Age | Commit message (Collapse) | Author |
|
Change-Id: I95a9963bc4138da5adcccad407eab38f50e6291e
|
|
Add unit tests for is_app_data_path, is_credential_encrypted_path and
extract_pkgname_and_userid.
Test: atest --host libselinux_test
Bug: 317296680
Change-Id: Ib5f528d8beb62db0c59207ee88b6503d0f5845f3
|
|
Add an internal function to clarify the restorecon logic. Move the
function to android.c so it can be unit tested.
Test: build
Bug: 317296680
Change-Id: I972fca7509504ab50de41374c1f5d6ed878bf42f
|
|
A mixture of tab and spaces has been used in a few source files.
Consistently use tab to match the rest of libselinux.
Test: git show --ignore-space-change
Bug: 317296680
Change-Id: If2ddde565e7565ee4e3a7a3d3586ce40dc86dec7
|
|
Move these functions as-is into android.c so they can be used in the
unit tests. The functions have not been modified, this is a no-op.
Test: build
Bug: 317296680
Change-Id: Icb1e5501a4a337573d24be894a31c0db72ae8acd
|
|
Change-Id: If58ea95bbedbb005a748813c87a972f10fd86123
|
|
libselinux has special handling for the app data directories such as
/data/user/$userId/$pkgName and /data/user_de/$userId/$pkgName, because
their SELinux contexts are determined differently from "normal" files.
/data/storage_area/$userId/$pkgName will be a new app data directory
(with a different SELinux context, but determined through the same process).
THerefore, add it to the list of app data directories.
Bug: 325129836
Change-Id: I4371c23193e6ad07207bc1f22cfd6d1580ccd600
|
|
Change-Id: I201be5e3e6afce097d466e567ad7af52d4201ba6
|
|
Breaking ASAN host builds.
Bugs: me
Test: build with SANITIZE_HOST=address
Change-Id: Idb72d16d8fbe4d082b94994854e488f57ef4bb26
|
|
Change-Id: If40ae19b7c4869db6d6a53f563714665ae9f8d9a
|
|
Change-Id: I39d301a4c14c51b069f58f39f285e62e7b990543
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2971894
Change-Id: Iab88e01241410a5803177f30093e5b444692af6a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
Change-Id: I0d289864e675573823b342ebcb921ff536c3d89e
|
|
2273a74d00
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2981571
Change-Id: Icc0c501c6a3841b4bede6bdf2821c3627d6cb67e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
Add build rule for selabel_get_digests_all_partial_matches. It is not
included by default in the system image, but can be useful to debug
the computation of security.sehash.
Bug: 317296680
Test: adb remount; adb push selabel_get_digests_all_partial_matches
/system/bin; selabel_get_digests_all_partial_matches -r /data/data
Change-Id: I2b7e8d994f15539849d69ded5695293c4f2cf8b2
|
|
Change-Id: I0c1fb6e74eb6cbdebc8f0304b4ee9382e2cb0bb8
|
|
values are listed; likely a typo am: cd26ca2162
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2976012
Change-Id: I515a85b6ae5eb66afe302ac15db733790d348df5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
values are listed; likely a typo
Change-Id: I2e00216ef7e3cedd274fb16aa361637d9a98ba2c
|
|
Consider /data/data as an app data directory (and skip any restorcon) if
the flag release_selinux_data_data_ignore is enabled.
Test: boot;
setfattr -x security.sehash /data;
setfattr -x security.sehash /data/data;
reboot, restorecon ignores /data/data
Bug: 317296680
Change-Id: If341864555398cd042dbe5b89085821cc2f8a0c0
|
|
Change-Id: I451532974ac6b093b25180f999b72c7934af87a7
|
|
Change-Id: Ia94f633923cd131b076620b911666e52ee9e1321
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485
Change-Id: Ib50610278ec483c87d4d2c52f60ee340744c821b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485
Change-Id: Ic52cbb7c1e50bd97ca3e928f619e876d575e962e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485
Change-Id: I52e564e9ce90b0118f0e1ed576ca784385151b32
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485
Change-Id: I335a819d7c851b62c3b0a123fbfe34c176469127
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485
Change-Id: Id3421f08cf85f2744b757cdd4e89726f98f1b9a5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2858485
Change-Id: I71ff5b24278be5ee64a1d46ba39550c2826720e0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
This reverts commit 3d85f1e1163ea3d5e8a1d7a1dfdadc97ee761fcc.
