Re: Killing The Android libselinux Fork (available)

2016-09-22 Thread William Roberts 
On Sep 22, 2016 9:18 PM, "Jeffrey Vander Stoep"  wrote:
>
> Remember to test on the Mac build. About a year ago I moved the host side
tools over to upstream libselinux, but had to revert because it broke the
Mac build in multiple places. Since then Richard Haines has done a lot of
work to reduce the diff between upstream and the Android fork. Hopefully
that will reduce your effort.

Yeah I'm quite concerned about the Mac build, does anyone on here have
access to a Mac for testing?

>
> On Thu, Sep 22, 2016 at 6:39 PM William Roberts 
wrote:
>>
>> On Thu, Sep 22, 2016 at 6:34 PM, William Roberts
>>  wrote:
>> > So I have been working the last couple of days to understand what it
>> > would take to kill external/libselinux (the Android Fork) and fixup
>> > upstream so most of the delta is in. The only thing we would keep on
>> > the Android side, is android.c and .h. Since those files are self
>> > contained, we should just be able to merge upstream without concerns
>> > of conflict. If we really wanted to, we could spin off a separate
>> > libselinux-android that builds those two files and links to
>> > libselinux, but that seems overkill IMHO.
>> >
>> > The work is available here:
>> > https://github.com/williamcroberts/selinux/tree/fork-kill
>> >
>> > Currently to Build:
>> > 1. remove external/libselinux
>> > 2. apply this patch to bionic if not present:
>> > https://android-review.googlesource.com/#/c/276918
>> > 3. either set external/selinux to my fork-kill branch or merge selinux
>> > upstream master into external/selinux and apply the two patches listed
>> > below:
>> >
>> > Patches that matter ( I don't know how to make pretty little git
summaries):
>> >
>> > commit e017f48acd2791a6aa62b4ed0c0b44256b26651f
>> > Author: William Roberts 
>> > Date:   Wed Sep 21 16:06:37 2016 -0700
>> > libselinux: add The Android fork files
>> >
>> > commit f40d7facbcaf1337f37b5630b98806fd25b1dbf9
>> > Author: William Roberts 
>> > Date:   Wed Sep 21 16:00:34 2016 -0700
>> > libselinux: rectify the Android fork
>> >
>> > The goal would be to upstream commit f40d7facb and leave
>> > commit e017f48ac on the Android tree.
>> >
>> > I am going to do some further testing tomorrow, and plan on submitting
>> > the upstream patch f40d7facbc on Monday. If anyone wants to leave
>> > preliminary feedback, or has a specific thing they want tested, let me
know.
>> >
>> > Currently tested on the emulator and checked that the digest mechanism
for
>> > last restorecon value is working.
>> >
>> > --
>> > Respectfully,
>> >
>> > William C Roberts
>>
>> FYI I may rebase that branch at anytime... you have been warned :-P
___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: Killing The Android libselinux Fork (available)

2016-09-22 Thread William Roberts 
On Thu, Sep 22, 2016 at 6:34 PM, William Roberts
 wrote:
> So I have been working the last couple of days to understand what it
> would take to kill external/libselinux (the Android Fork) and fixup
> upstream so most of the delta is in. The only thing we would keep on
> the Android side, is android.c and .h. Since those files are self
> contained, we should just be able to merge upstream without concerns
> of conflict. If we really wanted to, we could spin off a separate
> libselinux-android that builds those two files and links to
> libselinux, but that seems overkill IMHO.
>
> The work is available here:
> https://github.com/williamcroberts/selinux/tree/fork-kill
>
> Currently to Build:
> 1. remove external/libselinux
> 2. apply this patch to bionic if not present:
> https://android-review.googlesource.com/#/c/276918
> 3. either set external/selinux to my fork-kill branch or merge selinux
> upstream master into external/selinux and apply the two patches listed
> below:
>
> Patches that matter ( I don't know how to make pretty little git summaries):
>
> commit e017f48acd2791a6aa62b4ed0c0b44256b26651f
> Author: William Roberts 
> Date:   Wed Sep 21 16:06:37 2016 -0700
> libselinux: add The Android fork files
>
> commit f40d7facbcaf1337f37b5630b98806fd25b1dbf9
> Author: William Roberts 
> Date:   Wed Sep 21 16:00:34 2016 -0700
> libselinux: rectify the Android fork
>
> The goal would be to upstream commit f40d7facb and leave
> commit e017f48ac on the Android tree.
>
> I am going to do some further testing tomorrow, and plan on submitting
> the upstream patch f40d7facbc on Monday. If anyone wants to leave
> preliminary feedback, or has a specific thing they want tested, let me know.
>
> Currently tested on the emulator and checked that the digest mechanism for
> last restorecon value is working.
>
> --
> Respectfully,
>
> William C Roberts

