tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Remove HAVE_SELINUX guards"

Browse source
This commit is contained in:
Kenny Root 2012-10-17 09:35:56 -07:00 committed by Gerrit Code Review
commit 7b88a90da2
10 changed files with 18 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
debuggerd/Android.mk
View file

@ -23,13 +23,11 @@ ifeq ($(ARCH_ARM_HAVE_VFP_D32),true)
LOCAL_CFLAGS += -DWITH_VFP_D32
endif # ARCH_ARM_HAVE_VFP_D32
LOCAL_SHARED_LIBRARIES := libcutils libc libcorkscrew
ifeq ($(HAVE_SELINUX),true)
LOCAL_SHARED_LIBRARIES += libselinux
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
LOCAL_SHARED_LIBRARIES := \
libcutils \
libc \
libcorkscrew \
libselinux
include $(BUILD_EXECUTABLE)

4
debuggerd/tombstone.c
View file

@ -35,9 +35,7 @@
#include <corkscrew/demangle.h>
#include <corkscrew/backtrace.h>
#ifdef HAVE_SELINUX
#include <selinux/android.h>
#endif
#include "machine.h"
#include "tombstone.h"
@ -686,12 +684,10 @@ char* engrave_tombstone(pid_t pid, pid_t tid, int signal,
mkdir(TOMBSTONE_DIR, 0755);
chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM);
#ifdef HAVE_SELINUX
if (selinux_android_restorecon(TOMBSTONE_DIR) == -1) {
*detach_failed = false;
return NULL;
}
#endif
int fd;
char* path = find_and_open_tombstone(&fd);

12
init/Android.mk
View file

@ -32,13 +32,11 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
LOCAL_STATIC_LIBRARIES := libfs_mgr libcutils libc
ifeq ($(HAVE_SELINUX),true)
LOCAL_STATIC_LIBRARIES += libselinux
LOCAL_C_INCLUDES += external/libselinux/include
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
LOCAL_STATIC_LIBRARIES := \
libfs_mgr \
libcutils \
libc \
libselinux
include $(BUILD_EXECUTABLE)

9
init/builtins.c
View file

@ -35,10 +35,8 @@
#include <sys/system_properties.h>
#include <fs_mgr.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
#endif
#include "init.h"
#include "keywords.h"
@ -501,24 +499,20 @@ int do_mount_all(int nargs, char **args)
}
int do_setcon(int nargs, char **args) {
#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0)
return 0;
if (setcon(args[1]) < 0) {
return -errno;
}
#endif
return 0;
}
int do_setenforce(int nargs, char **args) {
#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0)
return 0;
if (security_setenforce(atoi(args[1])) < 0) {
return -errno;
}
#endif
return 0;
}
@ -746,7 +740,6 @@ int do_restorecon(int nargs, char **args) {
}
int do_setsebool(int nargs, char **args) {
#ifdef HAVE_SELINUX
SELboolean *b = alloca(nargs * sizeof(SELboolean));
char *v;
int i;
@ -775,7 +768,7 @@ int do_setsebool(int nargs, char **args) {
if (security_set_boolean_list(nargs - 1, b, 0) < 0)
return -errno;
#endif
return 0;
}

17
init/devices.c
View file

@ -30,11 +30,9 @@
#include <sys/un.h>
#include <linux/netlink.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
#include <selinux/android.h>
#endif
#include <private/android_filesystem_config.h>
#include <sys/time.h>
@ -52,9 +50,7 @@
#define FIRMWARE_DIR1 "/etc/firmware"
#define FIRMWARE_DIR2 "/vendor/firmware"
#ifdef HAVE_SELINUX
extern struct selabel_handle *sehandle;
#endif
static int device_fd = -1;
@ -192,17 +188,15 @@ static void make_device(const char *path,
unsigned gid;
mode_t mode;
dev_t dev;
#ifdef HAVE_SELINUX
char *secontext = NULL;
#endif
mode = get_device_perm(path, &uid, &gid) | (block ? S_IFBLK : S_IFCHR);
#ifdef HAVE_SELINUX
if (sehandle) {
selabel_lookup(sehandle, &secontext, path, mode);
setfscreatecon(secontext);
}
#endif
dev = makedev(major, minor);
/* Temporarily change egid to avoid race condition setting the gid of the
* device node. Unforunately changing the euid would prevent creation of
@ -213,12 +207,11 @@ static void make_device(const char *path,
mknod(path, mode, dev);
chown(path, uid, -1);
setegid(AID_ROOT);
#ifdef HAVE_SELINUX
if (secontext) {
freecon(secontext);
setfscreatecon(NULL);
}
#endif
}
static void add_platform_device(const char *name)
@ -874,12 +867,12 @@ void device_init(void)
suseconds_t t0, t1;
struct stat info;
int fd;
#ifdef HAVE_SELINUX
sehandle = NULL;
if (is_selinux_enabled() > 0) {
sehandle = selinux_android_file_context_handle();
}
#endif
/* is 64K enough? udev uses 16MB! */
device_fd = uevent_open_socket(64*1024, true);
if(device_fd < 0)

