ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

am 7b88a90d: Merge "Remove HAVE_SELINUX guards"

Browse source 
* commit '7b88a90da2a27e347fc16c14fa577f4ae1ef07fd':
  Remove HAVE_SELINUX guards
This commit is contained in:
Kenny Root 2012-10-17 09:57:10 -07:00 committed by Android Git Automerger
commit 2a36ae5608
10 changed files with 18 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
debuggerd/Android.mk
View file

@ -23,13 +23,11 @@ ifeq ($(ARCH_ARM_HAVE_VFP_D32),true)
LOCAL_CFLAGS += -DWITH_VFP_D32 LOCAL_CFLAGS += -DWITH_VFP_D32
endif # ARCH_ARM_HAVE_VFP_D32 endif # ARCH_ARM_HAVE_VFP_D32
LOCAL_SHARED_LIBRARIES := libcutils libc libcorkscrew LOCAL_SHARED_LIBRARIES := \
libcutils \
ifeq ($(HAVE_SELINUX),true) libc \
LOCAL_SHARED_LIBRARIES += libselinux libcorkscrew \
LOCAL_C_INCLUDES += external/libselinux/include libselinux
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
include $(BUILD_EXECUTABLE) include $(BUILD_EXECUTABLE)

4
debuggerd/tombstone.c
View file

@ -35,9 +35,7 @@
#include <corkscrew/demangle.h> #include <corkscrew/demangle.h>
#include <corkscrew/backtrace.h> #include <corkscrew/backtrace.h>
#ifdef HAVE_SELINUX
#include <selinux/android.h> #include <selinux/android.h>
#endif
#include "machine.h" #include "machine.h"
#include "tombstone.h" #include "tombstone.h"
@ -696,12 +694,10 @@ char* engrave_tombstone(pid_t pid, pid_t tid, int signal,
mkdir(TOMBSTONE_DIR, 0755); mkdir(TOMBSTONE_DIR, 0755);
chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM); chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM);
#ifdef HAVE_SELINUX
if (selinux_android_restorecon(TOMBSTONE_DIR) == -1) { if (selinux_android_restorecon(TOMBSTONE_DIR) == -1) {
*detach_failed = false; *detach_failed = false;
return NULL; return NULL;
} }
#endif
int fd; int fd;
char* path = find_and_open_tombstone(&fd); char* path = find_and_open_tombstone(&fd);

12
init/Android.mk
View file

@ -33,13 +33,11 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED) LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
LOCAL_STATIC_LIBRARIES := libfs_mgr libcutils libc LOCAL_STATIC_LIBRARIES := \
libfs_mgr \
ifeq ($(HAVE_SELINUX),true) libcutils \
LOCAL_STATIC_LIBRARIES += libselinux libc \
LOCAL_C_INCLUDES += external/libselinux/include libselinux
LOCAL_CFLAGS += -DHAVE_SELINUX
endif
include $(BUILD_EXECUTABLE) include $(BUILD_EXECUTABLE)

9
init/builtins.c
View file

@ -35,10 +35,8 @@
#include <sys/system_properties.h> #include <sys/system_properties.h>
#include <fs_mgr.h> #include <fs_mgr.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h> #include <selinux/selinux.h>
#include <selinux/label.h> #include <selinux/label.h>
#endif
#include "init.h" #include "init.h"
#include "keywords.h" #include "keywords.h"
@ -515,24 +513,20 @@ int do_mount_all(int nargs, char **args)
} }
int do_setcon(int nargs, char **args) { int do_setcon(int nargs, char **args) {
#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0) if (is_selinux_enabled() <= 0)
return 0; return 0;
if (setcon(args[1]) < 0) { if (setcon(args[1]) < 0) {
return -errno; return -errno;
} }
#endif
return 0; return 0;
} }
int do_setenforce(int nargs, char **args) { int do_setenforce(int nargs, char **args) {
#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0) if (is_selinux_enabled() <= 0)
return 0; return 0;
if (security_setenforce(atoi(args[1])) < 0) { if (security_setenforce(atoi(args[1])) < 0) {
return -errno; return -errno;
} }
#endif
return 0; return 0;
} }
@ -760,7 +754,6 @@ int do_restorecon(int nargs, char **args) {
} }
int do_setsebool(int nargs, char **args) { int do_setsebool(int nargs, char **args) {
#ifdef HAVE_SELINUX
SELboolean *b = alloca(nargs * sizeof(SELboolean)); SELboolean *b = alloca(nargs * sizeof(SELboolean));
char *v; char *v;
int i; int i;
@ -789,7 +782,7 @@ int do_setsebool(int nargs, char **args) {
if (security_set_boolean_list(nargs - 1, b, 0) < 0) if (security_set_boolean_list(nargs - 1, b, 0) < 0)
return -errno; return -errno;
#endif
return 0; return 0;
} }

