From patchwork Mon Sep 26 17:33:39 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Roberts, William C" <william.c.roberts@intel.com>
X-Patchwork-Id: 9351087
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B72506077B for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 26 Sep 2016 17:37:29 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A88AC286AA
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 26 Sep 2016 17:37:29 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9D3F128737; Mon, 26 Sep 2016 17:37:29 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 502A0286AA
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 26 Sep 2016 17:37:27 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.30,400,1470700800"; d="scan'208";a="19557524"
IronPort-PHdr: =?us-ascii?q?9a23=3AIkw+RRCnPEB+JBa2WYAeUyQJP3N1i/DPJgcQr6Af?=
	=?us-ascii?q?oPdwSP7ypcbcNUDSrc9gkEXOFd2CrakV0ayP6Ou5ATJIyK3CmUhKSIZLWR4BhJ?=
	=?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?=
	=?us-ascii?q?brysXNWD1YLujKvro8ObSj4LrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYe?=
	=?us-ascii?q?VcyDAgD1uSmxHh+pX4p8Y7oGxtofZpy+psGeW/Jvx5HvRkC2E9PmQ04tD7nQXS?=
	=?us-ascii?q?RguIoH0HWyMZlQQMSxPI5Rf2RJDwvm7+t/Fh8DWLNs3xC7YvUHKt6LkvAATkkw?=
	=?us-ascii?q?8bJjU59yfRkcU2g6VF8zy7oBkq3I/QZICcMbx1OLnad94AWXFpX8BNWigHCYS5?=
	=?us-ascii?q?PNhHNPYIIesN99q1nFAJtxbrQFD0CQ=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2EWBABVXOlX/wHyM5BdGgEBAQECAQEBAQgBAQEBFwEBBAE?=
	=?us-ascii?q?BCgEBgxIBAQEBAR6BU6Y7lEQgh2ZMAQEBAQEBAQECAQJbJ4IyBAMTBYIRAgQBA?=
	=?us-ascii?q?iQTFCAOAwkBARcIIQgIAwEtFREHBwsFGASIKr5bAQoBAQEjiDuGZhEBhXoFiDa?=
	=?us-ascii?q?GdYpLj2gCiXuFbkiQH1SDGRyBcFIBhUZ4gScBAQE?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 26 Sep 2016 17:37:14 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8QHbDgC015075;
	Mon, 26 Sep 2016 13:37:13 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u8QHXien253305 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Mon, 26 Sep 2016 13:33:44 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8QHXfIR014715;
	Mon, 26 Sep 2016 13:33:44 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1CGBACpW+lX/yNjr8ZdGgEBAQECAQEBAQgBAQEBgz0BAQEBAR6BU7ZzhBOGHgKBX0wBAgEBAQEBAl6FCQIEJ1IQIDFXBxKIS75UAQEBAQYBAQEBI4g7jHIFiDaGdYpLj2gCj2lIkB9UgxkcgXAeNAGHZQEBAQ
X-IPAS-Result: 
 A1CGBACpW+lX/yNjr8ZdGgEBAQECAQEBAQgBAQEBgz0BAQEBAR6BU7ZzhBOGHgKBX0wBAgEBAQEBAl6FCQIEJ1IQIDFXBxKIS75UAQEBAQYBAQEBI4g7jHIFiDaGdYpLj2gCj2lIkB9UgxkcgXAeNAGHZQEBAQ
X-IronPort-AV: E=Sophos;i="5.30,400,1470715200"; d="scan'208";a="5729316"
Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov)
	([10.208.41.37])
	by goalie.tycho.ncsc.mil with ESMTP; 26 Sep 2016 13:33:44 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3Av4EoHhSjdSwoOudbgrOTbidGGNpsv+yvbD5Q0YIu?=
	=?us-ascii?q?jvd0So/mwa65ZRON2/xhgRfzUJnB7Loc0qyN4vqmADdLuM7f+Fk5M7V0Hycfjs?=
	=?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aJBzzOEJP?=
	=?us-ascii?q?K/jvHcaK1oLshrr0osaYOl0WzBOGIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu?=
	=?us-ascii?q?5NznlpL1/A1zz158O34YIxu38I46Fp34d6XK77Z6U1S6BDRHRjajhtpZ7djh7Z?=
	=?us-ascii?q?UQaD3HYXU31M2loUW0mWpC39C4z8tir8q/pVxDiRPcqwS6s9Hzul8eMjUxLhji?=
	=?us-ascii?q?sdMD81tWXWkdBYkLNQoBXnoQd2hYHTfsXdL/ZlVr/MdtMdA2xaV4BeUDISLJm7?=
	=?us-ascii?q?at4QDu4FPO9d6YK7vVwEoAGiHiGtAv/iznlDgXqljuUBz+09HFSej0QbFNUUvS?=
	=?us-ascii?q?GR8o34?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EUBABCW+lX/yNjr8ZdGgEBAQECAQEBA?=
	=?us-ascii?q?QgBAQEBFgEBAQMBAQEJAQEBgxIBAQEBAR6BU6Y7kDiEE4YeAoFfTAEBAQEBAQE?=
	=?us-ascii?q?BAgECWyeCMgQBFQWCEQIEJ1IQIDFXBxKIS75IAQEBAQYBAQEBASKIO4xyBYg2h?=
	=?us-ascii?q?nWKS49oAo9pSJAfVIMZHIFwHjQBhiWBQAEBAQ?=
X-IPAS-Result: =?us-ascii?q?A0EUBABCW+lX/yNjr8ZdGgEBAQECAQEBAQgBAQEBFgEBAQM?=
	=?us-ascii?q?BAQEJAQEBgxIBAQEBAR6BU6Y7kDiEE4YeAoFfTAEBAQEBAQEBAgECWyeCMgQBF?=
	=?us-ascii?q?QWCEQIEJ1IQIDFXBxKIS75IAQEBAQYBAQEBASKIO4xyBYg2hnWKS49oAo9pSJA?=
	=?us-ascii?q?fVIMZHIFwHjQBhiWBQAEBAQ?=
X-IronPort-AV: E=Sophos;i="5.30,400,1470700800"; d="scan'208";a="19557313"
Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 26 Sep 2016 17:33:42 +0000
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.30,400,1470726000"; d="scan'208";
	a="1062515667"
Received: from gboitano-mobl3.amr.corp.intel.com (HELO
	wcrobert-MOBL1.amr.corp.intel.com) ([10.252.137.122])
	by fmsmga002.fm.intel.com with ESMTP; 26 Sep 2016 10:33:42 -0700
From: william.c.roberts@intel.com
To: selinux@tycho.nsa.gov, seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov
Subject: [PATCH 2/2] libselinux: add ifdef'ing for ANDROID and BUILD_HOST
Date: Mon, 26 Sep 2016 10:33:39 -0700
Message-Id: <1474911219-20465-3-git-send-email-william.c.roberts@intel.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1474911219-20465-1-git-send-email-william.c.roberts@intel.com>
References: <1474911219-20465-1-git-send-email-william.c.roberts@intel.com>
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

