This is to workaround a regression on peak memory usage, due to a
behavior change of pcre2. With this patch, peak memory usage decreases
for about 4 MB.
Also verified with microdroid benchmarks that the runtime impact is
negligible.
Before this patch:
testMicrodroidBootTime[protectedVm=false]:
avf_perf/microdroid/boot_time_average_ms: 1072.2437260666668
avf_perf/microdroid/boot_time_max_ms: 1153.957195
avf_perf/microdroid/boot_time_min_ms: 987.760254
avf_perf/microdroid/boot_time_stdev_ms: 43.715968392943445
testMicrodroidBootTime[protectedVm=true]:
avf_perf/microdroid/boot_time_average_ms: 1318.7790113333335
avf_perf/microdroid/boot_time_max_ms: 1367.490967
avf_perf/microdroid/boot_time_min_ms: 1239.080486
avf_perf/microdroid/boot_time_stdev_ms: 33.82832311810135
After this patch:
testMicrodroidBootTime[protectedVm=false]:
avf_perf/microdroid/boot_time_average_ms: 1074.9152321333336
avf_perf/microdroid/boot_time_max_ms: 1172.233481
avf_perf/microdroid/boot_time_min_ms: 971.020793
avf_perf/microdroid/boot_time_stdev_ms: 45.3782260524823
testMicrodroidBootTime[protectedVm=true]:
avf_perf/microdroid/boot_time_average_ms: 1286.4607849333333
avf_perf/microdroid/boot_time_max_ms: 1380.643678
avf_perf/microdroid/boot_time_min_ms: 1209.573649
avf_perf/microdroid/boot_time_stdev_ms: 44.44544241596637
Bug: 262469329
Test: atest MicrodroidBenchmarks
Test: run device boot time test
Change-Id: Ifc1be381255c263638ea262b995bc06fa3c7bdcc
Bionic provides its own version of strlcpy. Ignore the re-definition
from SELinux for devices.
Bug: 260539369
Test: lunch sdk && m sdk
Change-Id: Icb9d8678c29562ab7b73d7a0f14a233fd71dfefd
- Reference renamed file: COPYING -> LICENSE in Android.bp
- Fix constext_str calls now returning const char *
- Comment out cil_write_src_info_node which is not used on Android
- Include new selinux_internal.c source file
Bug: 253327909
Test: build and boot on bramble
Test: sediff between current and new policy; no change
Change-Id: I506479befb3c0b99136cd842b2a77a6a8bea18ed
android_seapp.c can be build on host. strlcpy is replaced with strncpy
(the string copied is static). An alias seapp_getpwuid is created to
allow faking for the unit test.
Bug: 234313751
Test: build & boot
Change-Id: I0e86d83fddb3ceb20d63963b40ea0ca227a8538a
With android_platform.c split between android_device.c and
android_seapp.c, update the build configuration. Move to the internal
header the interface expected between the two files.
Test: m
Bug: 234313751
Change-Id: If13a7484bf48a49e36a424c39f6f62ec6140fc22
A compilation option ANDROID_UNIT_TESTING is introduced to skip the
implicit search for /sys/fs/selinux when libselinux is first
initialized. The label functions of libselinux are used as-is (instead
of a mock or fake).
Expose the context_handle function internally so it may be called within
the unit tests.
Bug: 234313751
Test: atest --host libselinux_test
Change-Id: Ifd7f4857c959a6c7d397682ba9913dc1d1cea591
Move sources files to the default libselinux rule so that other binaries
may reuse the same defaults (i.e., unittests). The majority of sources
can be compiled for the host.
Bug: 234313751
Test: local build for aosp_bramble-userdebug
Test: TH
Change-Id: I0b76bf79ceabd6096ab4ef03f0c8648d0636a310
We are now default restricting bindgen visibility to subpackages. This
change is part of a set of changes adding explicit visibility for
bindgen libraries which are already being used elsewhere.
* If these visibility rules are to allow access by the safe bindings
library which lives elsewhere in the codebase, no action is needed.
* If safe bindings do not exist, and you own this library, now is a good
time to think about producing them and transitioning your (now
enumerated) client list.
* If safe bindings exist, but there is a surprise client of the raw
bindings on this list, now is a good time to talk to them about why
they don't want to use your safe bindings.
Bug: 166332519
Test: m
Change-Id: I967811c6cf563725d591e1d8536f7c6e19535996
Revert submission 2110147
Reason for revert: Broken sdk_mac target.
Reverted Changes:
Ifcd00954b:Refactor sources in Android.bp
Ie313b6d63:Add unit tests for service contexts backend
Change-Id: Id3d9c69c508b4774e667a600346b03a7c09e3a96
Revert submission 2110147
Reason for revert: Broken sdk_mac target.
