nehemiah-zb/lineage_patches_unified
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial unified commit for Android 11, syncing up to v311

Browse Source
This commit is contained in:
Andy CrossGate Yan
2021-08-08 02:20:00 +00:00
commit 01693449b8
191 changed files with 23879 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
patches_treble_phh/platform_external_selinux/0001-Enable-multipl_decls-by-default.-This-is-needed-beca.patch Normal file
View File

@@ -0,0 +1,27 @@
From ddbe45ddd09f30beab8980d14c506f48ca1f8399 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Fri, 2 Mar 2018 22:49:55 +0100
Subject: [PATCH 01/10] Enable multipl_decls by default. This is needed because
8.0 init doesn't add -m
Change-Id: I43dc661d519f7b8576d72a828d8cbd444592bf5e
---
secilc/secilc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/secilc/secilc.c b/secilc/secilc.c
index 186c5a73..b422175e 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -91,7 +91,7 @@ int main(int argc, char *argv[])
int target = SEPOL_TARGET_SELINUX;
int mls = -1;
int disable_dontaudit = 0;
- int multiple_decls = 0;
+ int multiple_decls = 1;
int disable_neverallow = 0;
int preserve_tunables = 0;
int handle_unknown = -1;
--
2.17.1

26
patches_treble_phh/platform_external_selinux/0002-Increase-default-log_level-to-get-actual-selinux-err.patch Normal file
View File

@@ -0,0 +1,26 @@
From ff296de7912209e6fa20e1b28db93c395cc0bb75 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 9 Apr 2018 00:19:49 +0200
Subject: [PATCH 02/10] Increase default log_level to get actual selinux error
in kmsg
---
secilc/secilc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/secilc/secilc.c b/secilc/secilc.c
index b422175e..1e550ab4 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -103,7 +103,7 @@ int main(int argc, char *argv[])
int opt_index = 0;
char *fc_buf = NULL;
size_t fc_size;
- enum cil_log_level log_level = CIL_ERR;
+ enum cil_log_level log_level = CIL_WARN;
static struct option long_opts[] = {
{"help", no_argument, 0, 'h'},
{"verbose", no_argument, 0, 'v'},
--
2.17.1

40
patches_treble_phh/platform_external_selinux/0003-Kirin-Workaround-some-conflicting-Kirin-tether-SELin.patch Normal file
View File

@@ -0,0 +1,40 @@
From ecb4746fb8ba4e97cc53e6290dfa7a75495d19a8 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 3 Dec 2018 20:54:54 +0100
Subject: [PATCH 03/10] ::Kirin:: Workaround some conflicting Kirin tether
SELinux context
Some Kirin devices declared some android.hardware.tetheroffload HALs,
but they didn't use AOSP contexts.
This leads to libselinux aborting when loading hwservice_contexts.
Workaround it the ugly way, by making them match.
This most likely kills tetheroffload for those devices.
---
libselinux/src/label_backends_android.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
index eaca5947..ab92985b 100644
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@@ -62,6 +62,16 @@ static int nodups_specs(struct saved_data *data)
curr_spec->property_key)) {
if (strcmp(spec_arr[jj].lr.ctx_raw,
curr_spec->lr.ctx_raw)) {
+ if(strcmp(spec_arr[jj].lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
+ free(spec_arr[jj].lr.ctx_raw);
+ spec_arr[jj].lr.ctx_raw = strdup("u:object_r:hal_tetheroffload_hwservice:s0");
+ continue;
+ }
+ if(strcmp(curr_spec->lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
+ free(curr_spec->lr.ctx_raw);
+ curr_spec->lr.ctx_raw = strdup("u:object_r:hal_tetheroffload_hwservice:s0");
+ continue;
+ }
rc = -1;
errno = EINVAL;
selinux_log
--
2.17.1

43
patches_treble_phh/platform_external_selinux/0004-Allow-devices-virtual-block-genfscon-conflict-seen-o.patch Normal file
View File

