Re: [PATCH 2/3] libselinux: android: fix lax service context lookup

do you have the corresponding changes to checkfc on AOSP? On Thu, Sep 29, 2016 at 7:39 AM, Janis Danisevskis wrote: > We use the same lookup function for service contexts > that we use for property contexts. However, property > contexts are namespace based and only compare the > prefix. This may

[PATCH 2/3] libselinux: android: fix lax service context lookup

We use the same lookup function for service contexts that we use for property contexts. However, property contexts are namespace based and only compare the prefix. This may lead to service associations with a wrong label. This patch introduces a new back end for android services with a stricter lo

[PATCH 1/3] libselinux: renamed andriod label backend source file

Signed-off-by: Janis Danisevskis --- libselinux/src/Makefile | 2 +- libselinux/src/label_android_property.c | 304 libselinux/src/label_backends_android.c | 304 3 files changed, 305 insertions(+), 305 deletions(

[PATCH 3/3] libselinux: makes android label back ends configurable

Android label back ends are not configurable by NO_ANDROID_BACKEND, which is set if on ANDROID_HOST != y. Signed-off-by: Janis Danisevskis --- libselinux/src/Makefile | 3 +++ libselinux/src/label.c | 10 -- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/libselinux/src

Re: [PATCH 2/3] libselinux: android: fix lax service context lookup

William: Good thing you mention checkfc. I added you as a reviewer. On Thu, Sep 29, 2016 at 12:57 PM, William Roberts wrote: > do you have the corresponding changes to checkfc on AOSP? > > On Thu, Sep 29, 2016 at 7:39 AM, Janis Danisevskis > wrote: > > We use the same lookup function for servic

Re: [PATCH 3/3] libselinux: makes android label back ends configurable

On 09/29/2016 07:39 AM, Janis Danisevskis wrote: > Android label back ends are not configurable by NO_ANDROID_BACKEND, > which is set if on ANDROID_HOST != y. > > Signed-off-by: Janis Danisevskis Thanks, applied all three. > --- > libselinux/src/Makefile | 3 +++ > libselinux/src/label.c | 1

[PATCH] libselinux: re-introduce DISABLE_BOOL=y

From: William Roberts Provide stubs to the public boolean API that always returns -1. On Android, boolean symbols are needed for: external/ltrace/sysdeps/linux-gnu/trace.c Signed-off-by: William Roberts --- libselinux/Makefile | 4 +++ libselinux/src/booleans.c | 64 +++

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: > From: William Roberts > > Provide stubs to the public boolean API that always returns -1. > > On Android, boolean symbols are needed for: > external/ltrace/sysdeps/linux-gnu/trace.c Is this really worth doing? > > Signed-off-by: Wil

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: > On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: >> From: William Roberts >> >> Provide stubs to the public boolean API that always returns -1. >> >> On Android, boolean symbols are needed for: >> external/ltrace/sysdeps/linux-gn

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 02:15 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: >> On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: >>> From: William Roberts >>> >>> Provide stubs to the public boolean API that always returns -1. >>> >>> On Android, boolean symb

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 02:46 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: >> On 09/29/2016 02:15 PM, William Roberts wrote: >>> On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: > From: Willia

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: > On 09/29/2016 02:15 PM, William Roberts wrote: >> On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: >>> On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: From: William Roberts Provide stubs to the public bool

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalley wrote: > On 09/29/2016 02:46 PM, William Roberts wrote: >> On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: >>> On 09/29/2016 02:15 PM, William Roberts wrote: On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: > On 09/29

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On Thu, Sep 29, 2016 at 3:15 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalley wrote: >> On 09/29/2016 02:46 PM, William Roberts wrote: >>> On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: On 09/29/2016 02:15 PM, William Roberts wrote: > On Thu, Sep 29

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: > From: William Roberts > > Provide stubs to the public boolean API that always returns -1. > > On Android, boolean symbols are needed for: > external/ltrace/sysdeps/linux-gnu/trace.c Thanks, applied. > > Signed-off-by: William Robert

Re: [PATCH 2/2] libselinux: set DISABLE_RPM default to y.

On 09/28/2016 12:00 PM, william.c.robe...@intel.com wrote: > From: William Roberts > > Change the default build behavior to always use DISABLE_RPM. > To get the old behavior call make with DISABLE_RPM=n. > > eg.) > make DISABLE_RPM=n I reverted this change. It would break rpm on RHEL 7 and ear

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 03:27 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 3:15 PM, William Roberts > wrote: >> On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalley wrote: >>> On 09/29/2016 02:46 PM, William Roberts wrote: On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: > On 09/