tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
5417 commits 1 branch 0 tags 17 MiB
Commit graph

5417 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nikita Ioffe
32f3437e65 selinux_android_restorecon: log if selinux is disabled am: f8cf22eba8 am: 7acef81958 am: bff9fe164f am: f684be58ea am: 62bfd9b17c 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2628031

Change-Id: I6221b5d9dda09d5b5e9f07fe465305ae0fd2a034
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-16 17:35:07 +00:00
Nikita Ioffe
62bfd9b17c selinux_android_restorecon: log if selinux is disabled am: f8cf22eba8 am: 7acef81958 am: bff9fe164f am: f684be58ea 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2628031

Change-Id: I5e1e7eb088d2534ad84f5ba299beac3dd27dde06
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-16 16:55:29 +00:00
Nikita Ioffe
f684be58ea selinux_android_restorecon: log if selinux is disabled am: f8cf22eba8 am: 7acef81958 am: bff9fe164f 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2628031

Change-Id: I844493a1abd5a36a47cf0ff7d1b07a1bc2b91865
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-16 16:10:38 +00:00
Nikita Ioffe
bff9fe164f selinux_android_restorecon: log if selinux is disabled am: f8cf22eba8 am: 7acef81958 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2628031

Change-Id: Ic724498e45e5b98e7d8071f31db1c59a0efbf309
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-16 15:21:14 +00:00
Nikita Ioffe
7acef81958 selinux_android_restorecon: log if selinux is disabled am: f8cf22eba8 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2628031

Change-Id: Iec5a861f6a1305e86a0afdd00191734ad967c9b3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-06-16 14:38:58 +00:00
Nikita Ioffe
f8cf22eba8 selinux_android_restorecon: log if selinux is disabled 
Right now selinux_android_restorecon will silently succeed if selinux is
disabled which is confusing.

This change adds a log statement that should help with debugging issues
related to disabled selinux (see attached bug).

Bug: 284277137
Test: presubmit
Change-Id: I4ebc6400ac7188660658ef3cccfb7cbdc76c0f22
 2023-06-16 12:59:16 +01:00
Mugdha Lakhani
2ab7070ca4 [automerger skipped] Add applySdkSandboxNextRestrictions flag am: 8c40c00f3d am: 38bf716c63 am: 614a8b6985 -s ours 
am skip reason: Merged-In I175229d135d99516dd6f38b8963d0ccc93a61a4f with SHA-1 8c40c00f3d is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/23149989

Change-Id: I32559987d9970726859168e6c18f70f5ec9d24de
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-13 01:32:05 +00:00
Mugdha Lakhani
ee7d8c6539 [automerger skipped] Add applySdkSandboxNextRestrictions flag am: 8c40c00f3d -s ours am: ae7e95128b -s ours am: c535a1e4af -s ours 
am skip reason: Merged-In I175229d135d99516dd6f38b8963d0ccc93a61a4f with SHA-1 e1c842285b is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/23149989

Change-Id: I4fa7f87a95c0a2a05d6979e5aba52f9989b290c3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-13 01:27:02 +00:00
Mugdha Lakhani
3a2538d5f2 [automerger skipped] Add applySdkSandboxNextRestrictions flag am: 8c40c00f3d am: 38bf716c63 -s ours am: 79f2b6dca5 -s ours 
am skip reason: Merged-In I175229d135d99516dd6f38b8963d0ccc93a61a4f with SHA-1 e1c842285b is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/23149989

Change-Id: I5b1c5f62b0f8273423dce851f3997db4fd2c0f7b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-13 01:26:29 +00:00
Mugdha Lakhani
c535a1e4af [automerger skipped] Add applySdkSandboxNextRestrictions flag am: 8c40c00f3d -s ours am: ae7e95128b -s ours 
am skip reason: Merged-In I175229d135d99516dd6f38b8963d0ccc93a61a4f with SHA-1 e1c842285b is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/23149989

Change-Id: If267af1dfb59a6f93d8827d0edc60ab9f42fe3cd
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-13 00:47:23 +00:00
Mugdha Lakhani
614a8b6985 Add applySdkSandboxNextRestrictions flag am: 8c40c00f3d am: 38bf716c63 
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/23149989

