-
Notifications
You must be signed in to change notification settings - Fork 30
CyanogenMod/android_external_libselinux
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
This directory contains a small port of libselinux for Android. It was originally forked in mid-2011, circa libselinux 2.1.0. Some changes have been cherry-picked from the upstream libselinux. Upstream git repository is https://github.com/SELinuxProject/selinux (libselinux subdirectory) and official releases are available from https://github.com/SELinuxProject/selinux/wiki/Releases. This fork differs from upstream libselinux in at least the following ways: * Dependencies on glibc-specific features have been removed/replaced in order to work with bionic, * Legacy code and compatibility interfaces have been removed, * Many interfaces, functions, and files are omitted since they are unused in Android, * The python bindings are omitted since they are unused in Android, * The setrans (context translation) support has been removed since there is no need for MLS label translation in Android and the support imposes extra overhead on calls passing security contexts, * The SELinux policy files are all located in / rather than under /etc/selinux since /etc is not available in Android until /system is mounted and use fixed paths, not dependent on /etc/selinux/config, * The kernel policy file (sepolicy in Android, policy.N in Linux) does not include a version suffix since Android does not need to support booting multiple kernels, * The policy loading logic does not support automatic downgrading of the kernel policy file to a version known to the kernel, since this requires libsepol on the device and is only needed to support mixing and matching kernels and userspace easily, * The selabel interface and label_file backend have been extended to support label-by-symlink and partial matching support for use by ueventd in labeling device nodes based on stable symlink names and by init for optimizing its restorecon_recursive of /sys, * Since the fork, upstream libselinux has switched the label_file backend to use a binary version of the file_contexts file (file_contexts.bin) that contains precompiled versions of the pcre regexes. This reduces the time to load the file_contexts configuration, which in Linux can be significant due to the large number of entries (> 5000). As Android has far fewer entries (~400), this has not yet seemed necessary. * restorecon functionality, including recursive restorecon, has been fully implemented within new libselinux functions, along with optimizations to prune the tree walk if no change has occurred in file_contexts since the last restorecon, * Support for new Android-specific SELinux configuration files, such as seapp_contexts, property_contexts, and service_contexts, has been added. New files added for Android: * libselinux/include/selinux/android.h * libselinux/src/android.c * libselinux/src/label_android_property.c (later added upstream)
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Packages 0
No packages published