Initial commit, syncing up to v115

2019-08-08 02:52:03 +00:00
commit b71d406ba3
91 changed files with 7298 additions and 0 deletions
--- a/patches/platform_external_selinux/0001-Enable-multipl_decls-by-default.-This-is-needed-beca.patch
+++ b/patches/platform_external_selinux/0001-Enable-multipl_decls-by-default.-This-is-needed-beca.patch
@@ -0,0 +1,27 @@
+From f0fb4b89c52f3dc4971be0ddfc07ae2b51c40f4a Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Fri, 2 Mar 2018 22:49:55 +0100
+Subject: [PATCH 1/4] Enable multipl_decls by default. This is needed because
+ 8.0 init doesn't add -m
+
+Change-Id: I43dc661d519f7b8576d72a828d8cbd444592bf5e
+---
+ secilc/secilc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/secilc/secilc.c b/secilc/secilc.c
+index 0be6975b..e30572e5 100644
+--- a/secilc/secilc.c
+++ b/secilc/secilc.c
+@@ -90,7 +90,7 @@ int main(int argc, char *argv[])
+ 	int target = SEPOL_TARGET_SELINUX;
+ 	int mls = -1;
+ 	int disable_dontaudit = 0;
+-	int multiple_decls = 0;
+	int multiple_decls = 1;
+ 	int disable_neverallow = 0;
+ 	int preserve_tunables = 0;
+ 	int handle_unknown = -1;
+-- 
+2.17.1
+
--- a/patches/platform_external_selinux/0002-Increase-default-log_level-to-get-actual-selinux-err.patch
+++ b/patches/platform_external_selinux/0002-Increase-default-log_level-to-get-actual-selinux-err.patch
@@ -0,0 +1,26 @@
+From 89372ddb9b8cb84fd5b5bcd607156995c43dc75e Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Mon, 9 Apr 2018 00:19:49 +0200
+Subject: [PATCH 2/4] Increase default log_level to get actual selinux error in
+ kmsg
+
+---
+ secilc/secilc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/secilc/secilc.c b/secilc/secilc.c
+index e30572e5..4a1b09e1 100644
+--- a/secilc/secilc.c
+++ b/secilc/secilc.c
+@@ -101,7 +101,7 @@ int main(int argc, char *argv[])
+ 	int opt_index = 0;
+ 	char *fc_buf = NULL;
+ 	size_t fc_size;
+-	enum cil_log_level log_level = CIL_ERR;
+	enum cil_log_level log_level = CIL_WARN;
+ 	static struct option long_opts[] = {
+ 		{"help", no_argument, 0, 'h'},
+ 		{"verbose", no_argument, 0, 'v'},
+-- 
+2.17.1
+
--- a/patches/platform_external_selinux/0003-Kirin-Workaround-some-conflicting-Kirin-tether-SELin.patch
+++ b/patches/platform_external_selinux/0003-Kirin-Workaround-some-conflicting-Kirin-tether-SELin.patch
@@ -0,0 +1,40 @@
+From e8790f87dd3498d95e82e091ab6929c0a89b2822 Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Mon, 3 Dec 2018 20:54:54 +0100
+Subject: [PATCH 3/4] ::Kirin:: Workaround some conflicting Kirin tether
+ SELinux context
+
+Some Kirin devices declared some android.hardware.tetheroffload HALs,
+but they didn't use AOSP contexts.
+This leads to libselinux aborting when loading hwservice_contexts.
+
+Workaround it the ugly way, by making them match.
+This most likely kills tetheroffload for those devices.
+---
+ libselinux/src/label_backends_android.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
+index eaca5947..cf842188 100644
+--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
+@@ -62,6 +62,16 @@ static int nodups_specs(struct saved_data *data)
+ 					    curr_spec->property_key)) {
+ 				if (strcmp(spec_arr[jj].lr.ctx_raw,
+ 						    curr_spec->lr.ctx_raw)) {
+					if(strcmp(spec_arr[jj].lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
+						free(spec_arr[jj].lr.ctx_raw);
+						spec_arr[jj].lr.ctx_raw = "u:object_r:hal_tetheroffload_hwservice:s0";
+						continue;
+					}
+					if(strcmp(curr_spec->lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
+						free(curr_spec->lr.ctx_raw);
+						curr_spec->lr.ctx_raw = "u:object_r:hal_tetheroffload_hwservice:s0";
+						continue;
+					}
+ 					rc = -1;
+ 					errno = EINVAL;
+ 					selinux_log
+-- 
+2.17.1
+
--- a/patches/platform_external_selinux/0004-If-we-do-a-free-on-it-it-means-it-is-heap-allocated.patch
+++ b/patches/platform_external_selinux/0004-If-we-do-a-free-on-it-it-means-it-is-heap-allocated.patch
@@ -0,0 +1,31 @@
+From 34a2e6145c9264a25f6c8b8f9bd966fe662d3e10 Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Tue, 9 Apr 2019 08:50:45 +0200
+Subject: [PATCH 4/4] If we do a free() on it, it means it is heap-allocated
+
+---
+ libselinux/src/label_backends_android.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
+index cf842188..ab92985b 100644
+--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
+@@ -64,12 +64,12 @@ static int nodups_specs(struct saved_data *data)
+ 						    curr_spec->lr.ctx_raw)) {
+ 					if(strcmp(spec_arr[jj].lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
+ 						free(spec_arr[jj].lr.ctx_raw);
+-						spec_arr[jj].lr.ctx_raw = "u:object_r:hal_tetheroffload_hwservice:s0";
+						spec_arr[jj].lr.ctx_raw = strdup("u:object_r:hal_tetheroffload_hwservice:s0");
+ 						continue;
+ 					}
+ 					if(strcmp(curr_spec->lr.ctx_raw, "u:object_r:hal_ipacm_hwservice:s0") == 0) {
+ 						free(curr_spec->lr.ctx_raw);
+-						curr_spec->lr.ctx_raw = "u:object_r:hal_tetheroffload_hwservice:s0";
+						curr_spec->lr.ctx_raw = strdup("u:object_r:hal_tetheroffload_hwservice:s0");
+ 						continue;
+ 					}
+ 					rc = -1;
+-- 
+2.17.1
+