diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-08 16:01:50 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-08 16:01:50 +0000 |
commit | c816a49f94e32117d6199df51083e14721a08433 (patch) | |
tree | b585deb51a5fd781b866ea9de8e4c9b671097100 | |
parent | e4103f81bd1baba86e209d1a96b6eb0471d327e4 (diff) | |
parent | e1eae96a17291fc79fad2b28ef150ce42802c05c (diff) | |
download | selinux-android12-mainline-tzdata2-release.tar.gz |
Snap for 8426163 from e1eae96a17291fc79fad2b28ef150ce42802c05c to mainline-tzdata2-releaseandroid-mainline-12.0.0_r112aml_tz2_305400500aml_tz2_305400300aml_tz2_305400100aml_tz2_304500300aml_tz2_303900110aml_tz2_303900102aml_tz2_303800002aml_tz2_303800001aml_tz2_303200001android12-mainline-tzdata2-releaseaml_tz2_305400100
Change-Id: I2b059d370599db0687da7f768a7fdd109cedd622
36 files changed, 40 insertions, 965 deletions
@@ -1,40 +1,3 @@ -package { - default_applicable_licenses: ["external_selinux_license"], -} - -// Added automatically by a large-scale-change that took the approach of -// 'apply every license found to every target'. While this makes sure we respect -// every license restriction, it may not be entirely correct. -// -// e.g. GPL in an MIT project might only apply to the contrib/ directory. -// -// Please consider splitting the single license below into multiple licenses, -// taking care not to lose any license_kind information, and overriding the -// default license using the 'licenses: [...]' property on targets as needed. -// -// For unused files, consider creating a 'filegroup' with "//visibility:private" -// to attach the license to, and including a comment whether the files may be -// used in the current project. -// http://go/android-license-faq -license { - name: "external_selinux_license", - visibility: [":__subpackages__"], - license_kinds: [ - "SPDX-license-identifier-Apache-2.0", - "SPDX-license-identifier-BSD", - "SPDX-license-identifier-GPL", - "SPDX-license-identifier-GPL-2.0", - "SPDX-license-identifier-LGPL", - "SPDX-license-identifier-LGPL-2.1", - "SPDX-license-identifier-LGPL-3.0", - "SPDX-license-identifier-Zlib", - "legacy_unencumbered", - ], - license_text: [ - "NOTICE", - ], -} - subdirs = [ "checkpolicy", "libselinux", diff --git a/METADATA b/METADATA deleted file mode 100644 index 6d8601bb..00000000 --- a/METADATA +++ /dev/null @@ -1,3 +0,0 @@ -third_party { - license_type: RESTRICTED -} @@ -1,3 +1,3 @@ -alanstokes@google.com jeffv@google.com jgalenson@google.com +nnk@google.com diff --git a/checkpolicy/Android.bp b/checkpolicy/Android.bp index 0dad6021..bfd91b7c 100644 --- a/checkpolicy/Android.bp +++ b/checkpolicy/Android.bp @@ -1,34 +1,3 @@ -package { - default_applicable_licenses: ["external_selinux_checkpolicy_license"], -} - -// Added automatically by a large-scale-change that took the approach of -// 'apply every license found to every target'. While this makes sure we respect -// every license restriction, it may not be entirely correct. -// -// e.g. GPL in an MIT project might only apply to the contrib/ directory. -// -// Please consider splitting the single license below into multiple licenses, -// taking care not to lose any license_kind information, and overriding the -// default license using the 'licenses: [...]' property on targets as needed. -// -// For unused files, consider creating a 'filegroup' with "//visibility:private" -// to attach the license to, and including a comment whether the files may be -// used in the current project. -// http://go/android-license-faq -license { - name: "external_selinux_checkpolicy_license", - visibility: [":__subpackages__"], - license_kinds: [ - "SPDX-license-identifier-GPL", - "SPDX-license-identifier-GPL-2.0", - "SPDX-license-identifier-LGPL", - ], - license_text: [ - "COPYING", - ], -} - common_CFLAGS = [ "-Wall", "-Werror", diff --git a/libselinux/Android.bp b/libselinux/Android.bp index 272a3a61..664e9288 100644 --- a/libselinux/Android.bp +++ b/libselinux/Android.bp @@ -1,34 +1,3 @@ -package { - default_applicable_licenses: ["external_selinux_libselinux_license"], -} - -// Added automatically by a large-scale-change that took the approach of -// 'apply every license found to every target'. While this makes sure we respect -// every license restriction, it may not be entirely correct. -// -// e.g. GPL in an MIT project might only apply to the contrib/ directory. -// -// Please consider splitting the single license below into multiple licenses, -// taking care not to lose any license_kind information, and overriding the -// default license using the 'licenses: [...]' property on targets as needed. -// -// For unused files, consider creating a 'filegroup' with "//visibility:private" -// to attach the license to, and including a comment whether the files may be -// used in the current project. -// http://go/android-license-faq -license { - name: "external_selinux_libselinux_license", - visibility: [":__subpackages__"], - license_kinds: [ - "SPDX-license-identifier-Apache-2.0", - "SPDX-license-identifier-GPL-2.0", - "legacy_unencumbered", - ], - license_text: [ - "LICENSE", - ], -} - common_CFLAGS = [ // Persistently stored patterns (pcre2) are architecture dependent. // In particular paterns built on amd64 can not run on devices with armv7 @@ -111,8 +80,6 @@ cc_defaults { "liblog", ], - header_libs: ["libcutils_headers"], - local_include_dirs: [ "src" ], // 1003 corresponds to auditd, from system/core/logd/event.logtags @@ -133,12 +100,6 @@ cc_library { name: "libselinux", defaults: ["libselinux_defaults"], - llndk: { - symbol_file: "exported.map.txt", - }, - - ramdisk_available: true, - vendor_ramdisk_available: true, recovery_available: true, host_supported: true, @@ -218,7 +179,7 @@ cc_library { shared_libs: ["libpackagelistparser"], }, - version_script: "exported.map.txt", + version_script: "exported.map", }, vendor: { @@ -243,11 +204,17 @@ cc_library { }, stubs: { - symbol_file: "exported.map.txt", + symbol_file: "exported.map", versions: ["30"], }, } +llndk_library { + name: "libselinux", + export_include_dirs: ["include"], + symbol_file: "exported.map", +} + cc_binary_host { name: "sefcontext_compile", defaults: ["libselinux_defaults"], @@ -260,73 +227,3 @@ cc_binary_host { ], whole_static_libs: ["libpcre2"], } - -rust_bindgen { - name: "libselinux_bindgen", - wrapper_src: "rust/selinux.h", - crate_name: "selinux_bindgen", - source_stem: "bindings", - local_include_dirs: ["include"], - - // Generate bindings only for the symbols that are actually exported (see exported.map.txt). - // This makes the generated bindings much more concise and improves compilation - // time. - bindgen_flags: [ - "--allowlist-function=fgetfilecon", - "--allowlist-function=fgetfilecon_raw", - "--allowlist-function=freecon", - "--allowlist-function=fsetfilecon", - "--allowlist-function=getcon", - "--allowlist-function=getfilecon", - "--allowlist-function=getpeercon", - "--allowlist-function=getpidcon", - "--allowlist-function=is_selinux_enabled", - "--allowlist-function=lgetfilecon", - "--allowlist-function=lsetfilecon", - "--allowlist-function=security_compute_create", - "--allowlist-function=security_get_initial_context", - "--allowlist-function=security_getenforce", - "--allowlist-function=security_load_policy", - "--allowlist-function=security_policyvers", - "--allowlist-function=security_setenforce", - "--allowlist-function=selabel_close", - "--allowlist-function=selabel_lookup", - "--allowlist-function=selabel_lookup_best_match", - "--allowlist-function=selabel_open", - "--allowlist-function=selinux_android_file_context_handle", - "--allowlist-function=selinux_android_hw_service_context_handle", - "--allowlist-function=selinux_android_load_policy", - "--allowlist-function=selinux_android_load_policy_from_fd", - "--allowlist-function=selinux_android_restorecon", - "--allowlist-function=selinux_android_restorecon_pkgdir", - "--allowlist-function=selinux_android_seapp_context_init", - "--allowlist-function=selinux_android_service_context_handle", - "--allowlist-function=selinux_android_set_sehandle", - "--allowlist-function=selinux_android_setcon", - "--allowlist-function=selinux_android_setcontext", - "--allowlist-function=selinux_android_vendor_service_context_handle", - "--allowlist-function=selinux_check_access", - "--allowlist-function=selinux_log_callback", - "--allowlist-function=selinux_set_callback", - "--allowlist-function=selinux_status_open", - "--allowlist-function=selinux_status_updated", - "--allowlist-function=selinux_vendor_log_callback", - "--allowlist-function=set_selinuxmnt", - "--allowlist-function=setcon", - "--allowlist-function=setexeccon", - "--allowlist-function=setfilecon", - "--allowlist-function=setfscreatecon", - "--allowlist-function=setsockcreatecon", - "--allowlist-function=setsockcreatecon_raw", - "--allowlist-function=string_to_security_class", - "--allowlist-function=selinux_android_context_with_level", - "--allowlist-function=selinux_android_keystore2_key_context_handle", - - // We also need some constants in addition to the functions. - "--allowlist-var=SELABEL_.*", - "--allowlist-var=SELINUX_.*", - ], - - // This is mainly to run layout tests for generated bindings on the host. - host_supported: true, -} diff --git a/libselinux/exported.map.txt b/libselinux/exported.map index ac701abd..89a31173 100644 --- a/libselinux/exported.map.txt +++ b/libselinux/exported.map @@ -49,8 +49,3 @@ LIBSELINUX_R { string_to_security_class; local: *; }; - -LIBSELINUX_S { # introduced=S - selinux_android_context_with_level; - selinux_android_keystore2_key_context_handle; -}; diff --git a/libselinux/exported_vendor.map b/libselinux/exported_vendor.map index 3b303734..ccd5fef7 100644 --- a/libselinux/exported_vendor.map +++ b/libselinux/exported_vendor.map @@ -17,7 +17,6 @@ selinux_android_service_context_handle; selinux_android_hw_service_context_handle; selinux_android_vendor_service_context_handle; - selinux_android_keystore2_key_context_handle; selinux_check_access; security_getenforce; security_setenforce; diff --git a/libselinux/fuzzers/Android.bp