@@ -0,0 +1,43 @@
From f014cf6460159f820fc0d72c6d0bece2851f9873 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Fri, 6 Sep 2019 15:07:25 +0200
Subject: [PATCH 04/10] Allow /devices/virtual/block/ genfscon conflict (seen
on Xiaomi Mi 9)
Change-Id: I06e4e9d5b82d61a8aeab595b47e2589249675895
---
libsepol/cil/src/cil_post.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index a0cadfde..68c0318e 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -477,7 +477,23 @@ int cil_post_genfscon_context_compare(const void *a, const void *b)
{
struct cil_genfscon *a_genfscon = *(struct cil_genfscon**)a;
struct cil_genfscon *b_genfscon = *(struct cil_genfscon**)b;
- return context_compare(a_genfscon->context, b_genfscon->context);
+ int rc = context_compare(a_genfscon->context, b_genfscon->context);
+ if(rc) {
+ fprintf(stderr, "hello %s\n", a_genfscon->fs_str);
+ int bypass = 0;
+ /*
+ * This conflict has been seen on Xiaomi Mi 9:
+ * - AOSP Q says (genfscon sysfs /devices/virtual/block/ (u object_r sysfs_devices_block ((s0) (s0))))
+ * - stock rom says (genfscon sysfs /devices/virtual/block/ (u object_r sysfs_ufs_target ((s0) (s0))))
+ */
+ if(strcmp(a_genfscon->path_str, "/devices/virtual/block/") == 0)
+ bypass = 1;
+ if(bypass == 1) {
+ fprintf(stderr, "Received conflicting %s vs %s but ignore\n", a_genfscon->path_str, b_genfscon->path_str);
+ return 0;
+ }
+ }
+ return rc;
}
int cil_post_netifcon_context_compare(const void *a, const void *b)
--
2.17.1

44
patches_treble_phh/platform_external_selinux/0005-Most-horrific-Remove-ramdisk-s-zygote-init-scripts.patch Normal file
View File

@@ -0,0 +1,44 @@
From 37d5e860031c84803c2533d940847dc214cb2597 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 12 Sep 2019 20:34:28 +0200
Subject: [PATCH 05/10] Most horrific: Remove ramdisk's zygote init scripts
This is needed because:
- only secilc is run soon enough in /system to
remove it
- placing an init.zygote in system won't have init replace it, it's the
first that appears that wins
Change-Id: I8be31ceb9ef2124d04994d9fb08fc8012a2f819e
---
secilc/secilc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/secilc/secilc.c b/secilc/secilc.c
index 1e550ab4..375320e6 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -34,6 +34,8 @@
#include <getopt.h>
#include <sys/stat.h>
+#include <unistd.h>
+
#ifdef ANDROID
#include <cil/cil.h>
#else
@@ -124,6 +126,11 @@ int main(int argc, char *argv[])
};
int i;
+ unlink("/init.zygote32.rc");
+ unlink("/init.zygote64_32.rc");
+ unlink("/init.zygote64.rc");
+ unlink("/init.zygote32_64.rc");
+
while (1) {
opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNOc:GX:n", long_opts, &opt_index);
if (opt_char == -1) {
--
2.17.1

44
patches_treble_phh/platform_external_selinux/0006-if-service-is-rcs-accept-conflict.-Seen-on-Moto-E5.patch Normal file
View File

