Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
On 09/29/2016 03:27 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 3:15 PM, William Roberts >wrote: >> On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalley wrote: >>> On 09/29/2016 02:46 PM, William Roberts wrote: On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: > On 09/29/2016 02:15 PM, William Roberts wrote: >> On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley >> wrote: >>> On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: From: William Roberts Provide stubs to the public boolean API that always returns -1. On Android, boolean symbols are needed for: external/ltrace/sysdeps/linux-gnu/trace.c >>> >>> Is this really worth doing? >> >> It's this or disabling that selinux via #define, which that source has >> HAVE_LIBSELINUX. >> >> But it would seem confusing IMHO to have a libselinux.so, so one would >> set HAVE_LIBSELINUX=1, >> and you're getting link errors. > > Maybe I don't understand. Obviously it builds today with > external/libselinux without requiring this change. Why do we need this > now? > Richard Haines was doing further testing, and was building a different lunch target for the arm emulator and hit this issue. I have only tested x86_64 emulator. >>> >>> No, I mean that this is not required in external/libselinux (the Android >>> fork) today. So why is it needed here? The Android fork builds >>> src/booleans.c for the target. It doesn't hurt anything to leave the >>> code there. The underlying kernel interface via selinuxfs still exists. >>> There just won't be any booleans in the policy. >>> >> >> The target builds a modified booleans, if use booleans as is, we start >> down the config c file >> rabbit hole... >> >> external/selinux/libselinux/src/booleans.c:100: error: undefined >> reference to 'selinux_booleans_subs_path' >> external/selinux/libselinux/src/booleans.c:388: error: undefined >> reference to 'selinux_booleans_path' >> external/selinux/libselinux/src/booleans.c:529: error: undefined >> reference to 'selinux_booleans_path' >> external/selinux/libselinux/src/booleans.c:545: error: undefined >> reference to 'selinux_booleans_path' >> clang++.real: error: linker command failed with exit code 1 (use -v to >> see invocation) >> >> I can take a look at that and see how much of a PITA it would be to >> pull that in. > > external/selinux/libselinux/src/selinux_config.c:100: error: undefined > reference to 'fgets_unlocked' > external/selinux/libselinux/src/selinux_config.c:100: error: undefined > reference to 'fgets_unlocked' > external/selinux/libselinux/src/selinux_config.c:231: error: undefined > reference to 'require_seusers' > external/selinux/libselinux/src/selinux_config.c:231: error: undefined > reference to 'load_setlocaldefs' > > fgets should be easy enough > load_setlocaldefs is an exported integer value used in init_selinux_config() > require_seusers is another exported int form seusers.c > > I was figuring since we don't use any bools, to keep the size down, > just stubbing dummies is the > easiest route. > > We could do something like STATIC_CONFIG and just stub in what things > need and return the explicit paths. Never mind, I'll take your original patch. ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: > From: William Roberts> > Provide stubs to the public boolean API that always returns -1. > > On Android, boolean symbols are needed for: > external/ltrace/sysdeps/linux-gnu/trace.c Thanks, applied. > > Signed-off-by: William Roberts > --- > libselinux/Makefile | 4 +++ > libselinux/src/booleans.c | 64 > +++ > 2 files changed, 58 insertions(+), 10 deletions(-) > > diff --git a/libselinux/Makefile b/libselinux/Makefile > index f607115..b5f32bb 100644 > --- a/libselinux/Makefile > +++ b/libselinux/Makefile > @@ -5,6 +5,7 @@ DISABLE_RPM ?= y > ANDROID_HOST ?