b/libselinux/fuzzers/Android.bp deleted file mode 100644 index ea3f9b2b..00000000 --- a/libselinux/fuzzers/Android.bp +++ /dev/null @@ -1,96 +0,0 @@ -// -// Copyright (C) 2020 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -package { - // http://go/android-license-faq - // A large-scale-change added 'default_applicable_licenses' to import - // the below license kinds from "external_selinux_libselinux_license": - // SPDX-license-identifier-Apache-2.0 - default_applicable_licenses: ["external_selinux_libselinux_license"], -} - -cc_defaults { - name: "libselinux_fuzzer_defaults", - cflags: [ - "-Wall", - ], - static_libs: [ - "liblog", - "libselinux", - ], -} - -cc_fuzz { - name: "libselinux_android_setcontext_fuzzer", - defaults: ["libselinux_fuzzer_defaults"], - srcs: ["AndroidSetcontextFuzzer.cpp"], -} - -cc_fuzz { - name: "libselinux_context_fuzzer", - defaults: ["libselinux_fuzzer_defaults"], - srcs: ["ContextFuzzer.cpp"], - host_supported: true, -} - -cc_fuzz { - name: "libselinux_selabel_lookup_fuzzer", - defaults: ["libselinux_fuzzer_defaults"], - srcs: ["selabel_lookup_fuzzer.cpp"], - dictionary: "selabel_lookup_fuzzer.dict", -} - -cc_fuzz { - name: "libselinux_selinux_check_access_fuzzer", - defaults: ["libselinux_fuzzer_defaults"], - srcs: ["selinux_check_access_fuzzer.cpp"], - dictionary: "selinux_check_access_fuzzer.dict", -} - -cc_fuzz { - name: "libselinux_selinux_android_restorecon_fuzzer", - defaults: ["libselinux_fuzzer_defaults"], - srcs: ["selinux_android_restorecon_fuzzer.cpp"], - dictionary: "selinux_android_restorecon_fuzzer.dict", -} - -cc_fuzz { - name: "libselinux_selinux_android_setcon_fuzzer", - defaults: ["libselinux_fuzzer_defaults"], - srcs: ["selinux_android_setcon_fuzzer.cpp"], - dictionary: "selinux_android_setcon_fuzzer.dict", -} - -cc_fuzz { - name: "libselinux_setfilecon_fuzzer", - defaults: ["libselinux_fuzzer_defaults"], - srcs: ["setfilecon_fuzzer.cpp"], - dictionary: "setfilecon_fuzzer.dict", -} - -cc_fuzz { - name: "libselinux_lsetfilecon_fuzzer", - defaults: ["libselinux_fuzzer_defaults"], - srcs: ["lsetfilecon_fuzzer.cpp"], - dictionary: "lsetfilecon_fuzzer.dict", -} - -cc_fuzz { - name: "libselinux_string_to_security_class_fuzzer", - defaults: ["libselinux_fuzzer_defaults"], - srcs: ["string_to_security_class_fuzzer.cpp"], - dictionary: "string_to_security_class_fuzzer.dict", -} diff --git a/libselinux/fuzzers/AndroidSetcontextFuzzer.cpp b/libselinux/fuzzers/AndroidSetcontextFuzzer.cpp deleted file mode 100644 index 995b0d93..00000000 --- a/libselinux/fuzzers/AndroidSetcontextFuzzer.cpp +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <fuzzer/FuzzedDataProvider.h> -#include <stddef.h> -#include <stdint.h> -#include <string> - -#include <selinux/android.h> - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FuzzedDataProvider fdp(data, size); - uid_t uid = fdp.ConsumeIntegral<int>(); - bool isSystemServer = fdp.ConsumeBool(); - std::string pkgname = fdp.ConsumeRandomLengthString(); - std::string seinfo = fdp.ConsumeRemainingBytesAsString(); - - selinux_android_setcontext(uid, isSystemServer, seinfo.c_str(), pkgname.c_str()); - - return 0; -} diff --git a/libselinux/fuzzers/ContextFuzzer.cpp b/libselinux/fuzzers/ContextFuzzer.cpp deleted file mode 100644 index f7aed65f..00000000 --- a/libselinux/fuzzers/ContextFuzzer.cpp +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <fuzzer/FuzzedDataProvider.h> -#include <stddef.h> -#include <stdint.h> -#include <string> - -#include <selinux/context.h> - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, [[maybe_unused]] size_t size) { - FuzzedDataProvider fdp(data, size); - std::string contextName = fdp.ConsumeRemainingBytesAsString(); - - context_t context = context_new(contextName.c_str()); - // According to docs, this should be safe to call with null pointer - // (meaning even if previous call fails). - context_free(context); - - return 0; -} diff --git a/libselinux/fuzzers/lsetfilecon_fuzzer.cpp b/libselinux/fuzzers/lsetfilecon_fuzzer.cpp deleted file mode 100644 index b5303e58..00000000 --- a/libselinux/fuzzers/lsetfilecon_fuzzer.cpp +++ /dev/null @@ -1,33 +0,0 @@ -/****************************************************************************** - * - * Copyright (C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - ***************************************************************************** - */ - -#include <fuzzer/FuzzedDataProvider.h> -#include <selinux/selinux.h> -#include <string> - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FuzzedDataProvider fdp(data, size); - - std::string path = fdp.ConsumeRandomLengthString(); - std::string con = fdp.ConsumeRemainingBytesAsString(); - - lsetfilecon(path.c_str(), con.c_str()); - - return 0; -} diff --git a/libselinux/fuzzers/lsetfilecon_fuzzer.dict b/libselinux/fuzzers/lsetfilecon_fuzzer.dict deleted file mode 100644 index 778b557b..00000000 --- a/libselinux/fuzzers/lsetfilecon_fuzzer.dict +++ /dev/null @@ -1,15 +0,0 @@ -# A few paths from