From patchwork Mon Sep 26 17:33:38 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Roberts, William C" X-Patchwork-Id: 9351085 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EE4CC6077A for ; Mon, 26 Sep 2016 17:37:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E04D7286AA for ; Mon, 26 Sep 2016 17:37:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D4D6428721; Mon, 26 Sep 2016 17:37:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 043C2287BA for ; Mon, 26 Sep 2016 17:37:15 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,400,1470700800"; d="scan'208";a="19557498" IronPort-PHdr: =?us-ascii?q?9a23=3A8PfrKBKf71rg549Sj9mcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgUI/7xwZ3uMQTl6Ol3ixeRBMOAuqgC0rGd6vi+EUU7or+5+EgYd5JNUxJXwe?= =?us-ascii?q?43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6anHS+4HYoFwnlMkIt?= =?us-ascii?q?f6KuS9SU1p/8jrjss7ToICxwzAKnZr1zKBjk5S7wjeIxxbVYF6Aq1xHSqWFJce?= =?us-ascii?q?kFjUlhJFaUggqurpzopM0rzj5U884F24YAFPyiPvdwcbsNFzkiMmYo9OX3pBLD?= =?us-ascii?q?Sk2J/XJaXWII1lJTDgHD4Av9X5u0tirhqsJhySKaOovwVrlyVjO8q+9wRATAlD?= =?us-ascii?q?YMNzl/9nrezMN3kvF1uhWk8gN+x4rVaYTTP7xkeanQZ88BbWtHQstVESdGB9Dv?= =?us-ascii?q?J7ATBvYMaL4L57L2oEED+F7nXQQ=3D?= X-IPAS-Result: =?us-ascii?q?A2G2AwBVXOlX/wHyM5BdGgEBAQECAQEBAQgBAQEBFwEBBAE?= =?us-ascii?q?BCgEBgxIBAQEBAR6BU7p9IodmTAEBAQEBAQEBAgECWyeCMgQDEwWCEQIEAQI3F?= =?us-ascii?q?CAOAwkBARcIIQgIAwEtFREHBwsFGASIKr5bDAEkiDuGZhEBhXoFjyuKS49oAol?= =?us-ascii?q?7hW6QZ1SFJVIBhUZ4gScBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 26 Sep 2016 17:36:57 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8QHassB014985; Mon, 26 Sep 2016 13:36:55 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u8QHXhjq253300 for ; Mon, 26 Sep 2016 13:33:43 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8QHXfIQ014715; Mon, 26 Sep 2016 13:33:43 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CGBACpW+lX/yNjr8ZdGgEBAQECAQEBAQgBAQEBgz0BAQEBAR6BU7ZzhBOGHgKBX0wBAgEBAQEBAl6FCQIEeRAgMVcHEohLvlQBAQEBBgIBJIg7jHIFjyuKS49oAo9pkGdUhSUeNAGHZQEBAQ X-IPAS-Result: A1CGBACpW+lX/yNjr8ZdGgEBAQECAQEBAQgBAQEBgz0BAQEBAR6BU7ZzhBOGHgKBX0wBAgEBAQEBAl6FCQIEeRAgMVcHEohLvlQBAQEBBgIBJIg7jHIFjyuKS49oAo9pkGdUhSUeNAGHZQEBAQ X-IronPort-AV: E=Sophos;i="5.30,400,1470715200"; d="scan'208";a="5729315" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 26 Sep 2016 13:33:43 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AJsRi0hy3hsfUG+3XCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?0OsRIJqq85mqBkHD//Il1AaPBtSBrasfwLOO7ejJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL2PbrnD61zMOABK3bVMz?= =?us-ascii?q?fbWvXNeJxJ3viaibwN76W01wnj2zYLd/fl2djD76kY0ou7ZkMbs70RDTo3FFKK?= =?us-ascii?q?x8zGJsIk+PzV6nvp/jtLYqySlbuuog+shcSu26Ov1gFf0LOg8hKXw46Pfmvhjb?= =?us-ascii?q?F0PPuiNdAS0qlU9TDgzE6gzqdovguSv98Oxm0W+VOtOyBas5UDKu9aBqRFrsiT?= =?us-ascii?q?wbHyIo+2HQzMprheRUpwzl7wdz2KbIcYqVM7x4ZaqbctQEFkRbWcMESC1FBoK1?= =?us-ascii?q?as0ESfAGN+tCs5LVpl0SoB/4Dg6pV7Cn8SNBmnKjhf5y6O8mCwyTmVJ4Eg=3D?= =?us-ascii?q?=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GzAwBCW+lX/yNjr8ZdGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBFgEBAQMBAQEJAQEBgxIBAQEBAR6BU7ZzhBOGHgKBX0wBAQEBAQEBAQI?