Thiébaud Weksteen
7b38f24445 Merge "Add build flags for libselinux" into main am: c23cbe8ca5 am: c20d8480e5 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2971894

Change-Id: I4eb1f132ab8eaaeaf0f1d809cbf20d0e62714050
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-03-05 00:43:19 +00:00
Thiébaud Weksteen
c20d8480e5 Merge "Add build flags for libselinux" into main am: c23cbe8ca5 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2971894

Change-Id: Iab88e01241410a5803177f30093e5b444692af6a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-03-05 00:00:47 +00:00
Thiébaud Weksteen
c23cbe8ca5 Merge "Add build flags for libselinux" into main 2024-03-04 23:28:31 +00:00
Thiébaud Weksteen
90b4df940c Merge "Add selabel_get_digests_all_partial_matches binary" into main am: 2273a74d00 am: b39171460b 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2981571

Change-Id: I39221e1cee469f8b5ff4373e3145193c66549e12
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-29 02:48:13 +00:00
Thiébaud Weksteen
b39171460b Merge "Add selabel_get_digests_all_partial_matches binary" into main am: 2273a74d00 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2981571

Change-Id: Icc0c501c6a3841b4bede6bdf2821c3627d6cb67e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-29 02:06:03 +00:00
Thiébaud Weksteen
2273a74d00 Merge "Add selabel_get_digests_all_partial_matches binary" into main 2024-02-29 01:16:38 +00:00
Thiébaud Weksteen
f3007e9fd4 Add selabel_get_digests_all_partial_matches binary 
Add build rule for selabel_get_digests_all_partial_matches. It is not
included by default in the system image, but can be useful to debug
the computation of security.sehash.

Bug: 317296680
Test: adb remount; adb push selabel_get_digests_all_partial_matches
  /system/bin; selabel_get_digests_all_partial_matches -r /data/data
Change-Id: I2b7e8d994f15539849d69ded5695293c4f2cf8b2
 2024-02-28 13:26:57 +11:00
Ellen Arteca
9f17ca222e The order the fields were printed in did not match the order in which their values are listed; likely a typo am: cd26ca2162 am: b97284595c 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2976012

Change-Id: Id0e5050becc4c085afcfe419b2d86995fa003bee
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-27 12:27:49 +00:00
Ellen Arteca
b97284595c The order the fields were printed in did not match the order in which their values are listed; likely a typo am: cd26ca2162 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2976012

Change-Id: I515a85b6ae5eb66afe302ac15db733790d348df5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2024-02-27 11:46:40 +00:00
Ellen Arteca
cd26ca2162 The order the fields were printed in did not match the order in which their values are listed; likely a typo 
Change-Id: I2e00216ef7e3cedd274fb16aa361637d9a98ba2c
 2024-02-26 09:14:18 +00:00
Thiébaud Weksteen
8f719500fd Add build flags for libselinux 
Consider /data/data as an app data directory (and skip any restorcon) if
the flag release_selinux_data_data_ignore is enabled.

Test: boot;
      setfattr -x security.sehash /data;
      setfattr -x security.sehash /data/data;
      reboot, restorecon ignores /data/data
Bug: 317296680
Change-Id: If341864555398cd042dbe5b89085821cc2f8a0c0
 2024-02-23 15:46:51 +11:00
Daniel Chapin
a7b5fa81da Revert "Use generic isSelector" am: 27d4f93b76 am: fd16119838 am: 05a74fd219 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485

Change-Id: Ib50610278ec483c87d4d2c52f60ee340744c821b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-05 06:55:43 +00:00
Daniel Chapin
6e81ec7ec2 Revert "Use generic isSelector" am: 27d4f93b76 am: a772618e5c am: a9be036f81 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485

Change-Id: Ic52cbb7c1e50bd97ca3e928f619e876d575e962e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-05 06:55:18 +00:00
Daniel Chapin
05a74fd219 Revert "Use generic isSelector" am: 27d4f93b76 am: fd16119838 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485

Change-Id: I52e564e9ce90b0118f0e1ed576ca784385151b32
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-05 06:06:46 +00:00
Daniel Chapin
a9be036f81 Revert "Use generic isSelector" am: 27d4f93b76 am: a772618e5c 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485

Change-Id: I335a819d7c851b62c3b0a123fbfe34c176469127
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-05 06:04:37 +00:00
Daniel Chapin
a772618e5c Revert "Use generic isSelector" am: 27d4f93b76 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485

Change-Id: Id3421f08cf85f2744b757cdd4e89726f98f1b9a5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-05 05:28:47 +00:00
Daniel Chapin
fd16119838 Revert "Use generic isSelector" am: 27d4f93b76 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485

Change-Id: I71ff5b24278be5ee64a1d46ba39550c2826720e0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-05 05:16:50 +00:00
Daniel Chapin
27d4f93b76 Revert "Use generic isSelector" 
This reverts commit 3d85f1e116.

