Merge "Remove HAVE_SELINUX guards"
diff --git a/debuggerd/Android.mk b/debuggerd/Android.mk
index 15083f4..e48b9af 100644
--- a/debuggerd/Android.mk
+++ b/debuggerd/Android.mk
@@ -23,13 +23,11 @@
LOCAL_CFLAGS += -DWITH_VFP_D32
endif # ARCH_ARM_HAVE_VFP_D32
-LOCAL_SHARED_LIBRARIES := libcutils libc libcorkscrew
-
-ifeq ($(HAVE_SELINUX),true)
-LOCAL_SHARED_LIBRARIES += libselinux
-LOCAL_C_INCLUDES += external/libselinux/include
-LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
+LOCAL_SHARED_LIBRARIES := \
+ libcutils \
+ libc \
+ libcorkscrew \
+ libselinux
include $(BUILD_EXECUTABLE)
diff --git a/debuggerd/tombstone.c b/debuggerd/tombstone.c
index 012337b..52223da 100644
--- a/debuggerd/tombstone.c
+++ b/debuggerd/tombstone.c
@@ -35,9 +35,7 @@
#include <corkscrew/demangle.h>
#include <corkscrew/backtrace.h>
-#ifdef HAVE_SELINUX
#include <selinux/android.h>
-#endif
#include "machine.h"
#include "tombstone.h"
@@ -686,12 +684,10 @@
mkdir(TOMBSTONE_DIR, 0755);
chown(TOMBSTONE_DIR, AID_SYSTEM, AID_SYSTEM);
-#ifdef HAVE_SELINUX
if (selinux_android_restorecon(TOMBSTONE_DIR) == -1) {
*detach_failed = false;
return NULL;
}
-#endif
int fd;
char* path = find_and_open_tombstone(&fd);
diff --git a/init/Android.mk b/init/Android.mk
index 7dae9df..f3287a8 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -32,13 +32,11 @@
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
-LOCAL_STATIC_LIBRARIES := libfs_mgr libcutils libc
-
-ifeq ($(HAVE_SELINUX),true)
-LOCAL_STATIC_LIBRARIES += libselinux
-LOCAL_C_INCLUDES += external/libselinux/include
-LOCAL_CFLAGS += -DHAVE_SELINUX
-endif
+LOCAL_STATIC_LIBRARIES := \
+ libfs_mgr \
+ libcutils \
+ libc \
+ libselinux
include $(BUILD_EXECUTABLE)
diff --git a/init/builtins.c b/init/builtins.c
index 882ceb5..550be68 100644
--- a/init/builtins.c
+++ b/init/builtins.c
@@ -35,10 +35,8 @@
#include <sys/system_properties.h>
#include <fs_mgr.h>
-#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
-#endif
#include "init.h"
#include "keywords.h"
@@ -501,24 +499,20 @@
}
int do_setcon(int nargs, char **args) {
-#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0)
return 0;
if (setcon(args[1]) < 0) {
return -errno;
}
-#endif
return 0;
}
int do_setenforce(int nargs, char **args) {
-#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0)
return 0;
if (security_setenforce(atoi(args[1])) < 0) {
return -errno;
}
-#endif
return 0;
}
@@ -746,7 +740,6 @@
}
int do_setsebool(int nargs, char **args) {
-#ifdef HAVE_SELINUX
SELboolean *b = alloca(nargs * sizeof(SELboolean));
char *v;
int i;
@@ -775,7 +768,7 @@
if (security_set_boolean_list(nargs - 1, b, 0) < 0)
return -errno;
-#endif
+
return 0;
}
diff --git a/init/devices.c b/init/devices.c
index e43dbaf..2644623 100644
--- a/init/devices.c
+++ b/init/devices.c
@@ -30,11 +30,9 @@
#include <sys/un.h>
#include <linux/netlink.h>
-#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
#include <selinux/android.h>
-#endif
#include <private/android_filesystem_config.h>
#include <sys/time.h>
@@ -52,9 +50,7 @@
#define FIRMWARE_DIR1 "/etc/firmware"
#define FIRMWARE_DIR2 "/vendor/firmware"
-#ifdef HAVE_SELINUX
extern struct selabel_handle *sehandle;
-#endif
static int device_fd = -1;
@@ -192,17 +188,15 @@
unsigned gid;
mode_t mode;
dev_t dev;
-#ifdef HAVE_SELINUX
char *secontext = NULL;
-#endif
mode = get_device_perm(path, &uid, &gid) | (block ? S_IFBLK : S_IFCHR);
-#ifdef HAVE_SELINUX
+
if (sehandle) {
selabel_lookup(sehandle, &secontext, path, mode);
setfscreatecon(secontext);
}
-#endif
+
dev = makedev(major, minor);
/* Temporarily change egid to avoid race condition setting the gid of the
