801cd60478e994c505ff740271b5506e2036278c |
|
17-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: is_selinux_enabled(): drop no-policy-loaded test. upstream commit 685f4aeeadc0b60f3770404d4f149610d656e3c8. SELinux can be disabled via the selinux=0 kernel parameter or via /sys/fs/selinux/disable (triggered by setting SELINUX=disabled in /etc/selinux/config). In either case, selinuxfs will be unmounted and unregistered and therefore it is sufficient to check for the selinuxfs mount. We do not need to check for no-policy-loaded and treat that as SELinux-disabled anymore; that is a relic of Fedora Core 2 days. Drop the no-policy-loaded test, which was a bit of a hack anyway (checking whether getcon_raw() returned "kernel" as that can only happen if no policy is yet loaded and therefore security_sid_to_context() only has the initial SID name available to return as the context). May possibly fix https://bugzilla.redhat.com/show_bug.cgi?id=1195074 by virtue of removing the call to getcon_raw() and therefore avoiding use of tls on is_selinux_enabled() calls. Regardless, it will make is_selinux_enabled() faster and simpler. [sds: Adapted for the Android libselinux port. Also drops the fallback to scanning /proc/filesystems for selinuxfs as this was already done upstream; init mounts selinuxfs via libselinux prior to any is_selinux_enabled() checks. The tls bug is not relevant in Android since the Android libselinux port does not use tls, but this change is nonetheless useful to optimize is_selinux_enabled().] Change-Id: Ia8b484a3a2fe7f604b0bfb8f5b109ad7674c1152 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/libselinux/src/enabled.c
|
ab40ea9bfd71b50138f1482c4764a65ac17d8caf |
|
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Get rid of security_context_t and fix const declarations. The const security_context_t declarations were incorrect; const char * was intended, not char * const. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value. typedef left to permit building legacy users until such a time as all are updated. Change-Id: I2f9df7bb9f575f76024c3e5f5b660345da2931a7 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/libselinux/src/enabled.c
|
b1ae15abf1d3a47b0e993d1a4daa228f73d12bb9 |
|
12-Jul-2013 |
Nick Kralevich <nnk@google.com> |
Clean up code Clean up the code, so it compiles with -Wall -Wextra -Werror Change-Id: I78ad5941a45208e1a82181cedb5853753f58ff0d
/external/libselinux/src/enabled.c
|
f074036424618c130dacb3464465a8b40bffef58 |
|
04-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Port of libselinux to Android.
/external/libselinux/src/enabled.c
|