Reason for revert: Droidfood blocking bug: b/314704483

Change-Id: I4cec1f1c4de25c28536c4f56cfd297ab1a9f3812
 2023-12-05 00:52:17 +00:00
Thiébaud Weksteen
5f0adaf824 Use generic isSelector am: 3d85f1e116 am: d26a4af638 am: 57857be7cb 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485

Change-Id: I907beaae8a76e6d3209fa6eb1d21298b5170e3f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-01 04:23:37 +00:00
Thiébaud Weksteen
2e514132bf Use generic isSelector am: 3d85f1e116 am: bce1d3689b am: 28f879de16 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485

Change-Id: I067484d72885ba209b0944a326474b2008cec004
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-01 04:23:22 +00:00
Thiébaud Weksteen
57857be7cb Use generic isSelector am: 3d85f1e116 am: d26a4af638 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485

Change-Id: I96867dca9a2731cf062a795fcfdf034beb9e9cab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-01 04:05:52 +00:00
Thiébaud Weksteen
28f879de16 Use generic isSelector am: 3d85f1e116 am: bce1d3689b 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485

Change-Id: I408f1d9edea15863dde0e50ca5f2000ebf8fad5c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-01 03:51:40 +00:00
Thiébaud Weksteen
d26a4af638 Use generic isSelector am: 3d85f1e116 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485

Change-Id: Iebf082e0c29320766b69c5ea6b9fb151c8676a25
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-01 03:34:32 +00:00
Thiébaud Weksteen
bce1d3689b Use generic isSelector am: 3d85f1e116 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485

Change-Id: I0aad333ba1526c0a61ea2d55c528b1e7373897e7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-12-01 03:19:18 +00:00
Thiébaud Weksteen
3d85f1e116 Use generic isSelector 
seapp_contexts supports multiple boolean attributes: isPrivApp,
isEphemeralApp, isIsolatedComputeApp, isSdkSandboxAudit,
isSdkSandboxNext, fromRunAs. Each of these exists to support a specific
labelling scenario from the framework. When a new predicate is required,
an update to libselinux is also required. This change generically
handles any attribute starting with "is" and maps it directly
(case-insensitive) to the same seinfo field.

It is assumed that only one of these is required at a time. An error is
raised if seapp_contexts contains multiple is-selector within one rule.
An error is raised if seinfo contains multiple is-selector.

The order for comparison between seapp_contexts is altered: an entry
with an is-selector will be prioritized over one with an unspecifed
is-selector. This is not quite the previous order (e.g., isPrivApp <
targetSdkVersion < fromRunAs), but it is understood that the previous
order was not intentional and emerged from the incremental contributions
to this library.

The boolean info.isPreinstalledApp is replaced by checking the first
byte of info.partition.

Test: atest --host libselinux_test
Bug: 307635909
Change-Id: Ice3b84870e3255f6d9357d9750acbe9691b45aad
 2023-12-01 10:42:50 +11:00
Thiébaud Weksteen
148c2f327d Refactor the parsing of seinfo am: 7fd89c00f7 am: c4b477c1de am: f87183c61b 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178

Change-Id: I40a776d1e79ab6927464cb1bd5a5b612cd5c2292
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-21 23:35:07 +00:00
Thiébaud Weksteen
4268b21150 Refactor the parsing of seinfo am: 7fd89c00f7 am: 4bf49f0fb0 am: 6af667a24b 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178

Change-Id: I5742cf04e29ef3e54b81cdc2134170fbf3960f74
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-21 23:33:39 +00:00
Thiébaud Weksteen
f87183c61b Refactor the parsing of seinfo am: 7fd89c00f7 am: c4b477c1de 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178

Change-Id: Ia03b4d9c99c43b1644c949f5ca6cfb11147f383d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-21 23:32:50 +00:00
Thiébaud Weksteen
6af667a24b Refactor the parsing of seinfo am: 7fd89c00f7 am: 4bf49f0fb0 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178

Change-Id: I5b172e06cd5efe1c18a0eb9bf7f69593aeb76d29
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-21 23:00:27 +00:00
Thiébaud Weksteen
c4b477c1de Refactor the parsing of seinfo am: 7fd89c00f7 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178

Change-Id: I11bfae9f5cb86c03642d30afb7b8f1ea46c9efb0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-11-21 22:47:45 +00:00