* device node. Unforunately changing the euid would prevent creation of
@@ -213,12 +207,11 @@
mknod(path, mode, dev);
chown(path, uid, -1);
setegid(AID_ROOT);
-#ifdef HAVE_SELINUX
+
if (secontext) {
freecon(secontext);
setfscreatecon(NULL);
}
-#endif
}
static void add_platform_device(const char *name)
@@ -874,12 +867,12 @@
suseconds_t t0, t1;
struct stat info;
int fd;
-#ifdef HAVE_SELINUX
+
sehandle = NULL;
if (is_selinux_enabled() > 0) {
sehandle = selinux_android_file_context_handle();
}
-#endif
+
/* is 64K enough? udev uses 16MB! */
device_fd = uevent_open_socket(64*1024, true);
if(device_fd < 0)
diff --git a/init/init.c b/init/init.c
index b2e39bd..1d639dd 100755
--- a/init/init.c
+++ b/init/init.c
@@ -32,11 +32,9 @@
#include <sys/socket.h>
#include <sys/un.h>
-#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
#include <selinux/android.h>
-#endif
#include <libgen.h>
@@ -59,10 +57,8 @@
#include "util.h"
#include "ueventd.h"
-#ifdef HAVE_SELINUX
struct selabel_handle *sehandle;
struct selabel_handle *sehandle_prop;
-#endif
static int property_triggers_enabled = 0;
@@ -76,9 +72,7 @@
static unsigned revision = 0;
static char qemu[32];
-#ifdef HAVE_SELINUX
static int selinux_enabled = 1;
-#endif
static struct action *cur_action = NULL;
static struct command *cur_command = NULL;
@@ -162,10 +156,9 @@
pid_t pid;
int needs_console;
int n;
-#ifdef HAVE_SELINUX
char *scon = NULL;
int rc;
-#endif
+
/* starting a service removes it from the disabled or reset
* state and immediately takes it out of the restarting
* state if it was in there
@@ -202,7 +195,6 @@
return;
}
-#ifdef HAVE_SELINUX
if (is_selinux_enabled() > 0) {
char *mycon = NULL, *fcon = NULL;
@@ -228,7 +220,6 @@
return;
}
}
-#endif
NOTICE("starting '%s'\n", svc->name);
@@ -250,9 +241,7 @@
for (ei = svc->envvars; ei; ei = ei->next)
add_environment(ei->name, ei->value);
-#ifdef HAVE_SELINUX
setsockcreatecon(scon);
-#endif
for (si = svc->sockets; si; si = si->next) {
int socket_type = (
@@ -265,11 +254,9 @@
}
}
-#ifdef HAVE_SELINUX
freecon(scon);
scon = NULL;
setsockcreatecon(NULL);
-#endif
if (svc->ioprio_class != IoSchedClass_NONE) {
if (android_set_ioprio(getpid(), svc->ioprio_class, svc->ioprio_pri)) {
@@ -315,15 +302,12 @@
_exit(127);
}
}
-
-#ifdef HAVE_SELINUX
if (svc->seclabel) {
if (is_selinux_enabled() > 0 && setexeccon(svc->seclabel) < 0) {
ERROR("cannot setexeccon('%s'): %s\n", svc->seclabel, strerror(errno));
_exit(127);
}
}
-#endif
if (!dynamic_args) {
if (execve(svc->args[0], (char**) svc->args, (char**) ENV) < 0) {
@@ -350,9 +334,7 @@
_exit(127);
}
-#ifdef HAVE_SELINUX
freecon(scon);
-#endif
if (pid < 0) {
ERROR("failed to start '%s'\n", svc->name);
@@ -603,11 +585,9 @@
*value++ = 0;
if (name_len == 0) return;
-#ifdef HAVE_SELINUX
if (!strcmp(name,"selinux")) {
selinux_enabled = atoi(value);
}
-#endif
if (for_emulator) {
/* in the emulator, export any kernel option with the
@@ -755,7 +735,6 @@
}
#endif
-#ifdef HAVE_SELINUX
static const struct selinux_opt seopts_prop[] = {
{ SELABEL_OPT_PATH, "/data/system/property_contexts" },
{ SELABEL_OPT_PATH, "/property_contexts" },
@@ -814,8 +793,6 @@
return 0;
}
-#endif
-
int main(int argc, char **argv)
{
int fd_count = 0;
@@ -866,7 +843,6 @@
process_kernel_cmdline();
-#ifdef HAVE_SELINUX
union selinux_callback cb;
cb.func_log = klog_write;
selinux_set_callback(SELINUX_CB_LOG, cb);
@@ -891,7 +867,6 @@
*/
restorecon("/dev");
restorecon("/dev/socket");
-#endif
is_charger = !strcmp(bootmode, "charger");
diff --git a/init/init.h b/init/init.h
index b7e06c9..955e1f0 100644
--- a/init/init.h
+++ b/init/init.h
@@ -95,9 +95,7 @@
gid_t supp_gids[NR_SVC_SUPP_GIDS];
size_t nr_supp_gids;
