From patchwork Mon Sep 26 20:33:04 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Roberts, William C" X-Patchwork-Id: 9351277 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E47726077A for ; Mon, 26 Sep 2016 20:33:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D22B928E3D for ; Mon, 26 Sep 2016 20:33:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C6A1728E42; Mon, 26 Sep 2016 20:33:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CA8F728E3D for ; Mon, 26 Sep 2016 20:33:54 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,401,1470700800"; d="scan'208";a="19565908" IronPort-PHdr: =?us-ascii?q?9a23=3AHmg8ZxXwlGuPcEwgOXs6H9BIozXV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZh2Ft8tkgFKBZ4jH8fUM07OQ6PG6HzVbqs/d6zgrS99lb1c9k8?= =?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUiv2OQc9?= =?us-ascii?q?HOnpAIma153xjLHovcSIKFwU33KUWvBbFF2OtwLft80b08NJC50a7V/3mEZOYP?= =?us-ascii?q?lc3mhyJFiezF7W78a0+4N/oWwL46pyv/NaVe3GW4hwDfkBVHV1e1wysdbmsRjF?= =?us-ascii?q?UBun+moXUmJQlAFBRQfC8lWyRZr4tCfgsetxnS2bJtHeUaE/WTPk6bxiDhDvlm?= =?us-ascii?q?NPLDIi2H3Ggcx3yqRAqVSuoAIs7ZTTZdSKNf56f6rYO9hcX21LU9xNTARABJ+x?= =?us-ascii?q?a80ECO9Sbq5js4Dhqg5W/lOFDg62Cbaqk2dF?= X-IPAS-Result: =?us-ascii?q?A2HIBACehelX/wHyM5BdGwEBAQMBAQEJAQEBFwEBBAEBCgE?= =?us-ascii?q?BgxIBAQEBAR6BU6Y7lEQgh2lMAQEBAQEBAQECAQJbJ4IyBAMTBYIYAjcUIA4DC?= =?us-ascii?q?QIXCCEICAMBLRUYBwsFGASIKr9QAQEBI4g7hmYRAYV6BYg2hnWKS49oAol7hWw?= =?us-ascii?q?CSJAfVIUlUgGFRniBJwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 26 Sep 2016 20:33:52 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8QKXERp001931; Mon, 26 Sep 2016 16:33:20 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u8QKXC7c254175 for ; Mon, 26 Sep 2016 16:33:12 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u8QKX7AX001918; Mon, 26 Sep 2016 16:33:12 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CGBADqhOlX/yNjr8ZdGgEBAQECAQEBAQgBAQEBgz0BAQEBAR6BU7ZzhBMUhgqBZEwBAgEBAQEBAl6GCDCBDxKIS79AAQEIJ4g7iWALgwcFiDaGdYpLj2gCj2cCSJAfVIUlHjQBh2UBAQE X-IPAS-Result: A1CGBADqhOlX/yNjr8ZdGgEBAQECAQEBAQgBAQEBgz0BAQEBAR6BU7ZzhBMUhgqBZEwBAgEBAQEBAl6GCDCBDxKIS79AAQEIJ4g7iWALgwcFiDaGdYpLj2gCj2cCSJAfVIUlHjQBh2UBAQE X-IronPort-AV: E=Sophos;i="5.30,401,1470715200"; d="scan'208";a="5729680" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 26 Sep 2016 16:33:12 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AEJvXwhCqf0qOaL+6QzQ+UyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP/6oMbcNUDSrc9gkEXOFd2CrakV0ayP6Ou5BTdIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?= =?us-ascii?q?brysXNWD1YLujKvrp8abSj4LrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYe?= =?us-ascii?q?VcyDAgD1uSmxHh+pX4p8Y7oGx48sgs/M9YUKj8Y79wDfkBVGxnYFYO49f3uBX5?= =?us-ascii?q?QACO/iFUEjlO00kAPw+Q9xz+X5HsogPmp+F932+cJsSwQrcqHXy54q5tRAXviS?= =?us-ascii?q?tCMz8i7EnLm8dwi+RduxvnqBthh8bPbJq9KOt1fqSbe8gTA2VGQJV/TStEV5y9?= =?us-ascii?q?a48OBu9HNqBCqIPwvUcVhRq4GQSoQujoz2wbzkTq1LE3hrxyWTrN2xYtSpdQ6H?= =?us-ascii?q?k=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ETBACehelX/yNjr8ZdGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBFgEBAQMBAQEJAQEBgxIBAQEBAR6BU6Y7kDiEExSGCoFkTAEBAQEBAQE?= =?us-ascii?q?BAgECWyeCMgQBFQWDEDCBDxKIS79FAQEIAgEkiDuJYAuDBwWINoZ1ikuPaAKPZ?= =?us-ascii?q?wJIkB9UhSUeNAGGJYFAAQEB?= X-IPAS-Result: =?us-ascii?q?A0ETBACehelX/yNjr8ZdGgEBAQECAQEBAQgBAQEBFgEBAQM?= =?us-ascii?q?BAQEJAQEBgxIBAQEBAR6BU6Y7kDiEExSGCoFkTAEBAQEBAQEBAgECWyeCMgQBF?= =?us-ascii?q?QWDEDCBDxKIS79FAQEIAgEkiDuJYAuDBwWINoZ1ikuPaAKPZwJIkB9UhSUeNAG?= =?us-ascii?q?GJYFAAQEB?= X-IronPort-AV: E=Sophos;i="5.30,401,1470700800"; d="scan'208";a="19565878" Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP; 26 Sep 2016 20:33:10 +0000 Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga002-icc.fm.intel.com with ESMTP; 26 Sep 2016 13:33:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,401,1470726000"; d="scan'208";a="884018122" Received: from rbella-mobl.amr.corp.intel.com (HELO wcrobert-MOBL1.amr.corp.intel.com) ([10.252.203.45]) by orsmga003.jf.intel.com with ESMTP; 26 Sep 2016 13:33:09 -0700 From: william.c.roberts@intel.com To: selinux@tycho.nsa.gov, seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov Subject: [PATCH] libselinux: add ANDROID_HOST=y build option Date: Mon, 26 Sep 2016 13:33:04 -0700 Message-Id: <1474921984-24984-1-git-send-email-william.c.roberts@intel.com> X-Mailer: git-send-email 1.9.1 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: William Roberts To build the selinux host configuration, specify ANDROID_HOST=y on the Make command line. eg) make ANDROID_HOST=y Signed-off-by: William Roberts --- libselinux/Makefile | 13 ++++++++++-- libselinux/src/Makefile | 54 ++++++++++++++++++++++++++++++++----------------- 2 files changed, 46 insertions(+), 21 deletions(-) diff --git a/libselinux/Makefile b/libselinux/Makefile index 5a8d42c..b9dc7bc 100644 --- a/libselinux/Makefile +++ b/libselinux/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = src include utils man +SUBDIRS = src DISABLE_AVC ?