17
init/devices.c
View file

@ -30,11 +30,9 @@
#include <sys/un.h> #include <sys/un.h>
#include <linux/netlink.h> #include <linux/netlink.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h> #include <selinux/selinux.h>
#include <selinux/label.h> #include <selinux/label.h>
#include <selinux/android.h> #include <selinux/android.h>
#endif
#include <private/android_filesystem_config.h> #include <private/android_filesystem_config.h>
#include <sys/time.h> #include <sys/time.h>
@ -53,9 +51,7 @@
#define FIRMWARE_DIR2 "/vendor/firmware" #define FIRMWARE_DIR2 "/vendor/firmware"
#define FIRMWARE_DIR3 "/firmware/image" #define FIRMWARE_DIR3 "/firmware/image"
#ifdef HAVE_SELINUX
extern struct selabel_handle *sehandle; extern struct selabel_handle *sehandle;
#endif
static int device_fd = -1; static int device_fd = -1;
@ -193,17 +189,15 @@ static void make_device(const char *path,
unsigned gid; unsigned gid;
mode_t mode; mode_t mode;
dev_t dev; dev_t dev;
#ifdef HAVE_SELINUX
char *secontext = NULL; char *secontext = NULL;
#endif
mode = get_device_perm(path, &uid, &gid) | (block ? S_IFBLK : S_IFCHR); mode = get_device_perm(path, &uid, &gid) | (block ? S_IFBLK : S_IFCHR);
#ifdef HAVE_SELINUX
if (sehandle) { if (sehandle) {
selabel_lookup(sehandle, &secontext, path, mode); selabel_lookup(sehandle, &secontext, path, mode);
setfscreatecon(secontext); setfscreatecon(secontext);
} }
#endif
dev = makedev(major, minor); dev = makedev(major, minor);
/* Temporarily change egid to avoid race condition setting the gid of the /* Temporarily change egid to avoid race condition setting the gid of the
* device node. Unforunately changing the euid would prevent creation of * device node. Unforunately changing the euid would prevent creation of
@ -214,12 +208,11 @@ static void make_device(const char *path,
mknod(path, mode, dev); mknod(path, mode, dev);
chown(path, uid, -1); chown(path, uid, -1);
setegid(AID_ROOT); setegid(AID_ROOT);
#ifdef HAVE_SELINUX
if (secontext) { if (secontext) {
freecon(secontext); freecon(secontext);
setfscreatecon(NULL); setfscreatecon(NULL);
} }
#endif
} }
static void add_platform_device(const char *name) static void add_platform_device(const char *name)
@ -882,12 +875,12 @@ void device_init(void)
suseconds_t t0, t1; suseconds_t t0, t1;
struct stat info; struct stat info;
int fd; int fd;
#ifdef HAVE_SELINUX
sehandle = NULL; sehandle = NULL;
if (is_selinux_enabled() > 0) { if (is_selinux_enabled() > 0) {
sehandle = selinux_android_file_context_handle(); sehandle = selinux_android_file_context_handle();
} }
#endif
/* is 64K enough? udev uses 16MB! */ /* is 64K enough? udev uses 16MB! */
device_fd = uevent_open_socket(64*1024, true); device_fd = uevent_open_socket(64*1024, true);
if(device_fd < 0) if(device_fd < 0)