= n > ifeq ($(ANDROID_HOST),y) > override DISABLE_SETRANS=y > + override DISABLE_BOOL=y > endif > ifeq ($(DISABLE_RPM),y) > DISABLE_FLAGS+= -DDISABLE_RPM > @@ -12,6 +13,9 @@ endif > ifeq ($(DISABLE_SETRANS),y) > DISABLE_FLAGS+= -DDISABLE_SETRANS > endif > +ifeq ($(DISABLE_BOOL),y) > + DISABLE_FLAGS+= -DDISABLE_BOOL > +endif > export DISABLE_SETRANS DISABLE_RPM DISABLE_FLAGS ANDROID_HOST > > USE_PCRE2 ?= n > diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c > index c438af1..cbb0610 100644 > --- a/libselinux/src/booleans.c > +++ b/libselinux/src/booleans.c > @@ -25,6 +25,8 @@ > > #define SELINUX_BOOL_DIR "/booleans/" > > +#ifndef DISABLE_BOOL > + > static int filename_select(const struct dirent *d) > { > if (d->d_name[0] == '.' > @@ -85,8 +87,6 @@ int security_get_boolean_names(char ***names, int *len) > goto out; > } > > -hidden_def(security_get_boolean_names) > - > char *selinux_boolean_sub(const char *name) > { > char *sub = NULL; > @@ -141,8 +141,6 @@ out: > return sub; > } > > -hidden_def(selinux_boolean_sub) > - > static int bool_open(const char *name, int flag) { > char *fname = NULL; > char *alt_name = NULL; > @@ -262,8 +260,6 @@ int security_get_boolean_active(const char *name) > return val; > } > > -hidden_def(security_get_boolean_active) > - > int security_set_boolean(const char *name, int value) > { > int fd, ret; > @@ -297,8 +293,6 @@ int security_set_boolean(const char *name, int value) > return -1; > } > > -hidden_def(security_set_boolean) > - > int security_commit_booleans(void) > { > int fd, ret; > @@ -327,8 +321,6 @@ int security_commit_booleans(void) > return -1; > } > > -hidden_def(security_commit_booleans) > - > static char *strtrim(char *dest, char *source, int size) > { > int i = 0; > @@ -567,3 +559,55 @@ int security_load_booleans(char *path) > errno = EINVAL; > return errors ? -1 : 0; > } > + > +#else > +int security_set_boolean_list(size_t boolcnt __attribute__((unused)), > + SELboolean * boollist __attribute__((unused)), > + int permanent __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_load_booleans(char *path __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_get_boolean_names(char ***names __attribute__((unused)), > + int *len __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_get_boolean_pending(const char *name __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_get_boolean_active(const char *name __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_set_boolean(const char *name __attribute__((unused)), > + int value __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_commit_booleans(void) > +{ > + return -1; > +} > + > +char *selinux_boolean_sub(const char *name __attribute__((unused))) > +{ > + return NULL; > +} > +#endif > + > +hidden_def(security_get_boolean_names) > +hidden_def(selinux_boolean_sub) > +hidden_def(security_get_boolean_active) > +hidden_def(security_set_boolean) > +hidden_def(security_commit_booleans) > ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
On Thu, Sep 29, 2016 at 3:15 PM, William Robertswrote: > On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalley wrote: >> On 09/29/2016 02:46 PM, William Roberts wrote: >>> On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: On 09/29/2016 02:15 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley > wrote: >> On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: >>> From: William Roberts >>> >>> Provide stubs to the public boolean API that always returns -1. >>> >>> On Android, boolean symbols are needed for: >>> external/ltrace/sysdeps/linux-gnu/trace.c >> >> Is this really worth doing? > > It's this or disabling that selinux via #define, which that source has > HAVE_LIBSELINUX. > > But it would seem confusing IMHO to have a libselinux.so, so one would > set HAVE_LIBSELINUX=1, > and you're getting link errors. Maybe I don't understand. Obviously it builds today with external/libselinux without requiring this change. Why do we need this now? >>> >>> Richard Haines was