@@ -0,0 +1,44 @@
From 04fdf9096557accdea52b8b66665717f6c8a454a Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 12 Sep 2019 20:37:04 +0200
Subject: [PATCH 06/10] if service is "rcs", accept conflict. Seen on Moto E5
Change-Id: I0cc2d0fad83f403f2b5d7458039b1564ce5ed9dd
---
libselinux/src/label_backends_android.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
index ab92985b..ca16327c 100644
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@@ -72,14 +72,24 @@ static int nodups_specs(struct saved_data *data)
curr_spec->lr.ctx_raw = strdup("u:object_r:hal_tetheroffload_hwservice:s0");
continue;
}
- rc = -1;
- errno = EINVAL;
selinux_log
(SELINUX_ERROR,
"Multiple different specifications for %s (%s and %s).\n",
curr_spec->property_key,
spec_arr[jj].lr.ctx_raw,
curr_spec->lr.ctx_raw);
+ int ignore = 0;
+ /*
+ * This issue has been found on Moto E5
+ * E SELinux : Multiple different specifications for rcs (u:object_r:radio_service:s0 and u:object_r:mot_rcs_service:s0).
+ */
+ if(!strcmp(curr_spec->property_key, "rcs"))
+ ignore = 1;
+
+ if(!ignore) {
+ rc = -1;
+ errno = EINVAL;
+ }
} else {
selinux_log
(SELINUX_WARNING,
--
2.17.1

84
patches_treble_phh/platform_external_selinux/0007-Fix-boot-on-Moto-devices-using-unknown-class.patch Normal file
View File

@@ -0,0 +1,84 @@
From ef94ddbd76328611893ace7870c0d3137fd26cdd Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Fri, 25 Oct 2019 13:29:20 +0200
Subject: [PATCH 07/10] Fix boot on Moto devices using unknown class
vendor sepolicy never contains new class or classorder, and are not
allowed to.
Though this is not tested, and it turns out Moto did it anyway.
This raises an issue, because class need to be ordered, and thus the cil
contains the ordering. This ordering needs to be merged.
Android 10 added new classes, so the ordering can no longer be merged,
and secilc fails on those devices, preventing boot.
Considering vendor are not supposed to declare new class (and thus
declare classorder), this fix ignores class-es/classorder in vendor
SELinux policy.
Since the vendor selinux policy has allows rules based on this context,
those allows will fail since the class doesn't exist.
Workaround this by ignoring rules with the problematic class
( keystore_moto_key )
Lucky us, this new class `keystore_moto_key` is used by Moto for
framework to framework (more accurately priv app to keymaster), since
our own framework doesn't use this class, simply ignoring it fixes the
issue.
Change-Id: I66339857634ebfdba359f12a99dfd0bff709d80b
---
libsepol/cil/src/cil_build_ast.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 307b1ee3..02cdcc65 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -386,6 +386,14 @@ int cil_gen_class(struct cil_db *db, struct cil_tree_node *parse_current, struct
struct cil_tree_node *perms = NULL;
int rc = SEPOL_ERR;
+ {
+ const char* path = cil_tree_get_cil_path(parse_current);
+ if(strstr(path, "vendor")) {
+ cil_clear_node(ast_node);
+ return SEPOL_OK;
+ }
+ }
+
rc = __cil_verify_syntax(parse_current, syntax, syntax_len);
if (rc != SEPOL_OK) {
goto exit;
@@ -452,6 +460,14 @@ int cil_gen_classorder(struct cil_db *db, struct cil_tree_node *parse_current, s
struct cil_list_item *head = NULL;
int rc = SEPOL_ERR;
+ {
+ const char* path = cil_tree_get_cil_path(parse_current);
+ if(strstr(path, "vendor")) {
+ cil_clear_node(ast_node);
+ return SEPOL_OK;
+ }
+ }
+
if (db == NULL || parse_current == NULL || ast_node == NULL) {
goto exit;
}
@@ -2050,6 +2066,14 @@ int cil_gen_avrule(struct cil_tree_node *parse_current, struct cil_tree_node *as
rule->src_str = parse_current->next->data;
rule->tgt_str = parse_current->next->next->data;
+ {
+ const char *classname = parse_current->next->next->next->cl_head->data;
+ if(strcmp(classname, "keystore_moto_key") == 0) {
+ cil_clear_node(ast_node);
+ return SEPOL_OK;
+ }
+ }
+
rc = cil_fill_classperms_list(parse_current->next->next->next, &rule->perms.classperms);
if (rc != SEPOL_OK) {
goto exit;
--
2.17.1