Reverted Changes:
Ifcd00954b:Refactor sources in Android.bp
Ie313b6d63:Add unit tests for service contexts backend
Change-Id: I616f43ed57626b5255dcf193f5f2c750b47f2fae
A compilation option ANDROID_UNIT_TESTING is introduced to skip the
implicit search for /sys/fs/selinux when libselinux is first
initialized. The label functions of libselinux are used as-is (instead
of a mock or fake).
Expose the context_handle function internally so it may be called within
the unit tests.
Bug: 234313751
Test: atest --host libselinux_test
Change-Id: Ie313b6d63d25d42d9ec1b16a8bb42160950b5be8
Move sources files to the default libselinux rule so that other binaries
may reuse the same defaults (i.e., unittests). The majority of sources
can be compiled for the host.
Bug: 234313751
Test: build
Change-Id: Ifcd00954b09f1d05c91f3deaf15cf16091455308
The library is already available as part of LL-NDK. It was partially
removed in commit 1ea855e, complete the clean up.
Test: m
Bug: 151303316
Change-Id: If824aeeb4f79b5759e103a7d0473946fd51f9171
For convenience, builds against musl libc currently use the
linux_glibc properties because they are almost always linux-specific
and not glibc-specific. In preparation for removing this hack,
tweak the linux_glibc properties by either moving them to host_linux,
which will apply to linux_glibc, linux_musl and linux_bionic, or
by setting appropriate musl or linux_musl properties. Properties
that must not be repeated while musl uses linux_musl and also still
uses the linux_glibc properties are moved to glibc properties, which
don't apply to musl. Whether these stay as glibc properties or get
moved back to linux_glibc later once the musl hack is removed is TBD.
Bug: 223257095
Test: m checkbuild
Test: m USE_HOST_MUSL=true host-native
Change-Id: I416ea94e6a6d8dac014cc1c70226090f1baeddfc
Previously, Android used its own cil_write_ast function to output the
resulting AST. libsepol now defines a similar function named
cil_write_build_ast. The new function differs slightly in behaviour:
* It will output "source information" nodes in the resulting CIL. When
loading, it is expected that each source information line (e.g.,
`;;* lms 100 file.cil`) will be matched with a terminating entry (e.g.,
`;;* lme`). If not, the loading will fail. Because we split and merge
policy files in AOSP, explicitly ignore these lines when writing the
AST.
* genfscon paths are now quoted following 644c5bb.
* An extra superfluous set of parentheses was previously added for some
operators (e.g., "range" "and" or "not").
For typeattributes, cil_write_build_ast uses the `fqn` field and not
`name`. Ensure the nodes are correctly populated.
Bug: 190808996
Test: Build aosp_bramble-userdebug and manually compare the generated
/{system,vendor,product}/etc/selinux* files with their previous
versions. The differences are due to the new behaviours described
above.
Test: Force a recompilation of the policy on device, the new policy is
correctly loaded.
Change-Id: I088d1e94ca07cfbd0b6c604f1f82464b3537c392
The boilerplate is no longer necessary for defining rust_test modules
testing generated source.
Bug: 196076408
Test: m libselinux_bindgen_test
Change-Id: Iae623f4146e7580bc58090cebd78a21413ac844d
Use target.android.system_shared_libs when it is used to limit the
default shared libraries (as opposed to remove them completely).
This avoids attempting to add a host dependency on libc when
system_shared_libs is modified to apply to all variants.
Bug: 193559105
Test: m checkbuild
Change-Id: I0aac243d441273d2e5c3b2519c99e5d676d6500a
Remove the vestigial llndk_library modules and replace them with
properties in the llndk clause of the implementation cc_library.
Bug: 170784825
Test: m checkbuild
Test: compare out/soong/build.ninja
Change-Id: I1353f630e5a3f4649a13ce8c21bf6be65067716c
The build system will soon require that symbol files describing APIs
across updatable components (e.g. across APEXes or across sytem/vendor)
have the ".map.txt" suffix. This will trigger the NDK API review in the
gerrit so that backwards incompatible changes are prevented.
Bug: N/A
Test: m nothing
Change-Id: I1aacf8eea317ac1e7cf0dea3689ff8ef3e315dc0
Making libselinux available to ramdisk and vendor_ramdisk
modules. Ramdisk and vendor_ramdisk modules are typically
used by first stage init.
This is the prerequisite to make toybox available to ramdisk
and vendor_ramdisk, so that first stage console can use shell
utilities.
Test: pass
Bug: 156098440
Change-Id: I8289eb12ce5a90fc68fcd432a2eef4240c87a7d2
Instead of assuming a module with the .llndk suffix exists, add an
llndk_stubs property to every cc_library module that has a
corresponding llndk_library. Also rename the llndk_library to have
an explicit .llndk suffix.