= =?us-ascii?q?BAlsngjIEARUFghECBHkQIDFXBxKIS75IAQEBAQYBAQEBI4g7jHIFjyuKS49oA?= =?us-ascii?q?o9pkGdUhSUeNAGGJYFAAQEB?= X-IPAS-Result: =?us-ascii?q?A0GzAwBCW+lX/yNjr8ZdGgEBAQECAQEBAQgBAQEBFgEBAQM?= =?us-ascii?q?BAQEJAQEBgxIBAQEBAR6BU7ZzhBOGHgKBX0wBAQEBAQEBAQIBAlsngjIEARUFg?= =?us-ascii?q?hECBHkQIDFXBxKIS75IAQEBAQYBAQEBI4g7jHIFjyuKS49oAo9pkGdUhSUeNAG?= =?us-ascii?q?GJYFAAQEB?= X-IronPort-AV: E=Sophos;i="5.30,400,1470700800"; d="scan'208";a="19557312" Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP; 26 Sep 2016 17:33:42 +0000 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos; i="5.30,400,1470726000"; d="scan'208"; a="1062515660" Received: from gboitano-mobl3.amr.corp.intel.com (HELO wcrobert-MOBL1.amr.corp.intel.com) ([10.252.137.122]) by fmsmga002.fm.intel.com with ESMTP; 26 Sep 2016 10:33:42 -0700 From: william.c.roberts@intel.com To: selinux@tycho.nsa.gov, seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov Subject: [PATCH 1/2] libselinux: introduce configurable backends Date: Mon, 26 Sep 2016 10:33:38 -0700 Message-Id: <1474911219-20465-2-git-send-email-william.c.roberts@intel.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1474911219-20465-1-git-send-email-william.c.roberts@intel.com> References: <1474911219-20465-1-git-send-email-william.c.roberts@intel.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: William Roberts On Android for both the host build, and the target, certain backends are not needed: - X Backend - DB Backend - Media Backend Introduce the following defines for removing them from the built library: - NO_X_BACKEND - NO_DB_BACKEND - NO_MEDIA_BACKEND When configured with these options and an attempt is made to use them, selabel_open() will return ENOTSUP. Signed-off-by: William Roberts --- libselinux/src/label.c | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/libselinux/src/label.c b/libselinux/src/label.c index 963bfcb..96a4ff1 100644 --- a/libselinux/src/label.c +++ b/libselinux/src/label.c @@ -17,15 +17,33 @@ #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) +#ifdef NO_MEDIA_BACKEND +#define CONFIG_MEDIA_BACKEND(fnptr) NULL +#else +#define CONFIG_MEDIA_BACKEND(fnptr) &fnptr +#endif + +#ifdef NO_X_BACKEND +#define CONFIG_X_BACKEND(fnptr) NULL +#else +#define CONFIG_X_BACKEND(fnptr) &fnptr +#endif + +#ifdef NO_DB_BACKEND +#define CONFIG_DB_BACKEND(fnptr) NULL +#else +#define CONFIG_DB_BACKEND(fnptr) &fnptr +#endif + typedef int (*selabel_initfunc)(struct selabel_handle *rec, const struct selinux_opt *opts, unsigned nopts); static selabel_initfunc initfuncs[] = { &selabel_file_init, - &selabel_media_init, - &selabel_x_init, - &selabel_db_init, + CONFIG_MEDIA_BACKEND(selabel_media_init), + CONFIG_X_BACKEND(selabel_x_init), + CONFIG_DB_BACKEND(selabel_db_init), &selabel_property_init, }; @@ -325,6 +343,11 @@ struct selabel_handle *selabel_open(unsigned int backend, goto out; } + if (!initfuncs[backend]) { + errno = ENOTSUP; + goto out; + } + rec = (struct selabel_handle *)malloc(sizeof(*rec)); if (!rec) goto out;