27
init/init.c
View file

@ -33,11 +33,9 @@
#include <sys/un.h> #include <sys/un.h>
#include <sys/personality.h> #include <sys/personality.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h> #include <selinux/selinux.h>
#include <selinux/label.h> #include <selinux/label.h>
#include <selinux/android.h> #include <selinux/android.h>
#endif
#include <libgen.h> #include <libgen.h>
@ -61,10 +59,8 @@
#include "ueventd.h" #include "ueventd.h"
#include "watchdogd.h" #include "watchdogd.h"
#ifdef HAVE_SELINUX
struct selabel_handle *sehandle; struct selabel_handle *sehandle;
struct selabel_handle *sehandle_prop; struct selabel_handle *sehandle_prop;
#endif
static int property_triggers_enabled = 0; static int property_triggers_enabled = 0;
@ -78,9 +74,7 @@ static char hardware[32];
static unsigned revision = 0; static unsigned revision = 0;
static char qemu[32]; static char qemu[32];
#ifdef HAVE_SELINUX
static int selinux_enabled = 1; static int selinux_enabled = 1;
#endif
static struct action *cur_action = NULL; static struct action *cur_action = NULL;
static struct command *cur_command = NULL; static struct command *cur_command = NULL;
@ -164,10 +158,9 @@ void service_start(struct service *svc, const char *dynamic_args)
pid_t pid; pid_t pid;
int needs_console; int needs_console;
int n; int n;
#ifdef HAVE_SELINUX
char *scon = NULL; char *scon = NULL;
int rc; int rc;
#endif
/* starting a service removes it from the disabled or reset /* starting a service removes it from the disabled or reset
* state and immediately takes it out of the restarting * state and immediately takes it out of the restarting
* state if it was in there * state if it was in there
@ -204,7 +197,6 @@ void service_start(struct service *svc, const char *dynamic_args)
return; return;
} }
#ifdef HAVE_SELINUX
if (is_selinux_enabled() > 0) { if (is_selinux_enabled() > 0) {
char *mycon = NULL, *fcon = NULL; char *mycon = NULL, *fcon = NULL;
@ -230,7 +222,6 @@ void service_start(struct service *svc, const char *dynamic_args)
return; return;
} }
} }
#endif
NOTICE("starting '%s'\n", svc->name); NOTICE("starting '%s'\n", svc->name);
@ -267,9 +258,7 @@ void service_start(struct service *svc, const char *dynamic_args)
for (ei = svc->envvars; ei; ei = ei->next) for (ei = svc->envvars; ei; ei = ei->next)
add_environment(ei->name, ei->value); add_environment(ei->name, ei->value);
#ifdef HAVE_SELINUX
setsockcreatecon(scon); setsockcreatecon(scon);
#endif
for (si = svc->sockets; si; si = si->next) { for (si = svc->sockets; si; si = si->next) {
int socket_type = ( int socket_type = (
@ -282,11 +271,9 @@ void service_start(struct service *svc, const char *dynamic_args)
} }
} }
#ifdef HAVE_SELINUX
freecon(scon); freecon(scon);
scon = NULL; scon = NULL;
setsockcreatecon(NULL); setsockcreatecon(NULL);
#endif
if (svc->ioprio_class != IoSchedClass_NONE) { if (svc->ioprio_class != IoSchedClass_NONE) {
if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) { if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) {
@ -332,15 +319,12 @@ void service_start(struct service *svc, const char *dynamic_args)
_exit(127); _exit(127);
} }
} }
#ifdef HAVE_SELINUX
if (svc->seclabel) { if (svc->seclabel) {
if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) { if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) {
ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno)); ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno));
_exit(127); _exit(127);
} }
} }
#endif
if (!dynamic_args) { if (!dynamic_args) {
if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) { if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) {
@ -367,9 +351,7 @@ void service_start(struct service *svc, const char *dynamic_args)
_exit(127); _exit(127);
} }
#ifdef HAVE_SELINUX
freecon(scon); freecon(scon);
#endif
if (pid < 0) { if (pid < 0) {
ERROR("failed to start '%s'\n", svc->name); ERROR("failed to start '%s'\n", svc->name);
@ -620,11 +602,9 @@ static void import_kernel_nv(char *name, int for_emulator)
*value++ = 0; *value++ = 0;
if (name_len == 0) return; if (name_len == 0) return;
#ifdef HAVE_SELINUX
if (!strcmp(name,"selinux")) { if (!strcmp(name,"selinux")) {
selinux_enabled = atoi(value); selinux_enabled = atoi(value);
} }
#endif
if (for_emulator) { if (for_emulator) {
/* in the emulator, export any kernel option with the /* in the emulator, export any kernel option with the
@ -772,7 +752,6 @@ static int bootchart_init_action(int nargs, char **args)
} }
#endif #endif
#ifdef HAVE_SELINUX
static const struct selinux_opt seopts_prop[] = { static const struct selinux_opt seopts_prop[] = {
{ SELABEL_OPT_PATH, "/data/system/property_contexts" }, { SELABEL_OPT_PATH, "/data/system/property_contexts" },
{ SELABEL_OPT_PATH, "/property_contexts" }, { SELABEL_OPT_PATH, "/property_contexts" },
@ -831,8 +810,6 @@ int audit_callback(void *data, security_class_t cls, char *buf, size_t len)
return 0; return 0;
} }
#endif
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
int fd_count = 0; int fd_count = 0;
@ -886,7 +863,6 @@ int main(int argc, char **argv)
process_kernel_cmdline(); process_kernel_cmdline();
#ifdef HAVE_SELINUX
union selinux_callback cb; union selinux_callback cb;
cb.func_log = klog_write; cb.func_log = klog_write;
selinux_set_callback(SELINUX_CB_LOG, cb); selinux_set_callback(SELINUX_CB_LOG, cb);
@ -911,7 +887,6 @@ int main(int argc, char **argv)
*/ */
restorecon("/dev"); restorecon("/dev");
restorecon("/dev/socket"); restorecon("/dev/socket");
#endif
is_charger = !strcmp(bootmode, "charger"); is_charger = !strcmp(bootmode, "charger");

