aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-05-07Snap for 11812660 from bec99f419003e3228ccd785362882d18c730b4fd to sdk-releasesdk-releaseAndroid Build Coastguard Worker
Change-Id: I95a9963bc4138da5adcccad407eab38f50e6291e
2024-05-06Add unit testsHEADmastermainThiébaud Weksteen
Add unit tests for is_app_data_path, is_credential_encrypted_path and extract_pkgname_and_userid. Test: atest --host libselinux_test Bug: 317296680 Change-Id: Ib5f528d8beb62db0c59207ee88b6503d0f5845f3
2024-05-06Add is_credential_encrypted_pathThiébaud Weksteen
Add an internal function to clarify the restorecon logic. Move the function to android.c so it can be unit tested. Test: build Bug: 317296680 Change-Id: I972fca7509504ab50de41374c1f5d6ed878bf42f
2024-05-06Harmonize indentationThiébaud Weksteen
A mixture of tab and spaces has been used in a few source files. Consistently use tab to match the rest of libselinux. Test: git show --ignore-space-change Bug: 317296680 Change-Id: If2ddde565e7565ee4e3a7a3d3586ce40dc86dec7
2024-05-06Move is_app_data_path and extract_pkgname_and_useridThiébaud Weksteen
Move these functions as-is into android.c so they can be used in the unit tests. The functions have not been modified, this is a no-op. Test: build Bug: 317296680 Change-Id: Icb1e5501a4a337573d24be894a31c0db72ae8acd
2024-04-30Snap for 11785460 from 261afd394b622a6d9d639978dffcfde84967788c to sdk-releaseAndroid Build Coastguard Worker
Change-Id: If58ea95bbedbb005a748813c87a972f10fd86123
2024-04-18Add /data/storage_area to app data directoriesEllen Arteca
libselinux has special handling for the app data directories such as /data/user/$userId/$pkgName and /data/user_de/$userId/$pkgName, because their SELinux contexts are determined differently from "normal" files. /data/storage_area/$userId/$pkgName will be a new app data directory (with a different SELinux context, but determined through the same process). THerefore, add it to the list of app data directories. Bug: 325129836 Change-Id: I4371c23193e6ad07207bc1f22cfd6d1580ccd600
2024-04-16Snap for 11724015 from c8d5fc8b44738a80b8d89c05f8466f5544fb9d18 to sdk-releaseAndroid Build Coastguard Worker
Change-Id: I201be5e3e6afce097d466e567ad7af52d4201ba6
2024-04-15checkpolicy: disable leak detectionSteven Moreland
Breaking ASAN host builds. Bugs: me Test: build with SANITIZE_HOST=address Change-Id: Idb72d16d8fbe4d082b94994854e488f57ef4bb26
2024-03-07Snap for 11541002 from c20d8480e5b47e819c4dd9e2f314b4a26b616639 to sdk-releaseplatform-tools-35.0.1Android Build Coastguard Worker
Change-Id: If40ae19b7c4869db6d6a53f563714665ae9f8d9a
2024-03-06Snap for 11533947 from c23cbe8ca5b18f0e9e1892f03f8f77cd6c2e0a8a to sdk-releaseAndroid Build Coastguard Worker
Change-Id: I39d301a4c14c51b069f58f39f285e62e7b990543
2024-03-05Merge "Add build flags for libselinux" into main am: c23cbe8ca5Thiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2971894 Change-Id: Iab88e01241410a5803177f30093e5b444692af6a Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-04Merge "Add build flags for libselinux" into mainThiébaud Weksteen
2024-02-29Snap for 11512112 from 2273a74d0049f8fa95185882e3b928ceddd77764 to sdk-releaseAndroid Build Coastguard Worker
Change-Id: I0d289864e675573823b342ebcb921ff536c3d89e
2024-02-29Merge "Add selabel_get_digests_all_partial_matches binary" into main am: ↵Thiébaud Weksteen
2273a74d00 Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2981571 Change-Id: Icc0c501c6a3841b4bede6bdf2821c3627d6cb67e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-29Merge "Add selabel_get_digests_all_partial_matches binary" into mainThiébaud Weksteen
2024-02-28Add selabel_get_digests_all_partial_matches binaryThiébaud Weksteen
Add build rule for selabel_get_digests_all_partial_matches. It is not included by default in the system image, but can be useful to debug the computation of security.sehash. Bug: 317296680 Test: adb remount; adb push selabel_get_digests_all_partial_matches /system/bin; selabel_get_digests_all_partial_matches -r /data/data Change-Id: I2b7e8d994f15539849d69ded5695293c4f2cf8b2
2024-02-28Snap for 11505368 from cd26ca216218d5708eae4403a3d20eb0b01a39bb to sdk-releaseAndroid Build Coastguard Worker
Change-Id: I0c1fb6e74eb6cbdebc8f0304b4ee9382e2cb0bb8
2024-02-27The order the fields were printed in did not match the order in which their ↵Ellen Arteca
values are listed; likely a typo am: cd26ca2162 Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2976012 Change-Id: I515a85b6ae5eb66afe302ac15db733790d348df5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-26The order the fields were printed in did not match the order in which their ↵Ellen Arteca
