init: Refactor selinux.h/cpp

This change factors out functions that handle selabels from selinux.h/cpp into selabel.h/cpp. This allows util.cpp to be used by the upcoming native zygote without a bunch of define flags that are required for selinux.cpp. Bug: 133443795 Test: Build and boot cuttlefish. Change-Id: Ie238a96c6407c6698a605dd8803c1727abfaae7b
2019-05-28 15:58:35 -07:00 · 2019-05-28 15:58:35 -07:00 · 92c236e41b
commit 92c236e41b
parent e20f357f4f
12 changed files with 120 additions and 66 deletions
--- a/init/Android.bp
+++ b/init/Android.bp
@ -124,6 +124,7 @@ cc_library_static {
        "reboot.cpp",
        "reboot_utils.cpp",
        "security.cpp",
+        "selabel.cpp",
        "selinux.cpp",
        "service.cpp",
        "sigchld_handler.cpp",
--- a/init/Android.mk
+++ b/init/Android.mk
@ -52,6 +52,7 @@ LOCAL_SRC_FILES := \
    first_stage_mount.cpp \
    mount_namespace.cpp \
    reboot_utils.cpp \
+    selabel.cpp \
    selinux.cpp \
    switch_root.cpp \
    uevent_listener.cpp \
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@ -70,6 +70,7 @@
 #include "property_service.h"
 #include "reboot.h"
 #include "rlimit_parser.h"
+#include "selabel.h"
 #include "selinux.h"
 #include "service.h"
 #include "subcontext.h"
--- a/init/devices.cpp
+++ b/init/devices.cpp
@ -36,7 +36,7 @@
 #include <selinux/android.h>
 #include <selinux/selinux.h>

-#include "selinux.h"
+#include "selabel.h"
 #include "util.h"

 #ifdef _INIT_INIT_H
--- a/init/init.cpp
+++ b/init/init.cpp
@ -65,6 +65,7 @@
 #include "reboot.h"
 #include "reboot_utils.h"
 #include "security.h"
+#include "selabel.h"
 #include "selinux.h"
 #include "sigchld_handler.h"
 #include "util.h"
--- a/init/selabel.cpp
+++ b/init/selabel.cpp
@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "selabel.h"
+
+#include <selinux/android.h>
+
+namespace android {
+namespace init {
+
+namespace {
+
+selabel_handle* sehandle = nullptr;
+}
+
+// selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
+// its value.  selinux_android_restorecon() also needs an sehandle for file context look up.  It
+// will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
+// one, thus eliminating an extra call to selinux_android_file_context_handle().
+void SelabelInitialize() {
+    sehandle = selinux_android_file_context_handle();
+    selinux_android_set_sehandle(sehandle);
+}
+
+// A C++ wrapper around selabel_lookup() using the cached sehandle.
+// If sehandle is null, this returns success with an empty context.
+bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
+    result->clear();
+
+    if (!sehandle) return true;
+
+    char* context;
+    if (selabel_lookup(sehandle, &context, key.c_str(), type) != 0) {
+        return false;
+    }
+    *result = context;
+    free(context);
+    return true;
+}
+
+// A C++ wrapper around selabel_lookup_best_match() using the cached sehandle.
+// If sehandle is null, this returns success with an empty context.
+bool SelabelLookupFileContextBestMatch(const std::string& key,
+                                       const std::vector<std::string>& aliases, int type,
+                                       std::string* result) {
+    result->clear();
+
+    if (!sehandle) return true;
+
+    std::vector<const char*> c_aliases;
+    for (const auto& alias : aliases) {
+        c_aliases.emplace_back(alias.c_str());
+    }
+    c_aliases.emplace_back(nullptr);
+
+    char* context;
+    if (selabel_lookup_best_match(sehandle, &context, key.c_str(), &c_aliases[0], type) != 0) {
+        return false;
+    }
+    *result = context;
+    free(context);
+    return true;
+}
+
+}  // namespace init
+}  // namespace android
--- a/init/selabel.h
+++ b/init/selabel.h
@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+#include <vector>
+
+namespace android {
+namespace init {
+
+void SelabelInitialize();
+bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
+bool SelabelLookupFileContextBestMatch(const std::string& key,
+                                       const std::vector<std::string>& aliases, int type,
+                                       std::string* result);
+
+}  // namespace init
+}  // namespace android
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@ -79,8 +79,6 @@ namespace init {

 namespace {

-selabel_handle* sehandle = nullptr;
-
 enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING };

