Re: Killing The Android libselinux Fork (available)
On Sep 22, 2016 9:18 PM, "Jeffrey Vander Stoep"wrote: > > Remember to test on the Mac build. About a year ago I moved the host side tools over to upstream libselinux, but had to revert because it broke the Mac build in multiple places. Since then Richard Haines has done a lot of work to reduce the diff between upstream and the Android fork. Hopefully that will reduce your effort. Yeah I'm quite concerned about the Mac build, does anyone on here have access to a Mac for testing? > > On Thu, Sep 22, 2016 at 6:39 PM William Roberts wrote: >> >> On Thu, Sep 22, 2016 at 6:34 PM, William Roberts >> wrote: >> > So I have been working the last couple of days to understand what it >> > would take to kill external/libselinux (the Android Fork) and fixup >> > upstream so most of the delta is in. The only thing we would keep on >> > the Android side, is android.c and .h. Since those files are self >> > contained, we should just be able to merge upstream without concerns >> > of conflict. If we really wanted to, we could spin off a separate >> > libselinux-android that builds those two files and links to >> > libselinux, but that seems overkill IMHO. >> > >> > The work is available here: >> > https://github.com/williamcroberts/selinux/tree/fork-kill >> > >> > Currently to Build: >> > 1. remove external/libselinux >> > 2. apply this patch to bionic if not present: >> > https://android-review.googlesource.com/#/c/276918 >> > 3. either set external/selinux to my fork-kill branch or merge selinux >> > upstream master into external/selinux and apply the two patches listed >> > below: >> > >> > Patches that matter ( I don't know how to make pretty little git summaries): >> > >> > commit e017f48acd2791a6aa62b4ed0c0b44256b26651f >> > Author: William Roberts >> > Date: Wed Sep 21 16:06:37 2016 -0700 >> > libselinux: add The Android fork files >> > >> > commit f40d7facbcaf1337f37b5630b98806fd25b1dbf9 >> > Author: William Roberts >> > Date: Wed Sep 21 16:00:34 2016 -0700 >> > libselinux: rectify the Android fork >> > >> > The goal would be to upstream commit f40d7facb and leave >> > commit e017f48ac on the Android tree. >> > >> > I am going to do some further testing tomorrow, and plan on submitting >> > the upstream patch f40d7facbc on Monday. If anyone wants to leave >> > preliminary feedback, or has a specific thing they want tested, let me know. >> > >> > Currently tested on the emulator and checked that the digest mechanism for >> > last restorecon value is working. >> > >> > -- >> > Respectfully, >> > >> > William C Roberts >> >> FYI I may rebase that branch at anytime... you have been warned :-P ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: Killing The Android libselinux Fork (available)
On Thu, Sep 22, 2016 at 6:34 PM, William Robertswrote: > So I have been working the last couple of days to understand what it > would take to kill external/libselinux (the Android Fork) and fixup > upstream so most of the delta is in. The only thing we would keep on > the Android side, is android.c and .h. Since those files are self > contained, we should just be able to merge upstream without concerns > of conflict. If we really wanted to, we could spin off a separate > libselinux-android that builds those two files and links to > libselinux, but that seems overkill IMHO. > > The work is available here: > https://github.com/williamcroberts/selinux/tree/fork-kill > > Currently to Build: > 1. remove external/libselinux > 2. apply this patch to bionic if not present: > https://android-review.googlesource.com/#/c/276918 > 3. either set external/selinux to my fork-kill branch or merge selinux > upstream master into external/selinux and apply the two patches listed > below: > > Patches that matter ( I don't know how to make pretty little git summaries): > > commit e017f48acd2791a6aa62b4ed0c0b44256b26651f > Author: William Roberts > Date: Wed Sep 21 16:06:37 2016 -0700 > libselinux: add The Android fork files > > commit f40d7facbcaf1337f37b5630b98806fd25b1dbf9 > Author: William Roberts > Date: Wed Sep 21 16:00:34 2016 -0700 > libselinux: rectify the