Change-Id: I033e49e688ef83baca718d28b3d33df98dd98aa3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-13 00:47:18 +00:00
Mugdha Lakhani
79f2b6dca5 [automerger skipped] Add applySdkSandboxNextRestrictions flag am: 8c40c00f3d am: 38bf716c63 -s ours 
am skip reason: Merged-In I175229d135d99516dd6f38b8963d0ccc93a61a4f with SHA-1 e1c842285b is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/23149989

Change-Id: Idce0e7ece54bf7f66de1e5e3337789bdf5c1e08e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-13 00:43:08 +00:00
Mugdha Lakhani
38bf716c63 Add applySdkSandboxNextRestrictions flag am: 8c40c00f3d 
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/23149989

Change-Id: I7f3e8d9168d80e3384ee4e9c4c6617ce4a1784fe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-13 00:04:16 +00:00
Mugdha Lakhani
ae7e95128b [automerger skipped] Add applySdkSandboxNextRestrictions flag am: 8c40c00f3d -s ours 
am skip reason: Merged-In I175229d135d99516dd6f38b8963d0ccc93a61a4f with SHA-1 e1c842285b is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/external/selinux/+/23149989

Change-Id: I424096c54e2704b550904d6356910d0f9b042e80
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-12 23:59:26 +00:00
Mugdha Lakhani
2e9deaf50f Add applySdkSandboxNextRestrictions flag am: e1c842285b am: 630c8c01c5 am: d5783f3391 am: 263eed616d am: d0de07ad56 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2584678

Change-Id: I858727d6522c7a106411ed24e6801dbd9fd24d0c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-12 13:21:11 +00:00
Mugdha Lakhani
d0de07ad56 Add applySdkSandboxNextRestrictions flag am: e1c842285b am: 630c8c01c5 am: d5783f3391 am: 263eed616d 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2584678

Change-Id: I7f1d5f8feb6494f0b7b1d2c04d97d00eed98f080
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-12 12:43:55 +00:00
Mugdha Lakhani
263eed616d Add applySdkSandboxNextRestrictions flag am: e1c842285b am: 630c8c01c5 am: d5783f3391 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2584678

Change-Id: I5616bebdc478d6c6ad98a7d8aee93366d0f0511d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-12 12:42:39 +00:00
Mugdha Lakhani
d5783f3391 Add applySdkSandboxNextRestrictions flag am: e1c842285b am: 630c8c01c5 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2584678

Change-Id: I93b0b5bd53a32e662f5489502c7261a25802a747
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-12 11:56:58 +00:00
Mugdha Lakhani
630c8c01c5 Add applySdkSandboxNextRestrictions flag am: e1c842285b 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2584678

Change-Id: I813a7f18bc14084a7a81cb7a61804356981908f6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-05-12 11:18:03 +00:00
Mugdha Lakhani
8c40c00f3d Add applySdkSandboxNextRestrictions flag 
seapp_context_lookup_internal applies a flag that is referenced in
seapp_contexts based on the seInfo string passed to it.

This enables testers to test out the set of restriction planned the
next SDK version and give feedback before we decide on the actual
restrictions for the next release.

Bug: b/270148964
Test: manual test app and adb shell ps -Z
Change-Id: I175229d135d99516dd6f38b8963d0ccc93a61a4f
Merged-In: I175229d135d99516dd6f38b8963d0ccc93a61a4f
 2023-05-11 18:07:06 +00:00
Mugdha Lakhani
e1c842285b Add applySdkSandboxNextRestrictions flag 
seapp_context_lookup_internal applies a flag that is referenced in
seapp_contexts based on the seInfo string passed to it.

This enables testers to test out the set of restriction planned the
next SDK version and give feedback before we decide on the actual
restrictions for the next release.