doing further testing, and was building a different >>> lunch target for the >>> arm emulator and hit this issue. I have only tested x86_64 emulator. >> >> No, I mean that this is not required in external/libselinux (the Android >> fork) today. So why is it needed here? The Android fork builds >> src/booleans.c for the target. It doesn't hurt anything to leave the >> code there. The underlying kernel interface via selinuxfs still exists. >> There just won't be any booleans in the policy. >> > > The target builds a modified booleans, if use booleans as is, we start > down the config c file > rabbit hole... > > external/selinux/libselinux/src/booleans.c:100: error: undefined > reference to 'selinux_booleans_subs_path' > external/selinux/libselinux/src/booleans.c:388: error: undefined > reference to 'selinux_booleans_path' > external/selinux/libselinux/src/booleans.c:529: error: undefined > reference to 'selinux_booleans_path' > external/selinux/libselinux/src/booleans.c:545: error: undefined > reference to 'selinux_booleans_path' > clang++.real: error: linker command failed with exit code 1 (use -v to > see invocation) > > I can take a look at that and see how much of a PITA it would be to > pull that in. external/selinux/libselinux/src/selinux_config.c:100: error: undefined reference to 'fgets_unlocked' external/selinux/libselinux/src/selinux_config.c:100: error: undefined reference to 'fgets_unlocked' external/selinux/libselinux/src/selinux_config.c:231: error: undefined reference to 'require_seusers' external/selinux/libselinux/src/selinux_config.c:231: error: undefined reference to 'load_setlocaldefs' fgets should be easy enough load_setlocaldefs is an exported integer value used in init_selinux_config() require_seusers is another exported int form seusers.c I was figuring since we don't use any bools, to keep the size down, just stubbing dummies is the easiest route. We could do something like STATIC_CONFIG and just stub in what things need and return the explicit paths. -- Respectfully, William C Roberts ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalleywrote: > On 09/29/2016 02:46 PM, William Roberts wrote: >> On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley wrote: >>> On 09/29/2016 02:15 PM, William Roberts wrote: On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: > On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: >> From: William Roberts >> >> Provide stubs to the public boolean API that always returns -1. >> >> On Android, boolean symbols are needed for: >> external/ltrace/sysdeps/linux-gnu/trace.c > > Is this really worth doing? It's this or disabling that selinux via #define, which that source has HAVE_LIBSELINUX. But it would seem confusing IMHO to have a libselinux.so, so one would set HAVE_LIBSELINUX=1, and you're getting link errors. >>> >>> Maybe I don't understand. Obviously it builds today with >>> external/libselinux without requiring this change. Why do we need this now? >>> >> >> Richard Haines was doing further testing, and was building a different >> lunch target for the >> arm emulator and hit this issue. I have only tested x86_64 emulator. > > No, I mean that this is not required in external/libselinux (the Android > fork) today. So why is it needed here? The Android fork builds > src/booleans.c for the target. It doesn't hurt anything to leave the > code there. The underlying kernel interface via selinuxfs still exists. > There just won't be any booleans in the policy. > The target builds a modified booleans, if use booleans as is, we start down the config c file rabbit hole... external/selinux/libselinux/src/booleans.c:100: error: undefined reference to 'selinux_booleans_subs_path' external/selinux/libselinux/src/booleans.c:388: error: undefined reference to 'selinux_booleans_path' external/selinux/libselinux/src/booleans.c:529: error: undefined reference to 'selinux_booleans_path' external/selinux/libselinux/src/booleans.c:545: error: undefined reference to 'selinux_booleans_path' clang++.real: error: linker command failed with exit code 1 (use -v to see invocation) I can take a look at that and see how much of a PITA it would be to pull that in. ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalleywrote: > On 09/29/2016 02:15 PM, William Roberts wrote: >> On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: >>> On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: From: William Roberts Provide stubs to the public boolean API that always returns -1. On Android, boolean symbols are needed for: external/ltrace/sysdeps/linux-gnu/trace.c >>> >>> Is this really worth doing? >> >> It's this or disabling that selinux via #define, which that source has >> HAVE_LIBSELINUX. >> >> But it would seem confusing IMHO to have a libselinux.so, so one would >> set HAVE_LIBSELINUX=1, >> and you're getting link errors. > > Maybe I don't understand. Obviously it builds today with > external/libselinux without requiring this change. Why do we need this now? > Richard Haines was doing further testing, and was building a different lunch target for the arm emulator and hit this issue. I have only tested x86_64 emulator. ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
On 09/29/2016 02:46 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalleywrote: >> On 09/29/2016 02:15 PM, William Roberts wrote: >>> On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalley wrote: On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: > From: William Roberts > > Provide stubs to the public boolean API that always returns -1. > > On Android, boolean symbols are needed for: > external/ltrace/sysdeps/linux-gnu/trace.c Is this really worth doing? >>> >>> It's this or disabling that selinux via #define, which that source has >>> HAVE_LIBSELINUX. >>> >>> But it would seem confusing IMHO to have a libselinux.so, so one would >>> set HAVE_LIBSELINUX=1, >>> and you're getting link errors. >> >> Maybe I don't understand. Obviously it builds today with >> external/libselinux without requiring this change. Why do we need this now? >> > > Richard Haines was doing further testing, and was building a different > lunch target for the > arm emulator and hit this issue. I have only tested x86_64 emulator. No, I mean that this is not required in external/libselinux (the Android fork) today. So why is it needed here? The Android fork builds src/booleans.c for the target. It doesn't hurt anything to leave the code there. The underlying kernel interface via selinuxfs still exists. There just won't be any booleans in the policy. ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
On 09/29/2016 02:15 PM, William Roberts wrote: > On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalleywrote: >> On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: >>> From: William Roberts >>> >>> Provide stubs to the public boolean API that always returns -1. >>> >>> On Android, boolean symbols are needed for: >>> external/ltrace/sysdeps/linux-gnu/trace.c >> >> Is this really worth doing? > > It's this or disabling that selinux via #define, which that source has > HAVE_LIBSELINUX. > > But it would seem confusing IMHO to have a libselinux.so, so one would > set HAVE_LIBSELINUX=1, > and you're getting link errors. Maybe I don't understand. Obviously it builds today with external/libselinux without requiring this change. Why do we need this now? ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