frameworks/native. - -path="/data/app/com.example/dir/dir/file" -path="/data/user/0/com.example/secondary.dex" -path="/dev/socket/pdx" -path="/proc/net/xt_qtaguid/iface_stat_all" -path="/sys/devices/system/cpu/cpufreq" -path="/vendor/bin/hw/android.hardware.media.omx@1.0-service" - -# Random contexts from AOSP. - -con="u:r:system_server:s0" -con="u:r:adbd:s0" -con="u:r:shell:s0" -con="u:r:adbd:s0" diff --git a/libselinux/fuzzers/selabel_lookup_fuzzer.cpp b/libselinux/fuzzers/selabel_lookup_fuzzer.cpp deleted file mode 100644 index 38e44f5a..00000000 --- a/libselinux/fuzzers/selabel_lookup_fuzzer.cpp +++ /dev/null @@ -1,47 +0,0 @@ -/****************************************************************************** - * - * Copyright (C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - ***************************************************************************** - */ - -#include <fuzzer/FuzzedDataProvider.h> -#include <stdint.h> -#include <selinux/android.h> -#include <string> - -selabel_handle *GetHandle(FuzzedDataProvider &fdp) { - switch (fdp.ConsumeIntegralInRange(0, 4)) { - case 0: return selinux_android_file_context_handle(); - case 1: return selinux_android_service_context_handle(); - case 2: return selinux_android_hw_service_context_handle(); - case 3: return selinux_android_vendor_service_context_handle(); - case 4: return selinux_android_keystore2_key_context_handle(); - default: return selinux_android_file_context_handle(); - } -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FuzzedDataProvider fdp(data, size); - - std::string str = fdp.ConsumeRandomLengthString(); - static auto handle = GetHandle(fdp); - char *conn = NULL; - int type = fdp.ConsumeIntegral<int>(); - - selabel_lookup(handle, &conn, str.data(), type); - - return 0; -} diff --git a/libselinux/fuzzers/selabel_lookup_fuzzer.dict b/libselinux/fuzzers/selabel_lookup_fuzzer.dict deleted file mode 100644 index 60b34ad3..00000000 --- a/libselinux/fuzzers/selabel_lookup_fuzzer.dict +++ /dev/null @@ -1,8 +0,0 @@ -# A few paths from frameworks/native. - -"/data/app/com.example/dir/dir/file" -"/data/user/0/com.example/secondary.dex" -"/dev/socket/pdx" -"/proc/net/xt_qtaguid/iface_stat_all" -"/sys/devices/system/cpu/cpufreq" -"/vendor/bin/hw/android.hardware.media.omx@1.0-service" diff --git a/libselinux/fuzzers/selinux_android_restorecon_fuzzer.cpp b/libselinux/fuzzers/selinux_android_restorecon_fuzzer.cpp deleted file mode 100644 index 962abf15..00000000 --- a/libselinux/fuzzers/selinux_android_restorecon_fuzzer.cpp +++ /dev/null @@ -1,66 +0,0 @@ -/****************************************************************************** - * - * Copyright (C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - ***************************************************************************** - */ - -#include <fuzzer/FuzzedDataProvider.h> -#include <selinux/android.h> -#include <string> - -unsigned int GetFlags(FuzzedDataProvider &fdp) { - unsigned int flags = 0; - if (fdp.ConsumeBool()) { - flags |= SELINUX_ANDROID_RESTORECON_NOCHANGE; - } - if (fdp.ConsumeBool()) { - flags |= SELINUX_ANDROID_RESTORECON_VERBOSE; - } - if (fdp.ConsumeBool()) { - flags |= SELINUX_ANDROID_RESTORECON_RECURSE; - } - if (fdp.ConsumeBool()) { - flags |= SELINUX_ANDROID_RESTORECON_FORCE; - } - if (fdp.ConsumeBool()) { - flags |= SELINUX_ANDROID_RESTORECON_DATADATA; - } - if (fdp.ConsumeBool()) { - flags |= SELINUX_ANDROID_RESTORECON_SKIPCE; - } - if (fdp.ConsumeBool()) { - flags |= SELINUX_ANDROID_RESTORECON_CROSS_FILESYSTEMS; - } - if (fdp.ConsumeBool()) { - flags |= SELINUX_ANDROID_RESTORECON_SKIP_SEHASH; - } - // Try adding random noise (which likely isn't a real flag). - if (fdp.ConsumeBool()) { - flags |= fdp.ConsumeIntegral<unsigned int>(); - } - return flags; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FuzzedDataProvider fdp(data, size); - - std::string file = fdp.ConsumeRandomLengthString(); - unsigned int flags = GetFlags(fdp); - - selinux_android_restorecon(file.c_str(), flags); - - return 0; -} diff --git a/libselinux/fuzzers/selinux_android_restorecon_fuzzer.dict b/libselinux/fuzzers/selinux_android_restorecon_fuzzer.dict deleted file mode 100644 index 6428993f..00000000 --- a/libselinux/fuzzers/selinux_android_restorecon_fuzzer.dict +++ /dev/null @@ -1,16 +0,0 @@ -# A few paths from frameworks/native. - -"/data/app/com.example/dir/dir/file" -"/data/user/0/com.example/secondary.dex" -"/dev/socket/pdx" -"/proc/net/xt_qtaguid/iface_stat_all" -"/sys/devices/system/cpu/cpufreq" -"/vendor/bin/hw/android.hardware.media.omx@1.0-service" - -# A few paths from system/core/init/selinux.cpp. - -"/dev" -"/dev/kmsg" -"/apex" -"/linkerconfig" -"/metadata/gsi" diff --git a/libselinux/fuzzers/selinux_android_setcon_fuzzer.cpp b/libselinux/fuzzers/selinux_android_setcon_fuzzer.cpp deleted file mode 100644 index 28d637f0..00000000 --- a/libselinux/fuzzers/selinux_android_setcon_fuzzer.