Bug: 170784825
Test: no changes to build.ninja (excluding comments) or Android-${TARGET_PRODUCT}.mk
Change-Id: Iaf4ffe2dc7459715c97d8083e39b367b128f1b55
android_filesystem_config.h is found since system/core/include is on
the include path for all projects and contains a symlink to the real
android_filesystem_config.h. This is fragile and the below bug seeks
to remove this symlink and have users correctly depend on
libcutils_headers.
Bug: 165825252
Test: build
Change-Id: I173a275366051aec3e941870e6dbebaab6bea6d0
Bindgen flags are now shell escaped, so we can't pass multiple distinct
arguments in the same argument string. Bindgen will parse each element
of the bindgen_flags list as an argument and fails to parse the flag if
it is separated from the value by whitespace. Bindgen accepts
--flag=value forms for its arguments, so we use these instead.
Test: m libselinux_bindgen
Change-Id: Ic0ca26b8a93547d8dc23087d9f7d414dfab341d6
The stem property has changed to source_stem, flags has changed to
bindgen_flags, and crate_name is now required.
Bug: 159064919
Test: mma
Change-Id: Ib4c0dbe98231cdd70c041d5b0a001238ae6c0cc7
libselinux has stable C APIs and therefore provides a stub library for
Mainline clients. It is not copied into any Mainline modules and the
only instance of the lib in /system/lib serves all of them.
However for vendors, we still had another copy of libselinux in VNDK
(e.g. in the VNDK APEX that is served via the path /system/lib/vndk).
Since the library is guaranteed to have stable C APIs, there is no
reason to keep the vendor variant of the library in VNDK. Keeping it in
VNDK would be just a waste of storage space.
This change removes libselinux from VNDK and marks it as LLNDK. The
single instance of if in /system/lib serves vendor processes as well as
Mainline modules.
Bug: 151303316
Test: m
Change-Id: Ibb3e125c1bf4ef7873ae8df0795e781f64d743f1
libselinux is currently being copied to APEXes. This is risky because
the library is not designed to be portable; part of it is tied to the
specific version of the Android that it was developed for.
This change fixes the problem by declaring that the library supports
a stub with the list of C APIs that are included in the stub. Then there
is only one copy of libselinux in /system/lib and other APEXes use the
copy by dynamically linking to it.
Bug: 151053366
Test: m com.android.adbd. It doesn't include libselinux in it.
Test: m com.android.adbd-deps-info. then inspect
out/soong/com.android.adbd-deps-info.txt. The dependency to libselinux
is shown as '(external)'.
Change-Id: I8faf344f3984437e313745e5eda5fdb8e75ce8ab
libselinux only linked with libcrypto so it could #include <openssl/sha.h>,
however it doesn't actually need that include, and so doesn't need
libcrypto either.
Test: build
Change-Id: Ic812274916aa3e63229e51027c615dc96611a13f
Additionally, resolve build time errors due to
c19395d722
libselinux: selinux_set_mapping: fix handling of unknown classes/perm
Followed the following steps:
# In repo client
cd external/selinux
repo sync .
repo start mymerge .
git merge aosp/upstream-master --no-ff # resolve any conflicts
lunch && make -j
repo upload .
Test: device boots and no obvious problems.
Change-Id: Ib3a6c086ceadaeaaaf35498d53b2b3e3ad5b8945
libselinux is a VNDK lib and also used by LLNDK(libmediandk) which means
this lib can be double-loaded.
(deps: libmediandk -> libmedia_jni -> libandroid_runtime -> libselinux)
Bug: 121280180
Test: m -j
Change-Id: Ie7a583088a97cf68f7ae547b6d63f970efa559e8
I'd like to build the exact same toybox binary for the host as for the
device, with the aim of getting a more hermetic build without maintaining
two toyboxes.
Bug: N/A
Test: builds
Change-Id: Ib6a1775100e43722ddf1dcfcc13e85703c9986f1
Libraries that are direct or indirect dependencies of modules installed
to recovery partition (e.g. toybox) are marked as recovery_available:
true. This allows a recovery variant of the lib is created when it is
depended by other recovery or recovery_available modules.
Bug: 67916654
Bug: 64960723
Test: m -j
Change-Id: I63d83278c0f80e1053e92d076e78d41e10270ba4
Just always read and process vendor policies if they are there.
Bug: 62019611
Test: marlin boots (which is Treble)
Test: bullhead boots (which is non-Treble)
Change-Id: I0483b8c911558c920d55c77a9b4f59d6074ed264
This commit marks libselinux.so as VNDK, so that vendor variant of
libselinux.so can be installed into /system/lib[64]/vndk instead of
/vendor/lib[64]. This makes it easier to apply security patches
through system-only OTAs.
Before this commit, libselinux was not an VNDK library because there
was a concern with selabel database file format. This is no longer a
concern because the file backend is disabled in vendor variant.
Bug: 69587962
Bug: 63866913
Test: /system/lib64/vndk/libselinux.so shows up in GSI
Change-Id: I9d3be760bb5b3f8bf50b96ce6d8b938bf75c620a
