From patchwork Thu Sep 29 18:02:25 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Roberts, William C" <william.c.roberts@intel.com>
X-Patchwork-Id: 9356853
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	649D16077B for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 29 Sep 2016 18:04:47 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 59DC329B3A
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 29 Sep 2016 18:04:47 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 4E31B29AE6; Thu, 29 Sep 2016 18:04:47 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9F15029AE6
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 29 Sep 2016 18:04:46 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.31,268,1473120000"; d="scan'208";a="18117466"
IronPort-PHdr: =?us-ascii?q?9a23=3A6tTYdRyFtohDp+nXCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?0eMUIJqq85mqBkHD//Il1AaPBtSBrasVwLOM6+jJYi8p2d65qncMcZhBBVcuqP?=
	=?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL2PbrnD61zMOABK3bVMz?=
	=?us-ascii?q?fbWvXNeDxJ3tj6ibwN76W01wnj2zYLd/fl2djD76kY0ou7ZkMbs70RDTo3FFKK?=
	=?us-ascii?q?x8zGJsIk+PzV6nvp/jtKN592xsn95pt4sZCeSpN5g/GKdVCDUgLnAd+NzgtR6F?=
	=?us-ascii?q?SxCGoHQbTCFeiRdBBQTf6xD2G5PwqTfSqvt22C7cO9b/C78zR3Dq9KtwYAP5gy?=
	=?us-ascii?q?cAcTgi+SfYjdIjorhcpUe+phh7wofRJorTLv10c7nBZvsbQ3ZMWoBaUCkSUcuH?=
	=?us-ascii?q?c4ITAr9Zbq5jpI7nqg5L9EOz?=
X-IPAS-Result: =?us-ascii?q?A2FlBQBvVu1X/wHyM5BdGgEBAQECAQEBAQgBAQEBFgEBAQM?=
	=?us-ascii?q?BAQEJAQEBgxQBAQEBAR6BU6YGlEogh21MAQEBAQEBAQECAQJbJ4IyBAMTBYIYA?=
	=?us-ascii?q?iQTFCAOAwkCFwghCAgDAS0VGAcLBRgEiCy7YSWIPIZmEQGFegWONYtCj3ACiX2?=
	=?us-ascii?q?FbQJIkCFUgx0cgWxWAYUleIEoAQEB?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea10.nsa.gov with ESMTP; 29 Sep 2016 18:04:36 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8TI3UlB004602;
	Thu, 29 Sep 2016 14:03:49 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u8TI2ZhR019934 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Thu, 29 Sep 2016 14:02:35 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8TI2YKp004547;
	Thu, 29 Sep 2016 14:02:34 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1AjBABvVu1X/yNjr8ZdGgEBAQECAQEBAQgBAQEBgz8BAQEBAR6BU7ZChBUUhgqBaEwBAgEBAQEBAl6FNlIwgQ8SiE27VTGIPIxyBY41i0KPcAKPagJIkCFUgk1QHIFsIjQBh0UBAQE
X-IPAS-Result: 
 A1AjBABvVu1X/yNjr8ZdGgEBAQECAQEBAQgBAQEBgz8BAQEBAR6BU7ZChBUUhgqBaEwBAgEBAQEBAl6FNlIwgQ8SiE27VTGIPIxyBY41i0KPcAKPagJIkCFUgk1QHIFsIjQBh0UBAQE
X-IronPort-AV: E=Sophos;i="5.31,268,1473134400"; d="scan'208";a="5736892"
Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov)
	([10.208.41.37])
	by goalie.tycho.ncsc.mil with ESMTP; 29 Sep 2016 14:02:33 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3AZJeT7BCcMXdN8xoJO+jJUyQJP3N1i/DPJgcQr6Af?=
	=?us-ascii?q?oPdwSP/6oMbcNUDSrc9gkEXOFd2CrakV0ayP4uu5AzRIyK3CmUhKSIZLWR4BhJ?=
	=?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?=
	=?us-ascii?q?brysXNWD1YLuhqvrocWbSj4LrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYe?=
	=?us-ascii?q?VcyDAgD1uSmxHh+pX4p8Y7oGx48sgs/M9YUKj8Y79wDfkBVGxnYFYO49f3uBX5?=
	=?us-ascii?q?QACO/iFUEjlO00kAPw+Q9xz+X5HsogPmp+F932+cJsSwQrcqHXy54q5tRAXviS?=
	=?us-ascii?q?tCMz8i7EnLm8dwi+RduxvnqBthh8bPbJq9KOt1fqSbe8gTA2VGQJV/TStEV5y9?=
	=?us-ascii?q?a48OBu9HNqBCqIPwvUcVhRq4GQSoQujoz2wbzkTq1LE3hrxyWTrN2xYtSpdQ6H?=
	=?us-ascii?q?k=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FjBQDDVe1X/yNjr8ZdGgEBAQECAQEBA?=
	=?us-ascii?q?QgBAQEBFgEBAQMBAQEJAQEBgxQBAQEBAR6BU6YGkDyEFRSGCoFoTAEBAQEBAQE?=
	=?us-ascii?q?BAgECWyeCMgQBFQWCPlIwgQ8SiE27WDGIPIxyBY41i0KPcAKPagJIkCFUgx0cg?=
	=?us-ascii?q?WwiNAGGBIFBAQEB?=
X-IPAS-Result: =?us-ascii?q?A0FjBQDDVe1X/yNjr8ZdGgEBAQECAQEBAQgBAQEBFgEBAQM?=
	=?us-ascii?q?BAQEJAQEBgxQBAQEBAR6BU6YGkDyEFRSGCoFoTAEBAQEBAQEBAgECWyeCMgQBF?=
	=?us-ascii?q?QWCPlIwgQ8SiE27WDGIPIxyBY41i0KPcAKPagJIkCFUgx0cgWwiNAGGBIFBAQE?=
	=?us-ascii?q?B?=
X-IronPort-AV: E=Sophos;i="5.31,268,1473120000"; d="scan'208";a="19675731"
Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 29 Sep 2016 18:02:31 +0000
Received: from orsmga002.jf.intel.com ([10.7.209.21])
	by fmsmga002-icc.fm.intel.com with ESMTP; 29 Sep 2016 11:02:29 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.31,268,1473145200"; d="scan'208";
	a="1058396270"
Received: from jfbonin1-mobl.amr.corp.intel.com (HELO
	wcrobert-MOBL1.amr.corp.intel.com) ([10.254.181.112])
	by orsmga002.jf.intel.com with ESMTP; 29 Sep 2016 11:02:29 -0700
From: william.c.roberts@intel.com
To: selinux@tycho.nsa.gov, seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov
Subject: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
Date: Thu, 29 Sep 2016 14:02:25 -0400
Message-Id: <1475172145-16428-1-git-send-email-william.c.roberts@intel.com>
X-Mailer: git-send-email 1.9.1
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

