diff options
| author | Jeff Vander Stoep <jeffv@google.com> | 2018-04-19 07:04:03 -0700 |
|---|---|---|
| committer | Jeff Vander Stoep <jeffv@google.com> | 2018-04-19 12:23:22 -0700 |
| commit | 770b35373f2f0e754953e02e2f7d2ee471be057c (patch) | |
| tree | 6861c854067a3e52fd3e29add93a63eecc0b2e73 | |
| parent | 742a350d2900305e4748b9a49cb07b6a422ab610 (diff) | |
| download | selinux-770b35373f2f0e754953e02e2f7d2ee471be057c.tar.gz | |
libselinux: android: allow dup *_context entries
Similar to upstream commit 742a350d "libsepol/cil: Improve processing
of context rules", allow multiple-same mappings, but make this the
default for android-specific *_contexts files. Continue to print a
warning. This is useful for Treble where some device-specific
mappings may be moved to core policy. e.g.
https://android-review.googlesource.com/c/platform/system/sepolicy/+/663068.
Old vendor images must continue to work with new system images even
when they contain the same mapping.
Bug: 78134108
Test: Verify multiple same mappings load correctly, and multiple
different specs continue to fail.
Change-Id: I80e81814b7ce213489a7820a12be3fb297150e7d
(cherry picked from commit 5f6217efcfa3e84a9bb65351516d0b0a574b8cc0)
| -rw-r--r-- | libselinux/src/label_backends_android.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c index f85ec6ff..eaca5947 100644 --- a/libselinux/src/label_backends_android.c +++ b/libselinux/src/label_backends_android.c @@ -45,7 +45,9 @@ static int cmp(const void *A, const void *B) } /* - * Warn about duplicate specifications. + * Warn about duplicate specifications. Return error on different specifications. + * TODO: Remove duplicate specifications. Move duplicate check to after sort + * to improve performance. */ static int nodups_specs(struct saved_data *data) { @@ -58,10 +60,10 @@ static int nodups_specs(struct saved_data *data) for (jj = ii + 1; jj < data->nspec; jj++) { if (!strcmp(spec_arr[jj].property_key, curr_spec->property_key)) { - rc = -1; - errno = EINVAL; if (strcmp(spec_arr[jj].lr.ctx_raw, curr_spec->lr.ctx_raw)) { + rc = -1; + errno = EINVAL; selinux_log (SELINUX_ERROR, "Multiple different specifications for %s (%s and %s).\n", @@ -70,7 +72,7 @@ static int nodups_specs(struct saved_data *data) curr_spec->lr.ctx_raw); } else { selinux_log - (SELINUX_ERROR, + (SELINUX_WARNING, "Multiple same specifications for %s.\n", curr_spec->property_key); } |