27
init/init.c
View file

@ -32,11 +32,9 @@
#include <sys/socket.h>
#include <sys/un.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
#include <selinux/android.h>
#endif
#include <libgen.h>
@ -59,10 +57,8 @@
#include "util.h"
#include "ueventd.h"
#ifdef HAVE_SELINUX
struct selabel_handle *sehandle;
struct selabel_handle *sehandle_prop;
#endif
static int property_triggers_enabled = 0;
@ -76,9 +72,7 @@ static char hardware[32];
static unsigned revision = 0;
static char qemu[32];
#ifdef HAVE_SELINUX
static int selinux_enabled = 1;
#endif
static struct action *cur_action = NULL;
static struct command *cur_command = NULL;
@ -162,10 +156,9 @@ void service_start(struct service *svc, const char *dynamic_args)
pid_t pid;
int needs_console;
int n;
#ifdef HAVE_SELINUX
char *scon = NULL;
int rc;
#endif
/* starting a service removes it from the disabled or reset
* state and immediately takes it out of the restarting
* state if it was in there
@ -202,7 +195,6 @@ void service_start(struct service *svc, const char *dynamic_args)
return;
}
#ifdef HAVE_SELINUX
if (is_selinux_enabled() > 0) {
char *mycon = NULL, *fcon = NULL;
@ -228,7 +220,6 @@ void service_start(struct service *svc, const char *dynamic_args)
return;
}
}
#endif
NOTICE("starting '%s'\n", svc->name);
@ -250,9 +241,7 @@ void service_start(struct service *svc, const char *dynamic_args)
for (ei = svc->envvars; ei; ei = ei->next)
add_environment(ei->name, ei->value);
#ifdef HAVE_SELINUX
setsockcreatecon(scon);
#endif
for (si = svc->sockets; si; si = si->next) {
int socket_type = (
@ -265,11 +254,9 @@ void service_start(struct service *svc, const char *dynamic_args)
}
}
#ifdef HAVE_SELINUX
freecon(scon);
scon = NULL;
setsockcreatecon(NULL);
#endif
if (svc->ioprio_class != IoSchedClass_NONE) {
if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) {
@ -315,15 +302,12 @@ void service_start(struct service *svc, const char *dynamic_args)
_exit(127);
}
}
#ifdef HAVE_SELINUX
if (svc->seclabel) {
if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) {
ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno));
_exit(127);
}
}
#endif
if (!dynamic_args) {
if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) {
@ -350,9 +334,7 @@ void service_start(struct service *svc, const char *dynamic_args)
_exit(127);
}
#ifdef HAVE_SELINUX
freecon(scon);
#endif
if (pid < 0) {
ERROR("failed to start '%s'\n", svc->name);
@ -603,11 +585,9 @@ static void import_kernel_nv(char *name, int for_emulator)
*value++ = 0;
if (name_len == 0) return;
#ifdef HAVE_SELINUX
if (!strcmp(name,"selinux")) {
selinux_enabled = atoi(value);
}
#endif
if (for_emulator) {
/* in the emulator, export any kernel option with the
@ -755,7 +735,6 @@ static int bootchart_init_action(int nargs, char **args)
}
#endif
#ifdef HAVE_SELINUX
static const struct selinux_opt seopts_prop[] = {
{ SELABEL_OPT_PATH, "/data/system/property_contexts" },
{ SELABEL_OPT_PATH, "/property_contexts" },
@ -814,8 +793,6 @@ int audit_callback(void *data, security_class_t cls, char *buf, size_t len)
return 0;
}
#endif
int main(int argc, char **argv)
{
int fd_count = 0;
@ -866,7 +843,6 @@ int main(int argc, char **argv)
process_kernel_cmdline();
#ifdef HAVE_SELINUX
union selinux_callback cb;
cb.func_log = klog_write;
selinux_set_callback(SELINUX_CB_LOG, cb);
@ -891,7 +867,6 @@ int main(int argc, char **argv)
*/
restorecon("/dev");
restorecon("/dev/socket");
#endif
is_charger = !strcmp(bootmode, "charger");