27
patches_treble_phh/platform_external_selinux/0008-Allow-mismatches-of-exfat-genfscon.patch Normal file
View File

@@ -0,0 +1,27 @@
From 3d356da4654b5ae9eb2207f824555f0219687763 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 24 May 2020 17:22:22 +0200
Subject: [PATCH 08/10] Allow mismatches of exfat genfscon
---
libsepol/cil/src/cil_post.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index 68c0318e..75e5128c 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -488,6 +488,10 @@ int cil_post_genfscon_context_compare(const void *a, const void *b)
*/
if(strcmp(a_genfscon->path_str, "/devices/virtual/block/") == 0)
bypass = 1;
+ if(strcmp(a_genfscon->fs_str, "exfat") == 0 || strcmp(a_genfscon->fs_str, "esdfs") == 0) {
+ if(strcmp(a_genfscon->path_str, "/") == 0)
+ bypass = 1;
+ }
if(bypass == 1) {
fprintf(stderr, "Received conflicting %s vs %s but ignore\n", a_genfscon->path_str, b_genfscon->path_str);
return 0;
--
2.17.1

45
patches_treble_phh/platform_external_selinux/0009-Revert-libsepol-Make-an-unknown-permission-an-error-.patch Normal file
View File

@@ -0,0 +1,45 @@
From f3d5e2eb212ebd4189428d6adb915880573962f9 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Wed, 9 Sep 2020 22:36:42 +0200
Subject: [PATCH 09/10] Revert "libsepol: Make an unknown permission an error
in CIL"
This reverts commit dc4e54126bf25dea4d51820922ccd1959be68fbc.
This is required because some targets calls undefined permissions:
- Realme X2 Pro calls sigcont
- Honor 7X calls perf_event
---
libsepol/cil/src/cil_resolve_ast.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index 87575860..e72abdeb 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -131,14 +131,18 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab,
}
}
if (rc != SEPOL_OK) {
+ struct cil_list *empty_list;
if (class_flavor == CIL_MAP_CLASS) {
cil_log(CIL_ERR, "Failed to resolve permission %s for map class\n", (char*)curr->data);
- } else {
- cil_log(CIL_ERR, "Failed to resolve permission %s\n", (char*)curr->data);
+ goto exit;
}
- goto exit;
+ cil_log(CIL_WARN, "Failed to resolve permission %s\n", (char*)curr->data);
+ /* Use an empty list to represent unknown perm */
+ cil_list_init(&empty_list, perm_strs->flavor);
+ cil_list_append(*perm_datums, CIL_LIST, empty_list);
+ } else {
+ cil_list_append(*perm_datums, CIL_DATUM, perm_datum);
}
- cil_list_append(*perm_datums, CIL_DATUM, perm_datum);
} else {
cil_list_append(*perm_datums, curr->flavor, curr->data);
}
--
2.17.1

83
patches_treble_phh/platform_external_selinux/0010-HACK-For-System-as-System-devices-init-won-t-call-us.patch Normal file
View File