 EnforcingStatus StatusFromCmdline() {
@ -554,54 +552,5 @@ int SetupSelinux(char** argv) {
    return 1;
 }

-// selinux_android_file_context_handle() takes on the order of 10+ms to run, so we want to cache
-// its value.  selinux_android_restorecon() also needs an sehandle for file context look up.  It
-// will create and store its own copy, but selinux_android_set_sehandle() can be used to provide
-// one, thus eliminating an extra call to selinux_android_file_context_handle().
-void SelabelInitialize() {
-    sehandle = selinux_android_file_context_handle();
-    selinux_android_set_sehandle(sehandle);
-}
-
-// A C++ wrapper around selabel_lookup() using the cached sehandle.
-// If sehandle is null, this returns success with an empty context.
-bool SelabelLookupFileContext(const std::string& key, int type, std::string* result) {
-    result->clear();
-
-    if (!sehandle) return true;
-
-    char* context;
-    if (selabel_lookup(sehandle, &context, key.c_str(), type) != 0) {
-        return false;
-    }
-    *result = context;
-    free(context);
-    return true;
-}
-
-// A C++ wrapper around selabel_lookup_best_match() using the cached sehandle.
-// If sehandle is null, this returns success with an empty context.
-bool SelabelLookupFileContextBestMatch(const std::string& key,
-                                       const std::vector<std::string>& aliases, int type,
-                                       std::string* result) {
-    result->clear();
-
-    if (!sehandle) return true;
-
-    std::vector<const char*> c_aliases;
-    for (const auto& alias : aliases) {
-        c_aliases.emplace_back(alias.c_str());
-    }
-    c_aliases.emplace_back(nullptr);
-
-    char* context;
-    if (selabel_lookup_best_match(sehandle, &context, key.c_str(), &c_aliases[0], type) != 0) {
-        return false;
-    }
-    *result = context;
-    free(context);
-    return true;
-}
-
 }  // namespace init
 }  // namespace android
--- a/init/selinux.h
+++ b/init/selinux.h
@ -14,11 +14,7 @@
 * limitations under the License.
 */

-#ifndef _INIT_SELINUX_H
-#define _INIT_SELINUX_H
-
-#include <string>
-#include <vector>
+#pragma once

 namespace android {
 namespace init {
@ -29,15 +25,7 @@ void SelinuxRestoreContext();
 void SelinuxSetupKernelLogging();
 int SelinuxGetVendorAndroidVersion();

-void SelabelInitialize();
-bool SelabelLookupFileContext(const std::string& key, int type, std::string* result);
-bool SelabelLookupFileContextBestMatch(const std::string& key,
-                                       const std::vector<std::string>& aliases, int type,
-                                       std::string* result);
-
 static constexpr char kEnvSelinuxStartedAt[] = "SELINUX_STARTED_AT";

 }  // namespace init
 }  // namespace android
-
-#endif
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@ -32,6 +32,7 @@
 #if defined(__ANDROID__)
 #include <android/api-level.h>
 #include "property_service.h"
+#include "selabel.h"
 #include "selinux.h"
 #else
 #include "host_init_stubs.h"
--- a/init/ueventd.cpp
+++ b/init/ueventd.cpp
@ -37,6 +37,7 @@
 #include "devices.h"
 #include "firmware_handler.h"
 #include "modalias_handler.h"
+#include "selabel.h"
 #include "selinux.h"
 #include "uevent_handler.h"
 #include "uevent_listener.h"
--- a/init/util.cpp
+++ b/init/util.cpp
@ -41,7 +41,7 @@

 #if defined(__ANDROID__)
 #include "reboot_utils.h"
-#include "selinux.h"
+#include "selabel.h"
 #else
 #include "host_init_stubs.h"
 #endif