| 8b40b9cc6488082a14e985691337d1fcfaac9577 |
|
05-Aug-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libselinux: add selabel_cmp interface and label_file backend
Add a selabel_cmp() interface for comparing two label configurations,
and implement it for the file backend (i.e. for file_contexts). This
allows comparing two file_contexts configurations to see if the first
is a subset of, equal/identical to, a superset of, or incomparable to
the second. The motivating use case is to allow comparing two
file_contexts.bin files in Android CTS to confirm that a device
file_contexts.bin file contains all of the entries in the AOSP
general file_contexts.
Change-Id: I0fe63e0c7f11ae067b5aac2f468f7842e5d76986
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/libselinux/include/selinux/label.h
|
| be7f5e8814c4954aca51d3f95455c5d9d527658c |
|
12-Jun-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Extend label file backend to support label-by-symlink for ueventd.
When ueventd creates a device node, it may also create one or more
symlinks to the device node. These symlinks may be the only stable
name for the device, e.g. if the partition is dynamically assigned.
Extend the label file backend to support looking up the "best match"
for a device node based on its real path (key) and any links to it
(aliases). The order of precedence for best match is:
1) An exact match for the real path (key), or
2) An exact match for any of the links (aliases), or
3) The longest fixed prefix match.
Change-Id: Id6c2597eee2b6723a5089dcf7c450f8d0a4128f4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/libselinux/include/selinux/label.h
|
| 0e7340fb99b931540e2baf4778abeb53d40084e7 |
|
01-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Optimize restorecon_recursive tree walk.
restorecon_recursive can prune the tree walk whenever it
encounters a directory for which there is no possible match
for any of its descendants in the file_contexts configuration.
This will only presently benefit the restorecon_recursive("/sys") call
by init since other restorecon_recursive calls always have
top-level entries that will match anything underneath and this
is required to fully label those partitions on upgrade. However,
those other cases are already optimized to only run once per
file_contexts change (upgrade) and thus do not need this optimization.
Change-Id: I854bf1ccff6ded56e9da2c4184435f67d7069bc1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/libselinux/include/selinux/label.h
|
| ab40ea9bfd71b50138f1482c4764a65ac17d8caf |
|
19-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Get rid of security_context_t and fix const declarations.
The const security_context_t declarations were incorrect;
const char * was intended, not char * const. Easiest fix is to
replace them all with const char *. And while we are at it, just
get rid of all usage of security_context_t itself as it adds no value.
typedef left to permit building legacy users until such a time as all are
updated.
Change-Id: I2f9df7bb9f575f76024c3e5f5b660345da2931a7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/libselinux/include/selinux/label.h
|
| a2e47cd90d84d48cde19575d044577a3fc7a4000 |
|
11-Jun-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Change selabel_open and label backends to take a const struct selinux_opt argument.
/external/libselinux/include/selinux/label.h
|
| 35b01083fe5e34cbd318a78ef9b1a13432ae24d9 |
|
04-Apr-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Define and implement Android property selabel backend.
/external/libselinux/include/selinux/label.h
|
| f074036424618c130dacb3464465a8b40bffef58 |
|
04-Jan-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
Port of libselinux to Android.
/external/libselinux/include/selinux/label.h
|