On Thu, Sep 29, 2016 at 2:08 PM, Stephen Smalleywrote: > On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: >> From: William Roberts >> >> Provide stubs to the public boolean API that always returns -1. >> >> On Android, boolean symbols are needed for: >> external/ltrace/sysdeps/linux-gnu/trace.c > > Is this really worth doing? It's this or disabling that selinux via #define, which that source has HAVE_LIBSELINUX. But it would seem confusing IMHO to have a libselinux.so, so one would set HAVE_LIBSELINUX=1, and you're getting link errors. Seems to be yet-another red-hat contribution from a long time ago: commit cec06ec8282c538a40bde968ae36fe8356daffaa Author: Petr Machata Date: Tue Apr 10 13:31:55 2012 +0200 Warn when we fail to trace and SELinux boolean deny_ptrace is in effect diff --git a/ChangeLog b/ChangeLog index c095263..6107a12 100644 > >> >> Signed-off-by: William Roberts >> --- >> libselinux/Makefile | 4 +++ >> libselinux/src/booleans.c | 64 >> +++ >> 2 files changed, 58 insertions(+), 10 deletions(-) >> >> diff --git a/libselinux/Makefile b/libselinux/Makefile >> index f607115..b5f32bb 100644 >> --- a/libselinux/Makefile >> +++ b/libselinux/Makefile >> @@ -5,6 +5,7 @@ DISABLE_RPM ?= y >> ANDROID_HOST ?= n >> ifeq ($(ANDROID_HOST),y) >> override DISABLE_SETRANS=y >> + override DISABLE_BOOL=y >> endif >> ifeq ($(DISABLE_RPM),y) >> DISABLE_FLAGS+= -DDISABLE_RPM >> @@ -12,6 +13,9 @@ endif >> ifeq ($(DISABLE_SETRANS),y) >> DISABLE_FLAGS+= -DDISABLE_SETRANS >> endif >> +ifeq ($(DISABLE_BOOL),y) >> + DISABLE_FLAGS+= -DDISABLE_BOOL >> +endif >> export DISABLE_SETRANS DISABLE_RPM DISABLE_FLAGS ANDROID_HOST >> >> USE_PCRE2 ?= n >> diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c >> index c438af1..cbb0610 100644 >> --- a/libselinux/src/booleans.c >> +++ b/libselinux/src/booleans.c >> @@ -25,6 +25,8 @@ >> >> #define SELINUX_BOOL_DIR "/booleans/" >> >> +#ifndef DISABLE_BOOL >> + >> static int filename_select(const struct dirent *d) >> { >> if (d->d_name[0] == '.' >> @@ -85,8 +87,6 @@ int security_get_boolean_names(char ***names, int *len) >> goto out; >> } >> >> -hidden_def(security_get_boolean_names) >> - >> char *selinux_boolean_sub(const char *name) >> { >> char *sub = NULL; >> @@ -141,8 +141,6 @@ out: >> return sub; >> } >> >> -hidden_def(selinux_boolean_sub) >> - >> static int bool_open(const char *name, int flag) { >> char *fname = NULL; >> char *alt_name = NULL; >> @@ -262,8 +260,6 @@ int security_get_boolean_active(const char *name) >> return val; >> } >> >> -hidden_def(security_get_boolean_active) >> - >> int security_set_boolean(const char *name, int value) >> { >> int fd, ret; >> @@ -297,8 +293,6 @@ int security_set_boolean(const char *name, int value) >> return -1; >> } >> >> -hidden_def(security_set_boolean) >> - >> int security_commit_booleans(void) >> { >> int fd, ret; >> @@ -327,8 +321,6 @@ int security_commit_booleans(void) >> return -1; >> } >> >> -hidden_def(security_commit_booleans) >> - >> static char *strtrim(char *dest, char *source, int size) >> { >> int i = 0; >> @@ -567,3 +559,55 @@ int security_load_booleans(char *path) >> errno = EINVAL; >> return errors ? -1 : 0; >> } >> + >> +#else >> +int security_set_boolean_list(size_t boolcnt __attribute__((unused)), >> + SELboolean * boollist __attribute__((unused)), >> + int permanent __attribute__((unused))) >> +{ >> + return -1; >> +} >> + >> +int security_load_booleans(char *path __attribute__((unused))) >> +{ >> + return -1; >> +} >> + >> +int security_get_boolean_names(char ***names __attribute__((unused)), >> + int *len __attribute__((unused))) >> +{ >> + return -1; >> +} >> + >> +int security_get_boolean_pending(const char *name __attribute__((unused))) >> +{ >> + return -1; >> +} >> + >> +int security_get_boolean_active(const char *name __attribute__((unused))) >> +{ >> + return -1; >> +} >> + >> +int security_set_boolean(const char *name __attribute__((unused)), >> + int value __attribute__((unused))) >> +{ >> + return -1; >> +} >> + >> +int security_commit_booleans(void) >> +{ >> + return -1; >> +} >> + >> +char *selinux_boolean_sub(const char *name __attribute__((unused))) >> +{ >> + return NULL; >> +} >> +#endif >> + >> +hidden_def(security_get_boolean_names) >> +hidden_def(selinux_boolean_sub) >> +hidden_def(security_get_boolean_active) >> +hidden_def(security_set_boolean) >> +hidden_def(security_commit_booleans) >> > > ___ > Selinux mailing list > seli...@tycho.nsa.gov > To unsubscribe, send email to selinux-le...@tycho.nsa.gov. > To get help, send an email containing "help" to