values are listed; likely a typo Change-Id: I2e00216ef7e3cedd274fb16aa361637d9a98ba2c
2024-02-23Add build flags for libselinuxThiébaud Weksteen
Consider /data/data as an app data directory (and skip any restorcon) if the flag release_selinux_data_data_ignore is enabled. Test: boot; setfattr -x security.sehash /data; setfattr -x security.sehash /data/data; reboot, restorecon ignores /data/data Bug: 317296680 Change-Id: If341864555398cd042dbe5b89085821cc2f8a0c0
2023-12-13Snap for 11211409 from a772618e5ca2ef248304c29fc7b47a7b27f9f920 to sdk-releaseAndroid Build Coastguard Worker
Change-Id: I451532974ac6b093b25180f999b72c7934af87a7
2023-12-06Snap for 11182047 from 27d4f93b76486602326633f494baca3a3ee38cf6 to sdk-releaseAndroid Build Coastguard Worker
Change-Id: Ia94f633923cd131b076620b911666e52ee9e1321
2023-12-05Revert "Use generic isSelector" am: 27d4f93b76 am: fd16119838 am: 05a74fd219Daniel Chapin
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485 Change-Id: Ib50610278ec483c87d4d2c52f60ee340744c821b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-05Revert "Use generic isSelector" am: 27d4f93b76 am: a772618e5c am: a9be036f81Daniel Chapin
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485 Change-Id: Ic52cbb7c1e50bd97ca3e928f619e876d575e962e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-05Revert "Use generic isSelector" am: 27d4f93b76 am: fd16119838Daniel Chapin
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485 Change-Id: I52e564e9ce90b0118f0e1ed576ca784385151b32 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-05Revert "Use generic isSelector" am: 27d4f93b76 am: a772618e5cDaniel Chapin
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485 Change-Id: I335a819d7c851b62c3b0a123fbfe34c176469127 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-05Revert "Use generic isSelector" am: 27d4f93b76android-u-qpr3-beta-1-gplandroid-u-qpr2-beta-2-gplDaniel Chapin
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485 Change-Id: Id3421f08cf85f2744b757cdd4e89726f98f1b9a5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-05Revert "Use generic isSelector" am: 27d4f93b76Daniel Chapin
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485 Change-Id: I71ff5b24278be5ee64a1d46ba39550c2826720e0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-05Revert "Use generic isSelector"Daniel Chapin
This reverts commit 3d85f1e1163ea3d5e8a1d7a1dfdadc97ee761fcc. Reason for revert: Droidfood blocking bug: b/314704483 Change-Id: I4cec1f1c4de25c28536c4f56cfd297ab1a9f3812
2023-12-01Use generic isSelector am: 3d85f1e116 am: d26a4af638 am: 57857be7cbThiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485 Change-Id: I907beaae8a76e6d3209fa6eb1d21298b5170e3f5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01Use generic isSelector am: 3d85f1e116 am: bce1d3689b am: 28f879de16Thiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485 Change-Id: I067484d72885ba209b0944a326474b2008cec004 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01Use generic isSelector am: 3d85f1e116 am: d26a4af638Thiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485 Change-Id: I96867dca9a2731cf062a795fcfdf034beb9e9cab Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01Use generic isSelector am: 3d85f1e116 am: bce1d3689bThiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485 Change-Id: I408f1d9edea15863dde0e50ca5f2000ebf8fad5c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01Use generic isSelector am: 3d85f1e116Thiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485 Change-Id: Iebf082e0c29320766b69c5ea6b9fb151c8676a25 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01Use generic isSelector am: 3d85f1e116Thiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485 Change-Id: I0aad333ba1526c0a61ea2d55c528b1e7373897e7 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01Use generic isSelectorThiébaud Weksteen
seapp_contexts supports multiple boolean attributes: isPrivApp, isEphemeralApp, isIsolatedComputeApp, isSdkSandboxAudit, isSdkSandboxNext, fromRunAs. Each of these exists to support a specific labelling scenario from the framework. When a new predicate is required, an update to libselinux is also required. This change generically handles any attribute starting with "is" and maps it directly (case-insensitive) to the same seinfo field. It is assumed that only one of these is required at a time. An error is raised if seapp_contexts contains multiple is-selector within one rule. An error is raised if seinfo contains multiple is-selector. The order for comparison between seapp_contexts is altered: an entry with an is-selector will be prioritized over one with an unspecifed is-selector. This is not quite the previous order (e.g., isPrivApp < targetSdkVersion < fromRunAs), but it is understood that the previous order was not intentional and emerged from the incremental contributions to this library. The boolean info.isPreinstalledApp is replaced by checking the first byte of info.partition. Test: atest --host libselinux_test Bug: 307635909 Change-Id: Ice3b84870e3255f6d9357d9750acbe9691b45aad
