libselinux: Enhance spec file support
This file labeling update brings libselinux into line with upstream
selinux except for minor changes to support MacOS X and Bionic.
Update file labeling to support a PCRE formatted binary
file_contexts file. The file is generated on the host using
sefcontext_compile. Should the bin file not be present (because the
build process has not been implemented yet) or corrupt, the load process
will fallback to the text file.
Using the current emulator file_contexts file containing 321 lines
(64 of which are blank or comments), the binary file loads
approximately 50% faster than the text file.
The processing of text spec files (file_contexts and property_contexts)
now uses the read_spec_entries function instead of sscanf.
To test the file_contexts.bin functionality requires an update to
external/sepolicy/Android.mk to build the binary file for the device
and also adding a 'file_contexts.bin' entry to the
build/target/product/embedded.mk file under the SELinux PRODUCT_PACKAGES.
These updates are available in the appropriate projects.
Major changes in V2:
label_file.c - Move process_line function to label_file.h as this is also
used by utils/sefcontext_compile.c.
sefcontext_compile.c - Update to use common process_line code. Now frees
all malloc'ed memory, checked by valgrind.
Major changes in V3:
label_file.c - Improve error handling in process_file function.
sefcontext_compile.c - Add callback to ignore validation. Fixed error paths
to free/close memory, checked by valgrind.
label_file.h - Revert validation check now added callback to
Changes in V4:
label_file.c - linux/limits.h not supported on MacOS - change to limits.h.
Improve error handling in process_file function.
sefcontext_compile.c - linux/limits.h not spported on MacOS - change to
limits.h. Improve error handling in process_file function.
Changes in V5:
sefcontext_compile.c - Change callbacks so this can build on Android and
selinux upstream with no changes.
label_android_property.c and label_internal.h - Minor formatting changes
to bring into line with selinux upstream.
Changes in V6:
sefcontext_compile.c - Revert to V3 callback now the problem has been
fixed by upstream commit e88914849490c3fc17b0e5ed67387e47f2701d3c
("libselinux: build sefcontext_compile with static libselinux") that
also hid read_spec_entries function as this is not intended as a
public interface for shared library users.
label_android_property.c - More minor formatting changes to bring
into line with selinux upstream.
Changes in V7:
Android.mk - Add darwin support
label_file.c - In process_file set rc for getline and correct
fopen to upstream.
sefcontext_compile.c - In process_file set rc for getline.
Change in V8:
Android.mk - Remove LOCAL_CFLAGS := -Wall -Werror
Changes in V9:
label_file.c - Fix file labels for regexes with metachars for text
label_support.c - Fix if file_contexts not '\n' terminated
If the last line of a file_contexts file is not '\n' terminated
or if any line has additional isspace(3) characters at end, it
gave an invalid file type error
Changes in V10
Fix file labels for regexes with metachars for binary
file_contexts This change adds a new entry in the binary file with
the calculated prefix length that is then read when processing the
file. This fix also bumps SELINUX_COMPILED_FCONTEXT_MAX_VERS.
7 files changed