Android fork > > The goal would be to upstream commit f40d7facb and leave > commit e017f48ac on the Android tree. > > I am going to do some further testing tomorrow, and plan on submitting > the upstream patch f40d7facbc on Monday. If anyone wants to leave > preliminary feedback, or has a specific thing they want tested, let me know. > > Currently tested on the emulator and checked that the digest mechanism for > last restorecon value is working. > > -- > Respectfully, > > William C Roberts FYI I may rebase that branch at anytime... you have been warned :-P ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Killing The Android libselinux Fork (available)
So I have been working the last couple of days to understand what it would take to kill external/libselinux (the Android Fork) and fixup upstream so most of the delta is in. The only thing we would keep on the Android side, is android.c and .h. Since those files are self contained, we should just be able to merge upstream without concerns of conflict. If we really wanted to, we could spin off a separate libselinux-android that builds those two files and links to libselinux, but that seems overkill IMHO. The work is available here: https://github.com/williamcroberts/selinux/tree/fork-kill Currently to Build: 1. remove external/libselinux 2. apply this patch to bionic if not present: https://android-review.googlesource.com/#/c/276918 3. either set external/selinux to my fork-kill branch or merge selinux upstream master into external/selinux and apply the two patches listed below: Patches that matter ( I don't know how to make pretty little git summaries): commit e017f48acd2791a6aa62b4ed0c0b44256b26651f Author: William RobertsDate: Wed Sep 21 16:06:37 2016 -0700 libselinux: add The Android fork files commit f40d7facbcaf1337f37b5630b98806fd25b1dbf9 Author: William Roberts Date: Wed Sep 21 16:00:34 2016 -0700 libselinux: rectify the Android fork The goal would be to upstream commit f40d7facb and leave commit e017f48ac on the Android tree. I am going to do some further testing tomorrow, and plan on submitting the upstream patch f40d7facbc on Monday. If anyone wants to leave preliminary feedback, or has a specific thing they want tested, let me know. Currently tested on the emulator and checked that the digest mechanism for last restorecon value is working. -- Respectfully, William C Roberts ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: [PATCH] Fix redefinition of XATTR_NAME_SELINUX
On 09/21/2016 07:59 PM, william.c.robe...@intel.com wrote: > From: William Roberts> > When the Kernel UAPI header is present, this error occurs: > > external/selinux/libselinux/src/policy.h:7:9: warning: 'XATTR_NAME_SELINUX' > macro redefined [-Wmacro-redefined] > \#define XATTR_NAME_SELINUX "security.selinux" > ^ > bionic/libc/kernel/uapi/linux/xattr.h:52:9: note: previous definition is here > \#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX > > Just use the kernel UAPI version on that case. > > Change-Id: I1b2d34e463477adaec227ac8c3364f1b9d49e997 > Signed-off-by: William Roberts Thanks, applied. > --- > libselinux/src/policy.h | 7 ++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/libselinux/src/policy.h b/libselinux/src/policy.h > index bf270b5..f6d7242 100644 > --- a/libselinux/src/policy.h > +++ b/libselinux/src/policy.h > @@ -3,8 +3,13 @@ > > /* Private definitions used internally by libselinux. */ > > -/* xattr name for SELinux attributes. */ > +/* > + * xattr name for SELinux attributes. > + * This may have been exported via Kernel uapi header. > + */ > +#ifndef XATTR_NAME_SELINUX > #define XATTR_NAME_SELINUX "security.selinux" > +#endif > > /* Initial length guess for getting contexts. */ > #define INITCONTEXTLEN 255 > ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: unlocked stdio
On 09/21/2016 07:47 PM, William Roberts wrote: > Another thing I noticed rectifying the Android tree is that the > selinux/Android.mk upstream is empty, but the secondary levels are > present, any reason that hasn't been pushed? No, just that no one has submitted them upstream. ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.