= n DISABLE_SETRANS ?= n @@ -10,6 +10,11 @@ ifeq ($(EMBEDDED),y) override DISABLE_RPM=y override DISABLE_BOOL=y endif +ifeq ($(ANDROID_HOST),y) + override DISABLE_SETRANS=y + EMFLAGS+= -DDISABLE_RPM -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \ + -DBUILD_HOST +endif ifeq ($(DISABLE_AVC),y) EMFLAGS+= -DDISABLE_AVC endif @@ -22,7 +27,7 @@ endif ifeq ($(DISABLE_SETRANS),y) EMFLAGS+= -DDISABLE_SETRANS endif -export DISABLE_AVC DISABLE_SETRANS DISABLE_RPM DISABLE_BOOL EMFLAGS +export DISABLE_AVC DISABLE_SETRANS DISABLE_RPM DISABLE_BOOL EMFLAGS ANDROID_HOST USE_PCRE2 ?= n ifeq ($(USE_PCRE2),y) @@ -33,6 +38,10 @@ else endif export PCRE_CFLAGS PCRE_LDFLAGS +ifneq ($(ANDROID_HOST), y) +SUBDIRS += include utils man +endif + all install relabel clean distclean indent: @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 36e42b8..a1c4114 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -47,9 +47,17 @@ endif ifeq ($(DISABLE_BOOL),y) UNUSED_SRCS+=booleans.c endif +ifeq ($(ANDROID_HOST),y) + SRCS=callbacks.c freecon.c label.c label_file.c \ + label_android_property.c regex.c label_support.c \ + matchpathcon.c setrans_client.c sha1.c + override CFLAGS += -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \ + -DBUILD_HOST +else + SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(sort $(wildcard *.c))) +endif GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i -SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(sort $(wildcard *.c))) MAX_STACK_SIZE=32768 @@ -74,9 +82,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \ -Werror -Wno-aggregate-return -Wno-redundant-decls -PCRE_LDFLAGS ?= -lpcre - -override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE $(EMFLAGS) $(PCRE_CFLAGS) +override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE $(EMFLAGS) SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \ -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations @@ -92,6 +98,28 @@ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(EMFLAGS) SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(EMFLAGS) +$(LIBA): $(OBJS) + $(AR) rcs $@ $^ + $(RANLIB) $@ + +$(LIBSO): $(LOBJS) + $(CC) $(CFLAGS) -shared -o $@ $^ $(PCRE_LDFLAGS) -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro + ln -sf $@ $(TARGET) + +%.o: %.c policy.h + $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< + +%.lo: %.c policy.h + $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< + +# ANDROID_HOST Build option only builds the shared and static versions of +# libselinux. +ifeq ($(ANDROID_HOST),y) + +all: $(LIBA) $(LIBSO) + +else + all: $(LIBA) $(LIBSO) $(LIBPC) pywrap: all $(SWIGFILES) $(AUDIT2WHYSO) @@ -110,14 +138,6 @@ $(SWIGSO): $(SWIGLOBJ) $(SWIGRUBYSO): $(SWIGRUBYLOBJ) $(CC) $(CFLAGS) -shared -o $@ $^ -L. -lselinux $(LDFLAGS) -L$(LIBDIR) -$(LIBA): $(OBJS) - $(AR) rcs $@ $^ - $(RANLIB) $@ - -$(LIBSO): $(LOBJS) - $(CC) $(CFLAGS) -shared -o $@ $^ $(PCRE_LDFLAGS) -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro - ln -sf $@ $(TARGET) - $(LIBPC): $(LIBPC).in ../VERSION sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@ @@ -130,12 +150,6 @@ $(AUDIT2WHYLOBJ): audit2why.c $(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(CC) $(CFLAGS) -shared -o $@ $^ -L. $(LDFLAGS) -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR) -%.o: %.c policy.h - $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< - -%.lo: %.c policy.h - $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< - $(SWIGCOUT): $(SWIGIF) $(SWIG) $< @@ -178,4 +192,6 @@ distclean: clean indent: ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) -.PHONY: all clean pywrap rubywrap swigify install install-pywrap install-rubywrap distclean +.PHONY: clean pywrap rubywrap swigify install install-pywrap install-rubywrap distclean +endif +.PHONY: all