Bug: b/270148964
Test: manual test app and adb shell ps -Z
Change-Id: I175229d135d99516dd6f38b8963d0ccc93a61a4f
 2023-05-11 17:48:51 +00:00
Thiébaud Weksteen
40bb36cc64 Skip newlines for SELinux logs am: 366f01fd64 am: 273398f7b8 am: 829be6bea0 am: 0db1ceb25e 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2519660

Change-Id: I26673f67e98060e51ef1bedc0d2aa013fc68894c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 01:38:18 +00:00
Thiébaud Weksteen
0db1ceb25e Skip newlines for SELinux logs am: 366f01fd64 am: 273398f7b8 am: 829be6bea0 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2519660

Change-Id: Ib80972ee47715b990e2d47fd5dc1535438f643b8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 01:06:25 +00:00
Thiébaud Weksteen
829be6bea0 Skip newlines for SELinux logs am: 366f01fd64 am: 273398f7b8 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2519660

Change-Id: I6772f7091545c8bb28d6baceca652e4f837f7f22
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 00:37:40 +00:00
Thiébaud Weksteen
273398f7b8 Skip newlines for SELinux logs am: 366f01fd64 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2519660

Change-Id: Ifd367114af3b93af5a4cc5113205fbe4e3a71d64
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-04-06 00:06:50 +00:00
Thiébaud Weksteen
366f01fd64 Skip newlines for SELinux logs 
libselinux log messages usually end with a new line character. Android
log system does not require the new line character and will include the
character as-is in the log buffer.

selinux_log_callback and selinux_vendor_log_callback implementations are
merged as they provide similar functionalities.

Match the indentation (i.e., tabs) with the rest of the file.

Test: boot & inspect logcat
Change-Id: I0a5e53b8f048c65f29c5df3bd7e0b38f523e42cd
 2023-04-04 10:26:19 +10:00
Thiébaud Weksteen
c4ece99a3a Update METADATA am: 1b0711d5d8 am: 4e0321dd1b am: dfdc062b10 am: a427bb67d6 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2496623

Change-Id: Ic3a3b1e92b4ea6736b110f84611940efaafba408
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 01:14:48 +00:00
Thiébaud Weksteen
0ddb4dba1f Merge tag '3.5' into master am: a9f20263fd am: f01db3250c am: 020ef46b19 am: 168d1f78d2 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2496622

Change-Id: I60480bcd7249e37da8cbac9e939a4321b9f82ff5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 01:14:45 +00:00
Thiébaud Weksteen
a427bb67d6 Update METADATA am: 1b0711d5d8 am: 4e0321dd1b am: dfdc062b10 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2496623

Change-Id: Ibb19361e5d802bed14df8cabe0473ca085be0d2a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 00:35:13 +00:00
Thiébaud Weksteen
168d1f78d2 Merge tag '3.5' into master am: a9f20263fd am: f01db3250c am: 020ef46b19 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2496622

Change-Id: I1c1b95d5d3681d0d8c74feb6574027e2e8c412a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-22 00:35:10 +00:00
Thiébaud Weksteen
dfdc062b10 Update METADATA am: 1b0711d5d8 am: 4e0321dd1b 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2496623

Change-Id: I37147f60d761b1e15362f644e1f13f9bae491245
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-21 23:57:54 +00:00
Thiébaud Weksteen
020ef46b19 Merge tag '3.5' into master am: a9f20263fd am: f01db3250c 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2496622

Change-Id: I69f980d27eff7c10a8623ee54df4e6c95b4b4456
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-21 23:57:52 +00:00
Thiébaud Weksteen
4e0321dd1b Update METADATA am: 1b0711d5d8 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2496623

Change-Id: I4aa75645611b056d80a9d1e5209d609cf5822b26
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-21 23:19:25 +00:00
Thiébaud Weksteen
f01db3250c Merge tag '3.5' into master am: a9f20263fd 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2496622

Change-Id: Iff9a1447e6b1d649c30142faaf31b352de9920c0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-21 23:19:21 +00:00
Thiébaud Weksteen
1b0711d5d8 Update METADATA 
Test: n/a
Change-Id: I711efac83c599844e6bc80301998fe8c89345e05
 2023-03-21 15:31:10 +11:00
Thiébaud Weksteen
a9f20263fd Merge tag '3.5' into master 
We were previously on 3.5-rc2, there has been only little changes since
then.

Followed the steps:
  repo start update_3.5 .
  git merge 3.5 --no-ff # No merge conflicts were found.
  lunch && m
  repo upload .
  # Update METADATA in a separate change.