-#ifdef HAVE_SELINUX
char *seclabel;
-#endif
struct socketinfo *sockets;
struct svcenvinfo *envvars;
@@ -136,10 +134,8 @@
int load_565rle_image( char *file_name );
-#ifdef HAVE_SELINUX
extern struct selabel_handle *sehandle;
extern struct selabel_handle *sehandle_prop;
extern int selinux_reload_policy(void);
-#endif
#endif /* _INIT_INIT_H */
diff --git a/init/init_parser.c b/init/init_parser.c
index 5393e52..beb9188 100644
--- a/init/init_parser.c
+++ b/init/init_parser.c
@@ -799,13 +799,11 @@
}
break;
case K_seclabel:
-#ifdef HAVE_SELINUX
if (nargs != 2) {
parse_error(state, "seclabel option requires a label string\n");
} else {
svc->seclabel = args[1];
}
-#endif
break;
default:
diff --git a/init/property_service.c b/init/property_service.c
index c6c2e3f..2c1b4a1 100644
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -40,10 +40,8 @@
#include <sys/atomics.h>
#include <private/android_filesystem_config.h>
-#ifdef HAVE_SELINUX
#include <selinux/selinux.h>
#include <selinux/label.h>
-#endif
#include "property_service.h"
#include "init.h"
@@ -199,7 +197,6 @@
static int check_mac_perms(const char *name, char *sctx)
{
-#ifdef HAVE_SELINUX
if (is_selinux_enabled() <= 0)
return 1;
@@ -223,15 +220,10 @@
freecon(tctx);
err:
return result;
-
-#endif
- return 1;
}
static int check_control_mac_perms(const char *name, char *sctx)
{
-#ifdef HAVE_SELINUX
-
/*
* Create a name prefix out of ctl.<service name>
* The new prefix allows the use of the existing
@@ -245,9 +237,6 @@
return 0;
return check_mac_perms(ctl_name, sctx);
-
-#endif
- return 1;
}
/*
@@ -394,11 +383,9 @@
* to prevent them from being overwritten by default values.
*/
write_persistent_property(name, value);
-#ifdef HAVE_SELINUX
} else if (strcmp("selinux.reload_policy", name) == 0 &&
strcmp("1", value) == 0) {
selinux_reload_policy();
-#endif
}
property_changed(name, value);
return 0;
@@ -440,9 +427,7 @@
msg.name[PROP_NAME_MAX-1] = 0;
msg.value[PROP_VALUE_MAX-1] = 0;
-#ifdef HAVE_SELINUX
getpeercon(s, &source_ctx);
-#endif
if(memcmp(msg.name,"ctl.",4) == 0) {
// Keep the old close-socket-early behavior when handling
@@ -467,10 +452,7 @@
// the property is written to memory.
close(s);
}
-#ifdef HAVE_SELINUX
freecon(source_ctx);
-#endif
-
break;
default:
diff --git a/init/util.c b/init/util.c
index 743748b..918bc05 100755
--- a/init/util.c
+++ b/init/util.c
@@ -23,9 +23,7 @@
#include <errno.h>
#include <time.h>
-#ifdef HAVE_SELINUX
#include <selinux/label.h>
-#endif
#include <sys/stat.h>
#include <sys/types.h>
@@ -89,9 +87,7 @@
{
struct sockaddr_un addr;
int fd, ret;
-#ifdef HAVE_SELINUX
char *secon;
-#endif
fd = socket(PF_UNIX, type, 0);
if (fd < 0) {
@@ -110,14 +106,12 @@
goto out_close;
}
-#ifdef HAVE_SELINUX
secon = NULL;
if (sehandle) {
ret = selabel_lookup(sehandle, &secon, addr.sun_path, S_IFSOCK);
if (ret == 0)
setfscreatecon(secon);
}
-#endif
ret = bind(fd, (struct sockaddr *) &addr, sizeof (addr));
if (ret) {
@@ -125,10 +119,8 @@
goto out_unlink;
}
-#ifdef HAVE_SELINUX
setfscreatecon(NULL);
freecon(secon);
-#endif
chown(addr.sun_path, uid, gid);
chmod(addr.sun_path, perm);
@@ -468,31 +460,27 @@
{
int rc;
-#ifdef HAVE_SELINUX
char *secontext = NULL;
if (sehandle) {
selabel_lookup(sehandle, &secontext, path, mode);
setfscreatecon(secontext);
}
-#endif
rc = mkdir(path, mode);
-#ifdef HAVE_SELINUX
if (secontext) {
int save_errno = errno;
freecon(secontext);
setfscreatecon(NULL);
errno = save_errno;
}
-#endif
+
return rc;
}
int restorecon(const char *pathname)
{
-#ifdef HAVE_SELINUX
char *secontext = NULL;
struct stat sb;
int i;
@@ -509,6 +497,5 @@
return -errno;
}
freecon(secontext);
-#endif
return 0;
}