From: William Roberts <william.c.roberts@intel.com>

On Android, certain discrepancies arise for unused functionality or
for dealing with the differences in Bionic libc. This patch includes
all the "ifdef'ing" required and introduces the BUILD_HOST define.

The BUILD_HOST define removes functionality not needed when building
libselinux for the Android build host machine.

Note that not all the libselinux src files are used to build
the host and target libraries on Android.

Change-Id: I7984e7b769c4dfa627d6cf311411fa2c93bb7ef7
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 libselinux/src/callbacks.c      |   5 ++
 libselinux/src/label_file.c     |   2 +
 libselinux/src/label_internal.h |   5 ++
 libselinux/src/load_policy.c    |   4 ++
 libselinux/src/matchpathcon.c   | 116 ++++++++++++++++++++--------------------
 libselinux/src/procattr.c       |   3 ++
 6 files changed, 78 insertions(+), 57 deletions(-)

diff --git a/libselinux/src/callbacks.c b/libselinux/src/callbacks.c
index c3cf98b..c18ccc5 100644
--- a/libselinux/src/callbacks.c
+++ b/libselinux/src/callbacks.c
@@ -34,7 +34,12 @@ default_selinux_audit(void *ptr __attribute__((unused)),
 static int
 default_selinux_validate(char **ctx)
 {
+#ifndef BUILD_HOST
 	return security_check_context(*ctx);
+#else
+	(void) ctx;
+	return 0;
+#endif
 }
 
 static int
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 8ff1170..5ba6a22 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -543,6 +543,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 			break;
 		}
 
+#if !defined(BUILD_HOST) && !defined(ANDROID)
 	/* Process local and distribution substitution files */
 	if (!path) {
 		rec->dist_subs =
@@ -560,6 +561,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 							    rec->digest);
 	}
 
+#endif
 	rec->spec_file = strdup(path);
 
 	/*
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
index 0827ef6..7c55531 100644
--- a/libselinux/src/label_internal.h
+++ b/libselinux/src/label_internal.h
@@ -16,6 +16,11 @@
 #include "dso.h"
 #include "sha1.h"
 
+#ifdef ANDROID
+// Android does not have fgets_unlocked()
+#define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
+#endif
+
 /*
  * Installed backends
  */
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index 4f39fc7..249f82f 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -11,8 +11,10 @@
 #include <string.h>
 #include <errno.h>
 #include "selinux_internal.h"
+#ifndef ANDROID
 #include <sepol/sepol.h>
 #include <sepol/policydb.h>
+#endif
 #include <dlfcn.h>
 #include "policy.h"
 #include <limits.h>
@@ -45,6 +47,7 @@ int security_load_policy(void *data, size_t len)
 
 hidden_def(security_load_policy)
 
+#ifndef ANDROID
 int load_setlocaldefs hidden = 1;
 