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/****************************************************************************** - * - * Copyright (C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - ***************************************************************************** - */ - -#include <fuzzer/FuzzedDataProvider.h> -#include <selinux/android.h> -#include <string> - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FuzzedDataProvider fdp(data, size); - - std::string con = fdp.ConsumeRemainingBytesAsString(); - - selinux_android_setcon(con.c_str()); - - return 0; -} diff --git a/libselinux/fuzzers/selinux_android_setcon_fuzzer.dict b/libselinux/fuzzers/selinux_android_setcon_fuzzer.dict deleted file mode 100644 index 1e286d67..00000000 --- a/libselinux/fuzzers/selinux_android_setcon_fuzzer.dict +++ /dev/null @@ -1,5 +0,0 @@ -# Random contexts from AOSP. -"u:r:system_server:s0" -"u:r:adbd:s0" -"u:r:shell:s0" -"u:r:adbd:s0" diff --git a/libselinux/fuzzers/selinux_check_access_fuzzer.cpp b/libselinux/fuzzers/selinux_check_access_fuzzer.cpp deleted file mode 100644 index 60595d8f..00000000 --- a/libselinux/fuzzers/selinux_check_access_fuzzer.cpp +++ /dev/null @@ -1,64 +0,0 @@ -/****************************************************************************** - * - * Copyright (C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - ***************************************************************************** - */ - -#include <fuzzer/FuzzedDataProvider.h> -#include <selinux/selinux.h> -#include <string> - -std::string GetClass(FuzzedDataProvider &fdp) { - switch (fdp.ConsumeIntegralInRange(0, 9)) { - case 0: return "filesystem"; - case 1: return "dir"; - case 2: return "file"; - case 3: return "lnk_file"; - case 4: return "chr_file"; - case 5: return "blk_file"; - case 6: return "sock_file"; - case 7: return "fifo_file"; - case 8: return "fd"; - default: return fdp.ConsumeRandomLengthString(); - } -} - -// This is not an exhaustive list. -std::string GetPermission(FuzzedDataProvider &fdp) { - switch (fdp.ConsumeIntegralInRange(0, 7)) { - case 0: return "create"; - case 1: return "execute"; - case 2: return "getattr"; - case 3: return "ioctl"; - case 4: return "read"; - case 5: return "setattr"; - case 6: return "write"; - default: return fdp.ConsumeRandomLengthString(); - } -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FuzzedDataProvider fdp(data, size); - - std::string tclass = GetClass(fdp); - std::string perm = GetPermission(fdp); - std::string scon = fdp.ConsumeRandomLengthString(); - std::string tcon = fdp.ConsumeRandomLengthString(); - - selinux_check_access(scon.data(), tcon.data(), tclass.data(), perm.data(), NULL); - - return 0; -} diff --git a/libselinux/fuzzers/selinux_check_access_fuzzer.dict b/libselinux/fuzzers/selinux_check_access_fuzzer.dict deleted file mode 100644 index f0b01ede..00000000 --- a/libselinux/fuzzers/selinux_check_access_fuzzer.dict +++ /dev/null @@ -1,2 +0,0 @@ -scon="u:r:shell:s0" -tcon="u:object_r:metadata_file:s0" diff --git a/libselinux/fuzzers/setfilecon_fuzzer.cpp b/libselinux/fuzzers/setfilecon_fuzzer.cpp deleted file mode 100644 index 790bcf66..00000000 --- a/libselinux/fuzzers/setfilecon_fuzzer.cpp +++ /dev/null @@ -1,33 +0,0 @@ -/****************************************************************************** - * - * Copyright (C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - ***************************************************************************** - */ - -#include <fuzzer/FuzzedDataProvider.h> -#include <selinux/selinux.h> -#include <string> - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FuzzedDataProvider fdp(data, size); - - std::string path = fdp.ConsumeRandomLengthString(); - std::string con = fdp.ConsumeRemainingBytesAsString(); - - setfilecon(path.c_str(), con.c_str()); - - return 0; -} diff --git a/libselinux/fuzzers/setfilecon_fuzzer.dict b/libselinux/fuzzers/setfilecon_fuzzer.dict deleted file mode 100644 index 778b557b..00000000 --- a/libselinux/fuzzers/setfilecon_fuzzer.dict +++ /dev/null @@ -1,15 +0,0 @@ -# A few paths from frameworks/native. - -path="/data/app/com.example/dir/dir/file" -path="/data/user/0/com.example/secondary.dex" -path="/dev/socket/pdx" -path="/proc/net/xt_qtaguid/iface_stat_all" -path="/sys/devices/system/cpu/cpufreq" -path="/vendor/bin/hw/android.hardware.media.omx@1.0-service" - -# Random contexts from AOSP. - -con="u:r:system_server:s0" -con="u:r:adbd:s0" -con="u:r:shell:s0" -con="u:r:adbd:s0" diff --git a/libselinux/fuzzers/string_to_security_class_fuzzer.cpp b/libselinux/fuzzers/string_to_security_class_fuzzer.cpp deleted file mode 100644 index d264bf86..00000000 --- a/libselinux/fuzzers/string_to_security_class_fuzzer.cpp +++ /dev/null @@ -1,32 +0,0 @@ -/****************************************************************************** - * - * Copyright (C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - ***************************************************************************** - */ - -#include <fuzzer/FuzzedDataProvider.h> -#include <selinux/selinux.h> -#include <string> - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FuzzedDataProvider fdp(data, size); - - std::string