Age | Commit message (Collapse) | Author |
|
(cherry-pick of commit: 06d45512e2df93f65a51877a51549e522b4f2cf5)
Bug: 21732016
Change-Id: I56c3e73a089da65bbe0f064bbdd6e8096c082db0
|
|
no-policy-loaded test.
* commit 'cad7ad66bf4bae72c42b507e7d06907fd07dd7fe':
libselinux: is_selinux_enabled(): drop no-policy-loaded test.
|
|
* commit '801cd60478e994c505ff740271b5506e2036278c':
libselinux: is_selinux_enabled(): drop no-policy-loaded test.
|
|
upstream commit 685f4aeeadc0b60f3770404d4f149610d656e3c8.
SELinux can be disabled via the selinux=0 kernel parameter or via
/sys/fs/selinux/disable (triggered by setting SELINUX=disabled in
/etc/selinux/config). In either case, selinuxfs will be unmounted
and unregistered and therefore it is sufficient to check for the
selinuxfs mount. We do not need to check for no-policy-loaded and
treat that as SELinux-disabled anymore; that is a relic of Fedora Core 2
days. Drop the no-policy-loaded test, which was a bit of a hack anyway
(checking whether getcon_raw() returned "kernel" as that can only happen
if no policy is yet loaded and therefore security_sid_to_context() only
has the initial SID name available to return as the context).
May possibly fix https://bugzilla.redhat.com/show_bug.cgi?id=1195074
by virtue of removing the call to getcon_raw() and therefore avoiding
use of tls on is_selinux_enabled() calls. Regardless, it will make
is_selinux_enabled() faster and simpler.
[sds: Adapted for the Android libselinux port. Also drops the
fallback to scanning /proc/filesystems for selinuxfs as this was
already done upstream; init mounts selinuxfs via libselinux prior to any
is_selinux_enabled() checks. The tls bug is not relevant in Android
since the Android libselinux port does not use tls, but this change
is nonetheless useful to optimize is_selinux_enabled().]
Change-Id: Ia8b484a3a2fe7f604b0bfb8f5b109ad7674c1152
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
* commit '3d0ee672186f9ce224808758b2651c55d8bba616':
Keep only one host LOCAL_COPY_HEADERS rule.
|
|
* commit 'fab180eabbbe956b0860b92fb856ab87256924e7':
Keep only one host LOCAL_COPY_HEADERS rule.
|
|
This fixes build warnings:
build/core/copy_headers.mk:15: warning: overriding commands for target
`out/host/linux-x86/obj/include/selinux/selinux.h'
Change-Id: Ie64a43856f7fd3759d84a6d3a5b897040cb648f3
|
|
* commit 'e446fb16de6268c244561de83c7e90e830e0049d':
libselinux: create host shared library
|
|
* commit '12ea87bb5a35b176cb027120db57e5308f51e6a0':
libselinux: create host shared library
|
|
Bug: 19908228
Change-Id: I618938a5a487d5d9ed8d961f85b4b584f419a1d0
|
|
/data/data
* commit '20403933a623a7b33b4a19086f4a4145c4daf964':
android.c: don't run restorecon on subdirs of /data/data
|
|
* commit 'd601f82e72f86c1ed2f9ff8f13acfebd5e4337b2':
android.c: don't run restorecon on subdirs of /data/data
|
|
/data/data and /data/user are treated differently when doing relabeling.
Specifically:
1) /data/data should be labeled by init.
2) files / directories within /data/data should NOT be labeled by init,
only by installd at system_server's request.
3) /data/user should be labeled by init.
4) subdirectories one level deep under /data/user should be labeled
by init.
5) subdirectories more than one level deep under /data/user
should NOT be labeled by init, only by installd at system_server's
request.
Commit 4766bfa9ec477b245a9a863152839269a314f9d4 inadvertantly applied
the same rules to /data/data that we use for /data/user, resulting
in init attempting to label directories one level deep in /data/data.
Restore the line to the version before 4766bfa9ec477b245a9a863152839269a314f9d4.
While we're here, fix the following compiler warning:
external/libselinux/src/android.c:1059:45: warning: trigraph ??- ignored, use -trigraphs to enable [-Wtrigraphs]
#define EXPAND_USER_PATH "/mnt/expand/????????-????-????-????-????????????/user"
^
Bug: 20190506
Change-Id: I5dc6ada37c2bfd0904e341aabc3b7a123105a212
|
|
* commit '4477997ae6455b4126d82b6e0e0a1ba7782f81e7':
Match app directories on expanded storage.
|
|
* commit '4766bfa9ec477b245a9a863152839269a314f9d4':
Match app directories on expanded storage.
|
|
Expanded storage behaves mostly like the internal data storage,
including holding private app data. To correctly apply SELinux
labels, this change defines a pattern for matching these new paths
which follow the format:
/mnt/expand/<UUID>/user/<N>
The owner user (0) is not special cased like internal storage, and
lives under the /user/0 directory.
Bug: 19993667
Change-Id: Ia3eb28440ff3a119f0a3892e636640cf59c01244
|
|
* commit '36ff8204b678990cde2f3cc6a0ff97acdb9654c9':
DO NOT MERGE: handle newlines in file names
|
|
* commit 'ed841ace2bdfabe2053e2a30fb323da36b70b516':
DO NOT MERGE: handle newlines in file names
|
|
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.
See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.
