seapp_context_lookup_internal applies a flag that is referenced in
seapp_contexts based on the seInfo string passed to it.
This enables testers to test out the set of restriction planned the
next SDK version and give feedback before we decide on the actual
restrictions for the next release.
Bug: b/270148964
Test: manual test app and adb shell ps -Z
Change-Id: I175229d135d99516dd6f38b8963d0ccc93a61a4f
libselinux log messages usually end with a new line character. Android
log system does not require the new line character and will include the
character as-is in the log buffer.
selinux_log_callback and selinux_vendor_log_callback implementations are
merged as they provide similar functionalities.
Match the indentation (i.e., tabs) with the rest of the file.
Test: boot & inspect logcat
Change-Id: I0a5e53b8f048c65f29c5df3bd7e0b38f523e42cd
We were previously on 3.5-rc2, there has been only little changes since
then.
Followed the steps:
repo start update_3.5 .
git merge 3.5 --no-ff # No merge conflicts were found.
lunch && m
repo upload .
# Update METADATA in a separate change.
Test: TH
Change-Id: If88fe90d2cbdb1ba6a279cba8b397cd2c808c6ab
Add a note that querying a foreign process via its PID is inherently
racy.
Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
Add the public interfaces getpidprevcon(3) and getpidprevcon_raw(3), and
the utility getpidprevcon to gather the previous context before the last
exec of a given process.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
The hash mask is set to 2^16 - 1, which does not fit into a signed 16
bit integer. Use uint32_t to be on the safe side. Also use size_t for
counting in debug function.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
Add const qualifier to read-only state struct.
Minimize scope of function local variables, to reduce complexity.
Pass only the file type related file flags to selabel_lookup(3).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
The optimization flag -funit-at-a-time is enabled by default in GCC[1]
and not supported by Clang:
clang: error: optimization flag '-funit-at-a-time' is not supported [-Werror,-Wignored-optimization-argument]
[1]: https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
Commit 7506771e4b
"add missing booleans to man pages" dramatically slowed down
"sepolicy manpage -a" by removing caching of setools rule query.
Re-add said caching and update the query to only return conditional
rules.
Before commit 7506771e:
#time sepolicy manpage -a
real 1m43.153s
# time sepolicy manpage -d httpd_t
real 0m4.493s
After commit 7506771e:
#time sepolicy manpage -a
real 1h56m43.153s
# time sepolicy manpage -d httpd_t
real 0m8.352s
After this commit:
#time sepolicy manpage -a
real 1m41.074s
# time sepolicy manpage -d httpd_t
real 0m7.358s
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
Since 30b3e9d2 (libselinux: Workaround for heap overhead of pcre,
2023-01-12), performance of PCRE2 matches has been affected due to
excesive recreation of the match_data in an attempt to reduce memory
utilization; instead of a workaround, it would be better to address
the problem and maybe even improve performance in the process.
The issue is that currently the structure that holds PCRE state has
both a pcre2_code (which is per pattern) and a pcre2_match_data (which
is per match), forcing us to add a mutex to prevent multiple matches to
step on each other.
Lets remove the match_data and the mutex and instead allocate one once
in a thread independent way that could be used and reused, by extending
our pthread interface to not only store TLS variables but also retrieve
them, and then use one of those.
Since we are not interested on the capture groups (if any) lets only
allocate 1 pair which is all that will be needed and change the logic
so that a return of 0 (which means the pattern matched but there were
not enough capture spots) is also considered a match.
This will ensure that the memory use would be bound to the number of
concurrent matches instead of the number of patterns and therefore
reduce the impact that recent changes on the way that the frames used
for matching are allocated might had brough since 10.41 was released.
For cases where threads are not available, just keep it working in slow
mode as done before the workaround was reverted.
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
cherry picked from:
https://patchwork.kernel.org/project/selinux/patch/20230123014047.84911-3-carenas@gmail.com/
Bug: 262469329
Test: atest MicrodroidBenchmarkApp
Change-Id: I3207c6dd2a215f81699aa62e8fcdf65c745bae72
Do not remove the runtime directory /run/setrans/, which is the parent
for the security context translation socket .setrans-unix, when the
service is stopped, so the path can not be taken over by a foreign
program, which could lead to a compromise of the context translation of
libselinux.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Enables processes with :IsolatedComputeApp set to be selected by seapp contexts with isIsolatedComputeApp selector.
Bug: 265540209
Bug: 265746493
Test: m && atest --host libselinux_test with change on android_unittest.cpp
Change-Id: I44f33bdd17454586708cbff2631ecd6725e53087
This is to workaround a regression on peak memory usage, due to a
behavior change of pcre2. With this patch, peak memory usage decreases
for about 4 MB.
Also verified with microdroid benchmarks that the runtime impact is
negligible.
Before this patch:
testMicrodroidBootTime[protectedVm=false]:
avf_perf/microdroid/boot_time_average_ms: 1072.2437260666668
avf_perf/microdroid/boot_time_max_ms: 1153.957195
avf_perf/microdroid/boot_time_min_ms: 987.760254
avf_perf/microdroid/boot_time_stdev_ms: 43.715968392943445
testMicrodroidBootTime[protectedVm=true]:
avf_perf/microdroid/boot_time_average_ms: 1318.7790113333335
avf_perf/microdroid/boot_time_max_ms: 1367.490967
avf_perf/microdroid/boot_time_min_ms: 1239.080486
avf_perf/microdroid/boot_time_stdev_ms: 33.82832311810135
After this patch:
testMicrodroidBootTime[protectedVm=false]:
avf_perf/microdroid/boot_time_average_ms: 1074.9152321333336
avf_perf/microdroid/boot_time_max_ms: 1172.233481
avf_perf/microdroid/boot_time_min_ms: 971.020793
avf_perf/microdroid/boot_time_stdev_ms: 45.3782260524823
testMicrodroidBootTime[protectedVm=true]:
avf_perf/microdroid/boot_time_average_ms: 1286.4607849333333
avf_perf/microdroid/boot_time_max_ms: 1380.643678
avf_perf/microdroid/boot_time_min_ms: 1209.573649
avf_perf/microdroid/boot_time_stdev_ms: 44.44544241596637
Bug: 262469329
Test: atest MicrodroidBenchmarks
Test: run device boot time test
Change-Id: Ifc1be381255c263638ea262b995bc06fa3c7bdcc
pcre's behavior is changed so that pcre2_match always allocates heap for
match_data, rather than stack, regardless of size. The heap isn't freed
until explicitly calling pcre2_match_data_free. This new behavior may
result in heap overhead, which may increase the peak memory usage about
a few megabytes. It's because regex_match is first called for regex_data
objects, and then regex_data objects are freed at once.
To workaround it, free match_data as soon as we call regex_match. It's
fine because libselinux currently doesn't use match_data, but use only
the return value.
Signed-off-by: Inseob Kim <inseob@google.com>
Acked-by: Jason Zaman <jason@perfinion.com>