FYI I may rebase that branch at anytime... you have been warned :-P
___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Killing The Android libselinux Fork (available)

2016-09-22 Thread William Roberts 
So I have been working the last couple of days to understand what it
would take to kill external/libselinux (the Android Fork) and fixup
upstream so most of the delta is in. The only thing we would keep on
the Android side, is android.c and .h. Since those files are self
contained, we should just be able to merge upstream without concerns
of conflict. If we really wanted to, we could spin off a separate
libselinux-android that builds those two files and links to
libselinux, but that seems overkill IMHO.

The work is available here:
https://github.com/williamcroberts/selinux/tree/fork-kill

Currently to Build:
1. remove external/libselinux
2. apply this patch to bionic if not present:
https://android-review.googlesource.com/#/c/276918
3. either set external/selinux to my fork-kill branch or merge selinux
upstream master into external/selinux and apply the two patches listed
below:

Patches that matter ( I don't know how to make pretty little git summaries):

commit e017f48acd2791a6aa62b4ed0c0b44256b26651f
Author: William Roberts 
Date:   Wed Sep 21 16:06:37 2016 -0700
libselinux: add The Android fork files

commit f40d7facbcaf1337f37b5630b98806fd25b1dbf9
Author: William Roberts 
Date:   Wed Sep 21 16:00:34 2016 -0700
libselinux: rectify the Android fork

The goal would be to upstream commit f40d7facb and leave
commit e017f48ac on the Android tree.

I am going to do some further testing tomorrow, and plan on submitting
the upstream patch f40d7facbc on Monday. If anyone wants to leave
preliminary feedback, or has a specific thing they want tested, let me know.

Currently tested on the emulator and checked that the digest mechanism for
last restorecon value is working.

-- 
Respectfully,

William C Roberts
___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: [PATCH] Fix redefinition of XATTR_NAME_SELINUX

2016-09-22 Thread Stephen Smalley 
On 09/21/2016 07:59 PM, william.c.robe...@intel.com wrote:
> From: William Roberts 
> 
> When the Kernel UAPI header is present, this error occurs:
> 
> external/selinux/libselinux/src/policy.h:7:9: warning: 'XATTR_NAME_SELINUX' 
> macro redefined [-Wmacro-redefined]
> \#define XATTR_NAME_SELINUX "security.selinux"
> ^
> bionic/libc/kernel/uapi/linux/xattr.h:52:9: note: previous definition is here
> \#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
> 
> Just use the kernel UAPI version on that case.
> 
> Change-Id: I1b2d34e463477adaec227ac8c3364f1b9d49e997
> Signed-off-by: William Roberts 

Thanks, applied.

> ---
>  libselinux/src/policy.h | 7 ++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/libselinux/src/policy.h b/libselinux/src/policy.h
> index bf270b5..f6d7242 100644
> --- a/libselinux/src/policy.h
> +++ b/libselinux/src/policy.h
> @@ -3,8 +3,13 @@
>  
>  /* Private definitions used internally by libselinux. */
>  
> -/* xattr name for SELinux attributes. */
> +/*
> + * xattr name for SELinux attributes.
> + * This may have been exported via Kernel uapi header.
> + */
> +#ifndef XATTR_NAME_SELINUX
>  #define XATTR_NAME_SELINUX "security.selinux"
> +#endif
>  
>  /* Initial length guess for getting contexts. */
>  #define INITCONTEXTLEN 255
> 

___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.

Re: unlocked stdio

2016-09-22 Thread Stephen Smalley 
On 09/21/2016 07:47 PM, William Roberts wrote:
> Another thing I noticed rectifying the Android tree is that the
> selinux/Android.mk upstream is empty, but the secondary levels are
> present, any reason that hasn't been pushed?

No, just that no one has submitted them upstream.


___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to 
seandroid-list-requ...@tycho.nsa.gov.