4
init/init.h
View file

@ -95,9 +95,7 @@ struct service {
gid_t supp_gids[NR_SVC_SUPP_GIDS]; gid_t supp_gids[NR_SVC_SUPP_GIDS];
size_t nr_supp_gids; size_t nr_supp_gids;
#ifdef HAVE_SELINUX
char *seclabel; char *seclabel;
#endif
struct socketinfo *sockets; struct socketinfo *sockets;
struct svcenvinfo *envvars; struct svcenvinfo *envvars;
@ -136,10 +134,8 @@ void property_changed(const char *name, const char *value);
int load_565rle_image( char *file_name ); int load_565rle_image( char *file_name );
#ifdef HAVE_SELINUX
extern struct selabel_handle *sehandle; extern struct selabel_handle *sehandle;
extern struct selabel_handle *sehandle_prop; extern struct selabel_handle *sehandle_prop;
extern int selinux_reload_policy(void); extern int selinux_reload_policy(void);
#endif
#endif /* _INIT_INIT_H */ #endif /* _INIT_INIT_H */

2
init/init_parser.c
View file

@ -799,13 +799,11 @@ static void parse_line_service(struct parse_state *state, int nargs, char **args
} }
break; break;
case K_seclabel: case K_seclabel:
#ifdef HAVE_SELINUX
if (nargs != 2) { if (nargs != 2) {
parse_error(state, "seclabel option requires a label string\n"); parse_error(state, "seclabel option requires a label string\n");
} else { } else {
svc->seclabel = args[1]; svc->seclabel = args[1];
} }
#endif
break; break;
default: default:

18
init/property_service.c
View file

@ -40,10 +40,8 @@
#include <sys/atomics.h> #include <sys/atomics.h>
#include <private/android_filesystem_config.h> #include <private/android_filesystem_config.h>
#ifdef HAVE_SELINUX
#include <selinux/selinux.h> #include <selinux/selinux.h>
#include <selinux/label.h> #include <selinux/label.h>
#endif
#include "property_service.h" #include "property_service.h"
#include "init.h" #include "init.h"
@ -201,7 +199,6 @@ static void update_prop_info(prop_info *pi, const char *value, unsigned len)
static int check_mac_perms(const char *name, char *sctx) static int check_mac_perms(const char *name, char *sctx)
{ {
#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0) if (is_selinux_enabled() <= 0)
return 1; return 1;
@ -225,15 +222,10 @@ static int check_mac_perms(const char *name, char *sctx)
freecon(tctx); freecon(tctx);
err: err:
return result; return result;
#endif
return 1;
} }
static int check_control_mac_perms(const char *name, char *sctx) static int check_control_mac_perms(const char *name, char *sctx)
{ {
#ifdef HAVE_SELINUX
/* /*
* Create a name prefix out of ctl.<service name> * Create a name prefix out of ctl.<service name>
* The new prefix allows the use of the existing * The new prefix allows the use of the existing
@ -247,9 +239,6 @@ static int check_control_mac_perms(const char *name, char *sctx)
return 0; return 0;
return check_mac_perms(ctl_name, sctx); return check_mac_perms(ctl_name, sctx);
#endif
return 1;
} }
/* /*
@ -396,11 +385,9 @@ int property_set(const char *name, const char *value)
* to prevent them from being overwritten by default values. * to prevent them from being overwritten by default values.
*/ */
write_persistent_property(name, value); write_persistent_property(name, value);
#ifdef HAVE_SELINUX
} else if (strcmp("selinux.reload_policy", name) == 0 && } else if (strcmp("selinux.reload_policy", name) == 0 &&
strcmp("1", value) == 0) { strcmp("1", value) == 0) {
selinux_reload_policy(); selinux_reload_policy();
#endif
} }
property_changed(name, value); property_changed(name, value);
return 0; return 0;
@ -442,9 +429,7 @@ void handle_property_set_fd()
msg.name[PROP_NAME_MAX-1] = 0; msg.name[PROP_NAME_MAX-1] = 0;
msg.value[PROP_VALUE_MAX-1] = 0; msg.value[PROP_VALUE_MAX-1] = 0;
#ifdef HAVE_SELINUX
getpeercon(s, &source_ctx); getpeercon(s, &source_ctx);
#endif
if(memcmp(msg.name,"ctl.",4) == 0) { if(memcmp(msg.name,"ctl.",4) == 0) {
// Keep the old close-socket-early behavior when handling // Keep the old close-socket-early behavior when handling
@ -469,10 +454,7 @@ void handle_property_set_fd()
// the property is written to memory. // the property is written to memory.
close(s); close(s);
} }
#ifdef HAVE_SELINUX
freecon(source_ctx); freecon(source_ctx);
#endif
break; break;
default: default:

15
init/util.c
View file

@ -23,9 +23,7 @@
#include <errno.h> #include <errno.h>
#include <time.h> #include <time.h>
#ifdef HAVE_SELINUX
#include <selinux/label.h> #include <selinux/label.h>
#endif
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
@ -89,9 +87,7 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid)
{ {
struct sockaddr_un addr; struct sockaddr_un addr;
int fd, ret; int fd, ret;
#ifdef HAVE_SELINUX
char *secon; char *secon;
#endif
fd = socket(PF_UNIX, type, 0); fd = socket(PF_UNIX, type, 0);
if (fd < 0) { if (fd < 0) {
@ -110,14 +106,12 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid)
goto out_close; goto out_close;
} }
#ifdef HAVE_SELINUX
secon = NULL; secon = NULL;
if (sehandle) { if (sehandle) {
ret = selabel_lookup(sehandle, &secon, addr.sun_path, S_IFSOCK); ret = selabel_lookup(sehandle, &secon, addr.sun_path, S_IFSOCK);
if (ret == 0) if (ret == 0)
setfscreatecon(secon); setfscreatecon(secon);
} }
#endif
ret = bind(fd, (struct sockaddr *) &addr, sizeof (addr)); ret = bind(fd, (struct sockaddr *) &addr, sizeof (addr));
if (ret) { if (ret) {
@ -125,10 +119,8 @@ int create_socket(const char *name, int type, mode_t perm, uid_t uid, gid_t gid)
goto out_unlink; goto out_unlink;
} }
#ifdef HAVE_SELINUX
setfscreatecon(NULL); setfscreatecon(NULL);
freecon(secon); freecon(secon);
#endif
chown(addr.sun_path, uid, gid); chown(addr.sun_path, uid, gid);
chmod(addr.sun_path, perm); chmod(addr.sun_path, perm);
@ -468,31 +460,27 @@ int make_dir(const char *path, mode_t mode)
{ {
int rc; int rc;
#ifdef HAVE_SELINUX
char *secontext = NULL; char *secontext = NULL;
if (sehandle) { if (sehandle) {
selabel_lookup(sehandle, &secontext, path, mode); selabel_lookup(sehandle, &secontext, path, mode);
setfscreatecon(secontext); setfscreatecon(secontext);
} }
#endif
rc = mkdir(path, mode); rc = mkdir(path, mode);
#ifdef HAVE_SELINUX
if (secontext) { if (secontext) {
int save_errno = errno; int save_errno = errno;
freecon(secontext); freecon(secontext);
setfscreatecon(NULL); setfscreatecon(NULL);
errno = save_errno; errno = save_errno;
} }
#endif
return rc; return rc;
} }
int restorecon(const char *pathname) int restorecon(const char *pathname)
{ {
#ifdef HAVE_SELINUX
char *secontext = NULL; char *secontext = NULL;
struct stat sb; struct stat sb;
int i; int i;
@ -509,6 +497,5 @@ int restorecon(const char *pathname)
return -errno; return -errno;
} }
freecon(secontext); freecon(secontext);
#endif
return 0; return 0;
} }