Reason for revert: Droidfood blocking bug: b/314704483
Change-Id: I4cec1f1c4de25c28536c4f56cfd297ab1a9f3812
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485
Change-Id: I907beaae8a76e6d3209fa6eb1d21298b5170e3f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485
Change-Id: I067484d72885ba209b0944a326474b2008cec004
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485
Change-Id: I96867dca9a2731cf062a795fcfdf034beb9e9cab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485
Change-Id: I408f1d9edea15863dde0e50ca5f2000ebf8fad5c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485
Change-Id: Iebf082e0c29320766b69c5ea6b9fb151c8676a25
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2839485
Change-Id: I0aad333ba1526c0a61ea2d55c528b1e7373897e7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
seapp_contexts supports multiple boolean attributes: isPrivApp,
isEphemeralApp, isIsolatedComputeApp, isSdkSandboxAudit,
isSdkSandboxNext, fromRunAs. Each of these exists to support a specific
labelling scenario from the framework. When a new predicate is required,
an update to libselinux is also required. This change generically
handles any attribute starting with "is" and maps it directly
(case-insensitive) to the same seinfo field.
It is assumed that only one of these is required at a time. An error is
raised if seapp_contexts contains multiple is-selector within one rule.
An error is raised if seinfo contains multiple is-selector.
The order for comparison between seapp_contexts is altered: an entry
with an is-selector will be prioritized over one with an unspecifed
is-selector. This is not quite the previous order (e.g., isPrivApp <
targetSdkVersion < fromRunAs), but it is understood that the previous
order was not intentional and emerged from the incremental contributions
to this library.
The boolean info.isPreinstalledApp is replaced by checking the first
byte of info.partition.
Test: atest --host libselinux_test
Bug: 307635909
Change-Id: Ice3b84870e3255f6d9357d9750acbe9691b45aad
|
|
Change-Id: I141fc7ed4ced5df3bd95997bef96c6124f2a3357
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178
Change-Id: I40a776d1e79ab6927464cb1bd5a5b612cd5c2292
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178
Change-Id: I5742cf04e29ef3e54b81cdc2134170fbf3960f74
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178
Change-Id: Ia03b4d9c99c43b1644c949f5ca6cfb11147f383d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178
Change-Id: I5b172e06cd5efe1c18a0eb9bf7f69593aeb76d29
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178
Change-Id: I11bfae9f5cb86c03642d30afb7b8f1ea46c9efb0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2836178
Change-Id: Ifa4dbb6ccaa95af13c388fb60736517b77b34475
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
The seinfo string contains many attributes provided by the caller to
match an seapp_contexts rule. Its usage has evolved organically and now
contains multiple fields for various purposes.
Refactor the parsing of seinfo, relying on strtok as the string
informally follows the convention of using colons between attributes and
an equal sign to separate an attribute and its value. For instance,
default:privapp:targetSdkVersion=10000:partition=system:complete
A new internal structure is introduced to capture the attributes. The
new parse_seinfo function replaces seinfo_parse (which only parsed the
first attribute, historically the original seinfo), get_partition and
get_app_targetSdkVersion.
The new function is expected to behave similarly to the previous code.
Unknown attributes are now logged, but still ignored. The "complete"
attribute is now interpreted (as the last attribute), but not required.
Unit tests are added to cover standard and edge cases.
Test: boot and verify denial logs
Test: atest --host libselinux_test
Bug: 307635909
Change-Id: Ia0e3522c42c80e6e631ff1af644e03f53d88da93
|
|
Change-Id: If202b7e46105ea7b1a466bfd7a457bef43d8078e
|
|
bc58ce3f60
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2797594
Change-Id: I015b80f186fa32a50feff8ab92241718d17ad8e9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
7c4998952f
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2797594
Change-Id: I7a127b33fa31edb7413f52f96ac3d84dba8e8d6f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2797594
Change-Id: Ife97c50400054605e3e9fe62574a05ee65bc3e31
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/2797594
Change-Id: I21ce6a808a1db942978cf7195c59c1611766e50c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|