d514c5aff9c5d8831f8907ec12dee43a2583c9ff |
|
28-Sep-2014 |
Nick Kralevich <nnk@google.com> |
implement partial matching using PCRE To speed up the boot process, Android doesn't visit every directory in /sys. Instead, only those directories which match a regular expression in /file_contexts are visited. Other directories are skipped. This results in 2-3 second boot time reduction. The initial version of this optimization was implemented in change 0e7340fb99b931540e2baf4778abeb53d40084e7. However, because PCRE wasn't available, it was recognized that false positives and false negatives might occur. Now that PCRE is available, start using it. It will avoid the false positive / negatives problem. Bug: 17682157 (cherry picked from commit d0b768abcd2b4adb1853ac38e59aa80f09872ac3) Change-Id: I403e32cdb23e45abcf6f2a702af88a3eacc47942
/external/libselinux/Android.mk
|
f58dbddbf5d4f10732501e91427afa421f463be5 |
|
01-Jul-2014 |
Nick Kralevich <nnk@google.com> |
Log userspace SELinux denials to the event log. In addition to logging userspace SELinux denials to logcat, also log it to eventlog using the auditd log tag. Change-Id: I6a269a832bc2f5e5da6c9dbd169ed2f901b49166
/external/libselinux/Android.mk
|
bad0ebb47417d17ca807e5f97fcbe649bc4cc05e |
|
12-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add service_context management into libselinux. Add functions to handle opening handles for MAC on service_manager. Also add selinux_log_callback into libselinux because identical code was spread through three different files. Bug: 12909011 Change-Id: I04eb855700f1d0c086542053d987b3a30cf1b0c0
/external/libselinux/Android.mk
|
826cc29d8bb1b570165e9b0cc332e7159c65031a |
|
28-Jan-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Only apply restorecon_recursive when file_contexts changes. For any persistent directory (e.g. /data, /persist), we only want to apply restorecon_recursive when there is a change to the file_contexts mapping on an update. Avoid repeatedly walking the directory tree on each boot by setting a security.restorecon_last xattr on each directory during a restorecon_recursive tree walk to a hash of the file_contexts file and skipping the traversal if the xattr is already set and matches the hash of the current file_contexts file. For /sys, the attempt to get and set the xattr will fail but this is harmless. Change-Id: I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/libselinux/Android.mk
|
4f2b0565ea34081dc2fd04073bb558d6b2609aef |
|
16-Apr-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add selinux status functions from upstream libselinux. These functions allow programs to check whether there has been a change to the SELinux status without needing to poll a netlink socket. Change-Id: Ic7f310d69a7c420e48fbc974000cf4a5b9ab4a3b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/libselinux/Android.mk
|
d23b9e0198be5699623b4be8c12f02719c506ce0 |
|
21-Sep-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Rework category mapping and perform some code cleanup. Map the app IDs to a category pair rather than a single category. With this scheme, we can represent up to 2^16 app IDs, which exceeds the maximum of 10000 imposed by Android. This also only uses category bits 0-511, so 512-1023 remain free for use for other purposes (or we could shrink the number of categories defined in the policy). Also perform other minor code cleanups previously suggested, e.g. fix const declaration, use an enum rather than #define, correct %lu to %u for format string, etc. Change-Id: I5bb727bfb4297e3e13ba1ef078e41db3ea7d1b8f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/libselinux/Android.mk
|
ba70ee4c5ab8026e97fce5c2452dfe588dfaac3e |
|
10-Jul-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add support for the new username mapping in JB, and backward compatibility.
/external/libselinux/Android.mk
|
52cd377a74a710b2476c6a4c46da8b59a0dce50d |
|
10-Apr-2012 |
The Android Open Source Project <initial-contribution@android.com> |
Merge from upstream libselinux Change-Id: I1fd35714001e3fcf9022756334cbb89611ce5c66
|
3bc6d442097929a1579e91aa687d257b0cf82189 |
|
06-Apr-2012 |
Kenny Root <kroot@google.com> |
Revert "Do not build if HAVE_SELINUX=false." We need to always build libselinux even if it's not being used by anything in the system image. This makes sure some unrelated change doesn't accidentally break libselinux. This reverts commit 6670f53f78cd44a6cb484785b2837439e2ba9178.
/external/libselinux/Android.mk
|
35b01083fe5e34cbd318a78ef9b1a13432ae24d9 |
|
04-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define and implement Android property selabel backend.
/external/libselinux/Android.mk
|
6670f53f78cd44a6cb484785b2837439e2ba9178 |
|
02-Feb-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Do not build if HAVE_SELINUX=false.
/external/libselinux/Android.mk
|
d409de2efd8c6ddc3929d1a5b79ab3163b65542c |
|
24-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Drop src/callbacks.h from LOCAL_COPY_HEADERS.
/external/libselinux/Android.mk
|
cc3d76d1b717805740126aec7e0343f5a240cfbe |
|
24-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Support for building the host library on MacOS X.
/external/libselinux/Android.mk
|
f074036424618c130dacb3464465a8b40bffef58 |
|
04-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Port of libselinux to Android.
/external/libselinux/Android.mk
|