Re: [PATCH] libselinux: re-introduce DISABLE_BOOL=y
On 09/29/2016 02:02 PM, william.c.robe...@intel.com wrote: > From: William Roberts> > Provide stubs to the public boolean API that always returns -1. > > On Android, boolean symbols are needed for: > external/ltrace/sysdeps/linux-gnu/trace.c Is this really worth doing? > > Signed-off-by: William Roberts > --- > libselinux/Makefile | 4 +++ > libselinux/src/booleans.c | 64 > +++ > 2 files changed, 58 insertions(+), 10 deletions(-) > > diff --git a/libselinux/Makefile b/libselinux/Makefile > index f607115..b5f32bb 100644 > --- a/libselinux/Makefile > +++ b/libselinux/Makefile > @@ -5,6 +5,7 @@ DISABLE_RPM ?= y > ANDROID_HOST ?= n > ifeq ($(ANDROID_HOST),y) > override DISABLE_SETRANS=y > + override DISABLE_BOOL=y > endif > ifeq ($(DISABLE_RPM),y) > DISABLE_FLAGS+= -DDISABLE_RPM > @@ -12,6 +13,9 @@ endif > ifeq ($(DISABLE_SETRANS),y) > DISABLE_FLAGS+= -DDISABLE_SETRANS > endif > +ifeq ($(DISABLE_BOOL),y) > + DISABLE_FLAGS+= -DDISABLE_BOOL > +endif > export DISABLE_SETRANS DISABLE_RPM DISABLE_FLAGS ANDROID_HOST > > USE_PCRE2 ?= n > diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c > index c438af1..cbb0610 100644 > --- a/libselinux/src/booleans.c > +++ b/libselinux/src/booleans.c > @@ -25,6 +25,8 @@ > > #define SELINUX_BOOL_DIR "/booleans/" > > +#ifndef DISABLE_BOOL > + > static int filename_select(const struct dirent *d) > { > if (d->d_name[0] == '.' > @@ -85,8 +87,6 @@ int security_get_boolean_names(char ***names, int *len) > goto out; > } > > -hidden_def(security_get_boolean_names) > - > char *selinux_boolean_sub(const char *name) > { > char *sub = NULL; > @@ -141,8 +141,6 @@ out: > return sub; > } > > -hidden_def(selinux_boolean_sub) > - > static int bool_open(const char *name, int flag) { > char *fname = NULL; > char *alt_name = NULL; > @@ -262,8 +260,6 @@ int security_get_boolean_active(const char *name) > return val; > } > > -hidden_def(security_get_boolean_active) > - > int security_set_boolean(const char *name, int value) > { > int fd, ret; > @@ -297,8 +293,6 @@ int security_set_boolean(const char *name, int value) > return -1; > } > > -hidden_def(security_set_boolean) > - > int security_commit_booleans(void) > { > int fd, ret; > @@ -327,8 +321,6 @@ int security_commit_booleans(void) > return -1; > } > > -hidden_def(security_commit_booleans) > - > static char *strtrim(char *dest, char *source, int size) > { > int i = 0; > @@ -567,3 +559,55 @@ int security_load_booleans(char *path) > errno = EINVAL; > return errors ? -1 : 0; > } > + > +#else > +int security_set_boolean_list(size_t boolcnt __attribute__((unused)), > + SELboolean * boollist __attribute__((unused)), > + int permanent __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_load_booleans(char *path __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_get_boolean_names(char ***names __attribute__((unused)), > + int *len __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_get_boolean_pending(const char *name __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_get_boolean_active(const char *name __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_set_boolean(const char *name __attribute__((unused)), > + int value __attribute__((unused))) > +{ > + return -1; > +} > + > +int security_commit_booleans(void) > +{ > + return -1; > +} > + > +char *selinux_boolean_sub(const char *name __attribute__((unused))) > +{ > + return NULL; > +} > +#endif > + > +hidden_def(security_get_boolean_names) > +hidden_def(selinux_boolean_sub) > +hidden_def(security_get_boolean_active) > +hidden_def(security_set_boolean) > +hidden_def(security_commit_booleans) > ___ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.