2023-11-22Snap for 11130662 from 7fd89c00f70d9c5d16550ef7e3c49b1e707be0af to sdk-releaseAndroid Build Coastguard Worker
Change-Id: I141fc7ed4ced5df3bd95997bef96c6124f2a3357
2023-11-21Refactor the parsing of seinfo am: 7fd89c00f7 am: c4b477c1de am: f87183c61bThiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178 Change-Id: I40a776d1e79ab6927464cb1bd5a5b612cd5c2292 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-21Refactor the parsing of seinfo am: 7fd89c00f7 am: 4bf49f0fb0 am: 6af667a24bThiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178 Change-Id: I5742cf04e29ef3e54b81cdc2134170fbf3960f74 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-21Refactor the parsing of seinfo am: 7fd89c00f7 am: c4b477c1deThiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178 Change-Id: Ia03b4d9c99c43b1644c949f5ca6cfb11147f383d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-21Refactor the parsing of seinfo am: 7fd89c00f7 am: 4bf49f0fb0Thiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178 Change-Id: I5b172e06cd5efe1c18a0eb9bf7f69593aeb76d29 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-21Refactor the parsing of seinfo am: 7fd89c00f7Thiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178 Change-Id: I11bfae9f5cb86c03642d30afb7b8f1ea46c9efb0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-21Refactor the parsing of seinfo am: 7fd89c00f7Thiébaud Weksteen
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178 Change-Id: Ifa4dbb6ccaa95af13c388fb60736517b77b34475 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-21Refactor the parsing of seinfoThiébaud Weksteen
The seinfo string contains many attributes provided by the caller to match an seapp_contexts rule. Its usage has evolved organically and now contains multiple fields for various purposes. Refactor the parsing of seinfo, relying on strtok as the string informally follows the convention of using colons between attributes and an equal sign to separate an attribute and its value. For instance, default:privapp:targetSdkVersion=10000:partition=system:complete A new internal structure is introduced to capture the attributes. The new parse_seinfo function replaces seinfo_parse (which only parsed the first attribute, historically the original seinfo), get_partition and get_app_targetSdkVersion. The new function is expected to behave similarly to the previous code. Unknown attributes are now logged, but still ignored. The "complete" attribute is now interpreted (as the last attribute), but not required. Unit tests are added to cover standard and edge cases. Test: boot and verify denial logs Test: atest --host libselinux_test Bug: 307635909 Change-Id: Ia0e3522c42c80e6e631ff1af644e03f53d88da93
2023-10-31Snap for 11031798 from 90c0d6546d0ffa95921378a1a9d8016d2426f63d to sdk-releaseAndroid Build Coastguard Worker
Change-Id: If202b7e46105ea7b1a466bfd7a457bef43d8078e
2023-10-26Introduce sdk_sandbox_audit SELinux domain am: 90c0d6546d am: 1163af38b5 am: ↵Sandro Montanari
bc58ce3f60 Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2797594 Change-Id: I015b80f186fa32a50feff8ab92241718d17ad8e9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-10-26Introduce sdk_sandbox_audit SELinux domain am: 90c0d6546d am: 1fb35a146a am: ↵Sandro Montanari
7c4998952f Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2797594 Change-Id: I7a127b33fa31edb7413f52f96ac3d84dba8e8d6f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-10-26Introduce sdk_sandbox_audit SELinux domain am: 90c0d6546d am: 1163af38b5Sandro Montanari
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2797594 Change-Id: Ife97c50400054605e3e9fe62574a05ee65bc3e31 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-10-26Introduce sdk_sandbox_audit SELinux domain am: 90c0d6546d am: 1fb35a146aSandro Montanari
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2797594 Change-Id: I21ce6a808a1db942978cf7195c59c1611766e50c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 14:36:29 +0000