@@ -0,0 +1,83 @@
From 00f7989d79ad8e219dae29de8e8f20e4dbab008a Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 27 Sep 2020 20:20:35 +0200
Subject: [PATCH 10/10] [HACK] For System-as-System devices, init won't call us
with /system_ext sepolicy
So add system_ext sepolicy ourselves
---
secilc/secilc.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/secilc/secilc.c b/secilc/secilc.c
index 375320e6..162b87fb 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -233,6 +233,7 @@ int main(int argc, char *argv[])
usage(argv[0]);
}
}
+
if (optind >= argc) {
fprintf(stderr, "No cil files specified\n");
usage(argv[0]);
@@ -240,6 +241,11 @@ int main(int argc, char *argv[])
cil_set_log_level(log_level);
+ int needSystemExt = 1;
+ for (i = optind; i < argc; i++) {
+ if(strstr(argv[i], "system_ext")) needSystemExt = 0;
+ }
+
cil_db_init(&db);
cil_set_disable_dontaudit(db, disable_dontaudit);
cil_set_multiple_decls(db, multiple_decls);
@@ -261,6 +267,44 @@ int main(int argc, char *argv[])
}
for (i = optind; i < argc; i++) {
+ fprintf(stderr, "Hello, parsing %s\n", argv[i]);
+ if(needSystemExt && strstr(argv[i], "/etc/selinux/")) {
+ fprintf(stderr, "Hello, I'm adding system_ext to the mix!\n");
+ char *path = "/system/system_ext/etc/selinux/system_ext_sepolicy.cil";
+ file = fopen(path, "r");
+ if (!file) {
+ fprintf(stderr, "Could not open file: %s\n", path);
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+ rc = stat(path, &filedata);
+ if (rc == -1) {
+ fprintf(stderr, "Could not stat file: %s\n", path);
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+ file_size = filedata.st_size;
+
+ buffer = malloc(file_size);
+ rc = fread(buffer, file_size, 1, file);
+ if (rc != 1) {
+ fprintf(stderr, "Failure reading file: %s\n", path);
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+ fclose(file);
+ file = NULL;
+
+ rc = cil_add_file(db, path, buffer, file_size);
+ if (rc != SEPOL_OK) {
+ fprintf(stderr, "Failure adding %s\n", path);
+ goto exit;
+ }
+
+ free(buffer);
+ buffer = NULL;
+
+ }
file = fopen(argv[i], "r");
if (!file) {
fprintf(stderr, "Could not open file: %s\n", argv[i]);
--
2.17.1

182
patches_treble_phh/platform_external_selinux/0011-Workaround-device-phh-treble-conflict-with-SELinux-p.patch Normal file
View File