4
init/init.h
View file

@ -95,9 +95,7 @@ struct service {
gid_t supp_gids[NR_SVC_SUPP_GIDS];
size_t nr_supp_gids;
#ifdef HAVE_SELINUX
char *seclabel;
#endif
struct socketinfo *sockets;
struct svcenvinfo *envvars;
@ -136,10 +134,8 @@ void property_changed(const char *name, const char *value);
int load_565rle_image( char *file_name );
#ifdef HAVE_SELINUX
extern struct selabel_handle *sehandle;
extern struct selabel_handle *sehandle_prop;
extern int selinux_reload_policy(void);
#endif
#endif /* _INIT_INIT_H */

2
init/init_parser.c
View file

@ -799,13 +799,11 @@ static void parse_line_service(struct parse_state *state, int nargs, char **args
}
break;
case K_seclabel:
#ifdef HAVE_SELINUX
if (nargs != 2) {
parse_error(state, "seclabel option requires a label string\n");
} else {
svc->seclabel = args[1];
}
#endif
break;
default:

18
init/property_service.c
View file

@ -40,10 +40,8 @@
#include <sys/atomics.h>
#include <private/android_filesystem_config.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
#endif
#include "property_service.h"
#include "init.h"
@ -199,7 +197,6 @@ static void update_prop_info(prop_info *pi, const char *value, unsigned len)
static int check_mac_perms(const char *name, char *sctx)
{
#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0)
return 1;
@ -223,15 +220,10 @@ static int check_mac_perms(const char *name, char *sctx)
freecon(tctx);
err:
return result;
#endif
return 1;
}
static int check_control_mac_perms(const char *name, char *sctx)
{
#ifdef HAVE_SELINUX
/*
* Create a name prefix out of ctl.<service name>
* The new prefix allows the use of the existing
@ -245,9 +237,6 @@ static int check_control_mac_perms(const char *name, char *sctx)
return 0;
return check_mac_perms(ctl_name, sctx);
#endif
return 1;
}
/*
@ -394,11 +383,9 @@ int property_set(const char *name, const char *value)
* to prevent them from being overwritten by default values.
*/
write_persistent_property(name, value);
#ifdef HAVE_SELINUX
} else if (strcmp("selinux.reload_policy", name) == 0 &&
strcmp("1", value) == 0) {
selinux_reload_policy();
#endif
}
property_changed(name, value);
return 0;
@ -440,9 +427,7 @@ void handle_property_set_fd()
msg.name[PROP_NAME_MAX-1] = 0;
msg.value[PROP_VALUE_MAX-1] = 0;
#ifdef HAVE_SELINUX
getpeercon(s, &source_ctx);
#endif
if(memcmp(msg.name,"ctl.",4) == 0) {
// Keep the old close-socket-early behavior when handling
@ -467,10 +452,7 @@ void handle_property_set_fd()
// the property is written to memory.
close(s);
}
#ifdef HAVE_SELINUX
freecon(source_ctx);
#endif
break;
default:

15
init/util.c
View file

@ -23,9 +23,7 @@
#include <errno.h>
#include <time.h>
#ifdef HAVE_SELINUX
#include <selinux/label.h>
#endif
#include <sys/stat.h>
#include <sys/types.h>
@ -89,9 +87,7 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid)
{
struct sockaddr_un addr;
int fd, ret;
#ifdef HAVE_SELINUX
char *secon;
#endif
fd = socket(PF_UNIX, type, 0);
if (fd < 0) {
@ -110,14 +106,12 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid)
goto out_close;
}
#ifdef HAVE_SELINUX
secon = NULL;
if (sehandle) {
ret = selabel_lookup(sehandle, &secon, addr.sun_path, S_IFSOCK);
if (ret == 0)
setfscreatecon(secon);
}
#endif
ret = bind(fd, (struct sockaddr *) &addr, sizeof (addr));
if (ret) {
@ -125,10 +119,8 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid)
goto out_unlink;
}
#ifdef HAVE_SELINUX
setfscreatecon(NULL);
freecon(secon);
#endif
chown(addr.sun_path, uid, gid);
chmod(addr.sun_path, perm);
@ -468,31 +460,27 @@ int make_dir(const char *path, mode_t mode)
{
int rc;
#ifdef HAVE_SELINUX
char *secontext = NULL;
if (sehandle) {
selabel_lookup(sehandle, &secontext, path, mode);
setfscreatecon(secontext);
}
#endif
rc = mkdir(path, mode);
#ifdef HAVE_SELINUX
if (secontext) {
int save_errno = errno;
freecon(secontext);
setfscreatecon(NULL);
errno = save_errno;
}
#endif
return rc;
}
int restorecon(const char *pathname)
{
#ifdef HAVE_SELINUX
char *secontext = NULL;
struct stat sb;
int i;
@ -509,6 +497,5 @@ int restorecon(const char *pathname)
return -errno;
}
freecon(secontext);
#endif
return 0;
}