name = fdp.ConsumeRemainingBytesAsString(); - - string_to_security_class(name.c_str()); - - return 0; -} diff --git a/libselinux/fuzzers/string_to_security_class_fuzzer.dict b/libselinux/fuzzers/string_to_security_class_fuzzer.dict deleted file mode 100644 index 86aeb763..00000000 --- a/libselinux/fuzzers/string_to_security_class_fuzzer.dict +++ /dev/null @@ -1,7 +0,0 @@ -"file" -"dir" -"chr_file" -"blk_file" -"fifo_file" -"lnk_file" -"sock_file" diff --git a/libselinux/include/selinux/android.h b/libselinux/include/selinux/android.h index 60813248..3d1816d9 100644 --- a/libselinux/include/selinux/android.h +++ b/libselinux/include/selinux/android.h @@ -19,8 +19,6 @@ extern struct selabel_handle* selinux_android_hw_service_context_handle(void); extern struct selabel_handle* selinux_android_vendor_service_context_handle(void); -extern struct selabel_handle* selinux_android_keystore2_key_context_handle(void); - extern void selinux_android_set_sehandle(const struct selabel_handle *hndl); extern int selinux_android_load_policy(void); @@ -34,11 +32,6 @@ extern int selinux_android_setcontext(uid_t uid, const char *seinfo, const char *name); -extern int selinux_android_context_with_level(const char * context, - char ** newContext, - uid_t userid, - uid_t appid); - extern int selinux_log_callback(int type, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h index 95e9a9b0..e8983606 100644 --- a/libselinux/include/selinux/label.h +++ b/libselinux/include/selinux/label.h @@ -37,8 +37,6 @@ struct selabel_handle; #define SELABEL_CTX_ANDROID_PROP 4 /* Android service contexts */ #define SELABEL_CTX_ANDROID_SERVICE 5 -/* Android keystore key contexts */ -#define SELABEL_CTX_ANDROID_KEYSTORE2_KEY 6 /* * Available options diff --git a/libselinux/rust/selinux.h b/libselinux/rust/selinux.h deleted file mode 100644 index 706f12fe..00000000 --- a/libselinux/rust/selinux.h +++ /dev/null @@ -1,4 +0,0 @@ -#pragma once - -#include <selinux/android.h> -#include <selinux/avc.h> diff --git a/libselinux/src/android/android.c b/libselinux/src/android/android.c index 87877082..2e70ceb6 100644 --- a/libselinux/src/android/android.c +++ b/libselinux/src/android/android.c @@ -60,23 +60,6 @@ static const struct selinux_opt seopts_vndservice = static const struct selinux_opt seopts_vndservice_rootfs = { SELABEL_OPT_PATH, "/vndservice_contexts" }; -static const struct selinux_opt seopts_keystore2_key_plat[] = { - { SELABEL_OPT_PATH, "/system/etc/selinux/plat_keystore2_key_contexts" }, - { SELABEL_OPT_PATH, "/plat_keystore2_key_contexts" } -}; -static const struct selinux_opt seopts_keystore2_key_system_ext[] = { - { SELABEL_OPT_PATH, "/system_ext/etc/selinux/system_ext_keystore2_key_contexts" }, - { SELABEL_OPT_PATH, "/system_ext_keystore2_key_contexts" } -}; -static const struct selinux_opt seopts_keystore2_key_product[] = { - { SELABEL_OPT_PATH, "/product/etc/selinux/product_keystore2_key_contexts" }, - { SELABEL_OPT_PATH, "/product_keystore2_key_contexts" } -}; -static const struct selinux_opt seopts_keystore2_key_vendor[] = { - { SELABEL_OPT_PATH, "/vendor/etc/selinux/vendor_keystore2_key_contexts" }, - { SELABEL_OPT_PATH, "/vendor_keystore2_key_contexts" }, -}; - struct selabel_handle* selinux_android_service_open_context_handle(const struct selinux_opt* seopts_service, unsigned nopts) { @@ -97,26 +80,6 @@ struct selabel_handle* selinux_android_service_open_context_handle(const struct return sehandle; } -struct selabel_handle* selinux_android_keystore2_key_open_context_handle(const struct selinux_opt* seopts_service, - unsigned nopts) -{ - struct selabel_handle* sehandle; - - sehandle = selabel_open(SELABEL_CTX_ANDROID_KEYSTORE2_KEY, - seopts_service, nopts); - - if (!sehandle) { - selinux_log(SELINUX_ERROR, "%s: Error getting keystore key context handle (%s)\n", - __FUNCTION__, strerror(errno)); - return NULL; - } - selinux_log(SELINUX_INFO, "SELinux: Loaded keystore2_key_contexts from:\n"); - for (unsigned i = 0; i < nopts; i++) { - selinux_log(SELINUX_INFO, " %s\n", seopts_service[i].value); - } - return sehandle; -} - struct selabel_handle* selinux_android_service_context_handle(void) { struct selinux_opt seopts_service[MAX_FILE_CONTEXT_SIZE]; @@ -200,39 +163,6 @@ struct selabel_handle* selinux_android_vendor_service_context_handle(void) return selinux_android_service_open_context_handle(seopts_service, 1); } -struct selabel_handle* selinux_android_keystore2_key_context_handle(void) -{ - struct selinux_opt seopts_keystore2_key[MAX_FILE_CONTEXT_SIZE]; - int size = 0; - unsigned int i; - for (i = 0; i < ARRAY_SIZE(seopts_keystore2_key_plat); i++) { - if (access(seopts_keystore2_key_plat[i].value, R_OK) != -1) { - seopts_keystore2_key[size++] = seopts_keystore2_key_plat[i]; - break; - } - } - for (i = 0; i < ARRAY_SIZE(seopts_keystore2_key_system_ext); i++) { - if (access(seopts_keystore2_key_system_ext[i].value, R_OK) != -1) { - seopts_keystore2_key[size++] = seopts_keystore2_key_system_ext[i]; - break; - } - } - for (i = 0; i < ARRAY_SIZE(seopts_keystore2_key_product); i++) { - if (access(seopts_keystore2_key_product[i].value, R_OK) != -1) { - seopts_keystore2_key[size++] = seopts_keystore2_key_product[i]; - break; - } - } - for (i = 0; i < ARRAY_SIZE(seopts_keystore2_key_vendor); i++) { - if (access(seopts_keystore2_key_vendor[i].value, R_OK) != -1) { - seopts_keystore2_key[size++] = seopts_keystore2_key_vendor[i]; - break; - } - } - - return selinux_android_keystore2_key_open_context_handle(seopts_keystore2_key, size); -} - int selinux_log_callback(int type, const char *fmt, ...) { va_list ap; diff --git a/libselinux/src/android/android_platform.c b/libselinux/src/android/android_platform.c index 2e52c153..20bb4a98 100644 --- a/libselinux/src/android/android_platform.c +++ b/libselinux/src/android/android_platform.c @@ -760,39 +760,6 @@ static int seinfo_parse(char *dest, const char *src, size_t size) return 0; } -static int set_range_from_level(context_t ctx, enum levelFrom levelFrom, uid_t userid, uid_t appid) -{ - char level[255]; - switch (levelFrom) { - case LEVELFROM_NONE: - strlcpy(level, "s0", sizeof level); - break; - case LEVELFROM_APP: - snprintf(level, sizeof level, "s0:c%u,c%u", - appid & 0xff, - 256 + (appid>>8 & 0xff)); - break; - case LEVELFROM_USER: - snprintf(level, sizeof level, "s0:c%u,c%u", - 512 + (userid & 0xff), - 768 + (userid>>8 & 0xff)); - break; - case LEVELFROM_ALL: - snprintf(level, sizeof level, "s0:c%u,c%u,c%u,c%u", - appid & 0xff, - 256 + (appid>>8 & 0xff), - 512 + (userid & 0xff), - 768 + (userid>>8 & 0xff)); - break; - default: - return -1; - } - if (context_range_set(ctx, level)) { - return -2; - } - return 0; -} - static int seapp_context_lookup(enum seapp_kind kind, uid_t uid, bool isSystemServer, @@ -936,10 +903,30 @@ static int seapp_context_lookup(enum seapp_kind kind, } if (cur->levelFrom != LEVELFROM_NONE) { - int res = set_range_from_level(ctx, cur->levelFrom, userid, appid); - if (res != 0) { - return res; + char level[255]; + switch (cur->levelFrom) { + case LEVELFROM_APP: + snprintf(level, sizeof level, "s0:c%u,c%u", + appid & 0xff, + 256 + (appid>>8 & 0xff)); + break; + case LEVELFROM_USER: + snprintf(level, sizeof level, "s0:c%u,c%u", + 512 + (userid & 0xff), + 768 + (userid>>8 & 0xff)); + break; + case LEVELFROM_ALL: + snprintf(level, sizeof level, "s0:c%u,c%u,c%u,c%u", + appid & 0xff, + 256 + (appid>>8 & 0xff), + 512 + (userid & 0xff), + 768 + (userid>>8 & 0xff)); + break; + default: + goto err; } + if (context_range_set(ctx, level)) + goto oom; } else if (cur->level) { if (context_range_set(ctx, cur->level)) goto oom; @@ -968,49 +955,6 @@ oom: return -2; } -int selinux_android_context_with_level(const char * context, - char ** newContext, - uid_t userid, - uid_t appid) -{ - int rc = -2; - - enum levelFrom levelFrom; - if (userid == (uid_t) -1) { - levelFrom = (appid == (uid_t) -1) ? LEVELFROM_NONE : LEVELFROM_APP; - } else { - levelFrom = (appid == (uid_t) -1) ? LEVELFROM_USER : LEVELFROM_ALL; - } - - context_t ctx = context_new(context); - if (!ctx) { - goto out; - } - - int res = set_range_from_level(ctx, levelFrom, userid, appid); - if (res != 0) { - rc = res; - goto out; - } - - char * newString = context_str(ctx); - if (!newString) { - goto out; - } - - char * newCopied = strdup(newString); - if (!newCopied) { - goto out; - } - - *newContext = newCopied; - rc = 0; - -out: - context_free(ctx); - return rc; -} - int selinux_android_setcon(const char *con) { int ret = setcon(con); @@ -1179,9 +1123,9 @@ struct pkg_info *package_info_lookup(const char *name) * credentials are presented (filenames inside are mangled), so we need * to delay restorecon of those until vold explicitly requests it. */ // NOTE: these paths need to be kept in sync with vold -#define DATA_SYSTEM_CE_PREFIX "/data/system_ce" -#define DATA_VENDOR_CE_PREFIX "/data/vendor_ce" -#define DATA_MISC_CE_PREFIX "/data/misc_ce" +#define DATA_SYSTEM_CE_PREFIX "/data/system_ce/" +#define DATA_VENDOR_CE_PREFIX "/data/vendor_ce/" +#define DATA_MISC_CE_PREFIX "/data/misc_ce/" /* The path prefixes of package data directories. */ #define DATA_DATA_PATH "/data/data" @@ -1189,7 +1133,6 @@ struct pkg_info *package_info_lookup(const char *name) #define DATA_USER_DE_PATH "/data/user_de" #define EXPAND_USER_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user" #define EXPAND_USER_DE_PATH "/mnt/expand/\?\?\?\?\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?-\?\?\?\?\?\?\?\?\?\?\?\?