@@ -0,0 +1,182 @@
From 9f851c801719b45c79cd911d67ceb7e8f4cf63ab Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Wed, 31 Mar 2021 23:32:37 +0200
Subject: [PATCH] Workaround device/phh/treble conflict with SELinux policy
device/phh/treble defines the following three types (hostapd,
sysfs_usb_supply, rpmb_device)
However, Qualcomm Samsung Android 11 devices export those symbols as
typealias.
Type and typealias are fundamentally not mergeable.
Luckily, Samsung doesn't do anything with those typealias, so we can
simply ignore them.
Change-Id: I98db7e6eb55854887f90d0fd0f313fb0a19a488f
---
libsepol/cil/src/cil_binary.c | 8 ++++++--
libsepol/cil/src/cil_build_ast.c | 31 ++++++++++++++++++------------
libsepol/cil/src/cil_resolve_ast.c | 15 +++++++++++++--
3 files changed, 38 insertions(+), 16 deletions(-)
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 03d53e1f..160fd0e0 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -515,13 +515,17 @@ int cil_typealias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alias)
type_datum_init(sepol_alias);
rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_alias->actual), &sepol_type);
- if (rc != SEPOL_OK) goto exit;
+ if (rc != SEPOL_OK) {
+ cil_log(CIL_ERR, "Failed at %s:%s:%d\n", __FILE__, __FUNCTION__, __LINE__);
+ goto exit;
+ }
sepol_alias->flavor = TYPE_TYPE;
key = cil_strdup(cil_alias->datum.fqn);
rc = symtab_insert(pdb, SYM_TYPES, key, sepol_alias, SCOPE_DECL, 0, NULL);
if (rc != SEPOL_OK) {
+ cil_log(CIL_ERR, "Failed at %s:%s:%d:%d\n", __FILE__, __FUNCTION__, __LINE__, rc);
goto exit;
}
sepol_alias->s.value = sepol_type->s.value;
@@ -3776,7 +3780,7 @@ int __cil_node_to_policydb(struct cil_tree_node *node, void *extra_args)
exit:
if (rc != SEPOL_OK) {
- cil_tree_log(node, CIL_ERR, "Binary policy creation failed");
+ cil_tree_log(node, CIL_ERR, "Binary policy creation failed, for pass = %d, flavor = %d", pass, node->flavor);
}
return rc;
}
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 02cdcc65..2ba08bc6 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -1,16 +1,16 @@
/*
* Copyright 2011 Tresys Technology, LLC. All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
+ *
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- *
+ *
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
@@ -21,7 +21,7 @@
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
+ *
* The views and conclusions contained in the software and documentation are those
* of the authors and should not be interpreted as representing official policies,
* either expressed or implied, of Tresys Technology, LLC.
@@ -64,7 +64,7 @@ int cil_fill_list(struct cil_tree_node *current, enum cil_flavor flavor, struct
CIL_SYN_END
};
int syntax_len = sizeof(syntax)/sizeof(*syntax);
-
+
rc = __cil_verify_syntax(current, syntax, syntax_len);
if (rc != SEPOL_OK) {
goto exit;
@@ -108,7 +108,7 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
{
int rc = SEPOL_ERR;
symtab_t *symtab = NULL;
- struct cil_symtab_datum *prev;
+ struct cil_symtab_datum *prev = NULL;
rc = __cil_verify_name((const char*)key);
if (rc != SEPOL_OK) {
@@ -133,13 +133,20 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
/* multiple_decls not ok, ret error */
cil_log(CIL_ERR, "Re-declaration of %s %s\n",
cil_node_to_string(ast_node), key);
- if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) {
+ if (cil_symtab_get_datum(symtab, key, &prev) == SEPOL_OK) {
if (sflavor == CIL_SYM_BLOCKS) {
- struct cil_tree_node *node = datum->nodes->head->data;
+ struct cil_tree_node *node = prev->nodes->head->data;
cil_tree_log(node, CIL_ERR, "Previous declaration");
}
}
- goto exit;
+ if(
+ strcmp(key, "sysfs_usb_supply") == 0 ||
+ strcmp(key, "hostapd") == 0 ||
+ strcmp(key, "rpmb_device") == 0) {
+ cil_log(CIL_ERR, "Ignoring...");
+ } else {
+ goto exit;
+ }
}
/* multiple_decls is enabled and works for this datum type, add node */
cil_list_append(prev->nodes, CIL_NODE, ast_node);
@@ -572,7 +579,7 @@ int cil_gen_perm_nodes(struct cil_db *db, struct cil_tree_node *current_perm, st
while(current_perm != NULL) {
if (current_perm->cl_head != NULL) {
-
+
rc = SEPOL_ERR;
goto exit;
}
@@ -5717,7 +5724,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr)
return SEPOL_OK;
exit:
- cil_log(CIL_ERR, "Bad ip address or netmask\n");
+ cil_log(CIL_ERR, "Bad ip address or netmask\n");
return rc;
}
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index e72abdeb..db3f24f4 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -512,7 +512,13 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu
}
if (NODE(alias_datum)->flavor != alias_flavor) {
cil_log(CIL_ERR, "%s is not an alias\n",alias_datum->name);
- rc = SEPOL_ERR;
+ if(
+ strcmp(alias_datum->name, "hostapd") == 0 ||
+ strcmp(alias_datum->name, "sysfs_usb_supply") == 0 ||
+ strcmp(alias_datum->name, "rpmb_device") == 0)
+ rc = 0;
+ else
+ rc = SEPOL_ERR;
goto exit;
}
@@ -553,7 +559,12 @@ int cil_resolve_alias_to_actual(struct cil_tree_node *current, enum cil_flavor f
int limit = 2;
if (alias->actual == NULL) {
- cil_tree_log(current, CIL_ERR, "Alias declared but not used");
+ cil_tree_log(current, CIL_ERR, "Alias %s declared but not used", a1->datum.name);
+ if(
+ strcmp(a1->datum.name, "hostapd") == 0 ||
+ strcmp(a1->datum.name, "sysfs_usb_supply") == 0 ||
+ strcmp(a1->datum.name, "rpmb_device") == 0)
+ return SEPOL_OK;
return SEPOL_ERR;
}
--
2.25.1