[PATCH 2/3] libselinux: android: fix lax service context lookup

We use the same lookup function for service contexts that we use for property contexts. However, property contexts are namespace based and only compare the prefix. This may lead to service associations with a wrong label. This patch introduces a new back end for android services with a stricter

[PATCH 1/3] libselinux: renamed andriod label backend source file

Signed-off-by: Janis Danisevskis --- libselinux/src/Makefile | 2 +- libselinux/src/label_android_property.c | 304 libselinux/src/label_backends_android.c | 304 3 files changed, 305

[PATCH 3/3] libselinux: makes android label back ends configurable

Android label back ends are not configurable by NO_ANDROID_BACKEND, which is set if on ANDROID_HOST != y. Signed-off-by: Janis Danisevskis --- libselinux/src/Makefile | 3 +++ libselinux/src/label.c | 10 -- 2 files changed, 11 insertions(+), 2 deletions(-) diff

Re: [PATCH 2/3] libselinux: android: fix lax service context lookup

William: Good thing you mention checkfc. I added you as a reviewer. On Thu, Sep 29, 2016 at 12:57 PM, William Roberts wrote: > do you have the corresponding changes to checkfc on AOSP? > > On Thu, Sep 29, 2016 at 7:39 AM, Janis Danisevskis > wrote:

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 02:15 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: >> On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: >>> From: William Roberts >>> >>> Provide stubs to the public boolean API that

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: > From: William Roberts > > Provide stubs to the public boolean API that always returns -1. > > On Android, boolean symbols are needed for: > external/ltrace/sysdeps/linux-gnu/trace.c Is this really worth

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: > On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: >> From: William Roberts >> >> Provide stubs to the public boolean API that always returns -1. >> >> On Android, boolean symbols

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: > On 09/29/2016 02:15 PM, William Roberts wrote: >> On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: >>> On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: From: William Roberts

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalley wrote: > On 09/29/2016 02:46 PM, William Roberts wrote: >> On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: >>> On 09/29/2016 02:15 PM, William Roberts wrote: On Thu, Sep 29, 2016 at 2:08 PM,

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 03:27 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 3:15 PM, William Roberts > wrote: >> On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalley wrote: >>> On 09/29/2016 02:46 PM, William Roberts wrote: On Thu, Sep 29, 2016 at 2:44

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On Thu, Sep 29, 2016 at 3:15 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalley wrote: >> On 09/29/2016 02:46 PM, William Roberts wrote: >>> On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote:

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: > From: William Roberts > > Provide stubs to the public boolean API that always returns -1. > > On Android, boolean symbols are needed for: > external/ltrace/sysdeps/linux-gnu/trace.c Thanks, applied. > >

Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y

On 09/29/2016 02:46 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: >> On 09/29/2016 02:15 PM, William Roberts wrote: >>> On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: On 09/29/2016 02:02 PM,

Re: [PATCH 2/2] libselinux: set DISABLE_RPM default to y.

On 09/28/2016 12:00 PM, william.c.robe...@intel.com wrote: > From: William Roberts > > Change the default build behavior to always use DISABLE_RPM. > To get the old behavior call make with DISABLE_RPM=n. > > eg.) > make DISABLE_RPM=n I reverted this change. It

Re: [PATCH 2/3] libselinux: android: fix lax service context lookup

do you have the corresponding changes to checkfc on AOSP? On Thu, Sep 29, 2016 at 7:39 AM, Janis Danisevskis wrote: > We use the same lookup function for service contexts > that we use for property contexts. However, property > contexts are namespace based and only compare