Test: TH
Change-Id: If88fe90d2cbdb1ba6a279cba8b397cd2c808c6ab
 2023-03-21 15:27:40 +11:00
Jason Zaman
d6e96c5929
Update VERSIONs to 3.5 for release. 
Signed-off-by: Jason Zaman <jason@perfinion.com>
 2023-02-23 05:16:11 -08:00
Sadaf Ebrahimi
5cc354a639 Adding METADATA file to selinux am: 5f377c52fa am: 1a5c7b7037 am: 0e8930c697 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2441187

Change-Id: I53559464b81d13749f8ac9dc69fd4b95ad68aa0a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-21 19:31:33 +00:00
Sadaf Ebrahimi
0e8930c697 Adding METADATA file to selinux am: 5f377c52fa am: 1a5c7b7037 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2441187

Change-Id: I79d3c988f34a95a6d0f21768e097ebc4df7ec041
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-21 18:17:35 +00:00
Sadaf Ebrahimi
1a5c7b7037 Adding METADATA file to selinux am: 5f377c52fa 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2441187

Change-Id: Ia7bc8cd4bff23d3a278d751eebfeecdc8c9e5144
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-21 17:15:32 +00:00
Sadaf Ebrahimi
5f377c52fa Adding METADATA file to selinux 
Test: TreeHugger
Change-Id: I4ff048c7adf2fd07431590d04f56ae6d34cbf603
 2023-02-16 21:01:46 +00:00
Jason Zaman
83e56c8a8b
Update VERSIONs to 3.5-rc3 for release. 
Signed-off-by: Jason Zaman <jason@perfinion.com>
 2023-02-10 22:32:13 -08:00
Christian Göttsche
49e65b85d6 libselinux: getcon.3: add note about PID races 
Add a note that querying a foreign process via its PID is inherently
racy.

Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
 2023-02-10 22:23:17 -08:00
Christian Göttsche
494eb683f3 libselinux: add getpidprevcon 
Add the public interfaces getpidprevcon(3) and getpidprevcon_raw(3), and
the utility getpidprevcon to gather the previous context before the last
exec of a given process.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
 2023-02-10 22:23:11 -08:00
Christian Göttsche
1609b9fdfd libselinux: restore: use fixed sized integer for hash index 
The hash mask is set to 2^16 - 1, which does not fit into a signed 16
bit integer.  Use uint32_t to be on the safe side.  Also use size_t for
counting in debug function.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
 2023-02-10 22:19:00 -08:00
Christian Göttsche
06512c4373 libselinux: restore: misc tweaks 
Add const qualifier to read-only state struct.

Minimize scope of function local variables, to reduce complexity.

Pass only the file type related file flags to selabel_lookup(3).

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
 2023-02-10 22:18:53 -08:00
Christian Göttsche
f9df9487ad libselinux: drop obsolete optimization flag 
The optimization flag -funit-at-a-time is enabled by default in GCC[1]
and not supported by Clang:

    clang: error: optimization flag '-funit-at-a-time' is not supported [-Werror,-Wignored-optimization-argument]

[1]: https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
 2023-02-10 22:18:46 -08:00
Vit Mojzis
d8eb8b309f python/sepolicy: Cache conditional rule queries 
Commit 7506771e4b
"add missing booleans to man pages" dramatically slowed down
"sepolicy manpage -a" by removing caching of setools rule query.
Re-add said caching and update the query to only return conditional
rules.

Before commit 7506771e:
 #time sepolicy manpage -a
 real	1m43.153s
 # time sepolicy manpage -d httpd_t
 real	0m4.493s

After commit 7506771e:
 #time sepolicy manpage -a
 real   1h56m43.153s
 # time sepolicy manpage -d httpd_t
 real	0m8.352s

After this commit:
 #time sepolicy manpage -a
 real	1m41.074s
 # time sepolicy manpage -d httpd_t
 real	0m7.358s

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
 2023-02-06 15:38:58 +01:00
Petr Lautrbach
62d6d13f70 Update translations 
Source: https://translate.fedoraproject.org/projects/selinux/

Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
 2023-02-06 15:34:01 +01:00
Carlo Marcelo Arenas Belón
a6034f1add libselinux: improve performance with pcre matches am: 72806f3933 am: 0470684f9e am: 4d3b040b58 
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2411194

Change-Id: I73964710fcec1688fdb4fb1d1706428c4244d95d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-02-03 13:22:48 +00:00