(cherry picked from commit 51fc85bc845bf6c7de1962efe6458ec701051162)
Change-Id: I413ff130e4328b8325be78d9fab119a466df84f3
|
|
* commit '1be58cb7c7ea5953424500800720d10da6bbdfcc':
Add MODULE_LICENSE file
|
|
Change-Id: Ib956911fba8b51dec19856a20970cdce10a91cf0
|
|
* commit 'bb38d53b27778231706be300479f7b9df978d1f7':
Change seapp_context isSystemServer to bool.
|
|
* commit 'ab5e5faae18970d4fd47ff81c731918267e7d99a':
Change seapp_context isSystemServer to bool.
|
|
This brings it in line with the other is* members of struct seapp_context and
better reflects its usage.
Change-Id: I6e2d1891e7bd38b5164dfe66b66d698ad48323d5
|
|
* commit '3e2570ee37cab32ded83d9d293d91938652814c1':
handle newlines in file names
|
|
* commit '51fc85bc845bf6c7de1962efe6458ec701051162':
handle newlines in file names
|
|
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.
See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.
Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a
|
|
seapp_contexts.
* commit '346f3ebdeb97030e6045bebdd11f74d96b2c3e2c':
libselinux: Reject duplicate entries within seapp_contexts.
|
|
* commit '76d51845d996d7833245cfcb95b88fc0a837c679':
libselinux: Reject duplicate entries within seapp_contexts.
|
|
seapp_context entries.
* commit 'e7d85c664ca5e8c22830140d9f87e3a67ef88202':
libselinux: Reject duplicate keys in seapp_context entries.
|
|
* commit '0f912a1cd9dc2c7bb7aebf40d4a0b58058a2a4ac':
libselinux: Reject duplicate keys in seapp_context entries.
|
|
Presently it will leak the memory from the first definition and
use the last one in each line. Treat it as an error instead and
fail.
Change-Id: I6a6383bf6ace59b1fd504c01047fd685c16c4849
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
Presently it will permit duplicate entries (either duplicated
on input selectors or entirely) and whichever one ended up first
in the sorted list would win (and this would be arbitrary as
the comparison function would return 0 since they have the same
input selectors).
Treat it as an error instead and fail.
Change-Id: I611515699b35b04dfc5c5020b92a88bff24ca606
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
* commit 'eec0aca728aa4e3f1aa79f037f5fdebf306c7b99':
libselinux: drop sebool= support
|
|
* commit '4ebfa148efa7ad8e85d9731ac990940685bc6ca3':
libselinux: drop sebool= support
|
|
|
|
* commit '3a9de8d5a79fc9f25498d10a4096f2a01e675c40':
libselinux: Add a README.android file.
|
|
* commit '4f033616415e503861ab978bf7ad53d9d6dd0590':
libselinux: Add a README.android file.
|
|
|
|
Add a README.android file to libselinux explaining how it relates
to upstream, how it differs, and which new files were added.
Change-Id: I113f7fac5ed6a3f37fd65ce790fd59b2496998cc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
* commit '7b537ae209b1f07263a132f7ee7b45d939c7c33c':
|
|
|
|
Otherwise if we have a matching selinux_version but only a subset of
the expected policy files (sepolicy, *_contexts) under /data/security,
then we'll fail when attempting to open the missing files.
This does not check that mac_permissions.xml is present as that is only
opened and used by SELinuxMMAC, not by libselinux, but we should likely
change SELinuxMMAC to do the same.
The alternative would be to change the logic for opening each policy
file to fall back to the / policy if the /data/security policy is missing,
as we used to do before the /data/security support was first disabled and
then reworked to check selinux_version. Then it would be valid once again
to merely push a sepolicy file or any other individual file with a
selinux_version file to /data/security/current without needing to copy
the rest of the files if they were unchanged. That is how we used to
support pushing a policy with dontaudit rules stripped,
http://seandroid.bitbucket.org/AddressingHiddenDenials.html
I have updated those instructions to specify that all files must be
copied but it is a bit more cumbersome to do so.
Change-Id: I60f7ac1f6fa714c0b827a1edd008da172ef1c991
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
present.
* commit '1e9d2765137f7623ea590efdbb8b521ca5d7e416':
libselinux: Only use /data/security policy if all files are present.
|
|
SELinux policy booleans are prohibited in AOSP, so we can drop the
support for the sebool= input selector.
Change-Id: I4828cdf1e5370b1dee7d1e887fd7a3d54be2d95d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
* commit '818815ed55b3b0c118964db65339d230b1493d87':
libselinux: fix policy reload logic
|
|
I5d6d6eb7438361bbb072540c96361cef95c83a9e introduced a bug
in the policy reload logic such that we incorrectly (but harmlessly)
load policy twice from / on each boot and never load policy from
/data/security/current even if it is present.
Also, even prior to that change, we were failing to reload policy
from / if we previously had loaded a policy from /data/security/current
and that policy was removed.
Fix the bugs. Also correct the comments to drop the obsolete
reference to safe mode and to reflect the updated code.
Change-Id: I7b53c91c5681764009de453ff104a72cd26d7c2e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
|
* commit '3e04b8beb20c6391e27609920b18cd7dfa42b935':
libselinux: pcre_study can return NULL without error.
|
|
* commit '3463ebcadaebf416b68f983d1ef8b4d5ce1be5b0':
Coding style fix for sizeof operator.
|
|
permissive mode.
* commit '6f1b8911f53284c7c768562ab4e3164edfafeb2c':
Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
|