Add a new function selinux_vendor_log_callback to support
the non-VNDK vendor case (where /system/etc/event-log-tags
isn't available for consistency of all PRODUCT_FULL_TREBLE
devices whether they are VNDK or the legacy VNDK).
Bug: 113083310
Test: boot Pixel 1, use new APIs in vndservicemanager, check
for denials.
Change-Id: I032dbb6e6fb5d9b825feab9dee0de617c055cfe2
Following symbols from libselinux are used by init. They need to be
exposed in order for the init to dynamically link to libselinux.
Note that this does not affect symbols visibility to vendor, which is
controlled by other map file, exported_vendor.map.
Bug: 63673171
Test: m -j
Test: adb reboot recovery
Change-Id: Ic149801b60fc739ab99f29711a522d460001a293
This will be used by ss(8) in platform/external/iproute2.
Test: With topic merged, `m` and `adb shell ss -Z` shows SELinux labels.
Change-Id: I30d5e180fee1c9d99ba8d31586468f83ffd3e177
This is used by vndservicemanager, which will only
have access to the vndservice_contexts on the vendor
partition.
Bug: 36052864
Test: vndservicemanager can load the context
Change-Id: Ifd5caa4f74236184ef970ce39a8be227c50b48d4
Make sure shared libraries we create export only the minimum number of
symbols, and not a bit more. We want to be careful what SELinux APIs we
(directly or indirectly) expose to other processes.
Test: Android compiles. Link time restrictions only.
Change-Id: Ia6d1788cd944b46f1e97f621f4466fb8ada29191