From: William Roberts <william.c.roberts@intel.com>

Provide stubs to the public boolean API that always returns -1.

On Android, boolean symbols are needed for:
external/ltrace/sysdeps/linux-gnu/trace.c

Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 libselinux/Makefile       |  4 +++
 libselinux/src/booleans.c | 64 +++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/libselinux/Makefile b/libselinux/Makefile
index f607115..b5f32bb 100644
--- a/libselinux/Makefile
+++ b/libselinux/Makefile
@@ -5,6 +5,7 @@ DISABLE_RPM ?= y
 ANDROID_HOST ?= n
 ifeq ($(ANDROID_HOST),y)
 	override DISABLE_SETRANS=y
+	override DISABLE_BOOL=y
 endif
 ifeq ($(DISABLE_RPM),y)
 	DISABLE_FLAGS+= -DDISABLE_RPM
@@ -12,6 +13,9 @@ endif
 ifeq ($(DISABLE_SETRANS),y)
 	DISABLE_FLAGS+= -DDISABLE_SETRANS
 endif
+ifeq ($(DISABLE_BOOL),y)
+	DISABLE_FLAGS+= -DDISABLE_BOOL
+endif
 export DISABLE_SETRANS DISABLE_RPM DISABLE_FLAGS ANDROID_HOST
 
 USE_PCRE2 ?= n
diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
index c438af1..cbb0610 100644
--- a/libselinux/src/booleans.c
+++ b/libselinux/src/booleans.c
@@ -25,6 +25,8 @@
 
 #define SELINUX_BOOL_DIR "/booleans/"
 
+#ifndef DISABLE_BOOL
+
 static int filename_select(const struct dirent *d)
 {
 	if (d->d_name[0] == '.'
@@ -85,8 +87,6 @@ int security_get_boolean_names(char ***names, int *len)
 	goto out;
 }
 
-hidden_def(security_get_boolean_names)
-
 char *selinux_boolean_sub(const char *name)
 {
 	char *sub = NULL;
@@ -141,8 +141,6 @@ out:
 	return sub;
 }
 
-hidden_def(selinux_boolean_sub)
-
 static int bool_open(const char *name, int flag) {
 	char *fname = NULL;
 	char *alt_name = NULL;
@@ -262,8 +260,6 @@ int security_get_boolean_active(const char *name)
 	return val;
 }
 
-hidden_def(security_get_boolean_active)
-
 int security_set_boolean(const char *name, int value)
 {
 	int fd, ret;
@@ -297,8 +293,6 @@ int security_set_boolean(const char *name, int value)
 		return -1;
 }
 
-hidden_def(security_set_boolean)
-
 int security_commit_booleans(void)
 {
 	int fd, ret;
@@ -327,8 +321,6 @@ int security_commit_booleans(void)
 		return -1;
 }
 
-hidden_def(security_commit_booleans)
-
 static char *strtrim(char *dest, char *source, int size)
 {
 	int i = 0;
@@ -567,3 +559,55 @@ int security_load_booleans(char *path)
 		errno = EINVAL;
 	return errors ? -1 : 0;
 }
+
+#else
+int security_set_boolean_list(size_t boolcnt __attribute__((unused)),
+	SELboolean * boollist __attribute__((unused)),
+	int permanent __attribute__((unused)))
+{
+	return -1;
+}
+
+int security_load_booleans(char *path __attribute__((unused)))
+{
+	return -1;
+}
+
+int security_get_boolean_names(char ***names __attribute__((unused)),
+	int *len __attribute__((unused)))
+{
+	return -1;
+}
+
+int security_get_boolean_pending(const char *name __attribute__((unused)))
+{
+	return -1;
+}
+
+int security_get_boolean_active(const char *name __attribute__((unused)))
+{
+	return -1;
+}
+
+int security_set_boolean(const char *name __attribute__((unused)),
+	int value __attribute__((unused)))
+{
+	return -1;
+}
+
+int security_commit_booleans(void)
+{
+	return -1;
+}
+
+char *selinux_boolean_sub(const char *name __attribute__((unused)))
+{
+	return NULL;
+}
+#endif
+
+hidden_def(security_get_boolean_names)
+hidden_def(selinux_boolean_sub)
+hidden_def(security_get_boolean_active)
+hidden_def(security_set_boolean)
+hidden_def(security_commit_booleans)