 #undef max
@@ -465,3 +468,4 @@ int selinux_init_load_policy(int *enforce)
 	 */
 	return -1;
 }
+#endif
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
index 4764ab7..724eb65 100644
--- a/libselinux/src/matchpathcon.c
+++ b/libselinux/src/matchpathcon.c
@@ -7,6 +7,64 @@
 #include "callbacks.h"
 #include <limits.h>
 
+static int (*myinvalidcon) (const char *p, unsigned l, char *c) = NULL;
+static int (*mycanoncon) (const char *p, unsigned l, char **c) =  NULL;
+
+static void
+#ifdef __GNUC__
+    __attribute__ ((format(printf, 1, 2)))
+#endif
+    default_printf(const char *fmt, ...)
+{
+	va_list ap;
+	va_start(ap, fmt);
+	vfprintf(stderr, fmt, ap);
+	va_end(ap);
+}
+
+void
+#ifdef __GNUC__
+    __attribute__ ((format(printf, 1, 2)))
+#endif
+    (*myprintf) (const char *fmt,...) = &default_printf;
+int myprintf_compat = 0;
+
+void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
+{
+	myprintf = f ? f : &default_printf;
+	myprintf_compat = 1;
+}
+
+int compat_validate(struct selabel_handle *rec,
+		    struct selabel_lookup_rec *contexts,
+		    const char *path, unsigned lineno)
+{
+	int rc;
+	char **ctx = &contexts->ctx_raw;
+
+	if (myinvalidcon)
+		rc = myinvalidcon(path, lineno, *ctx);
+	else if (mycanoncon)
+		rc = mycanoncon(path, lineno, ctx);
+	else {
+		rc = selabel_validate(rec, contexts);
+		if (rc < 0) {
+			if (lineno) {
+				COMPAT_LOG(SELINUX_WARNING,
+					    "%s: line %u has invalid context %s\n",
+						path, lineno, *ctx);
+			} else {
+				COMPAT_LOG(SELINUX_WARNING,
+					    "%s: has invalid context %s\n", path, *ctx);
+			}
+		}
+	}
+
+	return rc ? -1 : 0;
+}
+
+#ifndef BUILD_HOST
+
 static __thread struct selabel_handle *hnd;
 
 /*
@@ -54,33 +112,6 @@ static void free_array_elts(void)
 	con_array = NULL;
 }
 
-static void
-#ifdef __GNUC__
-    __attribute__ ((format(printf, 1, 2)))
-#endif
-    default_printf(const char *fmt, ...)
-{
-	va_list ap;
-	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
-	va_end(ap);
-}
-
-void
-#ifdef __GNUC__
-    __attribute__ ((format(printf, 1, 2)))
-#endif
-    (*myprintf) (const char *fmt,...) = &default_printf;
-int myprintf_compat = 0;
-
-void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
-{
-	myprintf = f ? f : &default_printf;
-	myprintf_compat = 1;
-}
-
-static int (*myinvalidcon) (const char *p, unsigned l, char *c) = NULL;
-
 void set_matchpathcon_invalidcon(int (*f) (const char *p, unsigned l, char *c))
 {
 	myinvalidcon = f;
@@ -104,9 +135,6 @@ static int default_canoncon(const char *path, unsigned lineno, char **context)
 	return 0;
 }
 
-static int (*mycanoncon) (const char *p, unsigned l, char **c) =
-    NULL;
-
 void set_matchpathcon_canoncon(int (*f) (const char *p, unsigned l, char **c))
 {
 	if (f)
@@ -536,30 +564,4 @@ int selinux_lsetfilecon_default(const char *path)
 	return rc;
 }
 
-int compat_validate(struct selabel_handle *rec,
-		    struct selabel_lookup_rec *contexts,
-		    const char *path, unsigned lineno)
-{
-	int rc;
-	char **ctx = &contexts->ctx_raw;
-
-	if (myinvalidcon)
-		rc = myinvalidcon(path, lineno, *ctx);
-	else if (mycanoncon)
-		rc = mycanoncon(path, lineno, ctx);
-	else {
-		rc = selabel_validate(rec, contexts);
-		if (rc < 0) {
-			if (lineno) {
-				COMPAT_LOG(SELINUX_WARNING,
-					    "%s: line %u has invalid context %s\n",
-						path, lineno, *ctx);
-			} else {
-				COMPAT_LOG(SELINUX_WARNING,
-					    "%s: has invalid context %s\n", path, *ctx);
-			}
-		}
-	}
-
-	return rc ? -1 : 0;
-}
+#endif
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index eee4612..7efcd7e 100644
--- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c
@@ -22,10 +22,13 @@ static pthread_key_t destructor_key;
 static int destructor_key_initialized = 0;
 static __thread char destructor_initialized;
 
+#ifndef ANDROID
+/* Android declares this in unistd.h and has a definition for it */
 static pid_t gettid(void)
 {
 	return syscall(__NR_gettid);
 }
+#endif
 
 static void procattr_thread_destructor(void __attribute__((unused)) *unused)
 {