/user_de" -#define USER_PROFILE_PATH "/data/misc/profiles/cur/*" #define DATA_DATA_PREFIX DATA_DATA_PATH "/" #define DATA_USER_PREFIX DATA_USER_PATH "/" #define DATA_USER_DE_PREFIX DATA_USER_DE_PATH "/" @@ -1549,11 +1492,6 @@ static int selinux_android_restorecon_common(const char* pathname_orig, continue; } - if (!datadata && !fnmatch(USER_PROFILE_PATH, ftsent->fts_path, FNM_PATHNAME)) { - // Don't label this directory, vold takes care of that, but continue below it. - continue; - } - if (setrestoreconlast) { struct dir_hash_node* new_node = NULL; if (check_context_match_for_dir(ftsent->fts_path, &new_node, force, error)) { diff --git a/libselinux/src/label.c b/libselinux/src/label.c index e0ed68d5..eac6e364 100644 --- a/libselinux/src/label.c +++ b/libselinux/src/label.c @@ -57,8 +57,7 @@ static selabel_initfunc initfuncs[] = { CONFIG_X_BACKEND(selabel_x_init), CONFIG_DB_BACKEND(selabel_db_init), CONFIG_ANDROID_BACKEND(selabel_property_init), - CONFIG_ANDROID_BACKEND(selabel_exact_match_init),//service init - CONFIG_ANDROID_BACKEND(selabel_exact_match_init),//keyStore key init + CONFIG_ANDROID_BACKEND(selabel_service_init), }; static inline struct selabel_digest *selabel_is_digest_set diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c index d81faabe..eaca5947 100644 --- a/libselinux/src/label_backends_android.c +++ b/libselinux/src/label_backends_android.c @@ -327,7 +327,7 @@ finish: return ret; } -static struct selabel_lookup_rec *lookup_exact_match(struct selabel_handle *rec, +static struct selabel_lookup_rec *service_lookup(struct selabel_handle *rec, const char *key, int __attribute__((unused)) type) { struct saved_data *data = (struct saved_data *)rec->data; @@ -382,7 +382,7 @@ int selabel_property_init(struct selabel_handle *rec, return init(rec, opts, nopts); } -int selabel_exact_match_init(struct selabel_handle *rec, +int selabel_service_init(struct selabel_handle *rec, const struct selinux_opt *opts, unsigned nopts) { struct saved_data *data; @@ -394,7 +394,7 @@ int selabel_exact_match_init(struct selabel_handle *rec, rec->data = data; rec->func_close = &closef; rec->func_stats = &stats; - rec->func_lookup = &lookup_exact_match; + rec->func_lookup = &service_lookup; return init(rec, opts, nopts); } diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h index 95f9a14c..74bf9e07 100644 --- a/libselinux/src/label_internal.h +++ b/libselinux/src/label_internal.h @@ -39,7 +39,7 @@ int selabel_db_init(struct selabel_handle *rec, int selabel_property_init(struct selabel_handle *rec, const struct selinux_opt *opts, unsigned nopts) hidden; -int selabel_exact_match_init(struct selabel_handle *rec, +int selabel_service_init(struct selabel_handle *rec, const struct selinux_opt *opts, unsigned nopts) hidden; diff --git a/libselinux/utils/selabel_lookup.c b/libselinux/utils/selabel_lookup.c index b18e5fc6..1aef64de 100644 --- a/libselinux/utils/selabel_lookup.c +++ b/libselinux/utils/selabel_lookup.c @@ -59,8 +59,6 @@ int main(int argc, char **argv) backend = SELABEL_CTX_ANDROID_PROP; } else if (!strcmp(optarg, "service")) { backend = SELABEL_CTX_ANDROID_SERVICE; - } else if (!strcmp(optarg, "keystore2_key")) { - backend = SELABEL_CTX_ANDROID_KEYSTORE2_KEY; } else { fprintf(stderr, "Unknown backend: %s\n", optarg); diff --git a/libsepol/Android.bp b/libsepol/Android.bp index 9c56fc4b..0f63ee37 100644 --- a/libsepol/Android.bp +++ b/libsepol/Android.bp @@ -1,38 +1,3 @@ -package { - default_applicable_licenses: ["external_selinux_libsepol_license"], -} - -// Added automatically by a large-scale-change that took the approach of -// 'apply every license found to every target'. While this makes sure we respect -// every license restriction, it may not be entirely correct. -// -// e.g. GPL in an MIT project might only apply to the contrib/ directory. -// -// Please consider splitting the single license below into multiple licenses, -// taking care not to lose any license_kind information, and overriding the -// default license using the 'licenses: [...]' property on targets as needed. -// -// For unused files, consider creating a 'filegroup' with "//visibility:private" -// to attach the license to, and including a comment whether the files may be -// used in the current project. -// http://go/android-license-faq -license { - name: "external_selinux_libsepol_license", - visibility: [":__subpackages__"], - license_kinds: [ - "SPDX-license-identifier-BSD", - "SPDX-license-identifier-GPL", - "SPDX-license-identifier-LGPL", - "SPDX-license-identifier-LGPL-2.1", - "SPDX-license-identifier-LGPL-3.0", - "SPDX-license-identifier-Zlib", - "legacy_unencumbered", - ], - license_text: [ - "COPYING", - ], -} - common_CFLAGS = [ "-D_GNU_SOURCE", "-Wall", diff --git a/secilc/Android.bp b/secilc/Android.bp index f7a11b46..597058b3 100644 --- a/secilc/Android.bp +++ b/secilc/Android.bp @@ -1,20 +1,3 @@ -package { - default_applicable_licenses: ["external_selinux_secilc_license"], -} - -// Added automatically by a large-scale-change -// http://go/android-license-faq -license { - name: "external_selinux_secilc_license", - visibility: [":__subpackages__"], - license_kinds: [ - "SPDX-license-identifier-BSD", - ], - license_text: [ - "COPYING", - ], -} - common_CFLAGS = [ "-Wall", "-Werror", diff --git a/secilc/secilc.c b/secilc/secilc.c index 9c78e425..186c5a73 100644 --- a/secilc/secilc.c +++ b/secilc/secilc.c @@ -268,12 +268,6 @@ int main(int argc, char *argv[]) } file_size = filedata.st_size; - if (!file_size) { - fclose(file); - file = NULL; - continue; - } - buffer = malloc(file_size); rc = fread(buffer, file_size, 1, file); if (rc != 1) { |